Tag Archives: security

Disaster Recovery

The Increasing Importance of Disaster Recovery Planning

Disaster RecoveryHow secure is the cloud, and how much need is there to have a disaster recovery plan? These are valid questions as the Internet of Things (IoT) comes into full bloom and the world becomes increasingly digitized.

Recently, an outage of Amazon Web Services (AWS) brought some attention to cloud disaster recovery. For companies running critical systems in the public cloud, this outage made them more aware of the potential for problems. However, despite the human error that led to this outage, a public cloud infrastructure still has advantages to on-premise data centers. At the same time, cloud IT services aren’t impervious to issues, which is why it is critical to have a disaster recovery plan in place.

Whether you’re a company as large as Amazon, or a mom and pop startup operating in the cloud, you need to focus on business continuity and disaster recovery options. These strategies, when properly implemented, will help you protect your data.

Your strategy should center around backing up data at multiple, geographically disparate locations. Should a natural disaster occur and several data centers are wiped out, the data will still be available from a location that is far removed from that natural disaster.

The loss of data can come at a great expense for your company. Take British Airways as an example. The company experienced a computer failure that resulted in losses estimated around $200 million. The damage to the British Airways brand was significant as passengers around the world were left stranded. While the company continues to blame a power surge for the problem, it’s rumored that the fault was actually with a back-up system that was supposed to provide uninterrupted power to the computer system.

While cloud-based systems are most often a better choice than on-premise solutions, it’s not always the right answer in every situation. Cost for long-term use can be prohibitive for some organizations. Also, due to a shortfall in qualified individuals working in cloud infrastructure, security is sometimes suspect. While it’s true that some cloud types offer better security than others, organizations give up control over too much of their data in many cases.

At MicroCorp, we are a master agent that takes cloud security and disaster recovery very seriously. With many years of experience in offering multi-layer support services, we have our agents and their clients covered. Contact us today and let’s discuss how you will maintain control over your data while experiencing top-notch business continuity and disaster recovery efforts.

What are the Security Benefits of a Multi-Cloud Solution?

Learn about how disaster recovery, cloud storage, and more can help improve your cyber security.A multi-cloud approach works well for a large number of enterprises. RightScale’s 2017 State of the Cloud Report found that 85 percent have a multi-cloud strategy. That is up from 2016 where 82 percent reported a multi-cloud approach.

There are several benefits to implementing a multi-cloud solution:

  • Disaster recovery: A cloud outage serves to demonstrate the potential pitfalls of a single cloud solution. Many companies haven’t fully thought through their disaster-recovery procedures, but multi-cloud does offer protection compared to a single point failure.
  • Prevention of lock-in: Enterprises are reluctant to lock in with only one vendor, and multi-cloud approach allows them the flexibility to switch vendors or take advantage of the benefits of each of a variety of vendors.
  • Workload performance: Enterprises like the ability to match the workload with the cloud provider that makes the most sense. For instance, Windows applications workloads match best with Microsoft Azure.
  • Cloud hydration: One of the challenges of digital transformation is the movement of data from traditional storage to cloud storage. A multi-cloud environment makes it easier to concurrently move data to new cloud platforms.

A couple of major, multi-hour cloud outages that occurred this year provided some guidelines for establishing an even better, more secure multi-cloud solution:

Store data in two locations. In case of a cloud outage, it’s a good idea to store data in two places so that you are never fully compromised on your ability to access data. There are several approaches to this, such as storing data both in a cloud storage solution and an on-premises server, or you can use a single-cloud solution with multiple access points.

Choose redundancy architecture: Duplicate your major applications in multiple locations. Whether you are employing public or private cloud, a hybrid solution or an on-site system, consider implementing redundancy policies so that you avoid lock-in with one provider or the risk of not being able to access your key software during an outage.

Check out the competition: Check out their competition, not yours. The increase in cloud providers means that you can use a multi-cloud solution to choose the applications that make the most sense for you, based on both cost and security features of the provider.

Choose native storage options: This means that you want to choose providers and storage solutions in which storage is a core feature, not an additional feature that’s “bolted on” to another application.

At MicroCorp, we come alongside you to help you design a secure multi-cloud environment that matches providers to your specific business needs. Call us today for more information.

Four Steps to Be Sure Your Security Isn’t at Risk Because of Your Vendor

Make sure your cloud provider isn't jeopardizing your cyber security.It seems like every day there’s a new security breach in the news. Some IT professionals have recurring nightmares of their company’s name splashed across the headlines and a pink slip in their mailbox. What isn’t often reported in these stories, however, is the vendor’s role in that security breach.

When you engage in a cloud provider/vendor relationship, you probably spend a lot of time making sure performance and contract compliance are priorities. For many companies, though, there’s not enough time spent on determining who is covering each aspect of security. Here’s what you need to know:

1. Put it in the contract. Your vendor contract should include specific and precise information about your responsibility and your vendor’s for security coverage. Include the following items:

  • Security reviews and periodic audits
  • Cyber insurance
  • Access controls
  • Incident response
  • Risk sharing

2. Schedule security audits on a regular basis. These can be questionnaire-based or they can include as much as an on-site audit, depending on the level of risk and investment you have with that vendor. You can also use a mix of approaches, with on-site visits occurring less frequently based on the responses you receive on the questionnaires.

3. Make SOC a requirement. While current System and Organization Controls (SOC) reports won’t provide you with insight about the risk level of your vendor’s security management protocols, there is a new SOC report framework — called the SOC for cybersecurity — that audits cyber risk security management. You should include provisions in your contract that require your vendor to perform a SOC audit each year or whenever there’s a significant change to their security structure.

4. Conduct access and security reviews:
 This should be a daily review by your team to determine whether there’s any unusual activity coming from your vendor. There are independent services that will conduct these reviews, and though you may generate some false positives at times, you do need to be regularly examining the activities of your vendor with your system.

Security isn’t likely to be the most exciting topic on your list when considering a migration to cloud solutions. If you’ve been through the implementation of a cloud application, though, you likely have seen the security-related problems that can come up.

Get out ahead of any security concerns by including specific provisions in your vendor contract. Decide who will cover each area of security and make sure that security is a prioritized part of the conversation, rather than an afterthought. You may assume that because a vendor offers the latest software available, that they also have a proactive security solution. As you’ve seen in the news, it’s your reputation on the line.

If you want to work with a partner that values your security, talk with MicroCorp. We take a proactive approach to our clients’ security and partner with you to make sure that your system and your data are protected. Make an appointment with us to talk about the right solutions for your company and the steps you need to take to protect them.

Security, SMB

SMBs Ready to Embrace Managed Security Services

Are you selling managed security services to SMBs?Small and mid-sized businesses (SMBs) have traditionally not been keen on outsourcing for a few reasons, but a sea change is occurring for SMBs when it comes to security and technology. Businesses using managed services to handle security needs have to hand over mission-critical control of their network infrastructures to service providers. A rising number of SMBs are electing to do this and more.


In-House Security Losing Steam

While managed security was initially popular with enterprises hoping to simplify and coordinate security across multiple locations, it is looking more and more attractive to one- and two-location business owners who realize these threats are indiscriminate in who they target.

With new security threats churning out at a fever pitch, it is almost impossible to stay relevant with security in-house. Even with just one location, adequate security needs to consider firewall management, intrusion detection, malware detection, compliance requirements, email encryption, user authentication, and, most importantly, active monitoring.

According to a study cited in CIO, 40% of businesses are using part time employees to manage their security. That is alarming. This setup compromises effective monitoring and cuts down on time to detect attacks from 24/7 to someone not even on the clock 9-5. The level of scrutiny and speed of reaction need to be looked at if you want to take your network security seriously. Outsource to a provider that guarantees around-the-clock monitoring in the service level agreement. Employees do not come with SLAs.


Security Specialization

The number and variety of security threats facing businesses today require true specialization to conquer. Although enterprise businesses led the charge for managed security, there is a multi-dimensional landscape of security concerns that affect businesses of all sizes. Skills and time are at a premium, and a greater number of business owners are finding security is not a piece of their business they want to gamble on.

What is your peace of mind worth? MicroCorp can connect you with a portfolio of managed security providers to find the right fit for your customer’s security vulnerabilities.

Hacker

Preparing for Today’s Generation of Ambitious Hackers

Make sure your cyber security strategy will protect your business against today's hackers.Online businesses are increasingly improving against their brick-and-mortar counterparts. With this success, however, has come a whole new threat: the rise of a cyber attacker who isn’t showing much restraint, even for the biggest targets.

Hacker Ambition on the Rise

In just the last couple years, hackers have been seen going after targets that even five years ago might have been unthinkable. While retail store breaches were standard fare, new cyber attackers pursued online banks, and some evidence suggests that hackers may have even targeted the 2016 U.S. Presidential Election, though to what extent is unclear.

The growth of the Internet of Things (IoT) has emboldened some hackers, who in another incident used connected devices as part of a massive botnet of semi-autonomous connected devices to engage in distributed denial of service (DDoS) attacks that shut down websites.

Surprising Weaknesses Appear

Perhaps the good news in the current hacking-filled environment is that it reveals just how insecure networks really are. Stolen credentials are only the beginning, and lower-tech attacks do plenty of damage as well. Business email compromise–essentially just highly-targeted phishing operations–caused $3 billion in losses over three years, according to Symantec.

More Cloud, More Problems

Perhaps worst of all, companies are contributing to their own downtime through everyday business processes. The growth of the IoT is putting more potential points of access into play, and many of these are poorly secured thanks to a faulty perception that a connected device is a low-value target. The device itself may be, but the network that it’s connected to is of much higher value.

Symantec’s reports were grim on this front as well; attacks on IoT devices doubled throughout 2016, and at the worst of it, there was one attack every two minutes on an IoT device. Increased movement to cloud-based systems was likewise bringing out fresh targets of opportunity for hackers.

Eternal Vigilance Is the Price of Liberty…Online

So what can be done? Proper security must be observed at every turn, even when doing so seems inconvenient or cumbersome. Furthermore, the tools to protect security must be improved; after all, tools that cause as many problems as they prevent aren’t worth using.

Tools like those found at MicroCorp can be a great start toward a process of continuous security improvement, helping users better protect systems against outside intrusion. It’s a project that requires everyone’s cooperation, from the end user to the security developer, and one that makes us all safer. For more information about how MicroCorp can help secure your business, contact us today.

Use #WannaCry to Your Advantage

Channel partners can take advantage of ransomware like #WannaCry to provide more cyber security solutions.The ransomware attack from early May that affected more than 200,000 people and computer networks in more than 150 countries is an opportunity for partners to have a conversation with their customers about security. While it may seem heartless to use a cyber attack as a sales tactic, this is more about protecting customers for the future, and making sure everyone has a backup plan.

The malware, dubbed WanaCrypt0r 2.0, or WannaCry, affected Europe the most. Companies from FedEx to Telefonica, universities to hospitals, were attacked. The pervasive nature of this most recent incident should be the kicker for partners to start checking on customers’ security strategies. Of course, there are obstacles, but there are ways to overcome them.

Something is better than nothing

More often than not, a company’s CTO will shrug off security solutions as too expensive. Small and medium-sized businesses cannot often afford the $25,000/month price tag for a soup-to-nuts solution. But partners should emphasize that customers do not need to go whole hog in order to protect themselves “just enough.” There are pieces of solutions that go for a fraction of the package price that will protect customers somewhat — and that could make or break their business.

The true cost of a breach

60% of small and medium-sized businesses are out of business within six months of a cyber attack. Further statistics show that companies spent an average of $879,582 in the aftermath of damage or theft of IT assets. And disruption to normal operations cost an average of $955,429.

Partners can show these quotes to their customers. Then they can ask the CTO if he really thinks that investing in a security solution today isn’t worth the money.

Take this most recent ransomware attack, the Target breach of 2013, and any one other of the myriad cyber attacks of the last couple of years, and present the case to customers. Now is not the time to shy away from protective technology. Emphasize that the true cost of a security breach is a customer’s entire business.

You don’t have to be the expert

Don’t let the daunting nature of security technology be the reason you leave your customers without solutions. Take the time to get with a couple of providers that have security products to find out about what the solutions are, and then you’ll be in a good place to talk to your customers about security. You can admit you are not the expert, but you work with experts, and can connect your customers. That’s where a program like MicroCorp’s Team Alliance Program comes in. The program is designed to connect partners with experts of all kinds in the channel — security is no exception.

At the very least, your customers should have a basic security assessment done. Discuss where they are vulnerable with them so they know where their risks are. From there, it is their decision about how robust they want to get with a security solution.

Putting your head in the sand isn’t going to make the risk go away. Talk to MicroCorp today about how to proceed with working with your customers on securing their businesses for the future.

Reasons Your Technology Will Never Be Exclusively in the Cloud

Cloud adoption is increasing, but your technology will never be cloud-exclusive.It’s a nice picture, imagining all your software needs handled by one neat cloud service. In that picture, your team works without the encumbrance of hardware and your updates never interrupt anyone’s processing. You pay your monthly support and subscriptions, but are never forced to face a board of directors in a tight, itchy suit to get approval for a monstrous new software implementation.

The picture is nice, but it’s likely a corporate fairy tale. There are plenty of reasons why the idea of a cloud-only software environment is probably never going to be a reality:

Getting access: One of the key barriers to an exclusively cloud environment is the need for employees to be able to access applications. Even if every application is housed in the cloud, you’ll still need a way to get to your software and a way for your IT team to govern which team members are authorized to access each application.

Lifecycles of certain products: If you work in an industry in which products have a short lifecycle, it may seem that it’s just a matter of time before everything is in the cloud. On the other hand, when you consider a product like insurance, for example, you can see that on-site systems will be necessary for a policy that was created decades ago in an on-premises mainframe.

Security: The security of cloud software is often debated, but some aspects of the security issue aren’t related to whether cloud technology can protect your data. Some security discussions are about the possession of information and its legal, physical and virtual location according to regulations. IT professionals in the financial, banking, and legal industries must tread carefully when they consider cloud-based applications. There’s good reason to believe that some industries will never embrace cloud solutions because it would compromise legality.

Lock-in: Enterprises are often wary of the idea of locking in with a particular provider of cloud services. Even though cloud technology comes with agility and flexibility, it still requires an investment of time and money to implement a new application. As a result, companies are reluctant to partner with a single cloud services provider in a way that may prevent them from adopting other software that they need to optimize productivity or reduce costs.

To determine how to implement the best possible mix of cloud and on-site software for your company, talk with our consultants at MicroCorp. We can help you identify the applications that are a good initial choice for cloud software to improve efficiency and reduce costs.

Preparing for the Next Generation of Security Intelligence

Here's what channel partners need to know to provide cyber security to their clients.Are you familiar with security intelligence? If not, you should be. Here’s what you need to know about this growing data-gathering activity that will protect your digital assets from cyber criminals.

Introducing a New Kind of Intelligence

Since cyber threats continue to increase regardless of how sophisticated cybersecurity software gets, governments and businesses are turning to the next phase of defense — intelligence gathering. This solution involves collecting huge amounts of actionable information on cyber threats, then using big data tools to protect organizations from outside threats.

Time and Cost Efficiency Factors

IT teams should not go overboard chasing intelligence if it’s not helping the company. Security intelligence is meant to enhance security systems, not replace them. If a company devotes too much time and money to this data collection process, they may lose focus on what the business is really about — which is making money, not spending money. The key is to synchronize big data tools when necessary to guard against dangerous attacks.

Modern malware can hide for many weeks in a network before it initiates damage. It can be prevented using machine learning strategies that predict disasters. Detailed intelligence will help companies determine the safety of their existing protection.

Cyber Myths

Before venturing into big data collection, you should be aware that many myths surround intelligence gathering in the digital world. It’s not designed to predict presidential elections, military outcomes, or the stock market. Many people may assume too much from the word “prediction.” What this intelligence does is bring together the most relevant data on cyber threats so that analysts can quickly make determinations on avoiding disasters.

In recent years, a majority of North American and European businesses have been victimized by cyber crime in some form. As much as the government is working to crack down on cyber criminals, all it takes is one attack to wipe out a business. The Internet of Things and expanding interconnectivity of devices are creating increased vulnerabilities.

Perhaps the biggest cyber-myth of all is when companies believe that simply installing firewalls and doing routine screening for bugs will be sufficient protection against cyber threats. Adding security intelligence will help businesses gain more confidence in their protection from cyber crime moving forward.

Conclusion

Firewalls, ransomware protection, and other security solutions can be maximized when using data collection and analysis software that predicts cyber attacks. The reason governments and corporations are adding security intelligence to their systems is because they anticipate cyber crime to escalate in the coming years. Contact us to learn more about how MicroCorp can strengthen your defense against cyber crime and improve profitability.

SD-WAN: Panacea or Pandora?

Get the truth about what SD-WAN can do for your clients.SD-WAN is getting a great deal of air play in the industry right now, promising to solve every network challenge that embattled network architects and operators are experiencing today from insatiable bandwidth requirements and costs through simple network resiliency and management. But what is marketing fluff, and what is real? What are the real drivers behind this latest “transformational” technology, and what problems does it really solve?

More Affordable Network Needed

With increasing workloads and performance requirements, especially with the proliferation of cloud-based applications, the need for predictable, high-speed, secure, and diversified networks is escalating. It simply isn’t always financially feasible to deploy diverse MPLS links to multiple distributed offices.

SD-WAN enables companies to take advantage of less expensive internet access rather than managed private networks while still getting the benefit of the types of capabilities provided by an MPLS network. In many areas, tier one direct internet access actually (and maybe surprisingly) provides lower latency, lower jitter, and lower packet loss than its expensive MPLS counterpart, so companies with a large number of distributed offices can expect to see real cost benefits with an SD-WAN network versus a traditional MPLS network.

Simpler and Faster Deployment

MPLS circuits can take months to provision and turn up. The underlying internet access types that SD-WAN can take advantage of can be faster and easier to deploy. However, don’t be misled by the myth that SD-WAN is simple to deploy.  There is still a substantial amount of planning and configuration to be done. Beware of the “plug and play” misconception and investigate how each solution is deployed, as they are all different.

Management

Not all SD-WAN solutions are as easy to manage as you might think, and not all management portals provide the same functionality. Whether you are looking at a service provider-managed solution, your own “book end” managed solution, or are using a dedicated SD-WAN network provider, look carefully at what priorities you can set and what monitoring you can do. Are these to device level (MAC address) or location level (essentially just network aggregation and optimization solutions)?

And, most importantly, don’t forget about how software updates are applied and managed and how template policies are set and administered — the very things you would think about when managing routers in your network.

Security

There are claims made that MPLS is more secure than SD-WAN. In reality, an MPLS network is only as secure as the accuracy of the MPLS provider’s switching. The use of IPSec connectivity and additional service chaining in an SD-WAN environment should be more than sufficient to address most security concerns.

 

Vendor Maturity

You can’t simply turn to Gartner’s magic quadrant and pick a leader. The industry is too young, with many new market entrants. Whatever deployment method you are going to use, be sure to check the underlying equipment vendor’s track record.  Financial stability and investors are important. Ask for references and don’t forget to look under the hood at the vendor roadmap to understand future solution enhancements such as scalability.

MicroCorp was a pioneer when MPLS came along. We have over 30 years of experience delivering complex network solutions and helping businesses discover the right technology for their operations. Contact us to learn more about a partnership in adding SD-WAN and related technologies to your portfolio of solutions.

SD-WAN: Get Past the Hype

Get past the hype and learn what SD-WAN can truly do.While SD-WAN officially flew past the hype stage of Gartner’s emerging technologies cycle in 2015, but it is still in that stage for many a partner, agent, and CIO.

It’s important to step back and recognize what SD-WAN can and cannot do for businesses. With all the noise out there, SD-WAN is still in its “wild west” phase. How do we cut past the industry buzz and get to the heart of what SD-WAN is all about?

Examine how its benefits apply to your customer’s business.

Not everyone needs SD-WAN, contrary to what you’ve been hearing. Additionally, some SD-WAN providers have crafted marketing to make it seem like their solutions apply to everyone, but they can’t look at each business’s network. Partners should look at what applications their customers are running to determine if SD-WAN is for them.

If your customer is primarily a mid-market account that’s not doing much other than running voice across a WAN and their apps are in-house, that is a perfect case for SD-WAN. But if you’ve got an organization that is highly regulated (such as banking, healthcare, or government), they are going to be slower to adopt, and it might hamper their business instead of bolstering it. Remember: they were also slow to adopt MPLS.

Oh yeah, what about MPLS?

Great question. MPLS is not going away — it’s a proven technology. There are likely to be some improvements to MPLS because the SD-WAN market is forcing the hand of the providers to change the way they deal with MPLS from a customer standpoint.

Some carriers are urging not to sell SD-WAN against MPLS, but instead, with it. This is an important point considering that not all businesses need SD-WAN, and some are going to continue to do just fine with their MPLS solutions.

So, if some verticals aren’t suited best to SD-WAN, which ones are?

Retail is a great example of a market that will benefit. With dispersed malls, various stores, and large footprints, those outlets are running on slim margins, so they want good bang for their buck.

Where does security fit in?

This is tied to the vertical point. Banks need high-level security, and some SD-WAN solutions aren’t there yet. While every business needs top-shelf security (including retail), those businesses that consistently deal with classified or confidential information might need something stronger than what many SD-WAN solutions can offer right now. This is why partnering with the proper provider, can help layer on additional services that SD-WAN does not solve.

SD-WAN is on the incline that’s getting ready to peak, but there are a lot of things left to prove with this technology. Security is one of them.

As SD-WAN entrenches itself in the networking world, education will be a consistent requirement for partners. Contact us today to learn more about how the latest changes to the software-defined world affect how partners can succeed with new technologies.