Arraya Insights

August 30, 2017 by Arraya Insights

Day two of VMworld 2017 brought with it even more news and announcements from the software virtualization giant. Once again, members of the Arraya team were there with pencils in hand, to capture the most important stories breaking out in Las Vegas. Here’s a look at some of the biggest announcements they witnessed during the second day of VMworld 2017 – as well as what they could mean for businesses.

Pat Gelsinger introduced Michael Dell for a bit of Q&A, discussing things like improving their support and reducing hold times. They introduced a new technology called VMware Skyline, where customers can install a collector in their environment that uses machine learning to analyze their environment. It can alert customers if they deviate from best practices, based on VMware’s Validated Designs. Today Skyline is available to customers with VMware’s Premier support offerings, however customers with Production Support will be able to utilize Skyline next year. Currently Skyline supports vSphere and NSX but will be expanded to support other products in the future.
VMware also announced a partnership between VMware, Pivotal and Google Cloud, introducing Pivotal Container Service (PKS) which delivers Kubernetes containers on VMware vSphere and Google Cloud Platform, compatible with the Google Container Engine. The new product will integrate with other VMware products including NSX, vRealize Automation and Wavefront.
Other announcements include Horizon 7.3 which extends Skype for Business support to RDS-based published apps and desktops. Linux endpoints are also now supported. Other RDS enhancements include the ability to spin-up sessions prior to a user login, and allowing them to remain active after a disconnect. This means users will have faster load times for their apps. IT can also publish app shortcuts to a user’s Windows start menu to make them appear alongside native apps.
VMware also recently released the PCI-DSS and HIPAA compliance management packs for vSphere for vRealize Operations Advanced edition. The Advanced edition is included with all editions of vRealize and vCloud Suite and also available as an upgrade for customers that own vSphere with Operations Management.

Put the news from VMworld into action

Want to keep the conversation going around these latest announcement from VMworld? The Arraya team is ready to answer any questions you might have. In addition, once they make their way back east, our team members will be available to meet one-on-one to discuss these stories, what they mean for your business, and to help you plan out the future of your data center. Schedule your meeting today by visiting us at: https://www.arrayasolutions.com//contact-us/.

Arraya can also be reached through social media, on LinkedIn, Twitter, and Facebook. While you’re there, follow us to stay in the loop about our latest industry insights, exclusive learning opportunities, and company news.

See more of our VMworld 2017 coverage here: https://www.arrayasolutions.com//vmworld-2017-day-1-recap/

August 29, 2017 by Arraya Insights

VMworld 2017 kicked off yesterday morning in Las Vegas with the usual flurry of VMware news and announcements. Some of the biggest stories to break during day one of the conference pertained to perennial IT talking points like the cloud and cyber security. If you couldn’t make it out to take in these updates in person, don’t worry. Members of the Arraya team will be onsite all week and they will be reporting back on everything taking place during this year’s celebration of all things VMware.

Let’s take a peek inside their notebooks to see what caught their eye during day one and what those pieces of news might mean for today’s businesses.

Workspace ONE – VMware’s team reviewed the impact Workplace One has had on digital transformation, covering how the platform has unified the management of endpoint devices of all types. Additionally, Workplace has ensured greater privacy on devices that serve end users both at home and in the workplace through context and identity. This result has been a more consistent, more secure end user experience across devices.
Cloud Foundation – For some organizations or workflows, private cloud is the only cloud. With Cloud Foundation, VMware believes it has built an SDDC solution for both the private and public cloud. The newly-updated Cloud Foundation (version 2.2) unites computer, storage, and network with lifecycle automation in one package and is compatible with VxRack.
VMware Cloud on AWS – The partnership between VMware and AWS allows any application on vSphere to be seamlessly moved to the public cloud. It unites public and private cloud for a best of both worlds approach. It ensures an operational consistency between the on-prem and cloud environments, allowing those migrations to occur without the need for massive amounts of application development rework. This offering will initially be available out west before undergoing a larger rollout.
VMware Cloud Services – VMware is continuing to embrace other public clouds to deliver consistent operations for its native cloud services. The latest announcements include Discovery, Cost Insight, Wavefront, Network Insight, and more.
Security Updates
- VMware believes in a three-pillared approach to cyber security: secure the infrastructure, integrate the ecosystems, and ensure cyber hygiene, which itself has five components. They are:
  - Least privilege
  - Microsegmentation
  - Encryption
  - Multi-factor authentication
  - Patching
- Workspace One will be critical to ensuring IT and end users have a consistent technology experience.
- Also important will be the newly-announced AppDefense. This solution:
  - Captures the ideal state for an application
  - Detects when that application’s performance deviates from that ideal state
  - Instigates an automated response to the situation
  - Can help prevent future outbreaks in the vein of Petya and WannaCry
  - Partners with IBM security and Watson analytics to become even more powerful

Don’t miss a thing from VMworld 2017

Want to learn more about what’s going down this week at VMworld? Strike up a conversation with our team by visiting: https://www.arrayasolutions.com//contact-us/. You can also schedule a one-on-one session and data center conversation with them once the conference wraps.

August 29, 2017 by Arraya Insights

There are few organizations whose futures will rest entirely in the cloud. Instead, most will undertake migrations on a case-by-case basis, resulting in a hybrid cloud environment. Workloads will be assessed based on individual need and industry regulations then, depending on the findings, they will either be transferred into the cloud or stored in an on-premises data center. Standing at the forefront of this approach is Microsoft’s Azure Stack, a hybrid platform that balances powerful onsite hardware with the reach and scalability of the cloud.

As the name indicates, the cloud component comes from Microsoft’s Azure, while there are several options for the hardware portion. Earlier this summer, we helped introduce one iteration, Dell EMC Cloud for Azure Stack. This solution couples Dell EMC’s PowerEdge servers with Azure to provide an on-premises infrastructure and platform-as-a-service solution. Additional supported hardware options, including HPE and Lenovo, are set to ship in September with future offerings from Cisco and Huawei coming in the months to follow. With this approach, customers can pick their vendor and capacity and, just like that, have a quick and efficient path to the hybrid cloud.

Is hybrid something your organization should consider adopting? Let’s take a closer look at some of the use cases for Azure Stack to see if it might make sense for you.

Bringing automation and cloud efficiencies to your data center. The cloud is built on efficiency and ease of use. For IT, that means quick turnarounds, automation and less red tape. For the business, it means unleashing the true speed of technology. With Azure Stack, IT can start building out cloud based optimizations on-premises, ultimately streamlining the variations across on-premises data centers and greatly reducing the costs of IT operations.
Businesses relying on the network edge. Azure Stack processes data in-house before looping in the cloud for additional analytical and workflow sharing. This process drives better decision-making and greater consistency for networks where a heavy burden is placed on the edge. This includes manufacturers whose shop floors are becoming home to an ever-increasing number of automated or connected devices but where Internet access may not always be guaranteed.
Situations where time is of the essence. In much the same way that it can boost connectivity, Azure Stack can also reduce latency. By doing so, it can significantly speed up response and processing time. This can be a differentiator in industries such as Financial Services, especially for organizations involved in executing trades, where success is often measured in fractions of seconds.
Organizations bound by strict industry regulations. Whether a modern application is developed, deployed, and housed on-premises or in the cloud, the code that comprises it doesn’t change with Azure Stack. As such, these applications can be moved from one spot to the other or live in both spaces without requiring additional development work. This can add much-needed flexibility for organizations as they navigate strict, industry-specific regulations concerning the cloud.
When legacy apps remain critical to success. Some apps may not be ready for a life in the cloud, but that doesn’t mean an organization is ready to press forward without them either. Azure Stack can provide the development platform upon which this transition can begin to take shape. It allows modern front ends to be added to the systems supporting these legacy apps and local development, gradually bringing them closer to their ultimate destination. Once development is complete, legacy apps will be prepared to run onsite, in the cloud, or both.

Don’t dive into Azure Stack alone

These are just some of the use cases in which Azure Stack looks to make a difference. Do any of them line up with your organization’s needs? Want to talk more about how else it might fit with your IT strategy? Arraya Solutions is ready to work with you to analyze your environment and goals in order to determine if Azure Stack dovetails with your IT strategy.

Our team stands ready to answer any of your questions regarding this solution. Start a dialogue today by visiting us online at www.arrayasolutions.com/contact-us/. Or, leave us a comment on this post through our social media presence. Check Arraya out on LinkedIn, Twitter, and Facebook. While you’re there, be sure to follow us to stay updated on our latest industry insights, exclusive learning opportunities, and company news.

August 21, 2017 by Arraya Insights

I may be new to the Arraya team, but I’m not new to Arraya. I’ve spent more than two decades in technology and in that time, I’ve often found myself either working with or competing against Arraya, depending on my position. Over the years, I got to know many members of the Arraya team very well, including the leadership team. I recognized their skill and passion and I could tell their customer service philosophy matched mine. So, when the opportunity presented itself to come on board as Sales Director and oversee our team of experienced and dedicated individuals, I grabbed it!

That customer service philosophy is fairly unique in an industry where so many are only interested in closing deals quickly or within their own timeframe instead of the customer’s. Whatever the customer was initially interested in, that was what the quote would reflect. It’s a “conveyor belt” mentality and it’s something that never worked for me. I was always more interested in having conversations, getting to know customers and their desires, and connecting them to the best solution. Sometimes that best solution is no solution if I feel I can’t offer what is needed.

From my experience, I knew the Arraya team shared this approach. It’s a philosophy built on one little question: Why? I believe this is a question technology partners should ask all the time and, if they’re not doing so, it should be taken as a red flag.

Why the interest in doing X? Why is Solution X preferred to Solution Y? I believe that some of the best, most valuable conversations a salesperson can have all start with: “Why?” Asking that opens all kinds of doors into the customer’s mindset. It offers a much better understanding of what they’re trying to do. It could even lead to the realization that there may be a better option, one they maybe hadn’t considered due to internal biases or because of some presentation they just saw about the next great disruptive technology. Too many salespeople overlook this, accepting statements at face value and sealing a deal rather than digging deeper into motivations.

Looking at our industry as a whole, it’s built around disruptive technologies. Sometimes we put too much faith in those new technologies’ ability to positively impact the business. These are situations where having a partner willing to ask “Why?” can steer organizations toward technologies that disrupt for the better and not just for the sake of it.

I do recognize that at times this question may cause the conversation to move outside of the primary agenda or maybe even outside of IT. However, I urge customers to allow Arraya the chance to have that conversation and see how we can work together to develop relevant solutions that positively affect the business.

For customers who’ve dealt with Arraya in the past, this is all likely something they’ve experienced. For customers who’ve never done business with us, that level of partnership and attention is something they can expect in their first encounter with us and during every one that comes after. As far as my team and I are concerned, sales isn’t about connecting customers with just any solution. It’s about connecting them with the right one for them.

August 10, 2017 by Arraya Insights

Drama-free has been a good way to describe the list of the world’s most used operating systems over the last several years. The most recent figures have Windows 7 comfortably in the top spot with just over 49% of the desktop market, according to research conducted by NetMarketShare. This is a position Windows 7 has held since wrestling it away from a rapidly-nearing-end-of-life Windows XP back in 2013. This stability may not last much longer, however, not with Windows 7’s own end of life date coming into focus.

January 14, 2020. That’s when Windows 7 will hit end of life, marking the end for a popular and effective OS. At some point between now and then it’s expected that the number two OS on NetMarketShare’s list will make a run for the top spot. That second most popular OS is Windows 10, which controls slightly more than 27% of the market share and has grown at a steady pace over the last several months.

While 2020 may seem far away, it’s really not considering how much has to happen between now and the roll out of a new Windows OS. Organizations will need to adjust their budgetary cycles to account for the migration. Tests will need to be run. Legacy equipment and apps will need to be prepped for the changeover. Users will need to be trained – and, in some cases, retrained – on Windows 10. It’s a to-do list destined to leave IT pondering “Where did the time go?”

Securing users and data against next-gen threats

It will certainly be interesting to look back at those NetMarketShare figures in a year to see just how much the needle has moved as the deadline gets closer still. Yet, upgrading to Windows 10 shouldn’t be viewed as an obligation – at least not quite yet. It should be something organizations are eager to do because of the benefits it offers. Windows 10 is an especially helpful tool to have now, in our security-centric business world. This OS sports a number of valuable security features not found anywhere else. These include:

Credential Guard – a singular feature purpose-built to secure and isolate user and system credentials. Credential Guard can be particularly effective at preventing attacks in the vein of “Pass the Hash,” where an attacker subverts password requirements by hacking the hash marks that replace plaintext characters.
Device Guard – a series of features designed to work collaboratively to prevent malware from gaining a foothold in a Windows 10 system. The three features that make up Device Guard ensure only trusted code runs when a device is powered on, harden key components against assault, and guarantee the authenticity of boot binaries and UEFI hardware.
Hello – the cure for the common password – potentially. Hello incorporates intelligent biometrics into verification, allowing users to access devices with the swipe of a finger or even an eye scan. While passwords are still essential to security in Windows 10, this is one way Microsoft has made identity the new boundary for the corporate network.

What to expect from a Windows 10 migration

One estimate, from research firm Gartner, puts the average prep time for moving from Windows 7 to Windows 10 at anywhere from 6-9 months. Of course, this is just an estimate. Depending on the size and complexity of an environment, preparing for the move could end up consuming far more time. Still, it’s far better than what firms went through as they planned to move from Windows XP to Windows 7. Those migrations could take anywhere from 12 to 18 months to plan. Projections aside, businesses would do well to embark on these projects sooner rather than later. The more time built in early, the less chance an unexpected delay will push a timetable right up against end-of-life.

When it comes to the process of actually deploying Windows 10, organizations have options. They could choose to go with a conventional approach to desktop deployment and management, one where desktops are tied directly to a device. Or, they could essentially deploy Windows 10 as a service. Virtualizing desktops and making them available by way of the cloud is an approach seemingly made for the modern business world. Employees can securely access their desktop from anywhere, with any device. It’s a perfect fit for a mobilized and device-flexible workforce.

Whichever path your organization selects, Arraya Solutions can help. Our Microsoft and Cloud Practice has the insights and experience needed to ensure a timely and efficient migration to Windows 10. Meanwhile our Security Practice can complement that work, ensuring a deployment strategy that makes the most of the security features built in to Windows 10.

Want to learn more? Reach out to Arraya Solutions by visiting us at: www.arrayasolutions.com/contact-us/. If you’d like to leave us a comment or question relating to this blog, check us out on social media: LinkedIn, Twitter, and Facebook. While you’re there, be sure to follow us to stay on top of all of our latest industry insights, exclusive learning opportunities, and company news.

August 8, 2017 by Arraya Insights

Earlier this summer, Arraya Solutions held our 3^rd Annual Tech Summit. The motivation behind this event, as it is every year, is to introduce attendees to the latest IT solutions as well as strategies they can use to get more from their preexisting environments. While this year’s Tech Summit has come and gone, the learning opportunities are still going strong.

During the event, Arraya invited attendees to take part in a survey regarding one of today’s most underappreciated IT responsibilities: the Service Desk. Life on the Service Desk may not be glamorous, but the vital nature of the work is undeniable, particularly as technology continues to become more intertwined in every part of the business. Our hope with the survey was that it would foster conversations within organizations about their own approach to Service Desk and whether or not improvements could be made.

The results of this survey have been collected in a new report due out later this summer entitled: Arraya Solutions’ 2017 Service Desk Strategy Report. Here’s an early look at some of the know-how our Tech Summit attendees shared with us, plus our takeaways:

The majority of organizations in our survey (65%) have teams designated to handle tickets as they come in, however, a surprising number still rely on a “by committee” approach. Roughly 33% of those surveyed assign tickets as they come in to the first available member of the IT team. This approach can make the workday much harder to map out, in turn making it harder for IT to stay on target.
The current Service Desk arrangement was hardly popular among those participating in our survey. Just over half (51%) described it as “a pain,” before noting “it’s part of the job.” As direct enablers of the organization’s mission, Service Desks shouldn’t be expected to resign themselves to accepting inferior solutions or methodologies.
Organizations who haven’t committed to a Knowledge Base are in the minority according to our research. Some 70% of participants said their organization makes use of a Knowledge Base. Despite the work that goes into setting up and maintaining them, organizations clearly see the value in-depth Knowledge Bases offer.
Even as the majority of respondents affirmed their use of a self-maintained service desk platform, it wasn’t the most popular choice in all industries. Even as this method racked up heavy margins in healthcare (75%) and financial services (75%), higher ed was less sold on it. While it still proved the favorite with 55% of respondents, using a service platform maintained by an outside entity finished second, nabbing 33% of the votes.
Healthcare organizations were not overly positive about their service desk platforms. In the study, exactly half of participants who work in healthcare described their system as “coming up short more often than not.” A slightly more positive, yet still lukewarm, critique came from 33% of healthcare respondents, who described their system as “functional for our needs.”

Where to turn for more

Want more peer-provided insight into the strategies and solutions that drive the modern Service Desk? Our full special report, Arraya Solutions’ 2017 Service Desk Strategy Report, is set to be released in the coming weeks. This report will feature honest feedback provided by leading IT professionals as well as analysis and breakdowns gleaned from the experiences of Arraya’s own staff.

If you’d like to continue the Service Desk conversation or learn how our Managed Service Desk can expand the scope and reach of your team, visit: www.arrayasolutions.com/contact-us/. Feel free to leave us a comment on this post by way of our social media presence: LinkedIn, Twitter, and Facebook. While you’re there, follow us to be the first to know about our upcoming special events, blogs, and so much more.

July 31, 2017 by Arraya Insights

Now that the dust has settled on Petya (NotPetya, etc.), businesses and countries are attempting to come to terms with the malware outbreak, which began in Ukraine before spreading to an estimated 65 countries globally. Petya was initially believed to be a ransomware campaign similar to WannaCry. However, security experts later came to see Petya was a state-sponsored agent specifically designed to destroy data and not hold it to ransom.

For those left in its wake, Petya proved to be critically disruptive. Among the US-based organizations affected were two western Pennsylvania hospitals operated by Heritage Valley Health Systems. Upon discovering the attack, Heritage’s facilities made what the organization described as “operational adjustments.” According to patient anecdotes shared on social media, this included rescheduling surgeries that had been set to take place while the attack was in full swing. Another American business, the pharmaceutical giant Merck, also fell victim to Petya. While Merck recovered, it was forced into what has been called a “low-fi operation,” meaning that employees allegedly had to stay off company Wi-Fi, keep company devices powered down, and track records using a paper-based system.

In May it was WannaCry, in June it was Petya. While it’s – hopefully – unlikely that cyber criminals will keep up this pace, one thing is certain: Another attack, one that builds on the successes of those that proceeded it, is eventually going to come. It’s up to IT to put into place a system that can be counted on to allow the organization to return to normalcy as quickly and completely as possible when it occurs.

Put your DR in the cloud

If you can’t prevent them, the best way to minimize the damage done by WannaCry, Petya, and whatever comes next is by having a sound disaster recovery (DR) plan. Just as it has in all aspects of business life, the cloud has become a staple of DR. Sending data to the cloud keeps it out of reach of ransomware, natural disasters, and whatever else may be threatening your data center.

According to one study, Zetta’s State of Disaster Recovery 2016, half of businesses are already leveraging the cloud in their DR processes. Dissecting that figure, only 9% of those surveyed have gone full cloud. The remaining 41% of organizations are relying on a hybrid cloud-terrestrial model to ensure data availability and security.

Organizations in pursuit of this hybrid DR model have many options to consider, including Dell EMC’s new Data Domain Cloud DR. This solution facilitates the disaster recovery of on-premises VMware virtual machines (VMs) by providing the capability to recover VMs in the cloud. In the event of an outage, organizations will be able to recover to the cloud and operate off-site until their on-premises operations are back up and running. Data Domain Cloud DR integrates with existing on-premises deployments of Avamar and Data Domain to securely and efficiently copy backups of VMs to the public cloud. Customers are then able to, in a fully orchestrated manner, convert VMs to a cloud-hosting service compatible format and run the VM workloads.

There are a few minimum requirements which must be met in order to utilize Data Domain Cloud DR. Right off the top, organizations must have a minimum of an Avamar 7.5 and a Data Domain 6.1 deployment. Also, necessary is an active account with a compatible cloud provider.

Prepare for the worst, strive for the best

All businesses would agree that the ideal is not ending up in the position of having to utilize their recovery solution in the first place. Ideal, yes, practical, not quite. Between natural disasters, power outages, and yes, large-scale cyber attacks like WannaCry and Petya, there are no shortage of threats hovering around the modern business landscape. All it takes is one careless click from an end user to plunge an organization into chaos.

Arraya Solutions understands the complex challenges inherent in today’s IT landscape. Our diverse range of skill sets, covering everything from the cloud to on-premises data centers to managed services and beyond positions us to help organizations prepare for the worst while empowering them to strive for the very best. The full slate of our IT expertise stands ready to provide businesses with the support and technology they need.

Want to learn more about Dell EMC’s Data Domain Cloud DR? What about Arraya’s strategy for guiding organizations through the modern threat landscape? Start a conversation with us today by visiting: www.arrayasolutions.com/contact-us/. Be sure to leave us a comment on this blog via our social media presence: LinkedIn, Twitter, and, Facebook. While you’re there, follow us to stay up-to-date on our industry insights, unique learning opportunities, and much more.

July 21, 2017 by Arraya Insights

The healthcare industry is under cyber assault. Few industries have been impacted by recent security incidents quite like healthcare companies. In May, WannaCry shut down emergency rooms and other medical services for 16 National Health System facilities in the U.K. Last month, the drug manufacturer Merck experienced a ransomware attack that affected all of their offices in the U.S. Nuance Communications, a U.S.-based tech company that provides dictation and transcription services to hospitals and health systems, was attacked two weeks ago and experienced an outage that affected some services for over a week.

Unfortunately, the threat isn’t limited to just targeted attacks either. In May, Molina Healthcare exposed data on an estimated 4.8 million patients for over a month following a website update that inadvertently provided access to patient claim data without requiring authentication. The incident was reported to security researcher Brian Krebs, who wrote: “It’s unconscionable that such a basic, Security 101 flaw could still exist at a major healthcare provider today … However, the more I write about these lame but otherwise very serious vulnerabilities at healthcare firms the more I hear about how common they are from individual readers.”

The U.S. Department of Health and Human Services has taken notice of the threat. In June, their Health Care Industry Cybersecurity Task Force released a report titled “Report on Improving Cybersecurity in the Health Care Industry” that identifies key concerns and recommendations. The report is 88 pages long and was delivered to multiple members of Congress.

Prepare for the Auditors

The report leads with an image at the top of page 1 with big red letters next to a thermometer that reads “HEALTHCARE CYBERSECURITY IS IN CRITICAL CONDITION” with five primary findings:

Severe lack of security talent
Legacy equipment
Premature/over-connectivity
Vulnerabilities impact patient care
Known vulnerabilities epidemic

I’m guessing the authors of this report knew that members of Congress weren’t going to actually read an 88 page report on security, and thus this picture was a nice way to summarize the findings – it’s a pretty smart tactic if you ask me. Additionally, the report defined the entire healthcare “ecosystem” to include not just hospitals and direct patient care facilities, but also encapsulated labs, pharmaceuticals, cemeteries, government offices, research facilities, insurance companies, and other entities that probably don’t consider themselves part of the healthcare industry.

There is plenty of good information contained in the report, but the biggest takeaway for me is the task force’s #1 recommendation: “Define and streamline leadership, governance, and expectations for health care industry cybersecurity.” As a veteran of the United States military, I’ve seen (and authored) that kind of language before so I know that it typically implies someone isn’t doing a good enough job, so a leadership committee is going to write a whole bunch of rules and audit compliance regularly. As I continued to read the report, sure enough there was the language I anticipated, just three paragraphs down from the header:

“The Health Care Cybersecurity Leader (described in recommendation 1.1) would work within the Department of Health and Human Services (HHS), externally with other federal agencies that impact health care, and other health care sector-related groups to reduce duplication and provide guidance and clarity in the areas of security and cyber risk, best practices, education, and regulations.”

In other words, here comes more regulations, checklists, and auditors.

Security Now or Auditors Later

Cyber security compliance is not a new concept. Healthcare has been going through HIPAA audits for years. Financial institutions have to deal with GLBA, Sarbanes Oxley, PCI, and state laws just to name a few. The federal government and organizations that support it are regularly audited for compliance with regulations like NIST 800-171. For the most part though, those requirements aren’t extremely difficult to comply with. In many cases, there’s some opportunity to make assumptions or cases with an auditor as to how you meet a particular requirement that’s generically defined.

The recommendations in this report go a step further than that, opening the door for compliance to be based on a singular security framework – in this case the NIST Cyber Security Framework. As part of the initial recommendation, the task force suggests that “Use of the National Institute of Standards and Technology (NIST) Cybersecurity Framework would standardize risk assessment and definitions to make sharing cyber information easier and allow the industry to understand the risk across the continuum of data.” For most healthcare organizations this shouldn’t be too much of a stretch since HIPAA already requires some safeguards. This precedent opens the door for the federal government to leverage this framework across all other industries though, many of which are definitely not prepared to meet that burden.

The point here is that, quite frankly, organizations simply are not taking basic steps to protect their data. If they were, you wouldn’t see all these cases in the news. In healthcare, the regulators have started to “smell the blood in the water” and government is positioning regulations as a method to force the issue. Once that happens, it won’t be long before other industries with sensitive data feel the compliance wrath.

Is your organization ready? Arraya’s Cyber Security Practice is well-versed in the threats facing modern healthcare providers. Through a combination of real world experience, best of breed solutions, and an understanding of the challenges facing the industry, Arraya is able to help healthcare providers build a hardened barrier ready for always-advancing threats.

Reach out to us today by visiting https://www.arrayasolutions.com//contact-us/. Leave us a comment on this post using our social media presence: LinkedIn, Twitter, and Facebook. While you’re there, be sure to follow us to stay on top of our latest industry insights, special events, and company updates.

July 19, 2017 by Arraya Insights

Not seeing a problem isn’t the same as not having a problem. Hackers and bad actors have gotten very good at carrying out their crimes without arousing suspicion. As such, malicious activity can go on for months or even longer without drawing attention to itself. By the time someone does notice – or the attackers decide to reveal themselves – the damage can be massive.

The average length of a cyberattack varies from study to study; however, none of the answers are particularly comforting. One study – conducted by the Ponemon Institute – pegged the number at anywhere from 3-6 months depending on the industry. A separate study – this one orchestrated by Mandiant – went even higher. This study placed the average at 205 days; although – in a bit of good news – that number has been steadily dropping over the years.

Those numbers don’t sound so bad when compared to the case of Anthem. Cyber security-watchers will remember this as the insurance company breach that exposed nearly 80 million unique records. Anthem spent hundreds of millions of dollars on remediation efforts following the breach, which began with a phishing email. Researchers believe an unfortunate Anthem staff member opened the compromised email in mid-February 2014. The breach wasn’t discovered until almost a full year later – toward the end of January 2015.

Knowledge is power in cyber security. The more insight organizations have into their network activity, the faster they’ll be able to catch and contain risky trends – and hopefully minimize the damage inflicted. The source of those negative trends doesn’t even have to be hackers. It could be a case where a particular solution is edging toward failure. Regardless of the root cause, time to detection of problems/trends remains of the essence.

10 ways to get more from Log Analytics

One way to keep a better eye on what’s taking place on your network is through Azure Log Analytics, a component of Microsoft’s Operations Management Suite (OMS). Log Analytics delivers a singular visual analysis of everything taking place across your organization’s cloud and on-premises environments. If your business is currently leveraging Azure Log Analytics and you’ve surfed through its dashboards, then you have some idea of the insight it can provide. However, there’s plenty of value to be realized from Log Analytics beyond the basics, you just need to spin up the right add-ons.

Here are ten solutions you should turn on to get the most insight from Log Analytics:

DNS Analytics – Monitor your DNS server analytic and audit logs for malicious domain name activity, aging resource records, server request load, and much more.
Malware Assessment – Keep tabs on your organization’s anti-malware solution, including when protection is lacking and the kinds of threats it’s detecting.
Security Audit – Store all of your organization’s OMS-related security information in one place, including snap shots of risk events detected in a customizable timeframe.
Update Management – Manage security updates for Windows solutions deployed on-premises and in the cloud, preventing critical patches from going unimplemented.
Alert Management – Track the system alerts generated by Log Analytics as well as by third party solutions (such as Nagios) to stay on top of network activity.
Change Tracking – Oversee the changes being made in your organization’s technology environment, including to Windows services, Linux daemons, and more.
Activity Log Analytics – Explore the backstory for any write operations conducted across your organization’s Azure environment, covering the who, what, and, when of any Put, Post, or Deletes.
Network Performance Monitor – Spot network bottlenecks in close-to real time and at a localized level so that they may be resolved quickly, allowing the network to return to optimal performance.
Azure Application Gateway Analytics – Drill down into reports on Application Gateway client and server errors, host health, and errors by user agent, among others.
Azure Network Security Group – Gain a greater understanding of the traffic flow involving the network security group and MAC addresses.

Network Security G.I. Joe Style

Ideally, attackers will forever remain far outside your system, cursing your impenetrable perimeter. These defenses can only do so much to protect against click-happy end users, however, making interior awareness an equally important part of an organization’s cyber security posture. Anyone raised on the G.I. Joe cartoons of the 80s can attest to the critical nature of awareness, because, after all “knowing is half the battle.”

Arraya Solutions can help you stand up Log Analytics with our Dashboard in a Day offering, which connects Log Analytics with up to 20 servers, for a defined trial period. This engagement has provided customers with access to all types of insight into their technology systems, including identifying a running botnet!

Contact us today and we can help your business activate the above solutions or others and make sure you’re leveraging them to their fullest, right out of the box. If you’re new to Log Analytics, our team has the expertise to get you up to speed.

Arraya can be reached at www.arrayasolutions.com/contact-us/. Feel free to leave us a comment on this blog post through social media, LinkedIn, Twitter, and Facebook. While you’re there, remember to follow us to stay on top of all of our latest company news, special events, and industry insights.

July 14, 2017 by Arraya Insights

Over the past few years, Microsoft has been touting the features and capabilities of Office 365, Azure, Windows 10 and Enterprise Mobility + Security. Each product has transformed how businesses operate and has contributed to collaboration, security, and innovation. At Microsoft Inspire 2017, the annual Microsoft partner conference, the messaging was clear.

While businesses need these technologies, IT needs to stop managing them and innovate with the business.

This conference used to be named WPC (Worldwide Partner Conference), but has been renamed this year to Inspire. While the name seems like a simple marketing rebrand, there is more going on. To be a successful partner to customers, Microsoft needs to invest in solutions that make customers successful.

There are still products, after all Microsoft is a cloud and software company, but the story has shifted to what you will do with the technology to impact your business, not just run your business.

The Proof is in the Sales Realignment

The biggest news at Microsoft Inspire was the Microsoft Sales Realignment. While this seems like it might be something with little value to customers, the ramifications are actually massive, but maybe not how you think.

Underpinning this change is a new driver that Microsoft realizes they need to succeed – namely, your success. When Office 365 and Azure were first released, the story was around moving IT out of the hardware and software management business. This is the most obvious benefit of cloud services, but it doesn’t necessarily provide the most value.

As customers moved, something amazing happened. The business started leveraging the cloud to do things that were out of their reach before. Business solutions were built to engage with customers and new revenue streams were developed. The most successful customers have already figured this out – the cloud is the great equalizer, allowing any customer to take advantage of nearly endless computing power and solutions.

Microsoft’s sales realignment shows a renewed focus on this potential, but customers must be willing to see it. Arraya can help you understand the changes to align IT with the business, helping you develop new ways to be successful.

Those that value technology as a business driver and not as a cost center will succeed, disrupt their industries and business and achieve more.

Azure Stack Up for Pre-order!

While Azure is a powerful cloud platform, not all workloads or use cases match a cloud only operating model. In 2015, Microsoft announced Azure Stack to meet this emerging customer need and promised they would be a leader in hybrid cloud. Arraya has been following this story closely as it spans multiple vendors we partner with.

At Inspire, Microsoft announced that Azure Stack pre-orders are now available. Arraya can help you understand and deploy Azure Stack, but let’s review what the use cases are and see how it augments the story of focusing IT on innovation.

Azure Stack is hardware with the same bits that are running in Azure. The hardware is managed by the vendor and the software is managed by a partner, like Arraya. This is a recurring monthly cost model, with the software paid for as you use it.

Azure Stack gives both developers and IT a layer of consistency between on-premises and cloud based workloads. The management and development plane are the same, meaning it doesn’t matter if it is Azure or Azure Stack, the experience and capabilities are aligned.

This translates into flexibility in deciding where you want your workloads to run. If you have regulatory or compliance requirements that are easier met on-premises, you can put that application locally on Azure Stack.

While Microsoft has the largest geographically dispersed cloud, Azure doesn’t exist in every market. Azure Stack can provide customers with an option to drop Azure on-site where they need it, lowering latency. In fact, Carnival Cruise Lines has been testing out Azure Stack on their ships. They can develop solutions for Azure and deploy them at scale across their fleet.

Microsoft 365

The last major announcement is targeted at customers looking to simplify their licensing models, but still hits at the heart of the messaging – getting IT onto more interesting things. Microsoft 365 is a single per user/per month cost for your employees’ desktops, collaboration stack and security.

Not only is Microsoft providing a single per use/per month license, but they are allowing partners, like Arraya Solutions, to layer on the management in a single cost. This means that you can completely get your IT out of supporting these commodity services and on to innovating business solutions (see the sales reorganization above).

Businesses can now truly understand easily what each employee’s cost to their business is, from salary to healthcare and retirement and now ongoing IT support and software costs.

Where Arraya Fits

As businesses demand more from technology, IT is becoming more and more critical. IT is poised to get out of firefighting mode and onto more innovative things that help deliver business value. Arraya can help you navigate the options out there and show how new models can help drive your business to success.

To learn more about these and other developments from Microsoft Inspire, contact out Microsoft team at https://www.arrayasolutions.com//contact-us/. We can also be reached through social media: LinkedIn, Twitter, and Facebook.