Archive for the ‘SaaS’ Category

PRIMER: How are Disaster Recovery and Backups Different?

April 16th, 2013
Posted by: Donna Hemmert

So, you are working through your go-forward IT strategy and need to make sure that you have things covered should something go wrong. Pretty quickly, you notice that the terms “Backup” and “Disaster Recovery” are quite often being used interchangeably. But, the truth is, they are different. Related, yes, but different.

Backup

Backup really can be defined very simply. Backup is just a copy of your files on another disk (or tape, cloud, etc.). In fact, if you copied each and every file to a DVD (and we are not sure why you would do that), that would be a backup. Having a full backup that is up-to-date means that when you lose a few files or a whole drive or more, you can take the time it takes to copy those files back once your systems are ready to rock. But, it can be a time-consuming disruption. You will likely need to setup a new server(s), re-install the OS, and reinstall all the applications, etc. There are two ways to backup your systems:

  • Onsite Backup: This is when you backup locally to some kind of physical storage option. These solutions are capable of imaging servers and storing data locally so you can recover from incidents.
  • Offsite Backup: This is when you backup your data to an entirely different location. This, of course, helps protects you in the case of an entire geographic location being affected by a disruption. Also, often organizations need offsite backup to be in line with compliances such as those rules defined by Sarbanes-Oxley, HIPAA, FISMA, NASD and NYSE, etc.

Disaster Recovery

So, what is Disaster Recovery? Disaster recovery is beyond backup. The big benefit of disaster recovery is that rather than taking what may be days or months to recover for an unplanned outage, Disaster Recovery will greatly shorten that time.

With Disaster Recovery, a complete image of your disk drives and servers are mirrored. This is sometimes referred to as a “bare-metal” backup, meaning the backup isn’t just the files, but the OS and everything. For example, with AISN’s Disaster Recovery service, we replicate the “bare-metal” backup image to another geographic site so in the event of a disaster in one geographic location, it can be restored from an entirely different geographic location. This gives you added protection and the image(s) allows you to restore systems more quickly – there is no need to reinstall an OS and copying files. The amount of time it takes to actually continue operations after a disaster also depends on whether you choose “Hot Site” or “Cold Site.” So what is the difference?

  • “Hot Site”: Environments are available at a moments notice. So, in the case of an outage, all data processing can quickly be moved to the “Hot Site” and operations continue.
  • “Cold Site”: Critical applications are available at a secondary location. This is similar but is supplied as basic office space, but with “Cold Site” the customer provides and installs all the equipment needed to continue operations. It is less expensive but will take longer for full operations to continue.

So, that’s really all there is to it from a high level. You really need to understand what your goals and objectives are. Do you need systems available in minutes, hours or would days be just fine? Is backup just fine, or do you need Disaster Recovery? And what level of Disaster Recovery do you need? There are lots to consider, but remember, we are always here to help you think through your IT plans.

TAGS:

CATEGORIES:

No Comments »

Top 10 Security Risks Found by Your Auditor

February 21st, 2013
Posted by: admin

GUEST BLOG

By Sarah Morris
KirkpatrickPrice

At KirkpatrickPrice, we strive to provide the proper assurance and resources to help our clients maintain security within their organization.  Recently, we held a client webinar focused on the “Top Ten Security Risks” that your auditor finds during your auditing process.  Below is a summary of the most common risks that we find.

1.      No Formal Policies and Procedures

Formal guidelines of policies and procedures help provide your employees with clarity of what’s expected of them.  They define the accountability for each employee and also establish necessary training. Information security policies are mandated by the FTC Safeguards Rule, PCI Data Security Standards, and the HIPAA Security Rule. This means they are mandatory.

2.      Misconfigurations

Standards need to be applied consistently. Organizations should utilize benchmark configuration standards from a recognized entity such as: Center for Internet Security (CIS), International Organization for Standardization (ISO), SysAdmin Audit Network Security (SANS) Institute, and the National Institute of Standards Technology (NIST).

3.      No Formal Risk Assessment

Assessment should cover assets that are critical to your enterprise to continue business operations for the following: hardware, software, human resources, and processes (automated or manual). Some important things to consider when thinking about risk assessment are the threats to your assets as well as the likelihood of vulnerability being compromised. Threats can be both internal (employees or third party contractors or partners) as well as external (natural events or social engineering). Developing a proper risk assessment can help to mitigate potential risks that you face.

4.      Undefined Incident Response

It is always important to have clear instructions on reporting procedures when determining incident response. It is suggested to build a culture within your work environment that encourages reporting of all incidents the moment they present themselves.

5.      Lack of Disaster Planning

Disaster planning is important in a situation where written plans were available for others to follow in the event that key personnel are not available. A business impact analysis can help quantify what level of redundancy is required for disaster planning. Proactive arrangements should be made to care for the staff and to communicate with third parties. Walkthroughs and training scenarios can benefit organizations so employees are properly prepared in the event of a disaster.

6.      Lack of Testing

The concept of testing applies to all areas of your security. If your security is not tested, there is no way to determine whether or not vulnerabilities are present.

7.      Insecure Code

Developing secure coding is something we find lots of companies struggling with. To develop secure coding, training must be implemented as well as specific development standards and quality assurance.

8.      Lack of Monitoring/Audit Trails

Log Harvesting, parsing, and alerting methods must be determined to efficiently deal with massive event logs. The responsibility for review must be formally assigned as part of daily operations.  Audit trails should be stored in such a way that system administrators cannot modify without alerting someone with and oversight role.

9.      Data Leakage

Some things we often forget are where the data is located and how long should it be retained? How is encryption implemented and verified? How is access to data granted and audited?  These things are all very important, and if not corrected, can keep you from complying with federal and industry standards and regulations.

10.  Lack of Training

A lack of training can prove to be a striking blow to the security of your organization. Employers should recognize the importance of properly training all employees on safety and security best practices. Standards and guidelines should be clearly set and determined in each organization. Several training opportunities are offered through KirkpatrickPrice to properly train you and your company on the basics of security awareness, awareness for managers, awareness for IT professionals, and awareness for credit card handling.

Determining your individual risks is the first step toward the mitigation process.  Maximum security of your sensitive information is KirkpatrickPrice’s number one priority.

If you’re ready to get started with your assurance process, you’ve come to the right place. We’re ready to help. Let’s work together.

Sarah Morris is a technical writer for KirkpatrickPrice, a provider of world-class audit services. Visit www.kirkpatrickprice.com.

 

TAGS:

CATEGORIES:

No Comments »

Bob McDonnell, Virginia’s Governor, Calls for 4% Reduction in Agency Budget

December 6th, 2012
Posted by: Donna Hemmert

By Donna Hemmert
AIS Network Vice President, Strategic Development

AIS Network is a proud provider to the Commonwealth of Virginia and its agencies and so we are always concerned where our customers are concerned.  We know the pressure many of the Virginia agencies are under to provide top-of-the-line IT services so recently when Bob McDonnell, Virginia’s governor, called for a 4% reduction in agency budgets, we knew our eGov customers would be looking to us to collaborate on ideas.

Luckily, there are strategies in IT that definitely allow you to cut costs without cutting service.   The place where most organizations have recently found savings is by moving to the Cloud and a Software as a Service (SaaS) model.  According the KPGM, the Cloud/SaaS market has been growing for this very reason – cost savings.  SaaS pricing is helping organizations do more IT with less money.

With this model, you really are focusing your IT budget on resources, as opposed to hardware or software.  The benefit is that you can purchase the exact resources you need (processing, storage, memory) and upgrade them quickly as required.  This eliminates planning around hardware including the expensive hardware replacement cycle.

An additional benefit of Cloud and the SaaS model is that the ability to apply temporary IT resources becomes very easy and is no longer nearly as costly.  This can be beneficial if you have a temporary project, such as a website around a promotion or project, or in the case of software development where developers really appreciate the flexibility of quickly deploying virtual machines as needed.

Because in the cloud, the cloud provider does all your support, maintenance, and performs any emergency support, man-hours are reduced and the need for around-the-clock staff is reduced.  This is especially relevant in the case of mission-critical applications where the servers need to be working around the clock.

So, if you want to save money while still delivering top-level service, consider the  Cloud and SaaS.  And, as always, we are here to answer any questions.

TAGS:

CATEGORIES:

No Comments »

Understanding Cloud Deployment Models

November 27th, 2012
Posted by: Donna Hemmert

By Donna Hemmert
AIS Network Vice President, Strategic Development

Public Cloud, Private Cloud or Hybrid Cloud?  Which one is for me?

First of all, let’s define the Cloud.  A Cloud is a consolidation of hosted computer services (storage, computing power) and is delivered as a service.

Cloud services are often fully managed by the provider and are usually sold based on usage (for example, per hour or even by the minute). One of the main benefits of the Cloud is that it is elastic, allowing organizations to use as much resources as they need.  They can easily add or reduce those services without the need to deploy equipment.  This can be really useful in situations where companies have a project (for example, a development project or marketing promotion that requires a special new temporary website) or their business has a lot of associated seasonality (i.e., they need more computing resources for the Christmas season).  In that case, a company can call a company such as AISN and simply request another “virtual machine” or more storage.

Many of our customers like the cloud model also since they don’t have to put out upfront capital for equipment and software, but instead can pay a set amount each month.  It’s more predictable and it is captured as an operational expense, which can be beneficial.

As for the deployment models, here are the main types of Cloud:

  • Public Cloud is a cloud that is available to all customers and these customers share the resources of the cloud.  Examples of public clouds are Amazon AWS, Microsoft Azure  and Google Cloud.
  • Private Cloud allocates resources to be used solely by your organization from a shared infrastructure.  Your data is stored in dedicated, segregated silos.  With Private Cloud, adding more storage or CPU is easy and often instantly available.
  • Dedicated Private Cloud is a cloud infrastructure built solely for your organization’s use – with all services and hardware dedicated to your organization.  Some organizations prefer dedicated private cloud for additional security but the down side is that there are reduced economies of scale. That being said, adding and reducing computing resources is much easier to do as with any cloud.
  • Community Cloud shares infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.).  This allows the community to customize the cloud based on these concerns and spread the cost – making it generally more cost effective than a private cloud, but less so than a public cloud.
  • Hybrid Cloud is a combination of more than one cloud type.  For example, you can combine a private cloud with a public cloud.  This will give you benefits of more than one deployment model.  Often an organization will deploy hybrid clouds to provide the flexibility of in-house applications with the fault tolerance and scalability of cloud-based services.

 

TAGS:

CATEGORIES:

No Comments »

Federal Government is Pushing Cloud to the Agencies in its “Cloud First” Policy

November 15th, 2012
Posted by: Donna Hemmert

Just two years ago, the Office of Management and Budget implemented a “Cloud First” policy. In an effort to reduce costs and increase efficiency, they provided a set of cloud-based requirements requiring agencies to use and encouraged cloud-based solutions wherever there is a secure, reliable and cost effective cloud solution.  Since then, several agencies have already transitioned including Agriculture, Health and Human Services, Homeland Security and the Treasury Department.

The solutions they have deployed in the cloud are services such as storage, email, procurement, production infrastructure at DHS, IT power management, correspondence tracking and invoicing.  Others have been identified as possible opportunities for cloud implementations and the agencies continue to pursue the Cloud.

I think this speaks to how far the Cloud computing has come in a short time in terms of technology and acceptance.  The government is not known as a risk taker when it comes to IT and additionally has high standards for security.  We find this very interesting so stay tuned for updates on the “Cloud First” Policy.

CATEGORIES:

No Comments »

IT Outsourcing Services Spending to Top $251 Billion Globally in 2012

August 9th, 2012
Posted by: admin

 

By Laurie Head
AIS Network Vice President

In their latest outlook issued just two days ago, Gartner, Inc., says that worldwide spending for IT outsourcing (ITO) services is on track to reach $251.7 billion in 2012, up 2.1 percent increase from 2011 spending of $246.6 billion.

Not surprisingly, the industry analyst firm reports that the fastest-growing segment within the ITO market is cloud compute services (part of the cloud-based infrastructure as a service/IaaS segment). Cloud compute services are expected to grow 48.7 percent in 2012 to $5.0 billion, up from $3.4 billion in 2011.

Gartner expects that North American buyers will seek to transition more IT work to annuity-managed service relationships for cost take-out and IT costs. This will keep ITO growing through 2016. Enterprises’ reluctance to hire or make large capital purchases, as well as their pursuit of asset-light IT strategies, continues to push clients toward consuming externally provided services, the firm says.

According to the Gartner press release, which addressed the global outlook:

“Today, cloud compute services primarily provide automation of basic functions. As next-generation business applications come to market and existing applications are migrated to use automated operations and monitoring, increased value in terms of service consistency, agility and personnel reduction will be delivered”, said Gregor Petri, research director at Gartner.

“Continued privacy and compliance concerns may however negatively impact growth in some regions, especially if providers are slow in bringing localized solutions to market.”

Data center outsourcing (DCO), a mature segment of the ITO market, represented 34.5 percent of the market in 2011, but growth will decline 1 percent in 2012. “The data center outsourcing market is at a major tipping point, where various data center processing systems will gradually be replaced by new delivery models through 2016. These new services enable providers to address new categories of clients, extending DCO from traditional large organizations into small or midsize businesses,” said Bryan Britz, research director at Gartner.

The application outsourcing (AO) segment is expected to reach $40.7 billion, a 2 percent increase from 2011 spending of $39.9 billion. This growth reflects enterprises’ needs to manage extensive legacy application environments and their commercial off-the-shelf packages that run the business.

“Change is afoot in the AO market. The burdens of managing the legacy portfolio, along with the limitations of IT budgets, have shifted the enterprise buyers to be cautious and favor a more evolutionary approach to other application services, such as software as a service (SaaS),” said Britz. “New applications will largely be packaged and/or SaaS-deployed in order to extend and modernize the portfolio in an incremental manner. While custom applications will remain ‘core’ for many organizations, the trend in the next few years to SaaS enablement in the cloud will reflect in the growth of the AO outlook.”

You can find additional information in the report, “Forecast Analysis: IT Outsourcing, Worldwide, 2010-2016, 2Q12 Update,” which is available on Gartner’s website.

TAGS:

CATEGORIES:

4 Comments »