logo_v2
866.550.7881 ext. 1
Executive Image

Research

Welcome to the Windsor Group knowledge base of articles
and publications that demonstrate our understanding of many
of the complex business challenges and key issues faced by companies
around the world
Windsor Blog Post Image

Securing data in transit is just as important as the security of data at rest. We know that the benefits of storing and leveraging data in the cloud is the scalability and accessibility that comes with these models. There are dozens of articles on how to store data safely. But companies must first migrate their data safely before they can lock it down within cloud frameworks. What is the key to secure cloud migration?

The risks inherent in cloud migrations

The research shows that cloud service providers offer better security frameworks than the majority of on-premises-focused enterprise organizations. But all of the cloud’s security benefits mean nothing if you can’t migrate and maintain your data securely.

Migrating data to the cloud is potentially complex and risky, particularly when the data is mission critical. The best practice to follow is to implement security protocols throughout the migration. Don’t wait for the cloud provider to handle this service; the migration process is a no-man’s land between on-premises and full security in the cloud. Companies should plan to mitigate the risks at every stage of the transition.

Some of the concerns to address during migration planning include:

  • Compliance with all applicable rules and laws during data transfers
  • General security during the migration
  • The possible disruption of business operations

The practical issues surrounding migrating sensitive data should be addressed during the migration planning process.

Mitigating the risks during cloud data migration

While the research has consistently shown that data in the cloud is more secure than at most on-premises locations, there is a vulnerable point during data transition.

Some of the best ways to tackle any security concerns during the transition to cloud architectures include:

  • First, by conducting a vulnerability and compliance assessment.
  • Second, by creating a cloud access security broker (CASB), which is an on-premises or cloud-based security enforcement point that exists between the cloud service provider and the consumer. These tools help you address security risks and enforce security policies, as well as enforcing compliance rules. While these tools should currently be considered “emerging,” Gartner predicts that 60% of enterprise organizations will use CASBs by 2022.
  • Automatically encrypting data in motion.
  • Establishing identity and access management.
  • Shoring up firewalls to handle data in transit.
  • Adding intrusion detection and intrusion prevention systems.

These tools will remain useful long after the migration is complete. This is true no matter the configuration — whether single- or multi-cloud, or some other hybrid approach.

Security tips before, during, and after cloud migration

Consider the migration as an opportunity. Establishing good security habits as part of a data migration can lay the groundwork for better security overall. Creating scalable and uniform security policies that are also flexible enough to handle the interactions within the network is tricky, particularly in today’s complex IT environments. Some security tips that will help create a strategic framework for your cloud migration can also help guide your new environment from the deployment onward. For example:

  • Focus on mission-critical architectures, or the core functions within your IT service delivery mechanisms. Create virtual cloud environments and other redundancies to protect these crucial functions and ensure zero business downtime.
  • Control every access point to lock down your network from end to end, whether that means creating multi-factor authentication or more robust BYOD policies.
  • Automate backups in the cloud and make sure your virtual processes are redundant. Establish and maintain a regular testing process to ensure disaster recovery.
  • Create a continuous environment of security with your employees and customers by teaching and testing security protocols. Make these protocols fluid in the sense that they change to fit the evolving cybersecurity threats to your business.

It’s also important to start with a good roadmap. Embarking on an effective cloud migration starts with a well-thought-out plan. Managed security specialists like Windsor Group can create and deploy a solid security framework for your data in transit and at rest. Talk with our experienced team today to find out more.

Read More
Windsor Blog Post Image

Today, the majority of enterprise organizations have at least part of their data in a cloud-based model. This article will help you understand the popular hybrid cloud architectures and what your business needs to know to build and deploy this kind of mixed approach to your IT infrastructure.

The cloud redefined

The cloud is no longer the youthful challenger; nearly 70% of all enterprise organizations in the U.S. now have mission-critical data and workflows there. The benefits of scalability, lower cost, and higher security are still the same, but what has changed is the sheer volume of applications and architectures that can now be handled as on-demand services accessed through the internet. From software as a service (SaaS) to infrastructure as a service (IaaS), private clouds, and hybrid models that make the best of private and public solutions, companies now have a plethora of choices for their IT solutions.

Traditional managed services have also evolved with cloud models. Managed service providers now develop and deploy multi-cloud and hybrid models that help companies improve operations. These technology pros are as flexible as the cloud, offering a selection of outsourcing models that can parallel internal IT teams or provide full service when no internal resources are available.

Today, there are public, private, and hybrid clouds. The hybrid cloud represents the perfect middle ground between shared internet services in the public arena and the higher-cost private cloud services that are still potentially a single point of failure for a large enterprise. Hybrid models bake redundancy directly into the cloud services paradigm, building services on both a private and public cloud. Why is the hybrid cloud growing in popularity, and what do organizations need to know about these models?

Building a better (hybrid) mousetrap

Building the perfect hybrid cloud for your business is all about your current and future business needs. The process must start with an understanding of the applications you have today, the business case use models for the future, and how your applications must evolve to meet the changing needs of the company.

Companies considering hybrid cloud models should consider what is the right mix of on-premises and off-premises computing and storage. They must understand how these resources are managed on a daily basis and what resources (human or technology) are needed to meet those requirements. They must also carefully consider the total cost of supporting the public cloud portion of a hybrid model. Finally, they need to determine what steps will be necessary and what the timeline will be for moving from one on-premises data center to another, either in the cloud or on-site.

Creating a decision framework that maps the right workload to the right platform is important. Your organization should develop technical and financial modeling for each end-user application. You must carefully monitor usage costs and automate to cut labor costs when possible. In addition, you should consider modernizing or upgrading the workloads and applications that will remain on-site so that you can eventually take advantage of the agility and speed of the cloud.

Is the hybrid cloud right for your business?

The biggest benefit of the hybrid cloud lies in its flexibility; you can use multiple cloud providers or the services of a single company. Either way, there is more safety in a mixed model. Compliance rules alone would argue for a private cloud model — but some business applications do not fall under these restrictions and could be placed in a non-private and potentially less expensive service.

The beauty of hybrid models is the flexibility that comes from a non-homogeneous solution. Talk to the Windsor Group about the best solution to solve the challenges of your business problems. Together, we can create a cloud solution that will help you sustain long-term competitive advantage for your enterprise

Read More
Windsor Blog Post Image

Preventable security breaches cost American companies millions annually. Most C-suite execs are well aware of the risks of data insecurity simply because some of the biggest names in commerce are making the news for all the wrong reasons. Big companies with big internal IT teams, from Google to Uber to Marriott, have all had highly publicized data breaches in the past year. If these companies can experience a cyber hack, where does that leave your business?

Increasingly, companies are turning to outsourced security teams to protect their data infrastructures. But what should you look for in a security team, whether outsourced or in-house?

Today’s security imperative

IT leaders now have choices that go beyond the selection of hardware and software to prevent a security breach. But hiring internal security experts has grown increasingly difficult in today’s low unemployment market. That’s why many CIOs are selecting outsourced security teams for the expertise and perspective that come with a 360-degree external view of your business. An outsourced team can supplement existing IT staff, freeing them up to stay focused on growing your business.

Ironically, outsourcing security can actually create security risks. You must therefore ask yourself what an outsourced IT security team would bring to the company that an internal team couldn’t provide.

Can companies improve IT security by outsourcing, or does outsourcing heighten the risk? How can outsourced partnerships support your existing technology teams?

Selecting a managed IT security partner

Enterprise organizations aren’t the only companies concerned with outsourced cybersecurity; small to mid-sized organizations that are less likely to hire a full-time team are also looking at outsourced IT security options. As our networks have grown more complex, so too have the efforts of hackers to infiltrate them. But finding the right security partners can make a big difference.

Here are some crucial considerations when selecting an outsourced security partner:

  • Different businesses have varying security needs, so look for IT security firms that have a proven track record with your business model and the systems you use.
  • Verify that they have a Chief Information Security Officer (CISO), and talk to them about their plans for advancing your company's information security initiatives.
  • Look for continuous compliance monitoring and regular audits by regulators, national quality assurance groups, and third-party accounting firms for compliance with NIST, ISO, PCI, FISMA, HIPAA, and more.
  • They should have a 24/7/365 Security Operations Center, providing real-time event analysis and response.

Look for external experts with established teams of Security Operations Center (SOC) analysts, SIEM engineers, incident response, forensics, tools experts, and pen testers, which signals that these firms regularly use state-of-the-art tools, facilities, and processes. The firm should keep up to date with the latest threats and adjust their response accordingly to mitigate the risk, while also being comfortable with your existing tools.

Now that you understand what to look for in technical expertise, let’s discuss the day-to-day stewardship of your IT security and the relationship you should have with an outsourced vendor.

Managing the relationship with your security firm

If your organization seeks the support of a cybersecurity partner, take the time up front to develop a service level agreement (SLA) that defines specific roles and responsibilities between your team and the outsourced expert. Then, work together to mitigate risk by fully integrating the partner into behind-the-scenes strategies and up-front security monitoring.

Make sure you understand who your IT team is and what processes are in place for reaching teams after hours and on holidays. Select an outsource partner that you feel comfortable letting work with other business partners or even customers. Cybersecurity is a partnership between IT and your various business units. Finding the right outsourced partner means that the unique security needs of each of these end users will be supported.

Is IT security outsourcing right for your business? Increasingly, small, mid- and enterprise-level businesses are seeking these partnerships. If your team is worried about the state of your company data, talk to the Windsor Group about taking IT security to a different level.

Read More
Windsor Blog Post Image

Moves to automate certain processes within a company can sometimes feel like a covert operation. Employees can be wary of automation because high levels of automation often go hand in hand with layoffs. But does automation always mean cutting down on staff?

Automation has a bad rep, especially in manufacturing

While some may point to offshore outsourcing as a key drain on employment opportunities, automation has a long history of job reduction. Just think back to the decades where a single plant may have required 500 workers to function at full capacity. Nowadays, factories need only a fraction of that many employees to maintain increased output.

As automation moves into more sophisticated, higher-skilled sectors — thanks to advancements in AI and machine learning — analysts are looking more and more at the potential job loss due to automation. Estimates on automation job loss range from 1.8 million by 2020 to 2 billion by 2030. Numbers for job creation stemming from automation vary as well but tend to be much smaller: between 1 million jobs created by 2020 to 890 million by 2030.

The belief in the power and future good of automation depends on who you talk to, especially in the tech industry. These opinions range from techno-optimism to techno-pessimism. As you might have guessed by the name, techno-optimists see the promise of automation for its pros whereas techno-pessimists see it for its cons.

For example, some techno-optimists see job elimination as a good thing, leaving more resources and opportunity for the creation of new, higher-skill and better-paying work. Others admit that the job loss might hurt, but it might not be as painful as some research has suggested. Conversely, techno-pessimists worry that automation and other advancements may cause apathy in the face of current social, economic, and environmental issues.

Wherever you fall on the optimism spectrum, you should understand that automation in your company, no matter how big or small, doesn’t always mean cutting down your staff.

Benefits of automation to your team

If you decided to run an unofficial survey of your IT team right now about what they’re doing at work versus what they would rather be doing at work, you’d likely hear about how much time repetitive, manual processes take from more interesting and often more revenue-generating work. Time that could be spent redesigning an application is pushed aside for security event management. Excitement about a new product might get drained by a massive but necessary architecture management project.

If you’re looking to reduce talent costs, automation is a great way to do it. But automation is also an incredible tool for reducing pressure on an overburdened team while giving them the space and ability to contribute more to your business. This comes with the added benefit of creating more challenging and engaging work, which can help increase job satisfaction.

Overall, automation offers a way to increase productivity without the need to hire more people. This can help reduce the strain of IT’s ongoing talent shortage on your business, as well as create opportunities to further train and develop your own team.

Automate with care

There will always be a lengthy pros and cons list whenever businesses consider adding more automation capabilities to their workforce. If your goal is to not only reduce IT costs but also boost morale, automation doesn’t automatically mean a reduction of your internal team. When eliminating positions is unavoidable, offering training or lateral movement opportunities can help soften the blow, especially if you have dedicated employees who may be a valuable resource in the future.

Automation might not always be the best for everyone on the team, so it’s a good idea to tread lightly and have a solid plan in place before discussing automation opportunities in your organization.

The Windsor Group can help you find the best automation strategy for your business while balancing your success benchmarks and staffing goals. Start with a strategy session today.

Read More
Windsor Blog Post Image

Quantum computing used to be the stuff of science fiction, but this technology seems to now be hurtling toward science reality. With the waves that cloud computing created in the business world, everyone wants to stay ahead on the latest and greatest tech. But sometimes that means understanding not only the technology’s potential but also the difficulties it faces before getting to market.

What’s the big deal about quantum computing?

The biggest deal about quantum computing is that it’s even remotely possible. The fundamentals of quantum computing rely on advanced and complex physics still in its early stages of research. Even Richard Feynman, who won the Nobel Prize for his work in quantum theory, once said, “Nobody understands quantum mechanics.”

While the actual math and science behind quantum computing is still fuzzy and full of kinks, both public and private researchers are getting a clearer idea of the “how” of quantum physics (just not exactly the “why”). We are surrounded by — and made up of — atoms and their subatomic components, electrons, protons, and neutrons. Instead of using a voltage circuit to make up the digital bits that allow computers to perform calculations, quantum computers rely on subatomic particles to make up quantum bits, or qubits.

These particles are generated using superconducting circuits or levitating individual atoms inside electromagnetic fields. It’s work on an incredibly small scale but, when treated correctly, these qubits can reach this not-well-understood mode called a “superposition.”

Instead of creating 1 and 0 bits through the variable application of a current, a single qubit in superposition can be a 1 and a 0 at the same time. While this might seem counterintuitive at first, a series of qubits in superposition can blaze through time-consuming problems about 5,000 times faster than a modern computer. Yes, you read that right: 5,000 times faster.

But quantum computing isn’t just about speed. It’s also about security. QuTech, a European company, is looking into applying quantum entanglement to create instantaneous and secure data transfer. Entanglement is a whole other beast of complicated physics, but essentially two entangled qubits retain a connection no matter the distance or barriers between them. It’s been likened to the teleportation of data, since affecting one particle will instantly change the other particle too. Better yet, no one can hack the transfer of information — only disrupt it.

The moon race of our time

Governments and private entities alike are chasing down the economic potential of a quantum computer and data transferring capabilities. Google, IBM, and Microsoft are heavily investing in their own development projects, and venture investors heaped $241 million on quantum computing startups in 2017. China is building a $10 billion research facility for quantum research, and the European Union has its own billion-dollar research program.

Whoever figures out quantum computing first stands to gain the most benefit from the technology — from more increased processing power for solving other computing quandaries, such as theoretically impossible-to-break security protocols, to faster resolution of simulations for new medications and drug therapy.

Between the proposed speed and security, quantum might seem like a natural progression for computing. But even while companies such as Microsoft are projecting a five-year launch for quantum computing in Azure and QuTech is racing to a 2020 deadline for a four-city quantum computing network, researchers still have a significant number of bugs to work out of qubits.

Not so fast ... yet

And now we come to the catch. Or several catches. While theory suggests that the high-powered possibilities of quantum computing are well worth the effort, we’re still a ways off from actually bringing quantum computing to any broad market — if it deserves a place there at all.

One of the main reasons for this is that qubits are highly unstable. Shielding is a must for these computers, as are close to absolute-zero operating temperatures — which is lower than minus 450 degrees Fahrenheit. Processing power is also reduced to correct qubit misfiring errors. Although researchers have made progress in stabilizing qubits in large groups, it’s still an incredibly expensive and finicky endeavor.

And while quantum theory has had at least a couple of decades of academic study, actual proof of principles in labs is rare, especially on a large scale. We also have no idea what application design for a quantum computer would even look like. Plus, the field is facing a shortage of qualified physicists and engineers able to tackle these tough problems.

We’re not saying that we should lose the enthusiasm for quantum computing. It’s a matter of managing expectations of quantum computing, especially in terms of how it can affect your business. For now, it might be a better idea to keep your IT plans focused on cloud computing rather than getting too far ahead of the curve.

The Windsor Group strives to keep up with the latest technology trends so that we can fully discuss and advise enterprises on the options that fit their goals. Learn more about our team.

Read More
Windsor Blog Post Image

Between more frequent fires, hurricanes, and other extreme weather events, ensuring that your company has an up-to-date disaster recovery plan is more important than ever. In addition, if you still manage a large number of business-critical systems from an internally managed data center, you might want to consider cloud services as another line of protection against hardware failures and natural disasters.

Whether the weather is dry or wet

With California moving into a year-round fire season and coastal areas like Florida, Texas, and the Carolinas facing hurricanes with unprecedented wind and flood damage, businesses of all sizes are evaluating their disaster recovery plans against the reality of a more unpredictable environment.

In the United States, there are no reporting requirements for states on the costs to repair after a major disaster — although we know that federal funding for natural disasters was nearly $140 billion in 2017. As these extreme weather events get more frequent or affect areas with significant business infrastructure, these costs will only continue to rise.

Major data centers tend to be located in areas with low risk of natural disasters, like Nevada and Utah. Facebook’s first data center is in Oregon, where the biggest threat to its integrity is a terrible snowstorm. If your cloud provider is backing up your data in a low-risk area — which is always a good question to ask when you’re looking at providers — at least one copy of your data will be safe even if the primary server is in a more high-risk area.

When we talk disaster recovery, we often talk about services outages or hardware failures. But unintentional, everyday failures and major weather events should be a concern for all businesses when they refresh their disaster recovery plans and protocols.

The cloud is all about automated backups and ease of access

If a major outage or disaster closes your physical office, cloud services accessible from anywhere can help maintain your business continuity no matter what the situation is on the ground. Any loss of local services becomes a simple hardware replacement, rather than the loss of terabytes of data.

But if you’re going to include cloud services as a significant portion of your disaster recovery plan, you need to prepare yourself, your team, and your company for the planning required to develop a good recovery plan. Before you sign any service-level agreement (SLA) with a cloud provider, you need to first understand the provider’s role in the event of a disaster — including protection they have for their own centers and your company’s responsibilities in a disaster situation. This means:

  • Getting your current contracts in order so that you understand your present situation and future expectations
  • Going over disaster preparedness and access options if this isn’t part of your normal plan
  • Reviewing recovery services
  • Discussing regular audit reports with your vendor
  • Including your vendor in your disaster recovery efforts
  • Understanding the vendor’s standard SLA and its references to disaster recovery

Building a relationship with your cloud partner and taking steps to ensure you’re looking for an active partner in disaster recovery can set the stage for success when an extreme event does arise. In addition to following my suggestions above, you should work to establish clear lines of communication on both ends of your vendor-company relationship.

Where the cloud fits into your disaster recovery plan

Once you have a vendor that can accommodate your disaster recovery needs, the next step is making sure your recovery plan is up-to-date and easily accessible. Good disaster recovery planning typically includes:

  • The recovery time objective (RTO) for getting an application back online
  • The recovery point objective (RPO) to define the longest amount of time you can’t access data after a major incident
  • Your specific recovery goals for a variety of situations (data loss, hardware loss, extended absence from a physical location, etc.)
  • Cleanup processes
  • A list of specific tasks to be completed pre- and post-disaster
  • Backup software for installation
  • Configuring your security and your employees’ ability to access the secure disaster recovery system environment as needed
  • Daily or weekly cloud backups, to reduce the loss of work in the event of a disaster

These are just a few components of a successful disaster recovery plan, but they are a good place to start as you work on incorporating cloud services into your business continuity plan.

Another opinion can be incredibly helpful when you’re preparing a disaster recovery plan. The Windsor Group can help you assess your options and find the best solution for your business. Click here to get started with a strategy session.

Read More

Popular Posts