Articles Home | New Era Technology | Page: Cloud Infrastructure

Expect the unexpected: How to create a disaster recovery plan

Aug 2, 2021

Tornado. Fire. A malicious cyberattack. What will your organization do if and when the unexpected happens? If you have completed planning for disaster recovery, when is the last time you revisited it? The COVID-19 pandemic, for many, was a test of disaster preparedness and a reminder that planning for the worst can help your company do its best. Disaster recovery is the planning and documentation done in advance to help your organization survive and recover in case of a catastrophe. The disruption could be a natural disaster, accidental data loss, or an attempt to disrupt your network, among others. These interruptions can lead to revenue losses, damage to your brand and reputation, and potentially, the loss of customers. The longer your recovery time, the greater the impact on your organization. A comprehensive disaster recovery plan should allow you to expand your recovery capability and improve your resilience. Having a plan enables you to focus, prioritize assets, and determine the best approach to recover normal operations. Why do you need a disaster recovery plan? Every organization must be prepared to weather worst-case scenario events. You might already have a business continuity plan, but it’s worthwhile to note that this is not the same as a disaster recovery plan. Business continuity focuses on keeping your business operational during a disaster, while disaster recovery focuses on restoring data access and IT infrastructure after a disaster. Ensuring that you have an effective disaster recovery plan can reduce the magnitude of damage to your organization and keep the business running. With carefully planning, you can document your organization’s key assets and create a plan to recover them. Key steps to creating a disaster recovery plan The following list can help you document and think through your organization’s approach to a disaster situation. Once you compile the information, store the document in a safe, accessible location off-site. If you have an existing disaster recovery plan, have you updated it recently? When disaster strikes, having an outdated plan can leave you scrambling. It’s important to view your disaster recovery plan as a constant work in progress. 1. Define your key assets For many organizations, your most important digital assets include enterprise resource planning (ERP) system, product, and marketing plans. Prioritize your assets into three categories: business-critical, important, and non-critical. Categorizing your assets is important to help your organization best understand needs during recovery from a disaster. The focus should be on recovering the most vital systems first. 2. Decide on a recovery window Based on your asset prioritization, determine the duration of your Maximum Tolerable Downtime (MTD). Business unit owners should identify the Recovery Time Objective (RTO); this is usually one segment of the MTD. Business-critical assets are the most immediate focus during a recovery effort. Your recovery window should identify the MTD (in hours) that your business can thrive without having access to the most important information. 3. Define a recovery solution There are many options available for backing up your data, from tape backups to disk backup and cloud storage. In case of a disaster, your organization would need to utilize remote storage so that your data is safe and accessible, even if the primary location is destroyed. In addition, all recovery plans and system build notes should be kept offsite. 4. Draft a disaster recovery plan A disaster recovery document is not a fixed document. It should be flexible to ensure asset retrieval regardless of the disaster. Your plan should contain enough detail so that someone having technical understanding but no knowledge of your enterprise structure can understand. 5. Test the plan Testing your disaster recovery plan is a critical part of preparation and the only way to ensure viability. There are different stages of testing: Paper test: Individuals read and annotate recovery plans Walkthrough test: Groups walk through plans to identify issues and changes Simulation: Groups go through a simulated disaster to identify whether emergency response plans are adequate Parallel test: Recovery systems are set up and tested to determine if they can perform actual business transactions to support key processes, primary systems still carry the full production workload Cutover test: Recovery systems are set up to assume full production workload, temporarily disconnecting primary systems 6. Schedule edits and follow up regularly Operations and data change constantly. It isn’t enough to rely on a single test of your disaster recovery plan to ensure success when a disaster occurs. Document restoration and testing procedures and run the tests on a regular basis. The frequency of your testing may vary, but at least every 12 months. The frequency of your testing depends on your evaluation of the rate of change in your systems. 7. Maintain your plan Technology and business-critical applications change. Disaster Recovery Plans should be reviewed quarterly at a minimum to make improvements and changes to ensure critical business system recovery. Next steps for your disaster recovery efforts Work with your organization’s process owners to gather the details needed to make a complete disaster recovery plan. You might find it worthwhile to partner with a consultant like Fusion Alliance to guide you through the process and incorporate this plan into your wider technology strategy, thinking through business processes and needs. For more information about disaster recovery planning and our services, drop us a line. We would love to talk about your organization’s needs.

Zero Trust: What is it, why you need it, and how to achieve it

Jul 8, 2021

More organizations have shifted to the cloud, completely transforming the way business is done. For many, the days of solely relying on big on-premise data centers are gone, now replaced with a combination of on-premise and cloud-based applications. As the way we store and access data changes, we are forced to come up with new ways to improve infrastructure and keep it secure. That’s where Zero Trust comes in. No matter where you are on your Zero Trust journey — maybe you’ve never heard of it, maybe you want to try it but don’t know where to start, or maybe you’re in the thick of it — we’re here to walk you through five steps that will help you understand Zero Trust and how it can elevate your data security. So what is Zero Trust? Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside their perimeters and instead must verify anything and everything trying to connect to their systems before granting access. This vendor-neutral design philosophy allows maximum flexibility in designing infrastructure architecture. Every access request is fully authenticated, authorized, and encrypted before granting access. Lateral movement is prevented through security policies and least privilege (minimum permissions to do your job). Rich intelligence and analytics are utilized to detect and respond to anomalies in real time.\ The Zero Trust Maturity Model Traditional This level is where most organizations are at today. Companies who are at this stage have not started their Zero Trust journey, and generally have: On-premises identity with static rules and some single sign-on (SSO). Limited visibility available into device compliance, cloud environments, and logins. Advanced At this level, an organization has begun its Zero Trust journey and has started to make some progress. The areas of adoption at this stage are usually: Hybrid identity and finely-tuned policies that gate access to data, apps, and networks. Devices registered and compliant to IT security policies. Networks being segmented and cloud threat protection in place. Analytics that are starting to be used to assess user behavior and proactively identify threats. Optimal Although the Zero Trust journey is never complete, at this stage an organization has made great strides and improvements in security through the adoption of: Cloud identity with real-time analytics and dynamically-gated access to applications, workloads, networks, and data. Data access decisions governed by cloud security policy engines and secured sharing with encryption and tracking. Complete Zero Trust in the network – micro-cloud perimeters, micro-segmentation, and encryption are in place. Implemented automatic threat detection and response. Steps to achieve Zero Trust 1. Define your protect surface Define your protect surface based on the most crucial data, applications, assets, and services elements for your business. 2. Map the information within your surface There are many ways to map transaction flows, and some techniques for defining your protect surface also apply to mapping its transaction flows. 3. Architect a Zero Trust environment As you develop the architecture, keep in mind ease of operation and maintenance, and flexibility to accommodate protect surface and business changes. 4. Create Zero Trust policy Zero Trust policy is based on the Kipling Method. This shows you how to decide whether to allow or block traffic and how to create a security policy that safeguards each protect surface. Who should access a resource? What application is used to access the resource? When do users access the resource? Where is the resource located? Why is the data accessed — what is the data’s value if lost (toxicity)? How should you allow access to the resource? 5. Monitor and maintain Security is a continuous process as logging and monitoring will reveal needed improvements to make to your policies are your business and infrastructure change. Follow the operational processes you developed when architecting the network to maintain and continually update prevention controls. Running the Zero Trust marathon Zero Trust is a marathon, not a sprint. Since it is not a vendor-specific model, you have the ability to adopt this model utilizing a number of different vendors. If you are ready to start your Zero Trust journey or want to talk about where you’re at, reach out to us today.

5 keys to planning a successful cloud implementation

Oct 20, 2020

The cloud is everywhere today, and it continues to be touted as the silver-bullet solution to everything from backup and disaster recovery to infinitely scalable mobile applications to inexpensive storage and nearly everything in between. While the cloud finally solves certain problems that have vexed corporations for decades, implementing the cloud successfully within a business takes leadership and a sound, carefully considered strategy. 1. Have a vision The first key to any successful cloud implementation is understanding the business need and business case for the cloud within your particular organization. This may seem obvious, but as I warn in my book, “Achieving Process Profitability, Building the IT Profit Center,” too often technology is implemented for the sake of technology. The cloud, as the new shiny object, is a temptation for technologists and individuals who want to follow the crowd. Therefore, bear in mind the single, universal, and undeniable mission of IT within a business is to make that business operate more efficiently, effectively, and profitably. With this mission in mind, there are definitely areas where the cloud can increase the efficiency, effectiveness, and profitability of a business. However, these will vary depending upon the business. Some corporations may wish to reduce capital expenditures on technology. Others might wish to increase the agility or flexibility of the business. Still, others might desire to increase IT’s responsiveness to the business. Additional business needs might include increasing security and compliance, advancing corporate green or mobility initiatives, or future-proofing systems by making them easily scalable. The exact mix of these needs are important and should be agreed upon by the corporate officers. These business needs ultimately form the vision for the use of cloud computing within a corporation. 2. Develop a sound strategy Once the needs are fully understood, document them in a strategic plan. These become the guiding vision and mission of the cloud within the business. The objective is to state in plain language how the cloud can help the business be more efficient, effective, and profitable and achieve the overall goals and vision of the company. Next, perform a SWOT analysis with regard to the cloud. A SWOT analysis is a structured planning method that analyzes the strengths, weaknesses, opportunities, and threats of a particular project or business venture. See the example below. Using a SWOT analysis allows you to get specific about your organization’s cloud readiness and what threats exist that could prevent utilization of the cloud to achieve the stated business objectives. Any good strategic plan must include specific, measurable goals, or actions. These goals should be tied back to the SWOT analysis and business objectives identified earlier. Again, be specific with these goals. Instead of a goal such as “acquire new skills,” list the specific skills to be acquired. The final part of the strategic plan is to create one-year, two-year and three-year roadmaps on how to move the organization down the path of cloud adoption while achieving the stated goals and objectives. The roadmap should list specific projects, training, strategic hires, etc. that, as completed, make a measurable impact on your strategic goals. Example SWOT Analysis Strengths Significant virtualization experience IT systems management and governance Strong, trusted offshore partner Strong, collaborative, supportive leadership Weaknesses Cloud expertise is lacking overall, skills retooling required Network connectivity at satellite locations Opportunities Leverage cloud to reduce corporate costs, especially SaaS and PaaS solutions Leverage cloud to increase responsiveness to the business Offload compliance and auditing burden Foster innovation Threats Increasingly competitive industry External regulators are introducing new revisions to their compliance requirements in the next two quarters Recently lost our primary enterprise architect 3. Establish governance now It seems that no new technology can be adopted in an organization without the topic of governance coming up. Cloud is no exception, and governance is, in fact, even more critical to get right with the cloud than with most other technologies. The reason is that the cloud makes buying and deploying technology cheaper and easier than ever before. Business units that control their own budgets can choose a cloud technology, buy it, implement it, and bypass IT completely. The cloud is so inexpensive in some cases that the charges can be applied to a credit card and expensed. In general, allowing business units this much leeway in technology buying decisions is generally a mistake, providing short-term benefits to that particular business unit, but adversely affecting the organization as a whole over time. Start by integrating cloud governance into existing technology steering committees or enterprise architecture groups in order to provide ongoing governance in which workloads make sense for the cloud. But don’t stop there. Proper governance for the cloud needs a holistic approach. Engage the finance department to monitor business expenses and departmental expenditures for rogue cloud activity. In addition, consider modifying existing bonus structures such that a portion of management bonuses are based upon making decisions that benefit the organization as a whole, not just a manager’s particular business unit. 4. Manage organizational change Forbes has tagged the cloud as potentially “the most disruptive technology ever,” and this includes the internet, which essentially made the cloud possible. That kind of disruption does not come without impacts to an organization and these impacts should not be underestimated. New skills need to be learned, new groups must be organized and new ways of thinking need to be adopted. However, change often brings fear – fear of the unknown, of being replaced, of losing control, or not being able to keep up – all of which lie at the root of resistance to adoption. With something as transformative as the cloud, managing the “people” side of the change is imperative to getting your employees on board. Organizational change management (OCM) does just that. OCM defines the steps, processes, and cultural changes necessary for your employees to embrace the technological and cultural changes you are setting forth as you implement the cloud. It doesn’t matter how much time, money, and effort you have invested into the technology; a lack of widespread adoption by the people of your organization can lead any technological project to be deemed a failure. 5. Innovate Of all the benefits the cloud brings to businesses, the ability to facilitate innovation is perhaps the most overlooked. The cloud provides a “fail-fast, succeed-fast” environment that allows businesses to experiment with new technologies and new ways of doing things at a less expensive price point than ever before. Businesses should form a cloud innovation group that experiments with ways of using the cloud to make the business more efficient, effective, and profitable. Small investments in cloud innovation can bring big rewards for companies that are not afraid to adapt to the new reality of cloud. Organizations that do not embrace the cloud, change, and innovation would do well to remember that entire industries were disrupted and largely snuffed out by the internet and mobile revolutions. Consider the failure of newspapers to understand how the internet would destroy profits in an over-100-year-old industry or how mobile computing disrupted the taxi industry. The issue with the cloud, as Forbes points out, is that the cloud impacts every industry on earth, so ignoring is done at one’s own peril. Conclusion As with any complex technology, the cloud requires an investment in crafting a clear vision, strategy, and plan in order to provide the greatest return on investment and avoid the pitfalls of increased overhead, rogue IT, and duplicated systems. Making this investment and avoiding the common pitfalls of cloud adoption will ensure that the cloud helps make your organization more efficient, effective, and profitable. Interested in learning more? Take five minutes to find out how cloud can be a profit center. Another quick read explains which public cloud offering is right for you.

Insights

Articles about Page: Cloud Infrastructure

Expect the unexpected: How to create a disaster recovery plan

Zero Trust: What is it, why you need it, and how to achieve it

5 keys to planning a successful cloud implementation

Ready to talk?

About Us

Quick Links

Stay in Touch

Contact Us