by Scott Muniz | Jan 29, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Have you ever thought about paying for a training program to learn how to invest in real estate or start an online business? These programs can be pricey — and some make false promises about helping people make money. In fact, the FTC has sued plenty of real estate investment training and online business coaching programs that have done exactly that, while charging people thousands — or even tens of thousands — for those programs.
Pricey deceptive coaching and investment schemes often involve deceptive financing, as well. Today the FTC filed a complaint against Seed Consulting LLC, a company that claims to offer financing to aspiring entrepreneurs interested in buying a training program. But, the FTC says, Seed Consulting is not a lender and doesn’t offer any financing itself. Instead, Seed Consulting charges people $3,000 or more merely to submit credit card applications on their behalf. In addition, the FTC says, Seed Consulting improperly encouraged people to significantly overstate their income to get credit of $50,000 or more on these new cards.
You can probably predict what happened next to people who paid Seed Consulting: according to the FTC, they often ended up mired in debt with lower credit scores while Seed Consulting took in more than $10 million from their funding scheme.
So how do you protect yourself from deceptive training and financing schemes?
- Do your research before you act. Take a few minutes to search online: look for the name of the company and the words “review,” “complaint,” or “scam.”
- Be skeptical of any company that charges you a hefty sum to secure credit card financing. When such financing is warranted, you can typically obtain it directly from the credit card issuer on the Internet or via phone without any middlemen or fees.
- If a company encourages you to inflate your income on a credit application, walk away. Income information on credit applications must be truthful.
- Check out alternatives. Look at free or low-cost info on investing in real estate or starting a business before you buy a big, expensive training program. And certainly do that before racking up charges on new credit cards to pay for it.
- Talk it over with someone first. Tell someone you trust about the details of the investment training program. And tell someone how the company suggests you should finance the cost of that training.
Don’t be pressured into a quick decision. Scammers often say their offer or pricing is only available for a limited time. But deals will always be there. And remember: there’s no such thing as a sure-bet investment that has a high return but little or no risk. If someone offers you one, tell the FTC: ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Contributed | Jan 29, 2021 | Technology
This article is contributed. See the original author and article here.
Background
Azure offers several options for ISVs to deploy and sell their solutions to US Government customers. The important first steps for any ISV to consider before embarking on the journey to sell to US Government customers are:
- How do you intend to sell your solution?
- Is this sold as traditional COTS (Commercial Off-The-Shelf) where the US Government customer will simply buy the solution and then operate it within its own Azure tenant, or
- Is this a fully hosted SaaS offering where the US Government customer will consume the solution from the ISV’s tenant, or
- Will it be a combination of the two, where the US Government customer hosts the solution within their tenant but the ISV owns the operational aspect of the solution?
- What are your regulatory requirements?
- Typically, most Federal agencies will require a FedRAMP Moderate or High ATO.
- If doing business with the DoD, it is likely that they will require a DoD CC SRG IL4/IL5 ATO.
- Specialized compliance requirements such as CJIS, IRS 1075, ITAR, and DFARS may also be required by the end customer.
Choose the Appropriate Azure Region
Azure meets differing levels of compliance considerations across our regions. Select the region that meets the needs of your end customers.
Figure 1: Compliance by Azure Region
Azure Services Compliance by Region
Azure services achieve overall compliance and ATOs based upon the required audit scope. As pictured above, our US Public Commercial regions meet the FedRAMP Moderate/High needs of our US Government customers. Higher level ATOs are met within our US Government Regions. The overall regulatory requirements that the ISV solution must meet will inform the regional selection decision.
Azure services are submitted to the US Government for authorization on a monthly basis. For an up-to-date reference by audit scope for our Commercial and Government regions, please refer to Azure Services in FedRAMP and DoD SRG Audit Scope – Azure Government | Microsoft Docs. The top of the page refers to our Azure Public Commercial regions and the second half is specific to our Azure Government regions.
Understanding FedRAMP/DoD Compliance Requirements
FedRAMP is a government-wide program that provides a standardized approach to security
assessment, authorization, and continuous monitoring for cloud products and services.
- Cloud services that hold/manage federal data must have a FedRAMP ATO.
- FedRAMP High has essentially the same control requirements as DoD CC SRG IL4, although they require separate submissions for authorization.
- DoD CC SRG IL5 requires everything from IL4 and then adds controls.
There are two ways most ISV’s authorize a cloud service through FedRAMP:
- Joint Authorization Board (JAB) provisional authorization (P-ATO), and/or
- Using an individual Agency as a sponsor, called an “Agency ATO”.
An Agency ATO is the most common method for sponsorship as often there is a specific agency that wants to purchase the ISV’s solution. For help deciding which option to pursue, refer to this guide: https://www.fedramp.gov/jab-or-agency-how-do-i-get-a-fedramp-ato/.
Does the ISV Need Their Own ATO?
Based upon how the ISV intends to sell/operate the solution, they may or may not need their own ATO.
IF
|
THEN
|
· The ISV is hosting within its own tenant/ subscription that the end customer will access (typical for a SaaS offering) and/or,
· The ISV has control/management of the end customer’s data
|
The ISV is responsible for compliance and must attain their own ATO
|
· The ISV provides software to the end customer (COTS model) and,
· The end customer operates the solution within their own tenant/subscription
|
The end customer is responsible for compliance
|
· The end customer hosts the solution within their own tenant/subscription and,
· The ISV is responsible for managing/operating the solution on behalf of the end customer
|
Joint responsibility for compliance
|
Options to Achieve an Independent ATO for an ISV’s Solution
In general, there are three methods to achieve an ATO for an ISV’s solution.
- Contract for Compliance Consulting
- Guides the ISV through the controls required and how to architect, build, and deploy the solution such that it will meet the requirements.
- Consultative in nature, generally time & materials-based approach.
- Most time consuming (12 – 18 months) and expensive method to achieve an ATO.
- Example: CoalFire, Quzara
- Utilize a Compliance Automation Solution
- Pre-built cloud environment that deploys within an ISV’s tenant.
- Automated SecOps, DevOps, and document production.
- ISVs can be audit-ready in 60 – 90 days at typically less than half the cost of the consultative model.
- Examples: Anitian, CoalFire Accelerated Cloud Engineering
- Utilize a Managed Cloud Service Provider
- Contract with a provider to host and manage the ISV’s solution within their FedRAMP compliant Azure cloud offering.
- Typically the fastest way to achieve an ATO and bring the solution to market.
- Costs vary depending on the level of services consumed.
- Example: ProjectHosts
Once your solution is ready to be audited, a Third Party Assessment Organization (3PAO) needs to be engaged to perform an audit of the solution and produce a Security Assessment Report (SAR) which establishes the basis for the resulting ATO.
Obtaining an Enrollment in Azure US Government
If the ISV determines that they need a US Government enrollment to meet their regulatory requirements, they must first meet the requirements:
- Must be providing services/solutions to a government entity, be a GSA vendor, or have a government contract vehicle in place.
- Must have a US-based HQ with a physical address within the US. It is ok if it is a foreign parent company as long as they have a US subsidiary with a domestic physical HQ.
Once it is determined that the eligibility requirements are met, the ISV needs to request an enrollment. There is then a vetting process that gets started to verify that the requirements are met before the ISV is approved. This process typically takes 10 – 15 business days to complete.
- It is recommended that the ISV request a free trial subscription to start this process and get familiar with the US Government tenants and regions.
- Once the trial period is over, the ISV can transition to their normal procurement process for Microsoft technologies (Enterprise Agreement or via a Cloud Solution Provider).
Azure US Government Regions
There are 5 regions in the US Government Unclassified space:
- US Gov VA (Primary, includes Availability Zones, GA as of Feb 2021)
- US Gov AZ (Primary)
- US Gov TX (DR for both VA and AZ)
- US DoD Central (DoD workloads only)
- US DoD East (DoD workloads only)
Additional Resources
Request customer responsibility matrix, SSPs: azfeddoc@microsoft.com
Join our Upcoming Webinars
This topic will be discussed on the first Tuesday of every month, beginning February 2nd. Visit the event page and sign up for a delivery that fits your schedule. The US Government specific deliveries are entitled “The Azure Government Marketplace Opportunity”.
About the Author
Chris Billet | LinkedIn
Principal Program Manager
Azure Global US Government Engineering
Chris is part of Microsoft’s Azure Global Engineering team specifically focused on US Government customer and ISV adoption of the Azure platform. Chris helps customers/ISVs understand their regulatory requirements and how to select the appropriate Azure region for their workloads. He also works as a liaison between our end customers/ISVs and our product groups when features/deployment timelines need to be prioritized in support of anticipated production workloads.
Chris attended Bloomsburg University of Pennsylvania and earned a BS in Computer Science with a focus on Application Development. In 1994 Chris started his career as a software developer at an ISV that provided solutions to the Healthcare industry, specifically Hospital Management Systems. In 2003, Chris earned his MBA from Penn State University in a part-time night school program.
In 1999 Chris joined Microsoft as an Enterprise Strategy Consultant based in Philadelphia and worked with many SLG and Education customers in the Northeast. In 2004, he transitioned to a Program Management role in the Windows Product Group and subsequently a startup Product Group within DevDiv in Redmond. Transitioning back to field services in 2008, he supported SLG and Education customers from a consulting and Premier support perspective in the Southeast, based in the Tampa Bay area. In 2018, Chris returned to an engineering role, joining Azure Global Engineering with a focus on supporting our US Government customers.
by Contributed | Jan 29, 2021 | Technology
This article is contributed. See the original author and article here.
Microsoft partners like Center For Internet Security, DataVisor, and SPIN Analytics deliver transact-capable offers, which allow you to purchase directly from Azure Marketplace. Learn about these offers below:
|
CIS Microsoft Windows Server 2016 Benchmark L1: This image of Microsoft Windows Server 2016 is pre-configured to the recommendations in the associated Center for Internet Security benchmark, which was developed for system admins, security specialists, auditors, help desk professionals, and others who plan to develop, deploy, assess, or secure solutions that incorporate Windows Server 2016.
|
 |
DataVisor Feature Platform: DataVisor’s Feature Platform enables users to build sophisticated machine learning models with advanced features, accelerate the feature engineering process, and deploy features rapidly in production. The platform supports real-time and batch processing and seamlessly integrates with your and DataVisor’s machine learning solutions.
|
 |
RISKROBOT: Credit Risk Model Automation: Developed by SPIN Analytics, RISKROBOT uses artificial intelligence to combine expert judgement with risk modeling and machine learning techniques on big data. RISKROBOT supports credit risk models for retail, commercial, and corporate products and portfolios to produce accurate predictive analytics for effective risk management. |
|
by Contributed | Jan 29, 2021 | Business, Microsoft 365, Office 365, Technology
This article is contributed. See the original author and article here.
This month, we’re announcing the general availability of highly requested features Tasks publishing and Breakout rooms in Teams along with new capabilities in Teams and Microsoft 365 services.
The post From breakout rooms in Microsoft Teams to AI in To Do—here’s what’s new to Microsoft 365 in January appeared first on Microsoft 365 Blog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Contributed | Jan 29, 2021 | Technology
This article is contributed. See the original author and article here.
This post was authored by Adam Wasserman, Solutions Architect at Databricks and Clinton Ford, Staff Partner Marketing Manager at Databricks.
The importance of supply chain analytics
Rapid changes in consumer purchase behavior can have a material impact on supply chain planning, inventory management, and business results. Accurate forecasts of consumer-driven demand are just the starting point for optimizing profitability and other business outcomes. Swift inventory adjustments across distribution networks are critical to ensure supply meets demand while minimizing shipping costs for consumers. In addition, consumers redeem seasonal offers, purchase add-ons and subscriptions that affect product supply and logistics planning.
Supply chain analytics at ButcherBox
ButcherBox faced extremely complex demand planning as it sought to ensure inventory with sufficient lead times, meet highly-variable customer order preferences, navigate unpredictable customer sign-ups and manage delivery logistics. It needed a predictive solution to address these challenges, adapt quickly and integrate tightly with the rest of its Azure data estate.
“Though ButcherBox was cloud-born, all our teams used spreadsheets,” said Jimmy Cooper, Head of Data, ButcherBox. “Because of this, we were working with outdated data from the moment a report was published. It’s a very different world now that we’re working with Azure Databricks.”
How ButcherBox streamlined supply chain analytics
ButcherBox uses Azure Databricks to generate its Demand Plan. When Azure Data Factory (ADF) triggers the Demand Plan run, Azure Databricks processes supply chain data from Azure Data Lake, vendor data and Hive caches. New outputs are stored in a data lake, then Azure Synapse updates Demand Plan production visualizations.
Batching/microbatching orchestration with Azure Databricks
Learn more and get started
See more detail in this blog post and visit the Azure Databricks page to learn how you can get started and accelerate your business growth.
Recent Comments