logo_v2
866.550.7881 ext. 1
Executive Image

Research

Welcome to the Windsor Group knowledge base of articles
and publications that demonstrate our understanding of many
of the complex business challenges and key issues faced by companies
around the world
Windsor Blog Post Image

Between more frequent fires, hurricanes, and other extreme weather events, ensuring that your company has an up-to-date disaster recovery plan is more important than ever. In addition, if you still manage a large number of business-critical systems from an internally managed data center, you might want to consider cloud services as another line of protection against hardware failures and natural disasters.

Whether the weather is dry or wet

With California moving into a year-round fire season and coastal areas like Florida, Texas, and the Carolinas facing hurricanes with unprecedented wind and flood damage, businesses of all sizes are evaluating their disaster recovery plans against the reality of a more unpredictable environment.

In the United States, there are no reporting requirements for states on the costs to repair after a major disaster — although we know that federal funding for natural disasters was nearly $140 billion in 2017. As these extreme weather events get more frequent or affect areas with significant business infrastructure, these costs will only continue to rise.

Major data centers tend to be located in areas with low risk of natural disasters, like Nevada and Utah. Facebook’s first data center is in Oregon, where the biggest threat to its integrity is a terrible snowstorm. If your cloud provider is backing up your data in a low-risk area — which is always a good question to ask when you’re looking at providers — at least one copy of your data will be safe even if the primary server is in a more high-risk area.

When we talk disaster recovery, we often talk about services outages or hardware failures. But unintentional, everyday failures and major weather events should be a concern for all businesses when they refresh their disaster recovery plans and protocols.

The cloud is all about automated backups and ease of access

If a major outage or disaster closes your physical office, cloud services accessible from anywhere can help maintain your business continuity no matter what the situation is on the ground. Any loss of local services becomes a simple hardware replacement, rather than the loss of terabytes of data.

But if you’re going to include cloud services as a significant portion of your disaster recovery plan, you need to prepare yourself, your team, and your company for the planning required to develop a good recovery plan. Before you sign any service-level agreement (SLA) with a cloud provider, you need to first understand the provider’s role in the event of a disaster — including protection they have for their own centers and your company’s responsibilities in a disaster situation. This means:

  • Getting your current contracts in order so that you understand your present situation and future expectations
  • Going over disaster preparedness and access options if this isn’t part of your normal plan
  • Reviewing recovery services
  • Discussing regular audit reports with your vendor
  • Including your vendor in your disaster recovery efforts
  • Understanding the vendor’s standard SLA and its references to disaster recovery

Building a relationship with your cloud partner and taking steps to ensure you’re looking for an active partner in disaster recovery can set the stage for success when an extreme event does arise. In addition to following my suggestions above, you should work to establish clear lines of communication on both ends of your vendor-company relationship.

Where the cloud fits into your disaster recovery plan

Once you have a vendor that can accommodate your disaster recovery needs, the next step is making sure your recovery plan is up-to-date and easily accessible. Good disaster recovery planning typically includes:

  • The recovery time objective (RTO) for getting an application back online
  • The recovery point objective (RPO) to define the longest amount of time you can’t access data after a major incident
  • Your specific recovery goals for a variety of situations (data loss, hardware loss, extended absence from a physical location, etc.)
  • Cleanup processes
  • A list of specific tasks to be completed pre- and post-disaster
  • Backup software for installation
  • Configuring your security and your employees’ ability to access the secure disaster recovery system environment as needed
  • Daily or weekly cloud backups, to reduce the loss of work in the event of a disaster

These are just a few components of a successful disaster recovery plan, but they are a good place to start as you work on incorporating cloud services into your business continuity plan.

Another opinion can be incredibly helpful when you’re preparing a disaster recovery plan. The Windsor Group can help you assess your options and find the best solution for your business. Click here to get started with a strategy session.

Read More
Windsor Blog Post Image

IT service management (ITSM) firms work to employ a set of best practices to efficiently manage technology architectures. The cloud became a huge disruptor for ITSM by virtualizing the large physical data center into architectures infinitely more scalable and potentially more complex. How have “standard” ITSM models changed with the introduction of the cloud?

Read More
Windsor Blog Post Image

Adopting agility into stodgy enterprise technology infrastructures is the new imperative for CIOs. The push is to change best practices, product delivery, and the overall end-user experience to better model many of the startup organizations that are encroaching into every traditional market, from retail and health care to insurance and finance. How can CIOs deliver faster and cheaper, make sense of a seemingly endless list of business demands, and generally respond more quickly to market demands?

Read More
Windsor Blog Post Image

There will come a time when machine learning algorithms normalize within the developer stack. Today, machine learning is a growing specialization in computer science. Like the application program interface (API) layer, the science inherent in machine learning likely will permeate automated computer functions and become the norm rather than the latest fad. The benefits are myriad — from more personalized shopping to self-driving cars. 

Read More
Windsor Blog Post Image

Preventable security breaches cost American companies millions annually. Most C-suite execs are well aware of the risks of data insecurity simply because some of the biggest names in commerce are making the news for all the wrong reasons. Big companies with big internal IT teams, from Google to Uber to Marriott, have all had highly publicized data breaches in the past year. If these companies can experience a cyber hack, where does that leave your business?

Increasingly, companies are turning to outsourced security teams to protect their data infrastructures. But what should you look for in a security team, whether outsourced or in-house?

Today’s security imperative

IT leaders now have choices that go beyond the selection of hardware and software to prevent a security breach. But hiring internal security experts has grown increasingly difficult in today’s low unemployment market. That’s why many CIOs are selecting outsourced security teams for the expertise and perspective that come with a 360-degree external view of your business. An outsourced team can supplement existing IT staff, freeing them up to stay focused on growing your business.

Ironically, outsourcing security can actually create security risks. You must therefore ask yourself what an outsourced IT security team would bring to the company that an internal team couldn’t provide.

Can companies improve IT security by outsourcing, or does outsourcing heighten the risk? How can outsourced partnerships support your existing technology teams?

Selecting a managed IT security partner

Enterprise organizations aren’t the only companies concerned with outsourced cybersecurity; small to mid-sized organizations that are less likely to hire a full-time team are also looking at outsourced IT security options. As our networks have grown more complex, so too have the efforts of hackers to infiltrate them. But finding the right security partners can make a big difference.

Here are some crucial considerations when selecting an outsourced security partner:

  • Different businesses have varying security needs, so look for IT security firms that have a proven track record with your business model and the systems you use.
  • Verify that they have a Chief Information Security Officer (CISO), and talk to them about their plans for advancing your company's information security initiatives.
  • Look for continuous compliance monitoring and regular audits by regulators, national quality assurance groups, and third-party accounting firms for compliance with NIST, ISO, PCI, FISMA, HIPAA, and more.
  • They should have a 24/7/365 Security Operations Center, providing real-time event analysis and response.

Look for external experts with established teams of Security Operations Center (SOC) analysts, SIEM engineers, incident response, forensics, tools experts, and pen testers, which signals that these firms regularly use state-of-the-art tools, facilities, and processes. The firm should keep up to date with the latest threats and adjust their response accordingly to mitigate the risk, while also being comfortable with your existing tools.

Now that you understand what to look for in technical expertise, let’s discuss the day-to-day stewardship of your IT security and the relationship you should have with an outsourced vendor.

Managing the relationship with your security firm

If your organization seeks the support of a cybersecurity partner, take the time up front to develop a service level agreement (SLA) that defines specific roles and responsibilities between your team and the outsourced expert. Then, work together to mitigate risk by fully integrating the partner into behind-the-scenes strategies and up-front security monitoring.

Make sure you understand who your IT team is and what processes are in place for reaching teams after hours and on holidays. Select an outsource partner that you feel comfortable letting work with other business partners or even customers. Cybersecurity is a partnership between IT and your various business units. Finding the right outsourced partner means that the unique security needs of each of these end users will be supported.

Is IT security outsourcing right for your business? Increasingly, small, mid- and enterprise-level businesses are seeking these partnerships. If your team is worried about the state of your company data, talk to the Windsor Group about taking IT security to a different level.

Read More
Windsor Blog Post Image

Securing data in transit is just as important as the security of data at rest. We know that the benefits of storing and leveraging data in the cloud is the scalability and accessibility that comes with these models. There are dozens of articles on how to store data safely. But companies must first migrate their data safely before they can lock it down within cloud frameworks. What is the key to secure cloud migration?

The risks inherent in cloud migrations

The research shows that cloud service providers offer better security frameworks than the majority of on-premises-focused enterprise organizations. But all of the cloud’s security benefits mean nothing if you can’t migrate and maintain your data securely.

Migrating data to the cloud is potentially complex and risky, particularly when the data is mission critical. The best practice to follow is to implement security protocols throughout the migration. Don’t wait for the cloud provider to handle this service; the migration process is a no-man’s land between on-premises and full security in the cloud. Companies should plan to mitigate the risks at every stage of the transition.

Some of the concerns to address during migration planning include:

  • Compliance with all applicable rules and laws during data transfers
  • General security during the migration
  • The possible disruption of business operations

The practical issues surrounding migrating sensitive data should be addressed during the migration planning process.

Mitigating the risks during cloud data migration

While the research has consistently shown that data in the cloud is more secure than at most on-premises locations, there is a vulnerable point during data transition.

Some of the best ways to tackle any security concerns during the transition to cloud architectures include:

  • First, by conducting a vulnerability and compliance assessment.
  • Second, by creating a cloud access security broker (CASB), which is an on-premises or cloud-based security enforcement point that exists between the cloud service provider and the consumer. These tools help you address security risks and enforce security policies, as well as enforcing compliance rules. While these tools should currently be considered “emerging,” Gartner predicts that 60% of enterprise organizations will use CASBs by 2022.
  • Automatically encrypting data in motion.
  • Establishing identity and access management.
  • Shoring up firewalls to handle data in transit.
  • Adding intrusion detection and intrusion prevention systems.

These tools will remain useful long after the migration is complete. This is true no matter the configuration — whether single- or multi-cloud, or some other hybrid approach.

Security tips before, during, and after cloud migration

Consider the migration as an opportunity. Establishing good security habits as part of a data migration can lay the groundwork for better security overall. Creating scalable and uniform security policies that are also flexible enough to handle the interactions within the network is tricky, particularly in today’s complex IT environments. Some security tips that will help create a strategic framework for your cloud migration can also help guide your new environment from the deployment onward. For example:

  • Focus on mission-critical architectures, or the core functions within your IT service delivery mechanisms. Create virtual cloud environments and other redundancies to protect these crucial functions and ensure zero business downtime.
  • Control every access point to lock down your network from end to end, whether that means creating multi-factor authentication or more robust BYOD policies.
  • Automate backups in the cloud and make sure your virtual processes are redundant. Establish and maintain a regular testing process to ensure disaster recovery.
  • Create a continuous environment of security with your employees and customers by teaching and testing security protocols. Make these protocols fluid in the sense that they change to fit the evolving cybersecurity threats to your business.

It’s also important to start with a good roadmap. Embarking on an effective cloud migration starts with a well-thought-out plan. Managed security specialists like Windsor Group can create and deploy a solid security framework for your data in transit and at rest. Talk with our experienced team today to find out more.

Read More

Popular Posts