Archive for the ‘Cloud Computing’ Category

Cognitive Search: A New Generation of Enterprise search

Enterprise search
A lot of organizations have begun making significant investments in digital transformation in order to fill their operational gaps. One of the areas seeing this transformation is search, mainstream search is broken. Data volumes are growing at an exponential rate – the digital world is expected to create 163 zettabytes of data in 2025, a 10x increase compared to 2016. The concern for a lot of companies will be making information easily accessible to employees and customers. Employees already spend too much time searching for content. According to one study, knowledge workers spend 20 percent or more of their day searching for relevant and timely content. Employees should have the ability to find information, and gain insight, via a spoken question, an image, a natural language text input, or virtually any other way that feels intuitive and natural. Traditional enterprise search functions have shortcomings that make it difficult or at times impossible for users to find the information they seek. Modern, machine-learning based search is capable of transforming the way employees find answers and gain insights. This approach is commonly referred to as ‘cognitive search’, an increasingly powerful way to handle the data and knowledge-sharing challenges that modern enterprises commonly face.

Cognitive search is radically transforming the process of retrieving files. Search has now transcended basic keyword matching; it has evolved to become ‘cognitive’ – the ability to provide relevant answers to natural language questions. Manually searching for documents and files within enterprise systems is declining. Large enterprises have begun showing a dire inclination towards this disruptive technology. With all the hype around cognitive search and artificial intelligence (AI) in general, it’s seemingly difficult to grasp how to actually apply these new technologies to improve the workplace. Having a basic understanding of cognitive search and how it relates to traditional enterprise search is the first step towards establishing an effective cognitive search system and setting it up for ongoing growth.

Enterprise Search Vs Cognitive Search

In a recent brief, Forrester, research firm, defined cognitive search as – “the generation of enterprise search solutions that utilize AI technologies like machine learning and natural language processing (NLP) to ingest, understand, organize, and query digital content from several data sources”. Cognitive software mimics human behavior like perceiving, inferring, reasoning, and making hypotheses. And when coupled with advanced automation, these systems can further be trained to perform judgment-intensive tasks. Enterprise platforms with cognitive computing abilities are capable of interacting with users in a natural manner. With time, they can learn user behavioral patterns and preferences. This allows them to establish links between related data from both external and internal sources.

The major drawback of traditional enterprise search is that information is typically poorly defined and datasets are dispersed across multiple systems. Although it allows for in-depth indexing, tagging and keyword implementation, this is not always sufficient when making data based decisions. Cognitive search fills in the gaps, and augments what enterprise search is capable of doing.

Cognitive search offers the potential for phenomenal improvements in the efficiency, relevance, and accuracy of insight discovery. While some may view cognitive search as simply traditional search augmented by artificial intelligence and machine learning, there is actually a complex combination of capabilities that distinguishes, and makes it superior to traditional enterprise search. Cognitive search transcends search engines to amalgamate a vast array of data sources, along with avant-garde tagging automation, greatly improving how an organization’s employees find, discover and access the information they require to complete their tasks.

Most of the design elements used to build enterprise search can be utilized as the foundation for implementing cognitive search. While enterprise simply locates the data, cognitive applies user analytics to it in order or enhance understanding while also unearthing deeper trends that may have otherwise been missed.

The Impact of Cognitive Search

The workflow of an estimated 54 percent of global information workers is interrupted a few times or more per month, when trying to get access to answers, insights and information. Cognitive search can shift that paradigm by extracting the most relevant piece of information from large sets of varied and intricate data sources. According to the Economist, while content doubles every 90 days, 80 percent of the content information workers rely on for core revenue generation activities remains unstructured. This dramatic growth of unstructured content has become a challenge for several enterprises.

With cognitive search, knowledge worker searching internal systems are more likely to find the information they need. Customers looking through a company’s website can more easily find answers to their queries online. From a customer service and marketing perspective, this is a huge plus since it directly translates to a reduction in call center volumes while increasing overall customer satisfaction. Like humans, cognitive systems learn on the job, as more information is made available to them. That’s excellent news, given the rate at which the digital universe is growing each year.

Most companies are already using cognitive applications to target marketing campaigns; however, cognitive search is yet to be widely adopted. This is starting to change, as NLP – which previously required complex hardware, approaches mainstream appeal, primarily via the cloud. Cognitive search will likely have a greater impact on enterprise operations.

 

Author: Gabriel Lando
image courtesy of freepik.com

Is Network Monitoring System Worth the Investment?

Your business’ digital network is your most important operations-enablement asset. A network problem could bring mission-critical business applications to a grinding halt. Inaccessible websites, unusable ERP applications, excruciatingly slow loading application screens, the inability of one system to connect with and communicate with another – and the list goes on.

 

 

Network Monitoring Tools – A Solution

 

Network downtime costs you severely. Maintenance, hence, is not only better than cure, at least from a network management perspective, but also financially a much smarter option. To do so, network administrators need to measure the network’s performance regularly, in terms of important KPIs. These measures are compared to threshold values to detect possible issues or potential problems in the making. This is made possible by network monitoring tools. These tools keep a stern watch on the network performance, push real-time updates to administrators, and carry out automated tests on the network to detect and report anomalies.

 

Why Does the Question of Evaluating Usefulness Come Up?

Enterprises want reliable and power packed software for everything they manage. Network monitoring software must bring about seamless and total network visibility round the clock, equipment monitoring capabilities, automatic alert setup, reporting, etc. Of course, there are costs associated with these features.

However, it must also be understood that enterprises are almost always prepared for minor application outages, and even tolerate them to a great extent. A few minutes or a couple of hours of downtime doesn’t bring down a mountain. Then, IT managers are always under pressure to reduce costs, are anyways overwhelmed with complex projects, and not easy to convince to approve the budget for new tools.

 

 

Are These Tools Worthy Investments?

How does one make a case for network monitoring tools? Are they even worth the investment? Well, these questions don’t have easy answers.

For an e-commerce business, a remote education business, and a financial institution, for instance, even an hour of downtime could cause serious branding damage, sales loss, and customer attrition. For others, the odd outage of a few minutes or hours might not be such a showstopper.

One approach to finding answers, however, is to understand the value they add, the problems they solve, and calculating ROI accordingly.

 

The Costs of Network Monitoring Software

For any ROI analysis, you need to know the denominator, and that’s the cost of the network monitoring software. Here are the most important cost components:

  • Licensing costs of the software, particularly in case of enterprise level network monitoring tools
  • Maintenance and upkeep costs, particularly if the same is not included in the licensing deal
  • Salaries of internal IT consultants and network admins necessary to manage the tool
  • Costs of hardware and software storage for the tool
  • Cost of training users
  • Post-implementation consulting issues

 

Dedicated network management systems that include monitoring tools as a part of the larger suite are obviously more expensive than standalone monitoring systems. It can be challenging to apportion an appropriate cost percentage to the monitoring tool if an enterprise commissions a complete network management suite.

Even if you go for an open source network monitoring tool, there will be associated costs. Understand all of these costs to be able to calculate a realistic and representative ROI figure.

 

 

The Simplest Analysis – Damage Prevented versus Cost of Software

A quick (and often reliable) method of evaluating the investment worthiness of network monitoring systems is to compare their annual cost (annualize long-term costs over a 5-year period, let’s say) with the estimated annual damage caused by outages.

Annual damages = Damage via lost sales (DLS) + Damage to employee productivity (DEP)

 

DLS: Average sale value per hour x Average duration of each outage x Average number of outages per year

DEP: Average cost of employee hour x Average duration of each outage x Average number of outages per year x Number of employees affected

 

Add these up, and compare the cost of the software. Simple enough?

 

Sophisticated Analyses

Of course, there is such a thing as an oversimplification, and it could often lead to unnecessary and expensive purchases. So, we’re also going to cover some nuanced benefits of network monitoring systems which positively impact their ROIs.

 

Staff Salary Saving

If a network monitoring tool allows enterprises to cut down its night shift to half, and to reduce the monitoring staff strength to 50%, that’s a significant saving annually.

 

Early Detection Benefits

Network monitoring tools offer advanced reporting on network aspects such as utilization rates, transmit/receive stats (such as packets per second), error percentages, round trip times, and percentage availability. This helps network engineers and admins to prevent outages, reduce time to response and time to resolve in case of outages, and in general, improve network performance.

 

Reduced Support Incidents

Network issues easily result in a spate of support incidents raised by employees from affected teams. To close these calls, network engineers need time. Often, the need to close calls within the stipulated SLAs requires network teams to add resources. Sophisticated network monitoring tools, however, because of the advantages listed in the last section, allow admins and engineers to make corrective changes, and issue workaround practices to reduce these support calls.

 

Reduction in Time to Fix

Network technicians often find it challenging to locate sources of network problems, particularly when it’s linked to one or more devices in a geographically separated and distributed network. Because network monitoring systems offer geographic maps and live diagnostics data feeds, engineers can actually find these problem sources without leaving office. This can knock of several hours from the average problem fix times.

Understand all these benefits, evaluate their significance (as contextualized for your business), and factor them in your cost-benefit analysis for network monitoring tools.

 

Concluding Remarks

When IT budgets are tight, enterprise IT decision makers need to determine ROIs and perform accurate cost-benefit analyses to make a purchase decision. Network monitoring tools offer concrete benefits and come with concrete one time and recurring cost heads. This guide offers a framework to help you evaluate.

 

Author: Rahul Sharma

Backup Mistakes That Companies Continue to Commit

 

 

Imagine a situation where you wake up, reach your office, and witness the chaos. Because your business applications are not working anymore. And that’s because your business data doesn’t exist anymore! Information about thousands of customers, products, sales orders, inventory plans, pricing sheets, contracts, and a lot more – not accessible anymore. What do you do? Well, if your enterprise has been following data backup best practices, you’ll just smile, and check what the progress on the data restoration is. Alas, problems await. That’s because your people might have committed one of the commonplace yet breakneck mistakes of data backups. Read on to find out.

https://www.ophtek.com/5-mistakes-avoid-backing-data/

 

Fixation of the Act of Backup

Sounds weird, but that’s what most enterprises do, really. Data engineers, security experts, and project managers – everyone is so focused on the act of backup, that they all lose track of the eventual goals of the activity. Recovery time objectives (RTO) and recovery point objectives (RPO) should govern every act in the process of data backup. Instead, companies only focus on ensuring that data from every important source is included in the backup.

Nobody, however, pays much heed to backup testing. This, for instance, is one of the key aspects of making your data backup process foolproof. Instead, companies end up facing a need for data restoration, only to realize that the backup file s corrupt, missing, or not compliant with the pre-requisites of the restoration tool.

The solution – make rigorous backup testing a key element of your backup process. There are tools that execute backup tests in tandem with your data backup. If you don’t wish to invest in such tools as yet, make sure you conduct backup testing at least bi-annually.

Not Adopting Data Backup Technologies

What used to be a tedious and strenuous task for administrators and security experts a few years back can now be easily automated using data backup tools. These tools are much more reliable than manual backup operations. What’s more, there will not be the dreaded problems such as those associated with data formats, etc., when the time for restore arrives.

Scheduled backups, simultaneous testing, and execution of backup and restore in sync with your RTO and RPO goals. Of course, businesses must understand the data backup tools available in the market before choosing one.

 

Unclear Business Requirements (In Terms Of Data Backup And Restore)

Take it from us; one size won’t fit all organizations or processes, when it comes to data backups, whether manual or controlled via a tool. Project managers must understand the business requirements around data to be able to plan their data backup projects well. The backbone of a successful data backup process and plan is a document called recovery catalog. This document captures all necessary details centered on aspects such as:

The different formats of data owned by the business

  • The time for which every backup needs to be available for possible restore operations (RPO)
  • The priority of different data blocks from a recovery perspective (RTO)
  • The recovery document will go a long way in helping you enlist the tools you need for successful management of data backup and recovery. Also, it will help you design better processes and improve existing processes related to the entire lifecycle of data backup.

Right Requirement, Wrong Tool

Your CIOs expectations from your team are governed by the business’ expectations from the entire IT department of the company. There’s nothing wrong with the expectations and requirements, it’s possible, however, that the tools you have are not well suited to fulfill those requirements.

For instance, in an IT ecosystem heavily reliant on virtualization, there are already built in cloning capabilities within these virtualization tools. However, these backups can take disk space almost equal to the entire environment. Now if you need to change your VMs often, your storage will soon be exhausted as you keep on making new copies of updated environments.

If you have clarity on the most important business applications, it becomes easier to work with IT vendors and shortlist data backup tools that can easily integrate with these applications. This could be a massive boost to your enterprise’s data backup capabilities.

Failure to Estimate Future Storage Needs

No doubts, the costs of data storage are on their way down, and chances are they’ll continue to do so. However, almost every business only buys storage based on its estimation of what’s needed. It’s commonplace enough for companies to completely ignore the fact that their data backups will also need space to stay safe. And this is why it’s so important to estimate the data storage requirements after accounting for your data backup objectives. While doing a manual backup, for instance, if the executors realize that there’s not much space to play around with, it’s natural for them to leave out important data. Also, account for the possibilities of increased frequencies of backups in the near future.

Not Balancing Costs of Backup with Suitability of Media

It’s a tough decision, really, to choose between tape and disks for data storage. While tapes are available inexpensively, in plenty, and pretty durable from a maintenance perspective, you can’t really store essentials systems data and business critical applications’ data on tape, because the backups are slow. Estimate the cost of time lost in the slow backup because of tapes while deciding on your storage media options. Often, the best option is to store old and secondary data on tape and use disks for storage of more important data. In this case, you will be able to execute data restoration and complete is sooner than depending purely on tape media.

Concluding Remarks

There’s a lot that can go wrong with data backups. You could lose your backed-up data, run out of space for it, realize the data backup files are corrupted when you try to restore them, and in general, fail to meet the RTO and RPO goals. To do better, understand what leads to these mistakes, and invest time and money in careful planning to stay secure.

 

Author: Rahul Sharma

MSP Trends That Will Reshape the Market in 2018

The digital economy works on the currency of ‘cloud’. For so many years now, the shout out has been for companies to move over to cloud-based storage, infrastructure, and application solutions. In the era of Anything-as-a-Service, enterprises need to think of vendors as strategic partners, and need to onboard those with capabilities to deliver end to end support. Because of the ever-increasing number of cloud technologies that a company has to work with, the relevance of managed service providers (MSPs) is at an all-time high. In this market, there are a few defining trends and transitions brewing, which have the potential to permanently re-shape the market in 2018. Let’s take a look at these trends.

 

 

Erosion of Margins Driving Changes in the Market

There’s been undeniable erosion in gross margins of MSPs in the past 2-3 years, primarily because of the emergence of a large number of players. Apart from increased competition, there are other factors responsible for this margin shrinking. For instance, MSPs are commoditizing services. Also, customers are clamoring for getting more services at lesser prices. This is even forcing MSPs to bundle valuable services such as security management into their service offers, for free, or for prices that hurt the bottom line. This is driving a major change in operations for MSPs. There’s a tremendous focus on automation of sales, billing, provisioning, and support of cloud services. This is being supplemented with efforts to reduce costs and improve operational efficiency. Also, MSPs look to offer whole solutions instead of one-off services.

 

 

 

 

Clients Expectations around Security

The threat landscape is changing rapidly; new attack vectors are added to the threat system, which means that enterprises need to keep evolving themselves. When enterprises engage large MSPs offering a wide range of cloud-based applications and infrastructure services, they expect them to also take complete responsibility for their information security needs. MSPs, however, need to brace up for tough conversations with clients. This is important for both the stakeholders – MSPs, as well as clients.

 

The key concerns to address, for both parties, are:

  • The need to embrace a growing number of security tools, all of which may or may not be supported by the MSP
  • The concept of shared responsibility for information security, and to explicitly mention the granular details in the contract
  • The role of the MSP in helping the enterprise recognize its network vulnerabilities and data security loopholes, via simulated cyber attacks
  • The need for regular awareness exercises carried out by the MSP to educate the enterprise leadership

 

Cloud Complexity

In 2018, there’s every reason that the race among SMBs to move more servers to the cloud computing model will intensify. Not only is this approach inexpensive, but also safer and reliable in many cases, as compared to the on-premise model. This will also add a lot more complexity to the cloud ecosystem for SMBs and enterprises. More cloud-based applications mean more user accounts, more movement of data between systems, and data transfer from cloud to on-premise systems. In general, this means that companies (and their MSPs) need to manage more, and do so in a landscape becoming increasingly complex. Because businesses are reliant on cloud technology for their routine operations, MSPs are bracing themselves to manage and deliver upon the disaster recovery and business continuity. In such an ecosystem, MSPs that can offer reliable disaster recovery and continuity will be the ones that get long-term contracts from businesses.

 

The Changing Market Dynamics Because of Evolving SaaS-MSP Relationships

There is going to be a lot of market focus on the relationship between SaaS companies (the creators of cloud-based business applications) and MSPs (companies that sell and support these services). Traditionally, SaaS vendors have not shown the inclination to figure out how the channel works. However, considering the major contribution of MSPs in the revenue mix, it’s likely that they will now have the motivation to work along with MSPs to strengthen their hold. This also means that we need to watch out for MSPs that try to push a specific SaaS company’s products on its own consumers. As per data released by Cloud Technology Alliance, 26% vendors distribute services via MSPs. The number is all set to skyrocket in 2018 and beyond.

 

The Need for More Choices

In the early days of cloud computing-based services, the major motivator for enterprises was the move from the CapEx model to operational expense model, which passed on major benefits to the bottom line. However, enterprise IT leaders now understand cloud-based applications and want to try out solutions from different vendors. Education is easily available, and because of it, enterprises now look for choice. This is a cue for MSPs to think big, expand their service offering, and embrace their clients’ preference for more choices within cloud applications.

 

Bundling – The Way Forward for MSPs

To boost revenues and to enjoy continued business from a customer, MSPs realize the need to offer wholesome services bundles. These bundles are made to appeal to specific verticals and customer segments. Many MSPs already offer such bundled services, spread across network management, information security management, cloud applications, and storage. All these services are made available for a monthly fee.

 

In the times to come, all MSPs will need to integrate IaaS and SaaS services to stay aligned with the ‘industry-specific solutions’ approach to service delivery. MSPs will invariably need better technologies to be able to integrate services with each other, as well as with their clients’ core business processes. Instead of strengthening back-end systems, MSPs need to develop their cloud capabilities.

 

Concluding Remarks

There are certainly a lot of forces, some working in parallel, and some against each other, but all of them impacting the current state of the MSP market nevertheless. For enterprises looking to work with an MSP, and for service providers looking to expand their offerings, it’s super important to keep track of these trends and align their strategies and tactics to accommodate them.

 

Author: Rahul Sharma

Identifying The Top 10 Most Common Database Security Vulnerabilities

 

Cyber networks are the 21st Century’s principle attack fronts. Digital warfare is increasingly gaining prominence, and it doesn’t seem to be slowing down anytime soon. From tampering with elections to attacking businesses and personal accounts, attackers are leaving nothing untouched.

Currently, hackers are targeting systems every 39 seconds, affecting a third of Americans each year. And the risk is consistently growing with each network field expansion. By 2020, there will be 200 billion connected devices- translating to countless vantage points for perpetrators. This will push annual damages to $6 trillion, up from $3 trillion in 2015.

While there are multiple areas to attack in an organization, cybercriminals are particularly fond of going for the database. That’s where the bulk of sensitive information like corporate secrets, intellectual property, and financial records, is usually locked away. Generally, the higher the sensitivity, the more the profit hackers stand to make from the data.

Due to such imminent threats, the U.S. government is constantly reviewing its cybersecurity spending every year for improved protection. Unfortunately, that’s not the case when it comes to other organizations. Despite 54% of enterprises having experienced successful attacks, only 38% believe that they are prepared to protect themselves against a sophisticated attack.

So we’ll attempt to reduce the gap by walking you through 10 of the most common vulnerabilities that attackers might capitalize on to successfully infiltrate your database:

  1. Deployment Failures

Deployment is a complex process because of the multiple variables and steps involved. In addition to comprehensively assessing IT needs, enterprises should systematically deploy various components whose architecture integrates with standard processes, then adequately review and test the entire system.

 

Since it’s a challenging process, it’s acceptable to make errors or omissions. Of course, these should be identified and mitigated at the review and text stage. But, some IT teams fail to conduct comprehensive checks. Any resultant unresolved problem becomes a vulnerability that could ultimately be used by attackers.

 

  1. Poor Password Management

The password is essentially the main key to the entire system and all its files. But, surprisingly, 67% of passwords scored poorly on a typical test. 33% were rated “good”, and none could meet “very good” standards. Even more shocking is the fact that 18% of the individuals surveyed reuse the same password on multiple platforms for easy remembrance; while 39% write it down on a piece of paper; and 10% chose to secure it in a computer file.

 

If perpetrators fail to guess correctly, they might as well access the passwords from unsecured computer files, or simply stumble upon papers with password details.

 

  1. Excessive User Privileges

It’s common for system administrators to grant other employees excessive database privileges that exceed the requirements of their job functions. Unfortunately, this increases overall risk because some workers may eventually abuse their permissions, and consequently trigger potentially detrimental data breaches.

 

If the job functions of respective users are not clear, CIOs should link up with their human resource departments to establish distinct clearance levels.

 

  1. Lack of Segregation

Leveraging a holistic and centralized database simplifies the whole integration process. But taking a literal approach results in a unilateral database that is fully accessible by not only the administrator and employees but also third-party contractors.

 

Even in a centralized database, files should be systematically segregated according to their sensitivity. The sensitive data sets should be adequately secured in a vault-like sub-sector of the database, accessible only by cleared parties.

 

  1. Missing Patches

According to the Microsoft Security Intelligence Report, 5,000 to 6,000 new vulnerabilities are emerging on an annual basis. That translates to at least 15 every day, all principally targeting system weaknesses. Software vendors subsequently respond with patches. But database administrators are often too busy to keep up with all the releases.

 

The longer a database runs with missing patches, the more susceptible it is to developing malware. If manual updates are proving to be a bit too cumbersome, enable auto updates across the board.

 

  1. Poor Audit Trail

Maintaining appropriate database audit details has always been important not only for compliance but also for security purposes. But many enterprises are leaving it off at the compliance level.

 

The resultant inability to comprehensively monitor data across the board represents serious vulnerabilities at many levels. Even something as simple as fraudulent activity cannot be detected in time to contain a breach.

 

  1. Inadequate Database Backups

A breach can be bad. But data loss is potentially catastrophic. As a matter of fact, 43% of enterprises that experience this never re-open, and 51% eventually collapse after two years. But despite this fact, many enterprises are still running inadequately backed up servers.

 

A good backup architecture encompasses primary, secondary and tertiary backup strategies that are repeatedly tested. It should also provide multiple restore points and real-time auto-updates.

 

  1. Unencrypted Data

While encryption has become standard during the data transmission process, some enterprises are still yet to implement the same for information held within their databases. Hackers love this because they are able to easily use stolen data in its rawest form.

 

  1. The Human Factor

Although malware is progressively getting sophisticated, human error is behind more than two-thirds of data breaches. And it’s expected to be the leading cause for the long haul, especially since enterprises are yet to implement sufficiently tight policies to protect their databases. While such a measure does not completely eliminate the risk, it will increasingly reduce vulnerabilities emanating from human errors.

 

  1. Database Management Inconsistencies

Overall, the lack of consistent database management continues to collectively contribute to all these system vulnerabilities. Database developers and system administrators, therefore, should have a consistent methodology of managing their databases to minimize vulnerabilities, prevent attacks, detect infiltrations, and contain breaches.

Conclusion

All things considered, a stable and secure database should mirror FileCloud’s efforts at maintaining risk-free servers. Get in touch with us to learn more about the features that make us industry leaders in data security.

 

 

Author: Davis Porter

Top 10 Cloud Security Threats In 2018 And How To Avert Them

 

2017 has seen a plague of cyber-attacks- from ransomware shutting down hospitals in Europe, to Equifax data breach, and malware targeting established brands like FedEx. By mid-year alone, the number of attacks in the U.S. had risen by 29% compared to the same time in the previous year. According to the Identity Theft and Resource Source, the organization that had tracked them, more attacks were expected at a growth rate of 37% per year.

Sadly, they were right. As a matter of fact, their prediction turned out to be barely an underestimation. By the end of the year, they had recorded a drastic upturn of 44.7% growth rate compared to 2016. Undoubtedly an all-time high.

If you assume that that must have been the hardest 12 months for cybersecurity, wait until we are done with 2018. According to the Information Security Forum (ISF), the data security organization that had predicted an increase in the number of data breaches in 2017, 2018 will be another painfully dire year. The number and impact of security attacks are expected to rise again over the next couple of months.

The year is also expected to be very thrilling for cloud computing, as more enterprises continue expanding their computing frameworks to the cloud. As a result, the volume of sensitive data in cloud servers is expected to expand at an exponential rate. And that translates to increased vulnerabilities and targets for cyber attackers.

But contrary to popular belief, method and scale of attack will not be changing drastically any time soon. IT professionals are already aware of 99% of the vulnerabilities that will continue to be exploited through to 2020.

So to help you tighten your defenses in the cloud, here are the top 10 threats we expect through 2018.

 

  1. Data Leak

The average cost of a data breach, going by figures published by Ponemon Institute, currently stands at $3.62 million. Hackers continue to target cloud servers they think have valuable information they could use. And unfortunately, many of them might turn out to be lucky due to vulnerabilities even as simple as private data shared on public domains.

In addition to defining and implementing strict data policies, organizations should invest in data security tech like firewalls plus network management solutions. Most importantly, they should only leverage proven cloud solutions with state-of-the-art security features.

 

  1. Data Loss

A data leak might be unfortunate, but not as much as data loss. While the former mostly occurs when your cloud server is successfully infiltrated, the latter is mostly caused by natural and artificial disasters. When you think you have all your enterprise data intact, it vanishes completely after physical destruction of the servers.

It’s difficult to predict natural disasters. So, to avoid going out of business due to data loss, implement a multi-layered backup system that consistently runs in real time.

 

  1. Insider Attacks

Netwrix conducted an IT Risks Survey and established that many enterprises are still experiencing difficulty gaining comprehensive visibility into their IT systems. They consequently remain vulnerable to data security threats emanating from both authorized and unauthorized users. Such an attack could be potentially detrimental since users can easily access even the most sensitive information.

Organizations should, therefore, implement strict user policies, plus effective administrative measures to track and maintain visibility to all user activities.

 

  1. Crime-as-a-Service

Cybercrime has developed to a level that malicious individuals can now hire hackers to target organizations. The ISF predicts an escalation of this in 2018, as hackers continue to access infiltration tools through the web, and criminal organizations develop complex hierarchies.

Since this mostly targets intellectual property and trade secrets, enterprises should encrypt data both at rest and during transmission.

 

  1. Human Error

The human factor continues to be the weakest element in cloud security. Your organization’s cloud users might, for instance, mistakenly share that extremely sensitive information you’ve been trying to secure from hackers. Unfortunately, this risk multiplies with every user added to the network.

In addition to strict user privilege management, organizations should invest in IT training to teach employees on cloud use, potential threats, and data handling.

 

  1. AI Weaponization

Researchers and information securities have been leveraging neural networks, machine-learning strategies, and other artificial intelligence tools to assess attacks and develop corresponding data security models. The downside to this is the fact that hackers will also use the same tools to analyze cloud vulnerabilities, and launch systematic attacks.

Since this threat is increasingly dynamic, it requires an equally multilayered system of data security strategies to prevent attacks from multiple vantage points.

 

  1. IoT Challenge

Enterprises are exceedingly capitalizing on the cloud to facilitate remote file sharing and access. But this introduces the threat of BYOD devices, which could serve as entry points for malware.

CIOs should, therefore, prioritize not only on server security but also device security. All devices allowed to access enterprise networks should be thoroughly scanned, and adequately tracked.

 

  1. Account Hijacking

If perpetrators figure out user credentials, they could easily gain access to the corresponding cloud account, hijack it, then manipulate data, eavesdrop on ongoing activities, and tamper with business processes.

In addition to closely protecting user credentials, accounts should come with multi-factor authentication, and the ability to regain control in the event of a hijack.

 

  1. Denial Of Service

By forcing cloud services to consume an excessive amount of system resources like network bandwidth, disk space, or processor, attackers continue to clock out legitimate users from server access.

An adequately updated antivirus and infiltration detection system should be able to pick up such an attempt, while a firewall will block off subsequent data transfer.

 

  1. Insecure APIs

Cloud services continue to provide access to third-party software and APIs, which facilitate collaboration and improve service delivery. But some of these APIs come with vulnerabilities that hackers are able to take advantage of to access the primary data.

This requires CIOs to comprehensively review and vet all third-party services before proceeding with subscriptions.

 

Conclusion
All factors considered none of these aversion measures would be effective on a cloud service that’s poorly secured. So get in touch with us today to learn more about the world’s most secure Enterprise File Sharing Solution.

 

 

Author: Davis Porter

GDPR Presents Opportunities for MSPs

In today’s digital world, the issue of data privacy is provoking constant debates with large corporations and even governments being objurgated for invasions of privacy. According to online statistics firm Statista, only about a third of internet users in the United States are concerned about how their personal is data is shared. However, that number is likely to rise as privacy compliance becomes a ubiquitous business concern due to the growing number of regulations formulated to curb the unauthorized access and use of personally identifiable information. The GDPR is one such legislation. No other legislation measures up to the inherent global impact of the EU’s General Data Protection Regulation (GDPR).

Gartner’s prediction that more than half of companies governed globally by the GDPR will not be fully compliant by the end of 2018 has come to fruition. With less than a month to go, a survey of 400 companies conducted by CompTIA inferred that 52 percent were still assessing how GDPR applies to their business. The research also showed that only 13 percent were confident that they are fully compliant. GDPR will without a doubt be a disruptive force in the global marketplace that cannot be ignored. This presents prodigious business opportunities for MSPs to leverage their experience in network security offerings, class analytics solutions, and their own experiences implementing strategies around this new development.

1. An Opportunity to Become GDPR Compliant

As an MSP, it makes sense to protect your business from any reputational and financial consequences by becoming GDPR compliant. It is said that charity starts at home, it would therefore be incongruous for an MSP that is yet to achieve full GDPR compliance to offer guidance in the same aspect. The experiences you gain in your journey to compliance will be of great value to both current and potential customers.

2. An Opportunity to Engage and Educate Your Clients

Most non-European businesses are yet to establish whether the GDPR will apply to them. And for those that are aware, their MSP will likely be the first place they turn to for help; whether its to set up reporting tools, work on data encryption, conduct audits, or implement new data management practices. MSPs should ensure that their clients fully understand the extent and impact of the regulations, and prepare them for GDPR. Since they are already aware of their client’s internal practices and processes, managed service providers are better suited to architect solutions that incorporate GDPR compliance and governance.

MSPs will have to re-onboard clients to make sure their prescribed SaaS offering will meet GDPR requirements. Gather resources and links that can help educate your clients. The use of informative marketing campaigns, or a resource center on your site will help create channels for dialogue – which may subsequently lead to new business projects.

3. An Opportunity to Understand Your Clients Data

Data is a crucial asset, however, most MSPs know very little about the data their clients possess. The only way an MSP can offer guidance and services related to GDPR is by understanding what data your clients have and the location of said data. MSPs should be ready to make an extra effort beyond protecting business applications to protecting personal data. The only way to accomplish this is by analyzing your client’s existing data. Through this process, you will be able to identify any security gaps and create customized security offerings to fill them. Additionally, the data discovery will allow you to adjust your pricing accordingly and push your customers towards more secure technologies or sell additional services that mitigate the risks their current business systems present.

4. An Opportunity to Offer Compliance and Security Related Services

MSPs tend to act as virtual CIOs for their customers. In most cases, the line between packaged service and free consultation tends to get blurred somewhere along the line. GDPR guidance could easily follow the same track – unless the value you offer is presented as a bundle that can be allotted a price tag. Compliance and security services are a potential gold mine for service providers who have acquired the management expertise to satisfy and simplify the complexities associated with the General Data Protection Regulation. Since having a designated Data Protection Officer (DPO) is a mandatory requirement under GDPR regardless of the size of the company; MSPs can use that as an opportunity to establish a DPO as a service model geared towards SMEs that may lack the resources to recruit costly, in-house compliance staff.

5. An Opportunity to Expose Your Brand

Marketing a compliance culture with transparency builds greater relevance and trust among current and potential customers. Companies looking to achieve full GDPR compliance are likely to align themselves with a service provider that has a demonstrated track record. Publicly documenting your GDPR compliance milestones on blogs, social media and your website confirms your familiarity with the subject. Once achieved, full GDPR compliance will act as a quality standard that can be placed on marketing channels to attract and reassure prospective clients.

In Closing

As the weight of the General Data Protection Regulation continues to impact the globe, sagacious MSPs will have an opportunity to assist their customers prepare and gain incremental revenues while supporting the European Unions effort to create a digitally secure global marketplace. Despite the current rush to beat the May 25th deadline, compliance isn’t a one off activity. Companies will always have a budget for comprehensive strategies aimed at achieving and maintaining privacy compliance.

image curtesy of freepik

 

 

Author: Gabriel Lando

10 Data Storage and Backup Trends 2018

 

 

Only handful of things can match data storage when it comes to ripples in the tech industry. With every new gadget comes improved data storage. It’s essentially driving information processing because processors can only work on data held in their respective storage repositories.

Increased data storage has increasingly triggered new developments in data handling and management policies. In the past, being able to remotely access, sync and manipulate data was only a concept. Then came cloud technology and it revolutionized the whole business landscape. It has since grown from barely a boardroom suggestion in 2009 to a critical resource for the bulk of enterprises.

Currently, business and IT executives are shifting from perceiving cloud storage as just a tool. They are now leveraging it to achieve organization goals. And to effectually facilitate this, service providers have not only diversified but also holistically integrated PaaS and SaaS with IaaS.

These advancements in cloud tech have directly and indirectly influenced growth in other data storage technologies, as the volume and complexity of data increases at a steady rate. 2018 is expected to be quite fascinating since all industries are now beneficiaries of the resultant data storage trends.

Organizations are already warming up to this, as close to half of them will be increasing their IT budgets for the next 12 months.

So, what data storage and backup trends should we expect in 2018?

  1. Multi-cloud Storage

In 2016, a study by VMTurbo revealed that 57% of enterprises were yet to deploy a multi-cloud strategy. Their databases were essentially single-faceted, with organizations that had already migrated to the cloud leveraging either public or private cloud services.

 

Overall perception has substantially shifted since then, and organizations are now capitalizing on private cloud data storage for sensitive data while keeping some of their data in public cloud servers. 2018 is expected to experience a proliferation of this hybrid approach, as organizations also continue leveraging SaaS, PaaS and DraaS. This will see 70% of enterprises come on board by 2019.

 

  1. Software Defined Storage

Service providers are already integrating software-defined storage features in their data storage solutions, and we expect to see this trend picking up further through 2018.

 

SDS, as it’s popularly known, bridges the gap between current storage needs and legacy infrastructure. This fact alone, according to IDC, will see the market continue to develop at a rate of 13.5% from 2017, into 2018, all through to 2021. This translates to an approximate value of $16.2 by the time you are crossing over to 2022.

 

 

  1. Artificial Intelligence

Instead of implementing one-size-fits-all service providers are now using a more strategic approach to cater to varying data storage needs. System administrators will continue leveraging the power of artificial intelligence to align data to database capabilities, assess metadata across organization storage infrastructure, and refine management policies. With time, this will eventually lead to optimal performance and resource savings thanks to on-demand infrastructure use.

 

  1. Flash

Flash storage is another revolutionary technology that has drastically changed data storage. Its ripple effects will continue in 2018, as it becomes flashier thanks to SSD technology. The industry will see the production of even smaller flash drives with much larger storage capacities. And this will boost storage efficiency, speed, energy savings and overall performance.

 

The tech behind flash storage will also facilitate policy-based provisioning, storage automation, and integrated data protection.

 

  1. Cloud Spending

Increased adoption of the cloud means organizations will dig deeper into their pockets to acquire additional data storage resources. Typical enterprise spending is currently growing at an average rate of 16%, which is four and a half times the corresponding growth in IT spending previously witnessed in 2009. The next 12 months will experience a bump, as the rate increases to about 6 times the 2009 rate, which will proceed all through to 2020.

 

Compared to other resources, the cloud will take up about half the IT budget in a typical organization. The result is a market that will have grown to $390B by 2020.

 

  1. Data Intelligence

For long, data storage was only that. Holding data in repositories that only display file size and location. Enterprises were basically in the dark about what and how data is being used.

 

2018 is marking a revolutionary stage in data storage through increased adoption of metadata management solutions. System administrators can now leverage data intelligence in tracking their files, then subsequently view how, where and when data was accessed, modified, or changed. This is proving to be especially important in achieving full data control and equitable resource distribution.

 

  1. Data Legislation

As service providers grow, the data footprint is expanding to multiple locations worldwide with varying compliance levels and legislation. So far, we’ve seen the development of new laws like the European General Data Protection Regulation, and NIST SP 800-171 for American defense contractors.

 

Due to such trends, it’s becoming critically important for enterprises to understand exactly where their data is stored. This helps them establish the type of data to store, and how to manage it to avoid collisions with the law.

 

  1. NVMe

While flash will continue influencing data storage, the real impact will come from new developments triggered by the flash revolution. One of the most prominent ones in 2018 is Non-Volatile Memory express, otherwise commonly referred to as NVMe. It will continue being adopted as an alternative to SCI-based interfaces to capitalize on improved Solid State technologies.

 

 

  1. Hyperconverged Infrastructures (HCI)

As a driver for software-defined storage, Internet-of-Things will keep featuring prominently over the next 12 months. 48% of enterprises are already leveraging it, and 43% are planning to join the bandwagon in 2018.

 

If combined with data compiled from other systems, IoT could overwhelm data storage. So to solve this problem, organizations are taking advantage of HCI to put all their data in one place.

 

  1. Cloud Storage Capacity

Data centers will keep expanding in 2018 as service providers improve their features and overall cloud storage capacities. The subsequent data footprint will be further boosted with the emergence of new vendors eager to get a piece of the lucrative data storage industry. Consequently, competition is expected to increase, and place additional pressure on the industry players to further regulate the prices of their provisions.

 

 

 

Author: Davis Porter

Hybrid Cloud Risks That IT Managers Can’t Take Their Eyes Off

It’s been more than a decade since cloud computing brought business close to the idea of affordable computing, storage, and application resources. Soon enough, the cloud universe underwent a bifurcation, driven namely by the public and private cloud. As companies began to understand the pros and cons of both approaches to cloud computing, another term became the buzzword. It’s a hybrid cloud – an arrangement where enterprises create a good balance of public and private cloud.

 

 

 

Risks Associated With Hybrid Cloud

Whereas the hybrid cloud approach helps companies achieve the perfect balance of application availability, security, and the resultant employee productivity, it also presents certain management challenges. Most of these challenges/risks are directly or indirectly related to the KPIs of cloud-based applications, from a productivity, accessibility, and security standpoint. Here’s a guide to help you understand and manage these risks.

 

Too Many Decision Makers

When an enterprise makes a conscious choice to go for a hybrid arrangement of public, private, and on-premise systems, one of the biggest risks is of having too many decision makers influencing the choice of cloud tools. Particularly when high ranking end user and business team leaders push for the choice of certain cloud tools without letting IT analyze it on different aspects, chaos ensues.

When an enterprise is stuck with many cloud solutions that don’t exactly integrate with each other, there’s hardly a single team or person responsible for the hodgepodge that exists in the name of hybrid cloud. The performance management and overall coordination of such a cloud ecosystem often become too difficult to manage for the enterprise.

 

Cloud Security - In the Cloud

 

Underestimating the Data Stewardship Responsibilities

Here’s a fact – the level of control of data governance, security, and privacy that an enterprise’s IT team can exercise for an on-premise solution can’t be matched by that in a cloud-based solution. While working out the right mix of on-premise, public cloud, and private cloud solutions, enterprises must not lose sight of the level of control they need over their data. Even the leading cloud services vendors don’t take 100% responsibility for your enterprise data; there’s a lot that you need to be accountable for. And unless your hybrid cloud setup addresses this reality, there’s trouble brewing close by.

 

Improper Choices of Cloud Management Tool

To manage everything about your hybrid cloud infrastructure, you’ll need a sophisticated cloud management solution. Now, in a hybrid cloud environment, there is a lot of communication between public cloud and private cloud infrastructures. So, the tool your company purchases must be able to manage this communication while managing the security considerations alongside.

There are other issues too. If the public and private cloud vendors are different, the complexity increases. The solution – you either use your in-house IT or a vendor to do the interfacing or choose a tool that inherently supports a wide range of APIs from different cloud service vendors. For obvious reasons, a wrong choice of cloud management tool could mean a lot of problems in the long run. To manage this, some companies even go for cloud management tools for public and private cloud, from the same vendor. However, such a lock-in is inherently risky.

 

 

Mismanagement of Identity Management Solutions

Identification management tools are crucial components of enterprise IT security. When a company transitions to a hybrid cloud, invariably the identity management solution has to be extended from the private cloud to the public cloud components.

Because of this, there are some critical questions to be addressed related to identifying management.

Does the company choose different identity management tools for its private and public cloud components?

Does the company keep the same identity management tool?

If so, what are the risks of the public cloud vendor’s employees being able to use usernames and passwords to access information from the private component?

However, this is more of a risk assessment issue than anything else. As long as an enterprise remains conscious about this choice, the risks are manageable.

 

Lack of Understanding of Trust Requirements

All applications used in your business, along with all the peripheral tools used, have their corresponding trust requirements. These trust requirements are governed by the legal, regulatory, and contractual agreements your company has with your clients.

Enterprises can conveniently meet all these trust requirements by using private cloud solutions, wherein they have sufficient control over the nitty gritty of the technology. For applications that don’t require complex trust requirement compliance, it’s normal enough for companies to manage things via public cloud solutions.

However, too many companies fail to estimate the current and future trust requirements of applications, and bear the brunt later on, when these requirements become obvious. By correctly mapping applications to the right cloud computing methodology, enterprises can prevent expensive and embarrassing trust requirement compliance issues. It also helps them identify the applications that need sophisticated access control and authentication management. Hence, this becomes a matter of avoiding security breaches, as well as avoiding unnecessary recurring costs for enterprises.

 

Inadequate Diligence in Vendors’ Disaster Recovery Practices

In a hybrid cloud ecosystem, there are different vendors and their different databases in play. Questions to be asked:

Whether or not there is complete failover between data centers?

Do all vendors own the different data centers involved?

Among all the different disaster recovery and failover SLAs you establish with vendors, are most of them logically in sync with each other?

Note: After all the research and diligence, your company needs to be reasonably convinced that business continuity will be ensured in the case of a service disruption.

 

Concluding Remarks

‘Best of all worlds’ is what every enterprise wants. From a cloud computing perspective, this translates into what’s popularly called a hybrid cloud. Indeed, from a control and cost perspective, it offers the best of all worlds. However, this often also means the coming together of individual infrastructure risks, as well as the ones caused by their integration. Some of these risks are covered in this guide; keep them in mind while planning the hybrid transformation for your enterprise.

 

 

 

Author: Rahul Sharma

Adopting Privacy by Design to Meet GDPR Compliance

The proliferation of social networking and collaboration tools has ushered in a new era of the remote enterprise workforce; however, they have also made organizational boundaries non-static. Making it increasingly difficult to safeguard the confidential and personal data of their business partners, employees and customers. In theses political uncertain times, defending privacy is paramount to the success of every enterprise. The threats and risks to data are no longer theoretical; they are apparent and menacing. Tech decision makers have to step in-front of the problem and respond to the challenge. Adopting the privacy by design framework is a surefire way of protecting all users from attacks on their privacy and safety.

The bedrock of privacy be design (PbD) is the anticipation, management and prevention of privacy issues during the entire life cycle of the process or system. According to the PbD philosophy, the most ideal way to mitigate privacy risks is not creating them to begin with. Its architect, Dr. Ann Cavoukian, contrived the framework to deal with the rampant issue of developers applying privacy fixes after the completion of a project. The privacy by design framework has been around since the 1990s, but it is yet to become mainstream. That will soon change. The EU’s data protection overhaul, GDPR which comes into effect in May 2018, demands privacy by design as well as data protection by default across all applications and uses. This means that any organization that serves EU residents has to adhere to the newly set data protection standards regardless of whether they themselves are located within the European Union. GDPR has made a risk-based approach to pinpointing digital vulnerabilities and eliminating privacy gaps a requirement.

Privacy by Default

Article 25 of the General Data Protection Regulation systematizes both the concepts of privacy by design and privacy be default. Under the ‘privacy by design’ requirement, organizations will have to setup compliant procedures and policies as fundamental components in the maintenance and design of information systems and mode of operation for every organization. This basically means that privacy by design measures may be inclusive of pseudonymization or other technologies that are capable of enhancing privacy.

Article 25 states that a data controller has to implement suitable organizational and technical measures at the time a mode of processing is determined and at the time the data is actually processed, in order to guarantee data protection principles like data minimization are met.

Simply put, Privacy by Default denotes that strict privacy settings should be applied by default the moment a service is released to the public, without requiring any manual input from the user. Additionally, any personal data provided by the user to facilitate the optimal use of a product must only be kept for the amount of time needed to offer said service of product. The example commonly given is the creation of a social media profile, the default settings should be the most privacy-friendly. Details such as name and email address would be considered essential information but not location or age or location, also all profiles should be set to private by default.

Privacy Impact Assessment (PIA)

Privacy Impact Assessments are an intrinsic part of the privacy by design approach. A PIA highlights what personally Identifiable Information is collected and further explains how that data is maintained, how it will be shared and how it will be protected. Organizations should conduct a PIA to assess legislative authority and pinpoint and extenuate privacy risks before sharing any personal information. Not only will the PIA aid in the design of more efficient and effective processes for handling personal data, but it can also reduce the associated costs and damage to reputation that could potentially accompany a breach of data protection regulations and laws.

The most ideal time to complete a Privacy Impact Assessment is at the design stage of a new process or system, and then re-visit it as legal obligations and program requirements change. Under Article 35 of the GDPR, data protection impact assessments (DPIA) are inescapable for companies with processes and technologies that will likely result in a high risk to the privacy rights of end-users.

The Seven Foundational Principals of Privacy by Design

The main objective of privacy by design are to ensure privacy and control over personal data. Organization can gain a competitive advantage by practicing the seven foundational principles. These principles of privacy by design can be applied to all the varying types of personal data. The zeal of the privacy measures typically corresponds to the sensitivity of the data.

I. Proactive not Reactive; Preventative not Remedial – Be prepared for, pinpoint, and avert privacy issues before they occur. Privacy risks should never materialize on your watch, get ahead of invasive events before the fact, not afterward.
II. Privacy as the default setting – The end user should never take any additional action to secure their privacy. Personal data is automatically protected in all business practices or IT systems right off the bat.
III. Privacy embedded into design – Privacy is not an after thought, it should instead be part and parcel of the design as a core function of the process or system.
IV. Full functionality (positive-sum, not zero sum) – PbD eliminates the need to make trade-offs, and instead seeks to meet the needs of all legitimate objectives and interests in a positive-sum manner; circumventing all dichotomies.
V. End-to-end lifestyle protection – An adequate data minimization, retention and deletion process should be fully-integrated into the process or system before any personal data is collected.
VI. Transparency and visibility – Regardless of the technology or business practice involved, the set privacy standards have to be visible, transparent and open to providers and users alike; it should also be documented and independently verifiable.
VII. Keep it user-centric – Respect the privacy of your users/customers by offering granular privacy options, solid privacy defaults, timely and detailed information notices, and empowering user-friendly options.

In Closing

The General Data Protection Regulation makes privacy by design and privacy by default legal requirements in the European Union. So if you do business in the EU or process any personal data belonging to EU residents you will have to implement internal processes and procedures to address the set privacy requirements. A vast majority of organizations already prioritize security as part of their processes. However, becoming fully compliant with the privacy by design and privacy by default requirement may demand additional steps. This will mean implementing a privacy impact assessment template that can be populated every time a new system is procured, implemented or designed. Organizations should also revisit their data collection forms to make sure that only essential data is being collected. Lastly it will be prudent to set up automated deletion processes for specific data, implementing technical measures to guarantee that personal data is flagged for deletion after it is no longer required. FileCloud checks all the boxes when it comes to the seven principles of privacy by design and offers granular features that will set you on the path to full GDPR compliance. Click here for more information.

Author Gabriel Lando

image courtesy of freepik.com