Arraya Insights

December 5, 2018 by Arraya Insights

This is the first post in a weekly, ongoing, deep dive series into the subject of segmentation. Each post will be written by a member of Arraya’s technical or tactical teams, focusing on a specific piece of this extremely broad, highly transformational topic.

When I was in college, downloading free music from Napster was the thing to do. Like most other kids my age, I didn’t have any money. Napster seemed a good way to build my music library on the cheap. At the time, no one had defined the legality of it so we didn’t feel bad about doing it. Then the recording industry got involved and suddenly downloading your favorite music became harder because Napster was no longer available. I got around this by pulling songs from other computers on the network. So long as I could connect to other folders on the local campus LAN, just about all the music I wanted was accessible.

Looking back twenty years ago, I cringe at the thought of what was going on. Networks were completely flat and everything on the LAN was accessible. At the time, the threat was much different too (for the record, I was also a lot thinner). Now, we have to be smarter about the way we design our networks. Segmenting systems where availability is critical or the data is sensitive can be the difference between a routine malware detection and a full disaster recovery situation. Segmentation isolates systems and data. It’s akin to the main safe within a bank. You may get into the bank through the front doors, but the safe adds another layer of protection for the money. Segmenting your network is the same thing. You’re putting access control on the inside of your network to protect the most sensitive areas even if the bad guys get an initial foothold. This can also be a way to simplify your compliance and auditing efforts. If you can isolate the systems auditors are assessing via segmentation, you only have to apply those controls to the segmented area. This can make passing regulatory audits a breeze!

It’s All About Classification

Like most security initiatives, most organizations have a misconception that this is a purely technical task. Sure, tasks like putting servers in a DMZ or segmenting a data center fit that bill. However, where you really get the best bang for your buck is by identifying systems that would cause the greatest danger if compromised or taken offline. This requires us technical folks to do something we hate – talk to our business owners. We need to find out from them what’s most important to safeguard. Most IT departments simply don’t have the bandwidth or the budget to segment everything. So you have to pick and choose the right systems.

Common Segmentation Examples

I couldn’t possibly name every segmentation opportunity out there, but here are a couple common examples and good places to start:

Credit Cards – If you’re processing, storing, or transmitting credit card data, then segmenting any of the systems in scope is the easiest and most efficient way to pass a PCI compliance audit. It’s also a good way to protect the data from getting into the wrong hands. This includes card readers, PCs, and servers that are involved in the payment card process.
Health Records – For companies processing personal health records, segmentation is a must. These organizations are processing some of the most sensitive data a person can provide. Clinical records should be segmented from the rest of the population and only made accessible to the people who need access. This includes organizations with access to medical insurance records. Getting access to insurance claims and reports can provide some of the same data as the medical record itself.
Industrial Control Systems – It’s most common to see segmentation here. Separating energy, water, chemical, or manufacturing systems from the rest of the corporate environment protects systems that have to be up and running 100% of the time in the event an attacker compromises a standard user.
Financial Systems – Systems that process personal data or financial transactions often get segmented due to the sensitivity of the data. Nobody wants to be on the news for losing a million social security numbers and birth dates. Most financial organizations try to separate the systems that process this type of data to keep it safe. It also makes compliance a much easier task.

There are Lots of Options

There’s no one way to segment. Some companies like to completely air gap their systems on totally separate infrastructure. Some companies like to put firewalls between systems. Other organizations do it with software and logically using network management tools. I’m not advocating for one method over the other, but I do think this is an important step toward building a true defense-in-depth approach to security. If you look back at the WannaCry and Petya attacks, a little segmentation would’ve gone a long way in preventing them from spreading the way they did (so would some basic patching – but that’s a topic for a whole different blog).

To learn more about segmentation and its role in today’s IT landscape, reach out to our team of experts by visiting: https://www.arrayasolutions.com//contact-us/.

November 30, 2018 by Arraya Insights

Thanksgiving is now in our rearview mirror and the excitement of the winter holidays is upon us. As we approach the end of the year, it’s fun to look back at all the things we accomplished – and perhaps finish some of those things we put off until we had more time. One of the most important things we all-too-often set aside is implementing appropriate logging and monitoring practices. There’s no better time to go back and fix auditing for all systems, including those rolled out in 2018. Below are five commonplace tasks security professionals should monitor for suspicious or malicious activity.

User Account Management

Creating, managing and terminating user accounts is a basic function that all organizations manage. The task of creating users usually falls to the same person or team. If anyone other than those individuals creates an account, it should raise a red flag. Furthermore, security should monitor and review user activity like password resets, account disabling/enabling, lockouts, and new group membership or revocation regularly (probably weekly). Pay close attention to anything related to remote access, too. The bad guys want easy ways to access the network and creating a user with remote access can provide a persistent gateway if nobody’s watching the gate.

Software Installation and Removal

There’s software that’s authorized to run and software that isn’t. At the server level, this should be pretty easy to monitor if you have a SIEM. Any time new software is installed on a server, the security team should know. At the desktop layer, this is a little bit more difficult. The best way to monitor is with an endpoint management solution that runs an agent on all machines and oversees software management. Either way, unauthorized software installs should be monitored for unapproved software and acted on immediately. This technique also provides an avenue for controlling the installation of licensed software that may carry additional cost for each system it’s installed on.

Network Connections

This starts internally on the network. For example, if a guest plugs their computer into an open network jack, the security team should know. The connection of wireless access points or home-use switches/routers (typically by well-meaning employees just looking to connect multiple devices) should be identified and remediated immediately. I also like to look at new site-to-site VPN connections or additions to the WAN. All of this can be easily customized within a SIEM that is gathering logs from network devices. I like to take this a step further by monitoring endpoints for removable media like USB drives or smartphone connections (usually by users charging their phone). While not necessarily connecting to a network jack, they are still a new device on the network that can create havoc.

Changes to Auditing/Logging

This one’s pretty simple. Bad guys want to hide their tracks. They do that by turning off logging so you can’t see what they did. If someone turns logging off or clears logs, it should trigger an immediate response. It’s also a great way for disgruntled administrators to hide what they’re doing.

Privileged and Service Accounts

We all trust our administrators, but they can do the most harm, so we have to watch them closely. When they create, change, or delete privileged accounts, an alert should immediately sound. Review of privileged account activity on a weekly basis will identify trends or unusual behavior. Failed login attempts and lockouts for these accounts are critical. If you’re allowing shared privileged accounts, monitoring becomes more important. You need to be able to quickly track down who used an account if necessary.

Like privileged accounts, service accounts usually have administrator level access. If these accounts are being used correctly, that’s fine. I like to look for interactive logins for service accounts. That’s usually a sign of a compromised (or improperly used) account. Service accounts are meant to be used by systems, so only systems should be using them. It’s easy to lose track of these too, so detecting creation and baseline the activity is critical.

Create a (Healthy) Culture of Paranoia

Security teams should be transparent in what they’re doing. None of this should be secret, and everyone should know they’re being watched all the time. Users that know security is watching tend to behave a little better (hopefully). I highly recommend SIEM technology that’s scalable, easy to use, and can seamlessly connect with different technologies. Then, take the time to set the logging correctly on devices and create alerts for suspicious activity. Follow all this up with weekly meetings to review activity for anomalies. Once these processes are up and running, the effort becomes minimal to maintain them.

November 28, 2018 by Arraya Insights

VMware became the talk of the cloud world this summer with the announcement of completely overhauled pricing and configuration schemes for its VMware Cloud on AWS platform. In case you missed it, in the waning days of August, the tech leader kicked off VMworld by slashing the price of VMware Cloud on AWS in half. If that wasn’t enough, VMware also dropped the minimum commitment needed to roll out its cloud offering from four host clusters down to three. Together these moves have substantially lowered a barrier to entry that, for many, proved too high previously.

However, industry buzz and greater accessibility only go so far. Organizations still must determine if VMware Cloud on AWS as a pathway to the cloud makes sense for them. With the help of our Data Center team, we decided to put VMware Cloud on AWS to the test. Over multiple posts, we’re going to explore the features and capabilities that define VMware Cloud on AWS. Here’s an overview of the areas we plan to investigate:

Disaster Recovery. No business can afford to be without a rock solid disaster recovery plan and the cloud has proven to be a cost and labor-saving alternative to traditional approaches. Our Data Center team will look at how VMware Cloud on AWS fits in with modern approaches to disaster recovery and what sets it apart from other cloud-based options.
Hybrid Cloud Migrations. Cloud migrations don’t have to be painful. In this post, we’ll cover what it takes to move workloads off site and into the cloud. In addition, our Data Center team will try to answer the question of whether or not VMware Cloud on AWS can simplify hybrid cloud migrations.
Network Security. Among some organizations, the idea of moving to the cloud is tantamount to sacrificing security. However, that impression isn’t necessarily accurate. In this post, our team will explore the cyber security features built-in to VMware Cloud on AWS as well as the use cases in which moving data off site can actually make it more secure.
Native Tools. Organizations that leverage VMware Cloud on AWS aren’t just getting a secure place to leave their data in the cloud. They’re also gaining access to the full suite of AWS productivity tools. This post will break down the AWS native tools accessible through VMware Cloud on AWS and how these solutions can lead to higher buy-in and lower training costs.

Go beyond the overview: Learn more about VMware Cloud on AWS

Over the next several weeks, the members of our Data Center team will analyze each of the above topics in greater detail. Their mission? Determine whether VMware Cloud on AWS is really worth all of the post-VMworld hype. We’ll post all of their findings right here on this blog, so be sure to stay tuned.

Need more immediate answers regarding VMware Cloud on AWS or VMworld in general? Our Data Center team members are ready to share their insights! Get the conversation started with them today by visiting https://www.arrayasolutions.com//contact-us/.

We want to hear from you! Leave us a comment on this or any of our blogs through social media. We can be found on LinkedIn, Twitter, and Facebook. Once you’ve shared your take, follow us to stay updated on our industry insights and learning opportunities.

November 20, 2018 by Arraya Insights

Every organization should be concerned about malware – although it seems some should be a little more concerned than others. Certain industries seem to land in its crosshairs far more often. Unfortunately for organizations in malware’s favorite verticals, building an effective cyber security plan can be complicated by the realities of life within those industries.

It’s no surprise cyber criminals love the financial services industry. Its proximity to cash flow and an abundance of sensitive data make it their highest valued target according to multiple studies. In IBM’s X-Force Threat Intelligence Index 2018, financial services took home the unsavory title of 2017’s most commonly victimized industry, a crown it’s captured for two years running. Financial services also proved to be a hotbed of mobile attacks according to research conducted by Check Point Software Technologies Ltd. Almost 3-in-10 (29%) mobile malware attacks targeted the industry.

Still, that doesn’t mean those outside of financial services should rest easy. Government entities trailed just behind financial services in Check Point’s study, suffering 26% of mobile attacks. Plus, according to IBM’s research, financial services wasn’t the most heavily targeted industry, it was the one that suffered the most incidents. More targeted industries included information and communications technology and manufacturing. Meanwhile, according to numbers relayed by Varonis, healthcare has the market cornered on attacks by a specific kind of malware: ransomware.

All of the businesses we’ve listed above are at a greater risk for cyber attacks. However, they have something else in common. Most of these industries are what some observers might refer to as, heavily-regulated. As such, self-defense can become a far more complex topic. Cloud, for example, might be a non-starter. However, there are plenty of ways to stay compliant while still taking advantage of leading defense tools.

Design a regulatory-friendly malware defense scheme

One leading tool that was previously out of the question for cloud-restricted organizations was Cisco’s Threat Grid. By way of Threat Grid, organizations could relay samples of suspected threats to the cloud for analysis. The resulting insights could be invaluable in preventing or remediating attacks. In order to allow organizations unable to lean on the cloud access to this threat intelligence, Cisco made a change.

Cisco Threat Grid – Appliances provides the same benefits as its cloud-based counterpart and functions in almost the exact same way, only data is never transmitted offsite. Instead, it is analyzed using what Cisco refers to as “on-premises static and dynamic” analysis. Once completed, Threat Grid stores the results of each investigation on-prem. Of course, today’s threat landscape is always changing. Cisco Threat Grid – Appliances can be updated manually to ensure its knowledge base is always tuned to the latest threats, again, without running afoul of regulating bodies.

Next Steps: Learn more about Cisco Threat Grid

Threat Grid is one solution organizations of all sizes and regulatory obligations can use to stay safe and compliant. To learn more, join us on 12/4 for a Threat Hunting Workshop at the Cisco offices in Malvern, PA. This full-day, hands-on session will put attendees in the driver’s seat as they navigate four simulated cyber security scenarios. The goal? Help develop and refine the skills and abilities necessary to respond during the real thing. Register now to secure your spot for this free event today!

If you’d like to carry on the Threat Grid conversation before the event, you can reach our networking and security team by visiting: https://www.arrayasolutions.com//contact-us/. Our experts are waiting to answer any questions you might have about this or a host of other subjects. As always, you can leave us your comments on this or any of our blog posts using social media. Arraya is on LinkedIn, Twitter, and Facebook. After you’ve shared your take, follow us to stay up to date on our industry insights and exclusive learning opportunities.

November 19, 2018 by Arraya Insights

With the holiday shopping season just around the corner, the holiday hiring season is also in full swing. According to estimates from Challenger, Gray, & Christmas, Inc., leading employers are expected to hire just shy of 590,000 new workers for the forthcoming holidays and potentially beyond. Of course, not all of those hundreds of thousands of fresh faces will need to provide an actual face. Many will be stationed in call centers to aid with processing customer requests and solving problems. In addition to the new seasonal hires, contact center admins also recently gained some unexpected flexibility.

Earlier this month, Cisco unveiled its new Collaboration Flex Plan Contact Center subscription model. The idea is to empower employers to tailor their Cisco contact center solution to better meet their needs. It accomplishes this by allowing organizations to move from one deployment style to another so they can take advantage of the differing feature sets. For example, they could move from an on-premises deployment model to the cloud in order to leverage the latter’s included real time and historical reports data storage capabilities. Or, the choice exists to go from partner hosted to on-premises to leverage its optional call recording features.

What about all of those new seasonal agents? Their options depend upon their existing Cisco Contact Center subscription. If the model they move to doesn’t include an agent overage feature, they will need to edit their subscription to add additional agents. However, if the model they select does have an agent overage feature, they’ll be able to cover additional agents for what amounts to a bolted-on monthly fee.

More Collaboration Flex Plan license essentials

There are a few additional need-to-know points about Cisco’s Collaboration Flex Plan licensing. For starters, there are two unique types of agents available as part of this subscription model: standard and premium. As the name implies, the standard agent type can handle basic call center deliverables. Meanwhile, premium agents sport all of those capabilities plus multi-channel communication capabilities and supervisory functions. These types can work together, as part of the same agreement.

Furthermore, Cisco Collaboration Flex Plan licensing is only available as part of a Concurrent Agent model supporting multiple simultaneous agent log-ins. It is also based on a predetermined, monthly commitment of agents. As mentioned above, depending on the deployed solution, this figure could represent a hard cap on the number of users or merely as a trigger for temporary overage protections.

Next Steps: Learn more about Collaboration Flex Plan licensing

Want to continue the Cisco Collaboration Flex Plan Contact Center conversation? Arraya’s team of Cisco collaboration experts is just a click away. Send them a message today by heading over to: https://www.arrayasolutions.com//contact-us/.

Let us know what you think! Please leave us any comments or questions on of our social media pages. We can be found on LinkedIn, Twitter, and Facebook. Then, follow us so you can keep up with our take on industry news and exclusive learning opportunities.

November 15, 2018 by Arraya Insights

Earlier this year, Cisco unveiled Webex Teams, a new communication and collaboration platform that rose from its Spark brand. Since that news broke, we’ve devoted a good deal of space on this blog to analyzing the overall impact of this change as well as offering best practices for building user buy-in for the new solution.

One thing we’ve failed to mention so far, however, is that collaboration means different things to different employees. Any attempt to win organization-wide support for Webex Teams that doesn’t consider this is in trouble. That’s why, for this, our final post in our series on Webex Teams, we’ve put together strategies for winning over four different kinds of employees to Webex Teams.

Employee Type #1: Road Warriors

Employees are spending less time bound to a traditional workplace and more time working from airports, coffee shops, and anywhere else they happen to be. Even though these team members are always on the go, they still need to connect with co-workers, customers, etc. In order to convince road warriors of the value of Webex Teams, highlight the following:

HD video meetings can help replace the face-to-face contact lost as the definition of workspace becomes more fluid
Private spaces and teams allow for a more personal based connection to contacts inside and outside of an organization
Company-wide teams can do more than keep travelers updated on company news. They can be used to quickly crowd source answers to customer questions
Sensitive data and documents are never put at risk by the flexibility of Webex Teams – instead they can be sent and stored securely across devices

Employee Type #2: Remote Workers

Of course, a co-worker can be stationary without being a short walk or elevator ride away. Instead, organizations that sprawl across multiple branches and remote locations risk leaving certain employees or departments feeling isolated. Any demonstrations of what Webex Teams can do for remote workers should cover its ability to:

Recreate a shoulder-to-shoulder collaboration experience using screen-sharing and cooperative whiteboarding capabilities
Lock down membership to given teams and spaces in order to better control who has access to information posted and shared in them
Keep remote leaders engaged with their direct reports by leveraging filtering to minimize less important posts
Enable key stakeholders to stay in the loop with projects using an array of tools, including mobile devices, whether they’re stationed a few blocks, or a few time zones, away

Employee Type #3: Creative Workers

What about the people tasked with designing marketing and advertising campaigns, handling video and photo, and doing all of the other things that help build and maintain a brand? Typically, those processes are highly collaborative and can commandeer a sizeable amount of organizational resources. Cisco Webex Teams pitches to this group should emphasize the solution’s ability to:

Send and store large, often resource-intensive files, including video, and to do so safely
Brainstorm and collaborate on design ideas without ever stepping foot in the same room using digital whiteboards
Search for and find content stored in Webex Teams quickly and easily using the solution’s advanced search capabilities
Monitor reactions to drafts using HD video capabilities to ensure proposed campaigns are striking the right emotional cords

Employee Type #4: Newbies

New hires should be easy enough to win over, right? After all, they’re looking to make a good first impression and unlikely to deviate far from expectations. Still, new hires who struggle with a solution early may revert back to one from a previous position. Rather than let that happen, it’s better to get them comfortable with Webex Teams early by:

Positioning it as the official organizational welcome station by using it to house policy documents, handbooks, templates, contact information and any other must-have information
Automatically adding them to relevant groups so they have the chance to review histories and discussions to familiarize themselves with a team or project’s current climate
Using them to as the platform from which to conduct regular one-on-one mentoring sessions with veteran employees

Next Steps: Access the latest Cisco Webex Teams best practices

Ready to learn more about best practices for driving buy-in for Cisco Webex Teams across your organization? Looking to explore this solution more closely before committing? Arraya’s collaboration engineers are ready to share their expertise. Start a conversation with them today by visiting: https://www.arrayasolutions.com//contact-us/!

As always, you can comment on this or any of our blogs via social media – LinkedIn, Twitter, and Facebook. After you’ve shared your thoughts, follow us to stay updated on our industry insights and learning opportunities.

November 6, 2018 by Arraya Insights

Plenty of ink, digital and otherwise, has been devoted to the topic of the Industrial Internet of Things (IIoT) and the benefits it has in store for manufacturers who pursue it. For an alarmingly high number of companies, those benefits have failed to become reality. In fact, according to Cisco, only 26% of IIoT strategies are deemed a complete success by those who devised them. The rest linger somewhere between works-in-progress and outright disappointments. Despite those numbers, IIoT is more than a mere buzzword or marketing fluff. It’s an investment that can generate game-changing outcomes for those manufacturers prepared to take it on.

Where IIoT strategies go off the rails

So, what’s holding manufacturers back from writing their own IIoT success stories? There’s no simple answer. For many, issues rear up during the pilot phase. One study, conducted by McKinsey and Co., found 84% of IIoT projects get trapped in pilot mode for more than a year. These early stage struggles echo in the Cisco study mentioned above. It found 60% of projects seen as anything other than a total success shut down before advancing out of the proof of concept phase. Part of this inability to move forward may stem from an abundance, or even an overabundance, of caution. It may also be a symptom of a bigger and all-too-common issue.

Instead of seeking out IIoT for help with a specific obstacle or need, we’ve seen manufacturers chase it for a different reason. Given IIoT’s widespread popularity and position alongside other white hot topics like artificial intelligence, some companies have pursued it solely for fear of falling behind. The thing is, successful IIoT implementations must begin with a clearly-defined target, something like reducing scrap by a given percentage, in mind. Without a set objective to guide the way, it’s clear why so many projects sputter out early on.

Uncertainty in terms of destination is a problem but so too is a lack of familiarity with the solution itself. Even if they know exactly what they want to achieve with IIoT, manufacturers will struggle to realize its upsides if they don’t have experience with the technologies that define it. That lack of experience can also surface on the project management side. Smart solution implementations are complex, often multi-faceted engagements. Organizations who’ve never gone through one of those projects before can easily become overwhelmed or under estimate their needs. In either case, the consequences can be serious.

Another major reason IIoT strategies go astray? Smart technologies don’t fit nicely within siloes. By their very nature, they span multiple departments and levels. IIoT strategies that maintain a narrow focus are limited in what they can achieve and may face sharp pushback should they attempt to expand later. Unfortunately, too many manufacturers’ C-Suite leadership prefers to take a hands-off approach to these types of strategies. This sends a dangerous message down the chain of command about the importance of IIoT. Further, without their leadership, critical cross-functional thinking may fail to take hold.

How to keep IIoT strategies moving forward

IIoT strategies can hit snags but so can any other improvement project. Focusing on these three areas and incorporating the following best practices can help manufacturers join the growing ranks of IIoT success stories.

Formulating a winning strategy

Before anything else, it’s important to anchor a strategy in real world data. By answering these self-assessment questions – with help from across departments and organizational levels – manufacturers will be able to trust that their IIoT strategies are heading in the right direction.

– “What does IIoT success look like for me?” As discussed above – start with the destination in mind. Know the objectives and then architect the technical environment needed to achieve them.

– “How will I know when I’ve succeeded?” Before a project begins, measure. Stakeholders must appreciate the state of an environment pre-IIoT. After the project has wrapped, measure again. This data will prove whether a project was a success or if it needs to be revisited.

– “Am I biting off more than I can chew?” IIoT can make a sweeping difference for businesses, but it can’t happen all at once. Prioritize desired outcomes and use them to inform a long term, gradual approach to IIoT implementation.

– “Do I have the expertise to pull this off?” As mentioned, IIoT projects are complex, jammed with moving parts and variables. If there isn’t firsthand experience on staff with managing and executing this type of project, it would be wise to call in the help of a partner who’s been there before.

– “Am I collecting the right data?” IIoT can put a universe of information at a firm’s fingertips. While it is tempting to gather as much as possible, again, it comes down to prioritization. Determine the data sets that promise to be most actionable and have the biggest impact and start there.

Shifting organizational culture

Above we mentioned how bridging the gap between departments is instrumental to IIoT success, but doing so is often easier said than done. Typically, groups such as IT exist in one world, tending to the infrastructure, hardware, software, etc.; while OT focuses on the devices and processes leveraged on the shop floor. IIoT must be the link that unites these groups.

Getting those two pieces of the manufacturing puzzle out of their silos and onto the same page starts with training. Set aside time to cross-train engineers from each side on what those on the other do, what they care about, and the rules that govern them. It’s only through hands on experience that IT and OT will ever truly widen their vision.

Still, it’s not just a matter of familiarizing one side with the other’s responsibilities, it’s about making them one and the same. Both sides should ensure IIoT “to do list” items account for each other’s needs. So, for example, routine outages should coincide with production downtime as closely as possible. In this way, neither side will see the other as an obstacle but rather as a necessary partner.

With the proper cultural foundation, engineers from each side can take on the multi-functional responsibilities of an IIoT deployment together, with each lending their particular discipline – operational, organizational, or technological.

Building a strong technological base

Organizational culture isn’t the only thing IIoT may transform. Existing technological environments will find themselves handling a far heavier workload than they did previously. Everything from wireless architecture to security protocols will need to be rethought and revamped to manage the increased demand. Failure to make the appropriate changes may not just leave manufacturers struggling to achieve their desired ROI, it could leave them vulnerable to attack.

Here’s a high-level primer on prepping IT environments for IIoT:

– Conduct a facility assessment. Together, IT and OT personnel should create a rough portrait of their facility’s existing technological profile. Example: Compiling a list of the device types currently drawing on things like wireless, the bands on which they operate, and any possible sources of interference in areas where IIoT solutions will be deployed. All of this information can help prevent network bottlenecks or any other surprises later on.

– Thoroughly vet available replacements. Remember, best of breed doesn’t automatically mean best of fit. Instead of looking to the latest and greatest tools on the market, businesses would be better served reviewing their objectives and their constraints. Run all potential upgrades against the standard of “Is it the best for us?” instead of “Is it the best?”

– Have a support system in place. New technologies, whether they’re upgraded security solutions or even IIoT itself, mean new workloads. Manufacturers must ensure they have access to the skill sets needed to manage these new additions. If applicable, they must also have the resources in place to monitor and act on any data sets generated by these technologies.

– Allow room for future growth. Gartner predicts there will be 20 billion connected things by 2020. By that point, IIoT alone could be just shy of a trillion dollar industry. As IIoT investments continue to grow, manufacturers will want to leave themselves room to do so. That may involve re-architecting existing data center, networking or security solutions to provide a bit more bandwidth than initially needed.

Next steps: Where to turn for IIoT support

Succeeding with IIoT doesn’t have to come down to a roll of the dice. With the help of the right partner, manufacturers of all sizes and budgets will be able to count themselves among the businesses who’ve built a successful IIoT strategy. Want more insights into building and executing on a winning IIoT strategy? Reach out to Arraya Solutions today by visiting us at https://www.arrayasolutions.com//contact-us/.

Feel free to leave us a comment on this or any of our blogs through social media. Arraya can be found on LinkedIn, Twitter, and Facebook. Once you’ve let us know what you think, follow us to stay updated on our industry insights as well as our exclusive technology learning opportunities.

October 31, 2018 by Arraya Insights

Nearly all organizations have made at least some inroads with the cloud. One study puts the figure at a whopping 97%. However, despite how heavily-traveled the path to the cloud has become in recent years, it isn’t exactly an easy trip. Instead, research shows far too many organizations have continued to see their efforts fall victim to a variety of roadblocks, wrong turns and dead ends.

What do these issues look like? More than half (57%) of cloud migration projects blow past their initial cloud budgets and timeframes, according to a report by Velostrata and Dimensional Research. Separate research, this time from Rackspace and Forrester, confirmed those financial challenges inherent to cloud migrations. Their study showed 40% of organizations that are multiple years into their cloud journey believe actual costs have surpassed initial estimates.

Here a few other issues that have cropped up as organizations attempt to make their way to – or further into – the cloud:

Generally speaking, moving to the cloud has turned out to be more difficult than expected for 62% of respondents
A lack of dedicated, in-house expertise has complicated migrations for 56% of organizations
Of course, cloud security concerns also can’t be overlooked and they’ve proven a hindrance to migrations according to 40% of IT pros pursuing the cloud

These struggles have made it so just 28% of businesses feel they have comprehensively rolled out the cloud organization-wide. Given all that, is it best to avoid the cloud outright or stick to smaller, safer goals? No way! There’s simply too much value there to ignore or minimize. Instead, organizations should take these obstacles on – with the help of a partner who can help steer, of course.

Introducing Microsoft FastTrack delivered by Arraya

Recently, Microsoft invited Arraya to leverage that experience as part of its FastTrack program. The idea behind FastTrack has always been to give Microsoft 365, Azure, and/or Dynamics customers a no-additional-cost cloud migration lifeline. Now, organizations are able to lean on not only Microsoft’s expertise but that of partners such as Arraya. By working together, Arraya, Microsoft and onsite IT are able to build and refine strategies, execute deployments, and drive end user adoption.

The added benefit of working with Arraya as a FastTrack partner is flexibility. Arraya takes into consideration not only an organization’s cloud objectives but its desired timeframe. Then, our team will work hand-in-hand with onsite resources to ensure all cloud needs are met. Additionally, customers will also gain access to the full breadth of Arraya’s technological insights. Our team consists of experts capable of addressing concerns covering everything from cyber security to enterprise mobility to traditional, onsite data centers and beyond. This ensures cloud migrations move forward in the safest, most efficient, and most cost effective way possible.

With Microsoft Fast Track delivered by Arraya, organizations won’t have to worry about the obstacles described above. Instead, they’ll be able to enjoy a smooth and secure journey as they pursue newer and bigger cloud goals.

Next Steps: Put your cloud migration on the FastTrack

Want to learn more about how Microsoft FastTrack delivered by Arraya can help you avoid the most common and painful cloud migration challenges? Reach out to our team today by visiting: https://www.arrayasolutions.com//contact-us/ or by emailing us at: mssales@arrayasolutions.com.

Please leave us a comment on this or any of our blogs through our social media accounts. Arraya can be found on LinkedIn, Twitter and Facebook. Once you’ve let us know what you think, follow us to stay updated on our industry insights and learning opportunities.

October 26, 2018 by Arraya Insights

Last week, Arraya opened our doors to technologists from across the mid-Atlantic region, welcoming them to our 8th Annual Open House and Technology Day. Just as in past years, Arraya transformed our corporate headquarters into a fall paradise, complete with great food, drinks, games, and a few surprises. While Arraya events typically put technology first, the Open House has always been a bit of an outlier. Even as technology demos unfolded on multiple television screens, the day’s core focus was on celebrating the relationships that have helped Arraya grow into one of the top providers of IT and Managed Services in our area.

During his opening remarks, Arraya CEO Daniel Lifshutz reflected on the importance of the relationships Arraya has built over our nearly twenty year history. “Now, we know we’re not the only technology company in the metro Philadelphia area,” Lifshutz said. “We believe we’re the best, of course, but we know we’re not the only one. We take it very seriously that our customers have entrusted us with their technology environments and that motivates us to go the extra mile and to keep looking for new ways to help them succeed.”

Lifshutz also thanked Arraya’s vendor partners. Many of those organizations have worked with the company since our early days. “Without our vendor partnerships, it would be very hard for us to do all of the things we do.”

Despite Arraya’s passion for the future of technology, one source of entertainment for the day had a happily retro feel. Scattered throughout the massive tent housing the Open House were classic arcade games, including Space Invaders and Off Road Challenge. Other low-tech favorites, like Pop Shot, also drew in those eager for some old school competition.

Stepping outside of the arcade, Caricatures By Courtney also proved to be a popular addition to our Open House. Attendees could sit down for a professional caricature drawn using a unique digital set up. They received a print version and an online copy so they could easily show off their likenesses on social media.

Once again, the Victory Brew Pub on Wheels joined us for the Open House. Representatives from Victory dispensed a variety of great beers brewed just down the road in Downingtown, PA. Victory also brought with them a buffet of barbecue favorites, complementing the variety of other dishes already available to attendees.

Arraya’s 8th Annual Open House and Technology Day would not be complete without the technology element. Throughout the event, attendees were able to visit with our event sponsors, including Cisco, Dell EMC, Microsoft,VMware, and Cohesity. This enabled them to talk about what’s new and what’s coming next with representatives from the industry’s leading technology vendors. As mentioned earlier, they could also further their knowledge with the help of recorded demos playing on screens around the event space.

First and foremost, the day really was all about relationships. As Lifshutz said during his welcome address: “We really appreciate the support that our customers and partners give us. We can’t do events like this and we can’t be Arraya without you. We’ll see you next year for our twentieth corporate anniversary which is going to be even bigger and better.”

October 18, 2018 by Arraya Insights

The weeks leading up to Halloween have always been perfect for retelling urban legends and other scary tales. Since October is also National Cyber Security Awareness Month, these stories don’t only have to focus on creeping monsters and vengeful spirits. Instead, they can be about truly terrifying things, like the hacker who, it turns out, was actually hiding in the company’s data center the whole time! Frightening as that might be, our cyber security team thinks they can do even better. Keep reading for their list of the seven scariest cyber security urban legends – if you dare!

Cyber security’s seven scariest urban legends

While scary, just like tales of, say, alligators in New York City’s sewers, our team suspects these stories are more myth than reality.

Urban Legend #1: Our borders are safe so we’re good. Every organization needs strong protection for the network edge – but defensive efforts can’t stop there. If they do, and a hazardous file does breach the perimeter, it will be able to crisscross the network freely. Internal defense strategies such as network segmentation provide a necessary backup to edge defenses. These solutions limit what malicious actors can get their hands on even if they find a way in.

Urban Legend #2: We took care of user training already. End users at every level of the company are a huge potential vulnerability. As such, end user training is never truly “taken care of.” Rather, it’s an ongoing process. Regular security training is the only way to keep users up to speed with today’s top threats.

Urban Legend #3: Security really is more of an IT problem. To quote Tom Clerici, Arraya’s Cyber Security Practice Director, “The first thing most employees do when they get to the office is log in to a computer. In essence, EVERYONE is a part of the IT department.” Cyber security is a company-wide responsibility. Further, the fallout from poor security practices no longer hits IT and IT alone. Example: Following his company’s catastrophic 2017 data breach, former Equifax CEO Richard Smith was called in to testify before Congress and eventually resigned his position.

Urban Legend #4: We’re compliant so we’re also secure. It’s absolutely important to pass security audits and to follow laws and regulations. However, doing so doesn’t necessarily equal security. In many leaders’ minds the concepts of security and compliance are one and the same. The thing is, sometimes compliance comes from something as insignificant as a signed document saying employees understand a concept or performed some action. However, there’s little in the way of practical security in that document and so it should not replace hands-on, regular training exercises.

Urban Legend #5: Updates are too expensive. Modernizing out of date technology can be costly – but so too can pushing ahead with it. Aging solutions can be more vulnerable to ransomware. One study pegged the average cost of a ransomware attack at $5 million. Of that figure, $1.25 million stems from system downtime while $1.5 million comes from lost productivity. Then, there’s the colossal fines associated with failure to comply with GDPR – 4% of annual global turnover or $20M, whichever is higher. So, while it’s true good security can be costly, the cost of poor security can be even higher.

Urban Legend #6: Ransomware is our biggest threat. Based on the volume of headlines it earns, it’s easy to overestimate the threat ransomware poses to organizations. While it is undoubtedly a major concern, the rate of ransomware infection began to decline around the midpoint of 2017. Other threat vectors, things like crypto-mining, have stepped up to take its place. The key is to not get too wrapped up in one style of attack. Cyber criminals have plenty of weapons in their arsenal and so organizational defenses must be just as multifaceted.

Urban Legend #7: If we were under attack, we’d know about it. In truth, attackers can linger on a company’s network undetected for months. One study lists the average length of time it takes organizations to identify a breach at 191 days. By the time a red flag is raised, attackers may have already had half a year or more to help themselves to countless volumes of sensitive data. Organizations yet to invest in a Security Incident and Event Management solution should consider doing so to gain real time insights into the health and safety of their network.

Next steps: Building a ready-for-anything security program

Had enough cyber security urban legends? Don’t worry, security doesn’t have to be scary. Instead, join Arraya and our Security team on 11/6 at Dogfish Head Brewing Company in Milton, DE for an event we’re calling Breaches and Brews. During this event, our team will cover the tools and tactics needed to defuse today’s top cyber threats. This event is free, but registration is required. Reserve your spot now by visiting: https://www.arrayasolutions.com//event/breaches-brews-2/.

Finally, you can leave us a comment on this or any of our blogs via social media – LinkedIn, Twitter, and Facebook. Then, after you’ve shared your thoughts, follow us to stay updated on our industry insights and learning opportunities.