Articles Home | New Era Technology | Page: Cloud Infrastructure

Zero Trust: What is it, why you need it, and how to achieve it

Jul 19, 2023

More organizations have shifted to the cloud, completely transforming the way business is done. For many, the days of solely relying on big on-premise data centers are gone, now replaced with a combination of on-premise and cloud-based applications. As the way we store and access data changes, we are forced to come up with new ways to improve infrastructure and keep it secure. That’s where Zero Trust comes in. No matter where you are on your Zero Trust journey — maybe you’ve never heard of it, maybe you want to try it but don’t know where to start, or maybe you’re in the thick of it — we’re here to walk you through five steps that will help you understand Zero Trust and how it can elevate your data security. So what is Zero Trust? Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside their perimeters and instead must verify anything and everything trying to connect to their systems before granting access. This vendor-neutral design philosophy allows maximum flexibility in designing infrastructure architecture. Every access request is fully authenticated, authorized, and encrypted before granting access. Lateral movement is prevented through security policies and least privilege (minimum permissions to do your job). Rich intelligence and analytics are utilized to detect and respond to anomalies in real time. The Zero Trust Maturity Model Traditional This level is where most organizations are at today. Companies who are at this stage have not started their Zero Trust journey, and generally have: On-premises identity with static rules and some single sign-on (SSO). Limited visibility available into device compliance, cloud environments, and logins. Advanced At this level, an organization has begun its Zero Trust journey and has started to make some progress. The areas of adoption at this stage are usually: Hybrid identity and finely-tuned policies that gate access to data, apps, and networks. Devices registered and compliant to IT security policies. Networks being segmented and cloud threat protection in place. Analytics that are starting to be used to assess user behavior and proactively identify threats. Optimal Although the Zero Trust journey is never complete, at this stage an organization has made great strides and improvements in security through the adoption of: Cloud identity with real-time analytics and dynamically-gated access to applications, workloads, networks, and data. Data access decisions governed by cloud security policy engines and secured sharing with encryption and tracking. Complete Zero Trust in the network – micro-cloud perimeters, micro-segmentation, and encryption are in place. Implemented automatic threat detection and response. Steps to achieve Zero Trust 1. Define your protect surface Define your protect surface based on the most crucial data, applications, assets, and services elements for your business. 2. Map the information within your surface There are many ways to map transaction flows, and some techniques for defining your protect surface also apply to mapping its transaction flows. 3. Architect a Zero Trust environment As you develop the architecture, keep in mind ease of operation and maintenance, and flexibility to accommodate protect surface and business changes. 4. Create Zero Trust policy Zero Trust policy is based on the Kipling Method. This shows you how to decide whether to allow or block traffic and how to create a security policy that safeguards each protect surface. Who should access a resource? What application is used to access the resource? When do users access the resource? Where is the resource located? Why is the data accessed — what is the data’s value if lost (toxicity)? How should you allow access to the resource? 5. Monitor and maintain Security is a continuous process as logging and monitoring will reveal needed improvements to make to your policies are your business and infrastructure change. Follow the operational processes you developed when architecting the network to maintain and continually update prevention controls. Running the Zero Trust marathon Zero Trust is a marathon, not a sprint. Since it is not a vendor-specific model, you have the ability to adopt this model utilizing a number of different vendors. If you are ready to start your Zero Trust journey or want to talk about where you’re at, reach out to us today.

Expect the unexpected: How to create a disaster recovery plan

Aug 2, 2021

Tornado. Fire. A malicious cyberattack. What will your organization do if and when the unexpected happens? If you have completed planning for disaster recovery, when is the last time you revisited it? The COVID-19 pandemic, for many, was a test of disaster preparedness and a reminder that planning for the worst can help your company do its best. Disaster recovery is the planning and documentation done in advance to help your organization survive and recover in case of a catastrophe. The disruption could be a natural disaster, accidental data loss, or an attempt to disrupt your network, among others. These interruptions can lead to revenue losses, damage to your brand and reputation, and potentially, the loss of customers. The longer your recovery time, the greater the impact on your organization. A comprehensive disaster recovery plan should allow you to expand your recovery capability and improve your resilience. Having a plan enables you to focus, prioritize assets, and determine the best approach to recover normal operations. Why do you need a disaster recovery plan? Every organization must be prepared to weather worst-case scenario events. You might already have a business continuity plan, but it’s worthwhile to note that this is not the same as a disaster recovery plan. Business continuity focuses on keeping your business operational during a disaster, while disaster recovery focuses on restoring data access and IT infrastructure after a disaster. Ensuring that you have an effective disaster recovery plan can reduce the magnitude of damage to your organization and keep the business running. With carefully planning, you can document your organization’s key assets and create a plan to recover them. Key steps to creating a disaster recovery plan The following list can help you document and think through your organization’s approach to a disaster situation. Once you compile the information, store the document in a safe, accessible location off-site. If you have an existing disaster recovery plan, have you updated it recently? When disaster strikes, having an outdated plan can leave you scrambling. It’s important to view your disaster recovery plan as a constant work in progress. 1. Define your key assets For many organizations, your most important digital assets include enterprise resource planning (ERP) system, product, and marketing plans. Prioritize your assets into three categories: business-critical, important, and non-critical. Categorizing your assets is important to help your organization best understand needs during recovery from a disaster. The focus should be on recovering the most vital systems first. 2. Decide on a recovery window Based on your asset prioritization, determine the duration of your Maximum Tolerable Downtime (MTD). Business unit owners should identify the Recovery Time Objective (RTO); this is usually one segment of the MTD. Business-critical assets are the most immediate focus during a recovery effort. Your recovery window should identify the MTD (in hours) that your business can thrive without having access to the most important information. 3. Define a recovery solution There are many options available for backing up your data, from tape backups to disk backup and cloud storage. In case of a disaster, your organization would need to utilize remote storage so that your data is safe and accessible, even if the primary location is destroyed. In addition, all recovery plans and system build notes should be kept offsite. 4. Draft a disaster recovery plan A disaster recovery document is not a fixed document. It should be flexible to ensure asset retrieval regardless of the disaster. Your plan should contain enough detail so that someone having technical understanding but no knowledge of your enterprise structure can understand. 5. Test the plan Testing your disaster recovery plan is a critical part of preparation and the only way to ensure viability. There are different stages of testing: Paper test: Individuals read and annotate recovery plans Walkthrough test: Groups walk through plans to identify issues and changes Simulation: Groups go through a simulated disaster to identify whether emergency response plans are adequate Parallel test: Recovery systems are set up and tested to determine if they can perform actual business transactions to support key processes, primary systems still carry the full production workload Cutover test: Recovery systems are set up to assume full production workload, temporarily disconnecting primary systems 6. Schedule edits and follow up regularly Operations and data change constantly. It isn’t enough to rely on a single test of your disaster recovery plan to ensure success when a disaster occurs. Document restoration and testing procedures and run the tests on a regular basis. The frequency of your testing may vary, but at least every 12 months. The frequency of your testing depends on your evaluation of the rate of change in your systems. 7. Maintain your plan Technology and business-critical applications change. Disaster Recovery Plans should be reviewed quarterly at a minimum to make improvements and changes to ensure critical business system recovery. Next steps for your disaster recovery efforts Work with your organization’s process owners to gather the details needed to make a complete disaster recovery plan. You might find it worthwhile to partner with a consultant like Fusion Alliance to guide you through the process and incorporate this plan into your wider technology strategy, thinking through business processes and needs. For more information about disaster recovery planning and our services, drop us a line. We would love to talk about your organization’s needs.

5 keys to planning a successful cloud implementation

Oct 20, 2020

Whether businesses rely on the cloud for backup and disaster recovery, inexpensive storage, or near limitless scalability for their applications, there’s no doubt that adopting this technology offers myriad benefits. Now, your organization is ready to make the shift, but that doesn’t mean you can start moving files and applications and assume that’s all you need to do. Instead, you need a sound strategy to ensure you’re maximizing the benefits the cloud offers and are set up to meet your goals. To help you get started, we’re sharing the five keys to planning a successful cloud implementation. 1. Have a vision The first key to any successful cloud implementation is understanding the business need and use case. This may seem obvious, but too often, businesses implement new technology for the sake of technology – they see their competitors turning to the latest shiny object and want to follow suit. However, “tech for tech’s sake” goes against the mission of your IT department, which is to leverage technology to operate more efficiently, effectively, and profitably. That’s not to say that the cloud is the latest shiny object. Businesses ranging from sole proprietorships to enterprise-level organizations use it to improve operations, increase agility, reduce costs, and/or increase security. So, your first step is knowing exactly what you want to get out of implementing cloud solutions and making sure those benefits are agreed upon by corporate officers. Having the business use case clearly defined will form the vision for how cloud computing is used within the corporation. 2. Develop a sound strategy Once your company has clarity into the business needs, document them in a strategic plan that will become the guiding vision and mission of the project for your organization. State the objective in plain, clear language how cloud implementation will help the business become more efficient, effective, and profitable and achieve the overall goals and vision of the company. With your project’s mission statement clearly defined, the next step is to perform a SWOT (strengths, weaknesses, opportunities, and threats) analysis regarding your cloud implementation. This will help you and your team understand your organization’s cloud readiness and the challenges or blocks that may prevent the implementation from achieving the stated objectives. Example SWOT Analysis Strengths Significant virtualization experience IT systems management and governance Strong, trusted offshore partner Strong, collaborative, supportive leadership Weaknesses Cloud expertise is lacking overall, skills retooling required Network connectivity at satellite locations Opportunities Leverage cloud to reduce corporate costs, especially SaaS and PaaS solutions Leverage cloud to increase responsiveness to the business Offload compliance and auditing burden Foster innovation Threats Increasingly competitive industry External regulators are introducing new revisions to their compliance requirements in the next two quarters Recently lost our primary enterprise architect Using the SWOT analysis, you and your team can develop a strategic plan that contains specific, measurable goals and the actions you need to take to achieve them and spans a one-year, two-year, and three-year roadmap. This will act as a guide for moving your company down the path of cloud implementation, making progress toward, and achieving the stated goals and objectives. The roadmap should list projects (broken down into steps if needed), training needs, strategic hires, and show how it is making a measurable impact on your strategic goals. 3. Establish governance now We can’t talk about implementing cloud solutions without talking about establishing governance. Virtually every new technology requires a conversation about governance, and this is especially true with cloud implementation. But why? The cloud makes buying and deploying technology cheaper and easier than ever before. Business units that control their own budgets can purchase cloud technology, sometimes with just a company credit card, and set it up themselves, bypassing IT completely. In general, allowing business units this much leeway in technology buying decisions rarely works out well, providing short-term benefits to that business unit, but adversely affecting the entire organization over time. As a foundation, start by integrating cloud governance into existing technology steering committees or enterprise architecture groups to provide ongoing governance in the workloads that make sense for the technology. With this in place, you can take a holistic approach to establishing governance. We also recommend minimizing the risk of business unit implementation by engaging the finance department to monitor business expenses and departmental expenditures for rogue cloud activity. Also, consider modifying bonus structures so that a portion of management bonuses are based on making decisions that benefit the organization, rather than just a manager's particular business unit. 4. Manage organizational change Forbes has tagged the cloud as potentially “the most disruptive technology ever,” and this includes the internet. That kind of disruption does not come without impacts to an organization and it’s important to not underestimate those impacts. Your team needs to learn new skills and adopt new ways of thinking, and new groups must be organized. However, the biggest impact is the fear that comes with big change, whether that's fear of the unknown, of being replaced, not being able to keep up with the new tech. And this fear will lie at the root of your organization’s resistance to adopting the new technology. So, with something as transformative as cloud implementation, it’s also essential that you manage the people side of the change and get your employees on board. That’s where organizational change management comes in. OCM defines the steps, processes, and cultural changes necessary for your employees to embrace the technological and cultural changes that are planned. It doesn’t matter how much time, money, and effort you have invested into the technology; if the people in your organization fail to adopt it, the project is doomed to fail. 5. Innovate Of all the benefits the cloud brings to businesses, the ability to facilitate innovation is perhaps the most overlooked. The cloud provides a “fail-fast, succeed-fast” environment that gives businesses the opportunity to experiment with new technologies and new ways of doing things at a lower price point than ever before. Before implementing a cloud solution, your company should set the stage for success by forming a cloud innovation group that experiments with ways of leveraging the cloud to make the business more efficient, effective, and profitable. Small investments in cloud innovation can bring big rewards for companies that are not afraid to adapt to the new reality of cloud computing. This ensures that your organization won’t implement the cloud for one use case, then stop there without maximizing your opportunities and seeing added benefits. Take the Next Step of Cloud Implementation As with any complex technology, implementing cloud solutions requires your team to invest time and care in crafting a clear vision and strategy to provide the greatest return on investment and avoid the pitfalls of increased overhead, rogue IT, and duplicated systems. Making this investment and avoiding the common pitfalls of cloud adoption will ensure that the cloud helps make your organization more efficient, effective, and profitable. Interested in learning more? Take five minutes to find out how cloud can be a profit center. Another quick read explains which public cloud offering is right for you.

Insights

Insights

Articles about Page: Cloud Infrastructure

Zero Trust: What is it, why you need it, and how to achieve it

Expect the unexpected: How to create a disaster recovery plan

5 keys to planning a successful cloud implementation

Ready To Talk?

About Us

Quick Links

Stay in Touch

Contact Us