Protected Trust Blog

Stay up to date with our most recent news and updates

State of Microsoft Office 365 and its use in Florida Government

There is a lot of discussion, enthusiasm, and momentum surrounding how government agencies are adopting specialized editions of Microsoft Office 365 for government.

Most Popular

Why Software is Moving to a Subscription Model, and Why It’s a Good Thing

Microsoft Office
Over the past five years, you may have noticed that more and more software is moving away from being a “one-time purchase” and shifting to a subscription-based service model instead. While, at first glance, this may appear as a tactic to get more money out of you, it also offers numerous long-term advantages. Gartner reported that, “By 2020, more than 80% of software vendors will change their business model from traditional license and maintenance to subscription.” Microsoft has caught on to this trend. Software Subscription Model vs License When Office 365 first launched in 2013, this subscription-based version of Office was available for the general public to use. Many people were confused—they saw Office software as something you bought one time. Then, only if they wanted or needed access to the latest functionality, they could pay to get the latest year version (such as Office 2019). However, this all changed with the introduction of Office 365 Home/Personal and Office 365 Business Premium. This new subscription-based software model surpasses the old version of the Office business enterprise software in several ways. As a business, if you want to stay competitive, efficient, and keep your data secure, you should embrace this change. So, this isn’t something you’re going to be able to avoid as a consumer of software—and frankly, you shouldn’t. Here is a little bit of information about why this change is so exciting. Subscription Software Model Security Recent cyber attacks like Facebook’s infamous data breach or Advent Health Medical Group’s cyber attack that lasted for 16 months are just some of the biggest incidents that have recently plagued the news. One solution for preventing these attacks? Keeping all your devices’ software updated at all times, with no exceptions. After phishing, vulnerabilities in old software are one of the most common ways for criminals to breach your company’s security, and it’s making them serious money (as in BILLIONS of dollars a year from businesses just like yours). Subscription models ensure you’re continuously running the most updated version of the software possible. With a subscription-based software such as Microsoft 365 for Business, the newest security measures are features are automatically updated as soon as they’re rolled out—minus the need to be aware that a new version exists, download it, and manually install it on your devices. Subscription Software & Microsoft Cloud One of the best examples of why this newer subscription-based software model is better than the old way of purchasing software is the massive difference between purchasing software one time, such as Office 2017, and having an Office 365 subscription. They share the name "Office," so it may sound like you are just paying for Office tools such as Word and PowerPoint over time instead of all at once. While you do have access to the whole Office Suite under a subscription-based model, you get so much more with it, too. Because Office 365 is connected to the Microsoft cloud, you’re able to collaborate on files in real time with Microsoft Teams. Do you use a file server or shared drive? Office 365, with its terabyte of storage per user, enables you to chuck that thing in the trash (it’s what we did and you should too). Backup your files? No need to spend time on that anymore. Do you have software that tracks mileage, does your accounting, manages projects, provides group chat, share files, hosts video and voice meetings with screen sharing, manages customer communication, books appointments, etc.? Office 365 combines all of these functions in one platform that you can access from anywhere in the world. By leveraging the Microsoft Cloud to not only provide you with the best suite of productivity software ever made, but a solution you can securely run an entire business with, this subscription-based model becomes a game changer. Automatic New Features Subscription software rolls out features as they are ready, not just when a new version comes out. You used to have to wait between releases of software to get new features; for example, a new version of Word only came out once a year. Not so with the subscription model—when a feature is ready for prime time, you get it immediately without any further effort or investment. Enhanced Scalability With a subscription-based model, your business only needs to pay for the software it actually uses. As your employee count fluctuates during times of seasonal scale-back or booming growth, so too do your costs and software needs. With the ability to exactly pinpoint the software that you need, it becomes less expensive to onboard a new hire when you don't need to pay for their software all up front. Additionally, when an employee leaves their position, you can simply cancel their account rather than letting it sit idle and drain resources. Microsoft's Subscription Software Model As we mentioned earlier, Microsoft is now selling Office by way of a new subscription-based product called Microsoft 365 Business. Why make the switch? It comes down to device management—and this is what has traditional managed IT service providers very nervous. Microsoft 365 Business gives even small businesses truly enterprise-grade device management tools, making once difficult IT tasks easy or simply unnecessary. These tools keep your devices safe and keep the data on your employees' devices from being compromised. If you lose a device or part ways with an employee, you can immediately revoke access or remove just your company's data from that device instantly while leaving everything else intact. In addition to truly enterprise-grade device security, deploying new devices becomes a breeze. Say you spill an extra large cup of coffee on your device, or it falls into a volcano. No problem, grab another one, enter your username and password, and in no time you’ll be back up and running—with all of your applications and data exactly how you left them. Companies that properly implement what Microsoft 365 Business has to offer see their IT demands and costs plummet. Instead of manually installing updates and tediously deploying new workstations, your IT staff can focus on the company’s mission. No longer worried about keeping you up and running, but where you’re running to. Really? If this all sounds like crazy talk, or you’re already ahead of the game and know that you are ready for a truly modern, connected office, give us a call, get a road map, and see how these changes not only bring a ton of value to your company, but can actually save you money. We’re here to schedule an introduction when you’re ready.  

HIPAA: Encryption is NOT Required…What?!?

Email Encryption and Services Healthcare HIPAA News
No, that headline is not a misprint. Contrary to common assumptions, Congress decided that the Health Insurance Portability and Accountability Act (HIPAA) should not—and, therefore, does not—require the use of encryption to secure your patients’ private medical data (aka, electronic Protected Health Information or ePHI). WARNING: IF YOU STOP READING NOW AND SIMPLY DECIDE THAT YOU DO NOT NEED ENCRYPTION, YOU MAY WAKE UP ONE DAY TO THE WORST FINANCIAL AND PUBLIC RELATIONS NIGHTMARE IMAGINABLE. SO, READ ON… Required vs. Addressable: What’s the Difference? Congress adopted two types of implementation specifications in HIPAA—“required” and “addressable.” Those labeled “required” must be implemented, or it will be deemed an automatic failure to comply with the HIPAA Security Rule. On the other hand, those labeled “addressable” must be implemented only if, after a risk assessment, the covered entity (that’s you, if you’re a Health Care Provider, Health Plan, or a Health Care Clearinghouse) has determined that encryption is a reasonable and appropriate safeguard for managing risks to the confidentiality, integrity and availability (CIA) of ePHI. A brief sidebar about the CIA triad: confidentiality protects against unauthorized disclosure, while integrity protects against unauthorized modification or destruction, and availability protects against disruptions to access and use of ePHI. Got it? Now, back to our story… However, if you determine that encryption is not reasonable and appropriate (think about this carefully), then you must document your rationale for that decision and do one of the following: Implement an equivalent alternative to encryption that is reasonable and appropriate; or If safeguarding ePHI can otherwise be achieved, then HIPAA even allows you to choose not to use encryption or any equivalent alternative measure, provided that you also document the rationale for this decision. [1] Shocking, isn’t it? Now, if you’ve thought about that carefully, you’re probably wondering something along the lines of: “What if HHS audits me and they don’t agree with my carefully documented rationale for deciding that encryption is not reasonable and appropriate to protect my patients’ private medical data?”  Perfect question! And therein lies the problem. It is difficult to even imagine a situation where it would be “reasonable and appropriate” to decide not to use encryption to protect ePHI. So, even though HIPAA does not literally require encryption, it effectively requires encryption because there is no reasonable and appropriate alternative for protecting ePHI. In other words, when it comes to using encryption to protect ePHI, there is little (if any) difference in Congress labeling it as “addressable” rather than “required.” Not using encryption is simply too risky for your patients’ ePHI and, therefore, even riskier for your business. Encryption: HIPAA’s Data Breach Safe Harbor Under the HIPAA Breach Notification Rule, there are essentially two types of ePHI—unsecured (i.e., unencrypted) and secured (i.e., encrypted). Under HIPAA, every breach of unencrypted ePHI requires you to provide time-bound notifications to: Affected patients; The Secretary of HHS (i.e., the federal government); and/or Prominent local/state media outlets. This, of course, will put you at risk of federal and/or state investigations, fines, possible lawsuits, and the worst kind of public relations disaster imaginable. This will almost certainly result in lost business and consumer trust. But there is good news… no… GREAT NEWS! Under the Breach Notification Rule, encrypted ePHI that is “breached” (e.g., lost, stolen, or accidentally/intentionally sent to the wrong recipient) is not considered a breach at all. How? Because ePHI that is encrypted cannot be read or otherwise used without the key(s) required to decrypt it. So, if you use it, encryption is your lawful HIPAA-endorsed safe harbor against everything you want to avoid in the event of a breach of ePHI. Going back to our previous segment, even if you somehow came up with that rarest of all situations—where using encryption to protect ePHI was not reasonable and appropriate, you still need to use it because doing so gives you a complete “out” when the worst of all possible ePHI scenarios—a data breach—occurs. In summary, although HIPAA does not literally require encryption, Congress nonetheless has effectively mandated its use because: It is all but impossible to think of a real-world situation where encrypting ePHI is not reasonable and appropriate; and If you choose not to use it, you are exposing your business to a plethora of regulatory, legal, public relations, and/or financial risks that are easily avoidable by simply using encryption. Encryption with Microsoft Software Security is an enormous concern for businesses in any industry—but especially in those that deal with confidential and sensitive information, such as healthcare. So, what steps can your health care business take to protect itself? You can start by ensuring the software and collaboration tools your healthcare providers and employees use have robust security measures, especially when it comes to stored medical files and sensitive communications (such as sending a patient’s records between medical professionals). With a subscription-based, continuously-updated software like Office 365 Business, all tiers come equipped with data encryption, both for data at-rest and in-transit. This way, even if a data breach does occur, malicious users will not be able to understand your data without further hacking  capabilities. With Office 365 for Business, there is no need to worry about data encryption or even make a conscious decision about it—all of your communications and data through Teams and Office 365 will automatically be encrypted. Additionally, as long as you can connect to the subscription-based business enterprise software’s server, you will always have the latest security patch for the software. Office 365 security even goes a bit beyond simply applying patches to fix security vulnerabilities. If your business is utilizing the Premium tier of the software, users will also get: Enforced multifactor authentication for users; Region-based data residency; and Phishing email protection (in the Outlook tools). These Microsoft Office security benefits help to safeguard the business against cybersecurity breaches and have peace of mind that your confidential data is always encrypted. To set up Teams and Microsoft 365 for Business so your healthcare organization can experience data encryption, reach out to the team at Protected Trust today. Sources: [1] See: 45 CFR § 164.306(d)(3) detailing the difference between “Addressable” and “Required” implementation specifications at http://www.ecfr.gov/cgi-bin/retrieveECFR?n=sp45.1.164.c#se45.1.164_1306; 45 CFR § 164.312(a)(2)(iv) labeling encryption and decryption as “Addressable” at http://www.ecfr.gov/cgi-bin/retrieveECFR?n=sp45.1.164.c#se45.1.164_1312; and the HHS HIPAA Encryption FAQ at http://www.hhs.gov/hipaa/for-professionals/faq/2001/is-the-use-of-encryption-mandatory-in-the-security-rule/index.html

Editor's Picks

What You Need to Know About Microsoft’s Upcoming Licensing Changes

On June 25, 2018, Microsoft announced a series of price and licensing changes that became effective ...

What are the differences between Microsoft Office 2016, Office 2019 and Office 365?

Microsoft Office may be the de facto productivity tool for millions of workers worldwide, but it's ...

It’s your complete office in the cloud.

We have helped leaders at the most influential companies over the last 20 years remove complexity from technology while empowering people to connect from anywhere.

Schedule a Call

Why Software is Moving to a Subscription Model, and Why It’s a Good Thing

Over the past five years, you may have noticed that more and more software is moving away from ...

Feature Highlight: Microsoft Surface Security

Security for business should be your top priority, especially in today’s digitally-driven world ...

3 Modern Workplace Environment Trends

Today’s digitally-driven, inter-connected, and modern workplace environment looks a whole lot ...

How to Get More out of Office by Using the Microsoft CSP Program

Microsoft Office 365 can be an incredibly useful and convenient tool for enhancing productivity and ...

3 Benefits of Microsoft Office for Government Employees

Microsoft Office for government employees is specifically designed to meet the unique needs of ...

Why You Need Microsoft and LTE Advanced for Business

In today’s interconnected and digitally-driven world, being able to effectively get the job done ...

A Definitive Guide to Choosing Microsoft Surface Devices

The Microsoft Surface family of devices encompasses many kinds of computing and business ...

Microsoft ATP Uncovers Critical Security Flaw in Huawei Drivers

In almost any industry, cybersecurity is a critical issue. Computers used by employees frequently ...

Feature Highlight: Microsoft Surface Mobility

In today’s modern workforce where remote working is commonplace, business mobility is essential for ...