• June 15, 2023
  • Catagory Data Protection

Why You should Have Magnetic Tape in Your Data Backup Mix

By : Justin Folkerts

If you think magnetic tape storage for backup and archives is old school, think again – even the big hyperscale data centers see the benefit due to its low cost.

Hyperscalers are some of the biggest users of magnetic tape because it enables them to store massive amounts of “cold” data cost effectively – a on a cost-per-bit basis, tape storage is cheaper than hard drives, and it makes no sense to store seldomly-accessed information on ultra-fast flash-based SSDs.

Magnetic tape can also play a role in a comprehensive security strategy. By backing up to tape, you can create what is known as an “air gap.” You can back up sensitive data to magnetic tape to protect it from a malware attack since data that is instantaneously replicated to the cloud can be corrupted just as quickly at the backup destination. By backing up to tape periodically and otherwise keeping it off the network, you have a clean version that can be restored in the event of a malware or ransomware attack.

In the meantime, the capacity of magnetic tape is growing fast while the amount of data grows exponentially. Not only is tape the lowest cost for bit compared with other storage media options, but the overall capacity per tape now has a native capacity of 18 terabytes with 500 terabytes on the horizon.

While it may take longer to restore from tape, the media itself has a long shelf life as well – a magnetic tape cartridge stored in the right environmental conditions can last for several decades. If you’re required by government legislation or other regulatory bodies to retain data for years after it’s collected, tape is a great option for archives and backup. Small and medium-sized companies must often comply with the same legal and regulatory requirements as large enterprises, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and Europe’s General Data Protection Regulation (GDPR).

The financial services and health sectors have data retention requirements, with the latter being required to retain patient records including tests like X-rays for many years.

Magnetic tape is also sustainable because it consumes the least amount of energy compared with other data storage options. And if you’ve embarked on an Environmental, Social and Governance (ESG) strategy, tape is more compelling because its overall footprint starting with the raw materials to ultimate disposal is quite low.

All these characteristics make magnetic tape a popular option for many industries – capacity per cartridge, low cost per bit, and low power consumption have made it a preferred option for the oil and gas sector, particularly for seismic data, while the entertainment industry uses tapes like they are big USB drives to move media from one stage of production to another.

And while artificial intelligence (AI) and machine learning processes do require fast memory and storage, the vast amounts of information it needs to learn from have to be stored somewhere. If you collect a lot of data via internet of things (IoT) devices, you may want archive it for future use. The capacity of tape is ideal for large data sets.

While there is an upfront cost to investing in magnetic tape for backup and storage, the total cost of ownership is appealing if you’re a small or medium-sized company that’s mindful of its energy bills – you’ll recoup your initial outlay thanks to a low cost of ownership (TCO).

Better still, like most data storage and backup options like the cloud, you don’t necessarily need to set up your own tape storage on-site. There are many service providers who can help exploit benefits of magnetic tape and manage it for you.

  • May 25, 2023
  • Catagory Computer Hardware

Don’t Forget About Offline Device Security

By : Sanjeev Spolia

Constant connectivity contributes a lot to data breaches, but offline device security should not be neglected. Stolen devices, including laptops, and even decommissioned devices can be an opportunity for threat actors to gain access to data they shouldn’t have.

Stolen laptops and portable drives have been the cause of many a security breach going back more than 25 years, and with the massive uptick in remote work, stolen laptops are contributing to a rise in data breaches – it’s one of the endpoints most likely to be a source of security threats and lost sensitive business data, including customer information.

There are several consequences to this old-fashioned theft: revenue losses, a loss of customer faith and reputation, legal liability, and breach of privacy legislation. As you look at all the ways your connected enterprise is a risk, you must consider the security of offline devices, too, especially employee laptops.

You should aways know the status of every endpoint, and that includes every employee laptop, whether they’re working at home, on the road or spending the day in the office. The more on the go they are, the more opportunities there are for them to leave the laptop unattended. You must never lose track of any laptop, and you must be able to control it, even when it’s not connected or powered off.

There are now solutions coming to market that use a cellular network for telemetry so that devices can be tracked and managed without the need for internet connectivity or power. There are now few reasons you can’t track, lock, and wipe an errant laptop to keep sensitive data from being accessed by threat actors with sticky fingers.  

Some laptop makers are building in better protection capabilities at the system BIOS and hardware levels so that the computer will only work when connected to the Internet with proper credentials.

But offline device security shouldn’t just apply to laptops in service. You must also have a strategy for decommissioning all computer hardware, including office desktops, servers, and drives. If the device is non-functional for practical purposes, it can always hold data that can be accessed by a determined bad actor who finds it before it’s destroyed.

In the age of constant connectivity and cloud-based business applications, it’s sometimes easy for physical device security to fall through the cracks, even though a single stolen laptop can be the launch point for a deadly cyberattack. Even you don’t any internet of things (IoT) devices are your network, you must have a physical device security strategy that covers all computers, portable drives, servers, and smartphones – not just when they are active and connected, but also when they’re offline and even when they’ve been decommissioned.

  • May 11, 2023
  • Catagory IT management

Get the Most Security For Your Budget

By : Justin Folkerts

More security tools don’t automatically mean your business is fully protected – blowing the budget on cybersecurity will have diminishing returns. You need to spend smarter, especially if your budget is constrained.

In addition to having the right technology, you need to have proper framework to guide your security investments. These frameworks include how you manage user onboarding, remote access to your network and who’s allowed to spin up new applications in the cloud. Having accurate and transparent guidelines for how employees work will enable to be precise with your security investments.

You must also understand your organization’s attack surfaces – operating systems, device types including employee laptops and smartphones, cloud technologies, browsers and email clients will all determine how you spend your budget for security. They are all vectors for threat actors to exploit.

It’s critical that you must implement effective controls to protect applications and data and a method of ensuring they are functioning consistently and effectively. Most of all, you must look for opportunities to automate because one of the biggest line items in your security budget is people.

Consider all points of access

Your controls for protecting applications and data should be ready to confront ransomware, malware, distributed denial-of-service (DDOS) attacks, internal threats due to disgruntled employees and human error, bearing in mind that each vulnerability is a doorway that opens wider access to your IT infrastructure. These controls must be ready to deal with a dynamic landscape as threat actors are constantly changing their tactics and techniques and consider every access point an opportunity.

Even if you’ve fully leveraging cloud technologies to run your business, you can’t depend fully on your cloud service provider to secure your applications and data – you need to understand where their responsibilities end and yours begin. If you’ve not moved to the cloud, doing so can help you get more for your security budget.

Prepare for a breach

Even if you’re confident that you’ve enabled all the proper controls, your security budget should account for a data breach – you need to assume that a threat actor might gain initial access and be ready to mitigate and learn from the attack.

One way to ready yourself for a breach is to fully understand what’s normal for your organization. It’s easier to spot malicious activity when you have a baseline for what is standard operating procedure. Having the right endpoint detection and response (EDR) tools go a long way to providing the necessary visibility to proactively protect your data and applications. You must also remember that each system comes with its own settings and best practices that contribute to your overall security.

Automation pays off

Given everything you must monitor and control and assuming it’s just a matter of when not if a breach occurs, you must automate wherever possible if you’re to attain maximum protection and resiliency within a constrained security budget. Even if the sky was the limit, the competition for cybersecurity talent is fierce.

You can’t detect, manage, mitigate, remediate, and maintain an adequate security posture without automation. You must be able to update software, firmware, and patches automatically as much as possible while also track the behavior of every asset over time so you can maintain their security consistently as employees come and go and passwords are changed.

You can best get the most of your security budget through automation by doing it in concert with your broader IT systems, especially those already set up to track your assets. Cloud-based technologies can also aid in mapping and scoring your security budget.

If you’re a smaller organization, you should consider turning to a managed service provider to help with you automate as well as evaluate your security frameworks and tools. They can take on many aspects of data and application protection, help you redeploy your staff most effectively and get you the biggest bang for your security budget.

  • February 14, 2023
  • Catagory IT management

There’s No Security Without Visibility

By : Justin Folkerts

If you don’t have visibility into your IT infrastructure, you can’t have confidence in your overall security.

This is especially true for those in the manufacturing and energy sectors that have a great deal of operational technology (OT) and industrial control systems (ICS), as their security can impact the broader organization through its integration with more conventional IT systems.

An annual report released by Dragos outlined the visibility challenges faced by ICS/OT networks when it comes to identifying vulnerabilities ICS/OT devices as ransomware attacks on firms with ICS/OT infrastructure increase. These attacks demonstrate how industrial firms have their own set variables when it comes to security and establishing visibility across all systems, especially as the industrial internet of things (IoT) becomes more ubiquitous.

But even outside industrial systems, visibility is critical for robust security, especially as remote work continues and many businesses settle into a hybrid approach. Whether it’s an ICS/OT device in an industrial setting, a IoT sensor for agricultural applications or a laptop for a road warrior leading your sales initiatives, you must be able to see these devices on your network and understand their vulnerabilities.

No matter why your digital footprint is expanding, security visibility becomes increasingly difficult when you must keep track of home office, on-premises and cloud-based endpoints. Your attack surfaces are proliferating, and you must be able to see all of them – you can’t get the visibility you need to identify the gaps in your security programs and controls without the right tools and best practices.

And there’s many elements you must be able to see and control:

  • Endpoints of all sorts are your weakest links as they exchange data over a variety of network connections
  • Because it’s so easy for business users to spin up whatever cloud-based services they think will help meet their objectives, you run the risk of shadow IT that’s connecting to your infrastructure without proper governance
  • Even before remote work became the norm, remote offices meant a more distributed workforce, which is more difficult to monitor than ever thanks to home offices and mobile devices
  • Cloud services can allow you to delegate security to the provider of a service, but it’s still a shared responsibility

These are just some of the key elements of your IT infrastructure that require visibility if they are to be fully secured, and it’s helpful if you break down visibility into three broad categories if you’re to attain it organization-wide.

Operational visibility includes operational compliance and operational processes, as well as user visibility so you understand who has access to data and why, including applications. People come and go and responsibilities change, so you must have best practices for onboarding and off-boarding employees as well as device lifecycle management. A zero-trust approach to security can help to improve user visibility.

Technical visibility has become more difficult with more distributed workforces and IT environments – you must understand all the threats and vulnerabilities that might affect your systems, connections and devices, whether it’s a laptop, server, smartphone or narrow-purpose IoT device.

Your organizational visibility determines your awareness to any threats to your brand, reputation, and intellectual property. This level of visibility requires not only security tools but also best practices and processes.

At the end of the day, however, visibility is all about knowing where your data is so you can protect it – it’s the lifeblood of your business. A managed service provider can help you make the right links between visibility and security so you can build a true picture of your IT infrastructure across every system and endpoint.

  • January 31, 2023
  • Catagory remote work

Your IT People Are Worried About Remote Work Security

By : Sanjeev Spolia

If you haven’t fully adjusted to the era of remote work, your IT team leader has something to say about security.

According to a new Cisco Systems survey, the increasing number of employees working remotely today – even as some employees head back to the office – is stressing out both business leaders and those responsible for security, and a big culprit is unregistered devices.

The Cisco survey found that 84% of 6,700 respondents, including 81% of the 300 Canadian respondents, found that working remotely has increased cybersecurity risks to their organization, and nearly a percentage of respondents cites unregistered devices used by employees in support of remote to be the likely cause of security incidents. Unregistered devices might include laptops, tablets, and smart phones, the survey said.

In general, Cisco found that in the early days of the pandemic when the sudden shift to remote work occurred, security became an afterthought, as noted by a Cisco exec interviewed by IT World Canada. The reason security tends to take a back seat when employees work from home is that they want a similar experience to working in the office, but they don’t want security controls that make it harder to do their jobs. In addition, remote work isn’t just about working from home – employees now want the option of working anywhere.

Meanwhile, the International Association of IT Asset Managers (IAITAM) has similar concerns about the impact of remote work on organizational security, echoing the Cisco survey’s observation that security wasn’t top of mind when the initial rush to remote work occurred in March 2020. Not only are personal devices being used by remote workers to access the corporate network contributing to security issues, but there’s also “low-tech breach” danger if organizations don’t have proper IT asset disposal procedures, IAITAM warns.  

Not having a proper asset disposal program for computer hardware is just as important for remote work security as having a strategy for warding against employee errors, rogue employees, errant third party vendors, and outside hackers, advises IAITAM. Any asset disposal program should include certified data drive sanitation or destruction, and robust tracking of the disposal process so that data thieves aren’t gaining access to mission critical business information.

Monitoring the lifecycle of computer hardware used for remote work can be especially complex if they include personal devices, but asset management is critical to any organization’s security strategy. If you don’t a program in place, consider consulting your managed service provider for support.

  • September 15, 2022
  • Catagory IT management

Are you ready to support the hybrid office?

By : Sanjeev Spolia

If you’ve got employees coming back to the office while still allowing staff to work from home, you’ve created a hybrid office environment that can create challenges when onboarding staff, providing ongoing support, and securing a vast array of endpoints.

In some ways, having everyone work remote is more straightforward – when you have employees coming and going from the office, the environment becomes even more dynamic because the definition of hybrid work can vary depending on how you manage it and company policy. Consider the different scenarios:

  • The “at-will and remote-first” approach means employees are empowered to prioritize working remotely
  • An “office-first” policy falls at the other end of the spectrum and resets the organization to pre-pandemic norms
  • “Split weeks” mean days are assigned as either remote or office-based according to a schedule while certain employees might be assigned to be in the office on a week-by-week basis
  • Some organizations are designating who must be in the office and who can work from home on a team-by-team basis

No matter what you choose, a hybrid work environment reinforces the need for a cloud-first approach for business applications and robust cybersecurity. You also need to support collaboration for remote workers and those who opt to be back in the office – and everything in between. A hybrid approach may also mean people no longer have assigned workspaces – hotdesking adds complexity to workstation support and endpoint security, which should always be a high priority. Employees who are on the move risk bringing threats to the office with them.

The emergence of the hybrid office comes at a time when threat actors are upping the ante and exploiting as many attack surfaces as they can – it’s can be difficult for your IT team to keep on top of everything and it takes time away from more strategic initiatives such as digital transformation.

Even before the pandemic and shift to remote work, your IT team was under a lot of pressure to secure infrastructure and protect customer data. If you haven’t already turned to your managed service provider (MSP) to help you bolster cybersecurity, a hybrid work environment should be your tipping point. They can take charge of many security tasks that can otherwise bog down your IT staff, such as overseeing antivirus software and firewalls, and even identity management for all workers, no matter where they decide to work.

If your MSP is helping you with a cloud-first approach, they’re able to monitor your end-to-end infrastructure, including every workstation in the office or at an employee’s home office. They can take charge of onboarding employees so they can access business applications from anywhere and deliver security training services.

Getting a handle on what the hybrid work environment means for your business and relevant IT requirements is an excellent opportunity to expand your relationship with your MSP. Not only can they securely provision and manage the services you need, but also help you better understand your workforce in this new, dynamic landscape so you can enhance service delivery to your customers and maximize employee productivity.

  • November 7, 2019
  • Catagory Managed IT Services

IT strategies for SMBs should include a managed services provider

By : Sanjeev Spolia

IT strategies for SMBs are essential for organizations looking to scale and up grow their bottom line, but many face the same challenges as large enterprises without the resources.

There are ways to do what the bigger players are doing so you can grow your organization and your profits, but IT strategies for SMBs must have a vision, an understanding of the cloud solutions available to them, and consider how a managed services provider can get them were they need to be within their budget.

IT strategies for SMBs start with an audit

Not all businesses are the same, so IT strategies for SMBs will vary by industry and inherent regulatory frameworks, business models and overall digital maturity. Regardless, there will be low hanging fruit that can advance the organization quickly and affordably, while other initiatives will be multi-year projects that must to be broken down into achievable milestones.

Common goals within many IT strategies for SMBs are tapping into needed talent, which could involve recruitment and retention of employees or selective outsourcing to access skills on demand, improving agility by automating tasks or handing them over to a business process services organization. Given the ramifications of data breaches, bolstering security should also be a priority and embedded within all growth activities. It also might be achieved with automation—even artificial intelligence—or turning to a managed services provider for help. Most organizations are looking at how they can improve overall productivity.

IT strategies for SMBs should identify priorities based on a comprehensive audit of your environment, whether it’s your own on-premise infrastructure or cloud deployments, including use of the public providers. You can’t have a vision of the future without knowing for sure where you are today. This assessment is also something that can be done in collaboration with a managed services provider and can clarify your current security and compliance posture.  

There are solutions in the cloud

Your IT audit can help you easily identify what you can do by yourself and what elements of your strategy are better executed with the help of an experienced technology partner.

There are number of solutions available with IT strategies for SMBs in mind. You might begin by implementing organization-wide, online collaboration with Microsoft Office 365 and Teams, or alternatively, go the Google route with Gmail for business and Docs. You’ll want to think about the value of consolidating solution providers as simplicity for SMBs can keep costs under control and ease user adoption. Even if you go best-of-breed, most cloud-based SMB solutions are pay-as-go so you can budget expenditures as you grow.

No matter what solutions you adopt, remember they’re only as good as the workflows and processes you foster and the underlying infrastructure that supports them. In case of the latter, it’s one of the first things you should consider handing off.

Leverage the investments of a managed services provider

As much as any SMB requires technology to operate and is just as driven by data as its larger counterparts, they’re not in the IT business. And just as cloud-based SMB solutions are pay as you go, managed IT services providers offer similar pricing flexibility and can scale up and down in alignment with the ebbs and flows of your business.

Once you’ve done an audit to understand where you are and where you’re going, you can figure which problems are best solved by a managed services provider, even if it’s only one business process, but one of the biggest benefits is you no longer need worry about maintaining aging infrastructure with the limited IT staff and resources you have. A managed services provider has made the investments and is committed to maintaining their infrastructure to support your applications and store your data with a high level of security.

This investment isn’t limited to hardware and software. Often, an SMB can’t justify bringing on talent full-time, such as a DBA, but a managed services provider can provide people on demand as needed so you don’t have to worry about recruitment and retention but still enjoy necessary expertise when you need it.

IT strategies for SMBs are all about a better bottom line

Embracing cloud solutions and entrusting data and business processes to a managed services provider are key elements of IT strategies for SMBs, even if it’s only for a small segment of daily operations. The right combination can improve productivity and the speed of your service delivery at a lower cost, and most of all, lead to a better bottom line.

Sanjeev Spolia is CEO of Supra ITS.