866.550.7881 ext. 1
Executive Image


Welcome to the Windsor Group knowledge base of articles
and publications that demonstrate our understanding of many
of the complex business challenges and key issues faced by companies
around the world
Windsor Blog Post Image

80% of all enterprise workloads will be in the cloud by 2025, according to Oracle. Enterprise organizations are increasingly establishing hybrid IT models to maximize their existing in-house equipment while using the cloud to stay more agile and innovative. The cloud is often categorized as less expensive; however, it also can “overtax resources and impact existing governance, risk, compliance, and cost strategies.” Let’s take a look at some of the positive and negative implications of hybrid IT for enterprise organizations.

Read More
Windsor Blog Post Image

Between more frequent fires, hurricanes, and other extreme weather events, ensuring that your company has an up-to-date disaster recovery plan is more important than ever. In addition, if you still manage a large number of business-critical systems from an internally managed data center, you might want to consider cloud services as another line of protection against hardware failures and natural disasters.

Whether the weather is dry or wet

With California moving into a year-round fire season and coastal areas like Florida, Texas, and the Carolinas facing hurricanes with unprecedented wind and flood damage, businesses of all sizes are evaluating their disaster recovery plans against the reality of a more unpredictable environment.

In the United States, there are no reporting requirements for states on the costs to repair after a major disaster — although we know that federal funding for natural disasters was nearly $140 billion in 2017. As these extreme weather events get more frequent or affect areas with significant business infrastructure, these costs will only continue to rise.

Major data centers tend to be located in areas with low risk of natural disasters, like Nevada and Utah. Facebook’s first data center is in Oregon, where the biggest threat to its integrity is a terrible snowstorm. If your cloud provider is backing up your data in a low-risk area — which is always a good question to ask when you’re looking at providers — at least one copy of your data will be safe even if the primary server is in a more high-risk area.

When we talk disaster recovery, we often talk about services outages or hardware failures. But unintentional, everyday failures and major weather events should be a concern for all businesses when they refresh their disaster recovery plans and protocols.

The cloud is all about automated backups and ease of access

If a major outage or disaster closes your physical office, cloud services accessible from anywhere can help maintain your business continuity no matter what the situation is on the ground. Any loss of local services becomes a simple hardware replacement, rather than the loss of terabytes of data.

But if you’re going to include cloud services as a significant portion of your disaster recovery plan, you need to prepare yourself, your team, and your company for the planning required to develop a good recovery plan. Before you sign any service-level agreement (SLA) with a cloud provider, you need to first understand the provider’s role in the event of a disaster — including protection they have for their own centers and your company’s responsibilities in a disaster situation. This means:

  • Getting your current contracts in order so that you understand your present situation and future expectations
  • Going over disaster preparedness and access options if this isn’t part of your normal plan
  • Reviewing recovery services
  • Discussing regular audit reports with your vendor
  • Including your vendor in your disaster recovery efforts
  • Understanding the vendor’s standard SLA and its references to disaster recovery

Building a relationship with your cloud partner and taking steps to ensure you’re looking for an active partner in disaster recovery can set the stage for success when an extreme event does arise. In addition to following my suggestions above, you should work to establish clear lines of communication on both ends of your vendor-company relationship.

Where the cloud fits into your disaster recovery plan

Once you have a vendor that can accommodate your disaster recovery needs, the next step is making sure your recovery plan is up-to-date and easily accessible. Good disaster recovery planning typically includes:

  • The recovery time objective (RTO) for getting an application back online
  • The recovery point objective (RPO) to define the longest amount of time you can’t access data after a major incident
  • Your specific recovery goals for a variety of situations (data loss, hardware loss, extended absence from a physical location, etc.)
  • Cleanup processes
  • A list of specific tasks to be completed pre- and post-disaster
  • Backup software for installation
  • Configuring your security and your employees’ ability to access the secure disaster recovery system environment as needed
  • Daily or weekly cloud backups, to reduce the loss of work in the event of a disaster

These are just a few components of a successful disaster recovery plan, but they are a good place to start as you work on incorporating cloud services into your business continuity plan.

Another opinion can be incredibly helpful when you’re preparing a disaster recovery plan. The Windsor Group can help you assess your options and find the best solution for your business. Click here to get started with a strategy session.

Read More
Windsor Blog Post Image

IT service management (ITSM) firms work to employ a set of best practices to efficiently manage technology architectures. The cloud became a huge disruptor for ITSM by virtualizing the large physical data center into architectures infinitely more scalable and potentially more complex. How have “standard” ITSM models changed with the introduction of the cloud?

Read More
Windsor Blog Post Image

Adopting agility into stodgy enterprise technology infrastructures is the new imperative for CIOs. The push is to change best practices, product delivery, and the overall end-user experience to better model many of the startup organizations that are encroaching into every traditional market, from retail and health care to insurance and finance. How can CIOs deliver faster and cheaper, make sense of a seemingly endless list of business demands, and generally respond more quickly to market demands?

Read More
Windsor Blog Post Image

There will come a time when machine learning algorithms normalize within the developer stack. Today, machine learning is a growing specialization in computer science. Like the application program interface (API) layer, the science inherent in machine learning likely will permeate automated computer functions and become the norm rather than the latest fad. The benefits are myriad — from more personalized shopping to self-driving cars. 

Read More
Windsor Blog Post Image

Preventable security breaches cost American companies millions annually. Most C-suite execs are well aware of the risks of data insecurity simply because some of the biggest names in commerce are making the news for all the wrong reasons. Big companies with big internal IT teams, from Google to Uber to Marriott, have all had highly publicized data breaches in the past year. If these companies can experience a cyber hack, where does that leave your business?

Increasingly, companies are turning to outsourced security teams to protect their data infrastructures. But what should you look for in a security team, whether outsourced or in-house?

Today’s security imperative

IT leaders now have choices that go beyond the selection of hardware and software to prevent a security breach. But hiring internal security experts has grown increasingly difficult in today’s low unemployment market. That’s why many CIOs are selecting outsourced security teams for the expertise and perspective that come with a 360-degree external view of your business. An outsourced team can supplement existing IT staff, freeing them up to stay focused on growing your business.

Ironically, outsourcing security can actually create security risks. You must therefore ask yourself what an outsourced IT security team would bring to the company that an internal team couldn’t provide.

Can companies improve IT security by outsourcing, or does outsourcing heighten the risk? How can outsourced partnerships support your existing technology teams?

Selecting a managed IT security partner

Enterprise organizations aren’t the only companies concerned with outsourced cybersecurity; small to mid-sized organizations that are less likely to hire a full-time team are also looking at outsourced IT security options. As our networks have grown more complex, so too have the efforts of hackers to infiltrate them. But finding the right security partners can make a big difference.

Here are some crucial considerations when selecting an outsourced security partner:

  • Different businesses have varying security needs, so look for IT security firms that have a proven track record with your business model and the systems you use.
  • Verify that they have a Chief Information Security Officer (CISO), and talk to them about their plans for advancing your company's information security initiatives.
  • Look for continuous compliance monitoring and regular audits by regulators, national quality assurance groups, and third-party accounting firms for compliance with NIST, ISO, PCI, FISMA, HIPAA, and more.
  • They should have a 24/7/365 Security Operations Center, providing real-time event analysis and response.

Look for external experts with established teams of Security Operations Center (SOC) analysts, SIEM engineers, incident response, forensics, tools experts, and pen testers, which signals that these firms regularly use state-of-the-art tools, facilities, and processes. The firm should keep up to date with the latest threats and adjust their response accordingly to mitigate the risk, while also being comfortable with your existing tools.

Now that you understand what to look for in technical expertise, let’s discuss the day-to-day stewardship of your IT security and the relationship you should have with an outsourced vendor.

Managing the relationship with your security firm

If your organization seeks the support of a cybersecurity partner, take the time up front to develop a service level agreement (SLA) that defines specific roles and responsibilities between your team and the outsourced expert. Then, work together to mitigate risk by fully integrating the partner into behind-the-scenes strategies and up-front security monitoring.

Make sure you understand who your IT team is and what processes are in place for reaching teams after hours and on holidays. Select an outsource partner that you feel comfortable letting work with other business partners or even customers. Cybersecurity is a partnership between IT and your various business units. Finding the right outsourced partner means that the unique security needs of each of these end users will be supported.

Is IT security outsourcing right for your business? Increasingly, small, mid- and enterprise-level businesses are seeking these partnerships. If your team is worried about the state of your company data, talk to the Windsor Group about taking IT security to a different level.

Read More

Popular Posts