Arraya Insights

by

During the last two weeks, an unprecedented number of cyber attacks swept the globe leaving organizations across every industry scrambling to recover. In the U.K., 16 National Health Service facilities were affected by ransomware known as “WannaCry” forcing them to divert emergency room patients to unaffected hospitals. In Spain, the same malware hit one of the country’s largest  telecommunications companies to the point where employees were notified to shut down systems in order to prevent the malware from spreading further. Even the global delivery giant FedEx was impacted, admitting in a statement to NBC News, “like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware. We are implementing remediation steps as quickly as possible.”

This attack comes on the heels of tech giant Google disclosing details on an attack that was launched affecting its Google Docs application. This attack was effective in that it actually took advantage of legitimate authentication protocols that can result in granting full permissions to the attacker to email and other connected accounts. Google quickly shut down the incident, but not before users were already affected.

More Attacks to Come

The U.S. Computer Emergency Response Team issued an alert Friday afternoon warning organizations to be on the lookout for more WannaCry attacks. The New York Times is reporting that the exploit for WannaCry software was stolen from the National Security Agency. This malware was identified across 74 countries. While U.S. government officials have not confirmed that the NSA lost these tools, it’s safe to say that in the wake of the attacks seen over the last couple weeks, companies of all sizes need to be on the alert. Ironically, these events happen at the same time that the White House released an executive order requiring federal agencies to adopt the NIST Cybersecurity Framework controls.

Plan, Protect and Prevail

While all of this can be extremely scary, the good news is, with the right security controls, it’s possible to defend against these attacks. Arraya’s Cyber Security Practice is well versed in deploying ransomware defense technologies and strategies.  Our Vulnerability Management Services and framework gap assessments are specifically targeted towards defending against the kinds of threats unveiled in the last week. Additionally, Arraya’s security incident and event management solutions combined with advisory services like training and awareness, incident response planning, and disaster recovery options arm companies with the tools they need to combat advanced persistent threats and recover quickly in the event catastrophe does strike.

Arraya’s Cyber Security Expertise

Many companies want to leverage best in class security expertise without the burden of building an entire security staff from the ground up. Arraya’s Cyber Security Practice offers businesses the ability to do just that. Arraya’s Advisory Services enable organizations to gain the expertise of a seasoned CISO, at a fraction of the cost of hiring one. Additionally, Arraya’s Cyber Security Advisory Services can work across departments and organizational roles to develop world-class, holistic security solutions. To find out more, contact us at: https://www.arrayasolutions.com//contact-us/.

 

by

This weekend saw one of the largest global cyber attacks in history, WannaCry, reportedly impacting FedEx, the National Health Service in the UK, and Telefonica in Spain among others.

As we’re certain this has been a common topic of conversation in the office, we wanted to arm you with some great information via the blog from the Cisco Security Intelligence group, Talos: http://blog.talosintelligence.com/2017/05/wannacry.html

Summary for WannaCry Ransomware Campaign
Overview: A major ransomware attack has affected many organizations across the world reportedly including Telfonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware responsible for this attack is a ransomware variant known as “WannaCry.”The malware has the capability to scan heavily over TCP port 445 (Server Message Block/SMB), spreading similar to a worm, compromising hosts, encrypting files stored on them and then demanding a ransom payment in the form of Bitcoin.
Killswitch for WannaCry Cisco Umbrella researchers first observed requests for one of WannaCry’s killswitch domains (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com) starting at 07:24 UTC, then rising to a peak of just over 1,400 nearly 10 hours later.  This domain has been registered by a UK Security Researcher and helped mitigate threats.
Actions: Organizations should ensure that devices running Windows are fully patched and deployed in accordance with best practices. Additionally, organizations should have SMB ports (139, 445) blocked from all externally accessible hosts.
More Analysis: Talos Intelligence: Wannacry
How Cisco Customers are Already Protected: Snort Rule: 42329-42332, 42340, 41978 (Meraki MX)

Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.

CWS or WSA web scanning prevents access to malicious websites and detects malware used in these attacks.

The Network Security protection of IPS and NGFW have up-to-date signatures to detect malicious network activity by threat actors.

AMP Threat Grid helps identify malicious binaries and build protection into all Cisco Security products.

Umbrella prevents DNS resolution of the domains associated with malicious activity.

One of the main points to capture relating to WannaCry is that basic block and tackling IT responsibilities will protect you. Windows patching and good network security prevent this variant. The other security tools come into play after that has failed.

Basic recommendations:

  1. Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied.
  2. In accordance with known best practices, any organization who has SMB publicly accessible via the internet (ports 139, 445) should immediately block inbound traffic.
  3. Disable SMBv1.
  4. Segment and filter your network.
  5. Have reliable offline backups available when all else fails.

The elephant in the room is that a lot of organizations have struggled to implement those recommendations.  If that’s you, Arraya can help.

If you have Cisco Security tools in your environment, here are some additional things to consider:

  1. Double check the settings for your OpenDNS Umbrella, AMP for Endpoints and NGFW Policies. If your policies are in monitor or audit mode consider changing them to blocking or protection mode.
  2. If you have not enabled the IP, DNS and URL Security Blacklists, consider enabling them. (Do not block the sinkhole / killswitch domain(s))
  3. For those with the Sourcefire based NGIPS, NGIPS or FTD solutions, consider setting the blacklist update timer to 30 minutes from the default of 2 hours.
  4. If your Cisco NGIPS, NGFW or FTD solutions are set to auto download rule updates every night your systems will automatically be updated with these rules. If they are not set to auto update, then you can force a manual rule update.
  5. Talos has also released, on their blog site, a list of the SHA 256 file hashes for the menacing malware and a list of the CnC (command and control) IP addresses which should be blocked via a blacklist. If you don’t currently have a Cisco solution, you can manually enter this list of IP addresses to block in your internet facing access control lists. If you have a Cisco solution, the blacklist has been auto updated.

This is a very dynamic and ongoing situation. Variants and other ransomware continue, in addition to the WannaCry ransomware garnering all the attention. There is a significant amount of confusion and misinformation in the media about WannaCry. We strongly recommend you rely on trusted security resources only for information. A great source of truth is the Talos forensics group via their blog site and their Twitter feeds: http://blog.talosintelligence.com/. To fully understand this ransomware, that blog is worth your time.

Arraya’s Cyber Security Practice is well versed in deploying ransomware defense technologies and strategies. Our Vulnerability Management Services and framework gap assessments are specifically targeted towards defending against the kinds of threats unveiled in the last week. Also, our Microsoft team can help you with your Windows management challenges. Additionally, Arraya’s security incident and event management solutions combined with advisory services like training and awareness, incident response planning, and disaster recovery options arm companies with the tools they need to combat advanced persistent threats and recover quickly in the event catastrophe does strike. To learn more about WannaCry or start a conversation about how to keep your business safe from this and other malware and ransomware variants, visit: https://www.arrayasolutions.com//contact-us/.

by

Five hours isn’t all that long in the grand scheme of things – but it might as well be an eternity during a data center outage. That’s more than enough time for a company to run up sizeable bills attempting to rectify the situation. It’s also plenty of time to give customers a negative experience that can take longer – and cost far more – to undo.

The airline industry has had its fair share of PR problems in recent months. Go back a little bit further to late last summer, and there were issues of a more technical variety. On August 8, a Delta Airlines operation center in Atlanta suffered an electrical surge and lost power. This outage took the computers needed to fly planes and book flights offline for roughly five hours. The immediate results of this were no doubt painful as Delta had to cancel nearly 1,000 flights on the day of the outage. That was followed by an additional 1,000 flights being canceled over the next two days as the airline worked to dig itself out. All told, the remediation efforts, the vouchers and refunds issued to upset customers, and more, cost the company $150 million – or $30 million for each hour of downtime.

While $150 million is an impressive total, it wasn’t even a record total last summer for airline IT issues. Southwest spent an estimated $177 million righting the ship following a data center outage in July that grounded flights for three days.

At least one insider chalked these outages up to an industry-wide failure to modernize. Systems have been built piecemeal over time and they run 24/7. Without the seamless integration, redundancy, automation, and other features found in newer backup and disaster recovery solutions, any company, in any industry, could be a sitting duck for a damaging outage of its own.

Internal threats to the data center

Data centers can be taken offline by a great many things that are out of IT’s hands – but sometimes it’s those hands that are responsible for the outage. In some instances this could be malicious, the work of, say, a disgruntled former admin. Other times, it’s simply an accident. Case in point, late last year, the global networking company Level 3 Communications dealt with an outage the company attributed to the always-dreaded “human error.”

The error occurred as provisioning work was being performed on Level 3’s network. An admin editing a routing table failed to include the necessary limitations on a configuration change, which snowballed into an outage. The erroneous entry was deleted to solve the problem, but that didn’t stop plenty of customers from voicing their outrage across social media.

In general, a simple typo such as this one can cause businesses a lot of grief. The risk of that happening only goes up as IT pros are tasked with handling larger and more complex workloads. That says nothing of what can happen when an incident occurs and IT is working at a break-neck pace to correct it. Whether it’s incorporated during day-to-day tasks or in a worst case scenario, automation can be a lifesaver.

Up and running but still unavailable

Even if a data center is powered up and running, that doesn’t mean everything is OK. Say, for example, if a business falls victim to a ransomware attack. This is a different kind of outage than the cases described above, but it’s no less devastating. In the event of a ransomware attack – should a business not have the appropriate backup and disaster recovery solutions in place – it will be faced with the choice of paying cyber crooks in order to regain access to encrypted data or saying goodbye to it, likely for good.

Last year, one of Arraya’s customers in the manufacturing industry fell victim to CryptoLocker, a particularly nasty form of ransomware. Rather than pick between paying up and losing its data, this manufacturer had another option. Instead, with Arraya’s help, the company was able to recover its data in under two minutes thanks to recently-made upgrades to its backup and recovery environment. Without those upgrades, the Arraya team, and the customer’s forward-thinking approach to backup and disaster recovery, this story likely would have had a very different, and costlier, ending for the customer.

Dive deeper into backup and disaster recovery

Arraya’s Data Center team is well-versed at deploying the tools and solutions needed to deliver wins such as the one in that last scenario. Start a conversation today by visiting: https://www.arrayasolutions.com//contact-us/. You can also reach out to them – or leave us a comment on this post – through social media: LinkedIn, Twitter, and Facebook.

Businesses interested in learning more about the latest disaster recovery and business continuity solutions can do so at the 3rd Annual Arraya Solutions Tech Summit on June 8. This free event features a full day of courses dedicated to the most valuable technologies and trickiest challenges encountered by modern IT pros, all led by our team of engineers to ensure a day that is truly “for techs, by techs.”

Included in the agenda will be a course entitled DR/BC Solutions that Guarantee Faster Recovery and Peace of Mind. During this session, attendees will explore leading business continuity and disaster recovery solutions from Dell EMC and VMware and how they help minimize downtime and remediation costs. They’ll also learn the differences between these two very distinct concepts that are regularly treated as one.

Arraya’s Tech Summit will be held at the Sheraton Valley Forge in King of Prussia, PA. To register, head to: https://events.arrayasolutions.com/.

by

Even though they don’t provide the same immediate financial payoff as businesses in other industries, manufacturers remain a favorite target of cyber criminals. Rather than directly stealing money, attacks may focus on disabling systems and causing damage to critical infrastructure. Criminals may also have their eyes on intellectual property or internal operational information as part of a corporate espionage campaign. Motivation aside, the aftermath is no less painful.

To reach their targeted data, cyber criminals leverage a variety of attack vectors. One avenue that is particularly enticing is a manufacturer’s Industrial Control Systems (ICS). This computer-based network, which orchestrates the industrial processes of a facility, tends to be deployed on older hardware. The critical nature of the equipment also makes it hard to take time to patch – and harder still to take offline and replace. Should criminals gain control over it, the damage can be catastrophic.

A recent example of an ICS attack that earned headlines globally concerned an unnamed German steel mill. Attackers initially gained access to the mill’s network by way of a spear-phishing campaign directed at the business side of the house. Once inside, they were able to dig around, eventually gaining access to the production environment. At that point, they were free to meddle with control systems to the point where one of the mill’s blast furnaces was unable to be properly shut down, resulting in massive damage. The attackers’ motives, whether it was to purposefully inflict damage or if that was an unintended consequence of some other design, remain unclear.

Keys to tightening your company’s Industrial Control Systems

What took place at that German steel mill is a worst case scenario. However, it serves to underscore the importance of securing ICS against cyber attacks and accidents. Here are six ways modern manufacturers can do just that:

  • Perform regular assessments. Cyber threats are always evolving. Defenses that don’t follow suit will be little help should they be placed in the crosshairs. Security teams should review their security environment at the very least annually to make sure everything is up-to-date and operating at the highest level. These assessments should include critical infrastructure, user access, and more to protect against incidents stemming from internal and external sources.
  • Regularly monitor system events. IT has enough to worry about in terms of active threats without having to add in those which have already been neutralized. However, there’s a lot that can be learned from security event logs, even those concerning incidents that were prevented. They can help you spot trends relating to risky user behavior or organizational security weak points.
  • Deploy reliable perimeter defenses. IBM’s Threat Intelligence Report is clear – the perimeter is a major risk factor for businesses. Roughly 91% of attacks on manufacturers occurring in 2016 were launched by outsiders. Defenses such as advanced firewalls and intrusion prevention systems must be deployed to harden the business against exterior assault. As mobility becomes more ingrained, businesses must also consider user identities to be part of the perimeter and defend them as such.
  • Deploy endpoint security. The same push for enterprise mobility that has shifted user identities to the security perimeter has also necessitated tighter defenses around endpoints. Employees want to work from a variety of devices and it’s up to IT to leverage antivirus software, mobile device management, whitelisting, etc. to ensure they can do so without putting corporate systems at risk.
  • Commit to patches and updates. There’s too much riding on manufacturers’ ICS to fall behind on patches. It’s no small feat to put together a patching calendar that acknowledges both production goals as well as security needs. However, the risks of failing to do so are too great to overlook.
  • Manage and audit changes. Changes should be tracked across an organization’s IT environment. However, it’s of paramount importance when it comes to ICS. Any configuration adjustments should be documented and backed up. This can reduce downtime during maintenance and, in the event of tampering incidents – it can make the root cause of issues easier to find.

Don’t face today’s cyber threats alone

Arraya’s Cyber Security Practice can help ensure your ICS is up to the challenge presented by today’s cyber criminals. They can provide the strategic advice and the tactical solutions needed to keep data safe and criminals at bay. Our Cyber Security Practice can be reached by visiting: https://www.arrayasolutions.com//contact-us/.

Visit us on social media – LinkedIn, Twitter, and Facebook – to leave us a comment or a question on this post. While there, follow us to keep up with our latest industry insights, company blogs, and exclusive special events.

by

 

In recent years, IT leaders felt a budget pinch like never before, spanning software, applications, and equipment, and also the very resources who drive those everyday operations for the rest of the company.  And while Gartner reports that the majority of budgets will actually grow into 2017, the memory of using extreme caution in making the most of limited departmental dollars won’t soon fade away.

So this puts IT in a very interesting predicament.  As demands just continue to expand, how can you not be intrigued by all that cloud computing can support for your organization, while at the same try to convince everyone that it’s a smart financial decision, and really at the heart of future success?

It basically comes down to demonstrating that such decisions can really be made in a secure, smart way; they don’t have to feel overwhelming or misguided.  How can you proceed down the right path, though?

Just like anything else, it starts with some knowledge at the foundation.  What are you working with now?  What exactly is your current network state?  Are you dealing with security weaknesses, bottlenecks, or inefficiencies?  You may be starting to answer those questions as you’re reading them, and well, you probably have a decent grasp on what is going on within your own data center.  However, even the most seasoned IT leader can’t necessarily detect everything, or always possess the most objective view.  And when it comes to the successful transition to virtualization, you have to know where you’re coming from in order to get where you need to be.

That said, there IS a way to do this.  vRealize Network Insight (vRNI), from VMware, helps you to visualize traffic flows, and uncover any performance issues, while offering a clear snapshot of the overall health of your network.  Understanding this data is integral in making smart decisions for your business moving forward, and also in getting the rest of the team onboard with you.

In addition, vRNI can point you in the right direction in terms of cloud security, assessing if NSX and micro-segmentation will be a fitting component of your future state.  With micro-segmentation, security can be applied at the hypervisor, so that in addition to building security on individual machines, protection protocols can also be applied on a per workload basis.

Arraya recognizes that for our clients, this knowledge is power, and therefore incorporates vRNI into our comprehensive network assessment program.  By working closely with you, our evaluation will offer the necessary understanding of where you stand now, so that you can optimize the productivity and profitability of your IT organization.  This will generate the necessary confidence as your company’s IT roadmap proceeds forward, even with some lingering extra-caution still in mind.

If you’d like to learn more about vRealize, join us on May 17th for our Operationalizing NSX with vRealize Experience Day. This free event features a full day of hands-on learning opportunities with vRNI. Attendees will get to experience firsthand how, by leveraging vRNI, their organization can gain greater visibility into and control of their data centers. Register now!

Want to open a dialogue before the event? Start a conversation with our team by visiting: https://www.arrayasolutions.com//contact-us/. You can also leave us a comment on this post by way of our social media presence: LinkedIn, Twitter, and Facebook.

by

Businesses are transforming like never before. Not long ago, innovation only moved as fast as infrastructure let it. If a business wanted to chase a new opportunity, it meant overhauling on-premises infrastructure to support that new initiative. Thanks to modern advances like the cloud and hybrid data centers, companies can transform on the fly. Major innovation can be triggered with little more than a credit card.

We call this shift Digital Transformation and it is about more than changing traditional IT managed technologies. It has changed what it means to work in IT. Teams that adapt will help their organizations find new ways to succeed for years to come. Those who can’t adjust risk having to watch from the sidelines as the business takes matters into its own hands.

Before Digital Transformation, Information Technology Infrastructure Library (ITIL) was the way things were done in IT. ITIL provided a tight framework for managing IT resources and services. It worked like this: Say an end user needed a new program on his or her computer. Under ITIL, the user would submit a ticket that would then go into a queue. Every so often, the user would be emailed progress updates. At the end of this process, the user would get his or her software. Meanwhile, the CIO had a way to watch over IT resources from a high level.

ITIL may get results in an efficient and standardized manner, but it is also rigid and event-oriented. Following through on it takes the strict focus of entire IT departments, leaving no room for creativity or innovation. ITIL often came down to: “Here’s your framework. Stick to it. End of discussion.”

If you think about it, the inflexibility of ITIL is the exact opposite of what we’re seeing with Digital Transformation. The goal of Digital Transformation is enabling IT to provide outside the box value. In an organization that has embraced this way of thinking, the scenario above would have played out very differently.

With the flexibility of Digital Transformation, if an end user needed a piece of software, they would loop in IT, get the go-ahead, and obtain it themselves. Meanwhile, IT would be busy meeting with people from across the business, hearing their goals and concerns, and figuring out how to address them through technology. Techs would be exploring ideas like using mobile to open up new business scenarios or using the cloud to increase agility. Sure, they would still manage events – unless they’ve fully divested themselves of that with the help of a Managed Services provider. However, giving end users ownership over lower-level tasks lets IT pros add far more value and provide more strategic guidance to the business than they ever could under ITIL.

Begin transforming your business one step at a time

Where does your organization stand with Digital Transformation? Whether you’re brand new to all of this or embraced it early, Arraya can help you figure out your next move through our Digital Transformation Advisory Services. By leveraging the deep technological knowledge and experience of our team, you can determine the path that makes the most sense for your business. This could be anything from adopting modern IT methodologies to an on-premises infrastructure lift and shift to a full cloud migration. Visit https://www.arrayasolutions.com//contact-us/ to get started.

Want to hear more about Digital Transformation? You’re invited to attend the 3rd Annual Arraya Tech Summit on June 8th in King of Prussia, PA. The Tech Summit is a free day of sessions on today’s most important IT topics, including Digital Transformation. We are running a session called “Planning & Executing a Digital Strategy – Both On-Site and in the Cloud.” The session will concentrate on how Digital Transformation affects the lives of average techs. We will also touch on what techs can do to motivate their organizations to begin having these conversations, which are becoming critical to remaining competitive.

This is just one of the two dozen-plus classes scheduled for this year’s Tech Summit. Attendees will also be able to check out classes on the cloud, hyperconverged, cybersecurity and more. Each of these will be presented by members of our leading team of engineers. This ensures the Tech Summit delivers on its promise of being a day “by techs, for techs.”

Reserve your spot now: https://events.arrayasolutions.com/.

by

Take note: Mobility spending is expected to total $1.57 trillion worldwide this year, with growth projected through at least 2020, according to research by IDC. That figure covers hardware, software, and associated services. Considering the value mobile workforces bring to businesses, this investment does make sense. However, from IT’s perspective, it presents certain challenges.

Organizations with leaky endpoint security are leaving a door open for cybercriminals. As mobility and BYOD initiatives increase the number of endpoints within an organization, it makes for even more doors for IT to worry about. This likely helped propel endpoint security to the top spot among must-implement security initiatives in a recent Computer Weekly study of CIOs.

Businesses relying on a solution such as Cisco’s Identity Services Engine (ISE) already have greater awareness of the devices and endpoints accessing their networks. ISE, for example, considers factors such as user identity, location, device type, device health, and more and assigns access clearances based on that contextual data. ISE already brings much-needed simplicity to access management through its automation features, however, there is a way to take this a step further, with a capability only in the most recent versions of Cisco ISE.

A practical look at the value of Easy Connect

This feature is called Easy Connect and it streamlines network access without infringing upon IT’s ability to supervise connections and maintain the integrity of the business network. With Easy Connect, IT won’t have to worry about installing security or access clients on the endpoints themselves. At least not for any Windows-based endpoints. Instead, Easy Connect has an alternative method for authenticating devices attempting to log in to a business’s network.

Let’s take a closer look at how this works by exploring what happens when a user attempts to log in to a system backed by Easy Connect and ISE. When a client initially connects to a network, ISE can minimize what it touches, limiting the client to the essentials, such as the AD domain. Once that client logs in to an AD domain, that’s when Easy Connect comes into the equation. Easy Connect pulls permissions for that user identity from the person’s AD profile and grants new access to him or her mid-session. This process is hands-free, occurs in real time, and, when it’s complete, the device will appear in ISE complete with the appropriate context.

With Easy Connect, businesses can leverage an access solution that, while not as robust alternatives such as 801.x, can still be counted on to keep their network out of harm’s way. When compared to other options, it offers an ease of use and a flexibility that makes it worthy of a place in a business’s security strategy.

Learn more about securing your business’s endpoints

Easy Connect made its debut in ISE 2.1 and it’s also included in the latest version, 2.2. Are you using an older version of ISE and would like to upgrade to a more modern version to take advantage of Easy Connect? Or are you new to ISE and want to learn more about it? Our Cisco Practice can take you through ISE, Easy Connect, and more to show you what these capabilities can do for your organization. Visit https://www.arrayasolutions.com//contact-us/ to get the conversation started.

Another way to learn more about ISE in general? Join us at our 3rd Annual Arraya Solutions Technology Summit on June 8, 2017 in King of Prussia, PA. This free event features a full day of learning opportunities presented by the members of our technical team, covering the challenges and solutions most relevant to today’s IT professional. Included in the agenda is Clearing Up Access Mysteries and Defending Your Network with Cisco’s ISE. This session will cover the benefits of ISE and the architectural considerations needed to achieve full value from it. To register for the Tech Summit, head to: http://arraya.info/techsummit.

You can leave us a comment on this post by visiting us on social media: LinkedIn, Twitter, or Facebook.

by

In the information security world, there’s a lot of talk around compliance and regulations directed at securing critical systems. Additionally, many organizations use compliance as a means to justify security spending and initiatives. It can be difficult in some cases to know exactly what you are required to do. Sometimes regulations are very direct and clear, while, in other instances, regulations can be risk-based and subjective. It’s always fun sitting in a room with legal, IT, and compliance and trying to build a plan on “complying” with mandated regulations. Compliance always wants to take a checklist approach, legal is often trying to define what’s required versus what isn’t, and IT just wants to know what they need to do. It can very quickly become quite the quagmire, but the situation can be navigated.

Understand the Data You Access

It can be obvious what types of sensitive data a company is managing – hospitals store medical data, banks store sensitive financial information.  However, what tends to happen is that many organizations are managing and accessing data that’s regulated and they don’t even know it. Consider the data that your HR department may be storing. In the typical course of business, you may not be responsible for managing any kind of sensitive data. HR, on the other hand, is going to have access to social security numbers, bank account numbers, birth dates, salaries, and other sensitive personal information on each employee. It’s also not uncommon for some companies to request (and store) health-related information on their employees that’s used to manage their health insurance plan. I’m not saying that these groups are automatically subject to the HIPAA security controls, but it’s important to know what data you do have so you can assess what laws are applicable to your organization.

Know Your Industry and What Regulations Apply to You

In the healthcare industry, it’s pretty cut and dry. HIPAA is typically the governing regulation and it spells out pretty specific criteria that can be audited. The same is also the case for much of the financial services sector. Larger entities that offer financial products or services are required to safeguard sensitive data and the FTC Safeguards Rule spells out what those requirements are.  Companies that process credit cards should adhere to the Payment Card Industry (PCI) security standard. Banks fall under the jurisdiction of the OCC and FFIEC.

The water gets a little bit muddy where the law isn’t as cut and dry. Consider pharmaceutical manufacturers, for example. There is no such thing as the “Cyber Security for Pharmaceutical Manufacturers Law,” something with a clearly defined set of rules that can be easily digested and measured. Instead, to find relevant security requirements, you have to refer to the Food and Drug Administration 21 cfr part 211 guidance which stipulates “Appropriate controls shall be exercised over computer or related systems to assure that changes in master production and control records or other records are instituted only by authorized personnel.” In this case, there’s a lot of latitude for both the auditor and the manufacturer to dispute what is and is not appropriate controls. It’s up to the organization to unilaterally ensure it’s meeting the intent of the regulation and that can be a challenge for many companies.

Then there are individual state laws which often get overlooked. Just about every state has its own language around what is meant by “security breach,” who needs to be notified in the event of a breach, and the timeframe for when notifications need to be delivered. New York State’s Department of Financial Services recently released requirements for companies doing business in that state that meet certain financial conditions. The Massachusetts Division of Banks issued a letter in September 2015 requiring in-scope organizations to conduct an internal assessment against the FFIEC Cyber Security Assessment Tool. More recently, the attorney general in California stated that failure to implement all of the CIS Critical Controls would constitute a lack of “reasonable security.” Organizations doing business in California that have not implemented those controls could be considered in violation of California cyber security law.

Align With a Known Framework

Managing the sea of security regulations can be a daunting task. Companies with a less mature security program often don’t know where to start. I recommend picking a standard security framework like the NIST CSF, COBIT, HITRUST, or CIS Critical Controls as a starting point. The majority of security best practices aren’t a secret and can be found within these frameworks.  Even if you don’t know which laws directly or indirectly apply to you, if you’re aligning with the controls outlined by these guides it’s likely you’re going to meet and exceed what’s called out in the majority of regulations that have been published to date, even if you don’t know that you’re subject to them. Using this approach, an auditor is likely to show some leniency for gaps since you’re at least making an effort to follow industry standards and protect your systems.

It’s the companies that don’t do anything at all and wait until a breach happens that get into the most trouble. It’s in those cases that vague security regulations can be interpreted much more harshly because the organization that was compromised is now under scrutiny. Regulators are more likely to dig into your security program (or potentially lack thereof). It’s in these instances that partners may invoke their right to audit security controls to ensure they’re not also liable from a compliance standpoint.

Get Help If You Need It

There are many legal firms and compliance consultants with expertise in information technology compliance. You can also leverage IT consultants and professional organizations to assist with bringing controls up to the level where they meet the intent of published regulations. The point is, you don’t necessarily have to go it alone. Even if you’re not a lawyer, you can also work with partners like Arraya Solutions who have that knowledge and understand how to meet regulatory requirements. Reach out to our Cyber Security Practice to start a dialogue today!

by

Heads up: VMware just announced its vSphere Data Protection (VDP) offering has reached end of availability (EOA). This means all vSphere versions coming after 6.5 will no longer feature the backup and recovery solution. Naturally, customers who count on vSphere Data Protection to defend their virtualized data are going to have a few concerns as it pertains to this decision.

Perhaps the first question many will ask is “Why?” Why kick start the beginning of the end for vSphere Data Protection? VMware’s reasoning includes responding to general industry trends toward consolidating backup solutions as well as an internal desire to focus more on enhancing vSphere Storage APIs around data protection. One thing it does not plan to do is introduce a new vSphere-native data protection solution as a replacement.

Once the why’s are out of the way, plenty of other questions are likely to bubble up, including, perhaps the most important of all: “What should I do now?”

What comes after vSphere Data Protection?

It’s worth noting that just because VDP has hit EOA, it won’t simply up and vanish. Instead, all existing deployments will continue to be available and maintained through their end of general support dates, provided they have active support and subscription agreements. Considering the clock is now officially ticking, it makes sense for IT to begin plotting a new course.

One such option is migrating to Dell EMC’s Avamar Virtual Edition. In a lot of ways, this is the most logical landing spot for businesses moving away from VDP. This is partly because VMware’s VDP is based on Avamar technology, ensuring a smooth transition between solutions. Another attractive feature? Dell EMC is currently offering free Avamar Virtual Edition migrations to all current vSphere customers.

With the basics covered, let’s dive in to some other possible questions:

  • “How does Dell EMC’s offer work, exactly?” Dell EMC is offering three years of free Avamar Virtual Edition licensing, covering up to the first 4TB of protected data, with the purchase of a support contract. Customers will also receive a free migration guide to help them through the process of moving backups, verification jobs, etc. over to Avamar. This offer is only good for a limited time, so it’s best start making plans sooner rather than later. Note: Any necessary maintenance fees will apply during this window.
  • “What happens if I have more than 4TB of data I want to protect?” Businesses whose data needs exceed the 4TB covered by the above offer aren’t out of luck. There are two options available that will allow them to extend the benefits of Avamar Virtual Edition across their entire data footprint. The first is to simply buy additional licenses to cover the overages. Or, businesses could purchase Dell EMC’s Data Protection Suite for VMware. This solution includes Avamar Virtual Edition, with additional features for greater protection capabilities, more narrow recovery point objectives and recovery time objectives, the ability to integrate with Dell EMC’s Data Domain and more.
  • “How is Avamar Virtual Edition different than vSphere Data Protection?” Businesses can rest assured that Avamar Virtual Edition provides all of the same features as their current VDP solution. Where it differs is that it offers greater scalability. This includes application-consistent recovery and data protection extensions for solutions such as vRealize and vCloud Director.
  • “What if I leverage vSphere Data Protection for other areas?” Some businesses may use VDP to cover other technologies, such as VMware’s vCenter Servers. Linux users can take advantage of a new feature built in to vSphere 6.5 which allows for backups and restores. Businesses using vSphere Data Protection to cover their vCenter Server for Windows will have additional incentive to move to Avamar Virtual Edition as this solution can effectively replace VDP in Windows vCenter Servers.

Let Arraya help you securely, efficiently upgrade

Still have questions regarding vSphere Data Protection’s EOA or the potential upgrade paths? Arraya’s Data Management Practice is ready to help. Our team can walk businesses through the available options, assist with selecting the right one, and help execute the transition quickly and efficiently. This ensures businesses don’t experience any potentially costly hiccups and that their data remains secure throughout the process.

Reach out to Arraya’s Data Management team today by visiting: https://www.arrayasolutions.com//contact-us/.

Leave us a comment on this post by way of our social media presence: LinkedIn, Twitter, and Facebook. While there, click the “Follow” button to stay in the loop with our newest blogs, industry insights, and exclusive special events.

by

Has the time come to put your business’s whiteboard out to pasture? These decidedly low-tech devices have maintained their place as a conference room centerpiece for a long time. However, in recent years, a number of challengers have appeared to test their dominance. Among the latest is Cisco’s Spark Board, a device that seeks to replicate the look and feel of a tablet or smartphone, only on a much larger scale and anchored securely to a wall instead of a user’s palm.

Cisco’s Spark Board is being billed as an all-in-one collaboration device. It’s the physical embodiment of Cisco’s Spark service, able to facilitate essential meeting elements such as digital white boarding, video conferencing, file-sharing, and more. Not only is it a physical presence in conference rooms, it’s powered by the cloud, giving it a flexibility that will be a perfect fit in today’s mobility-focused landscape.

The above should give you a pretty good idea of the advantages offered by Cisco’s Spark Board. However, let’s go more in depth as to how it’s managed to put whiteboards in conference rooms everywhere on notice.

Where the Spark Board gets the better of whiteboards

Cisco’s Spark Board offers:

  • Continuous workflows. Everything created using Spark Board is stored in a cloud-based, virtual Spark meeting room. This space is accessible via any device with the Spark app, allowing attendees to take an active role in meetings, whether they’re in the room or on the go. Also, say a meeting runs long and needs to be continued remotely. The Spark app allows Spark Board content to follow attendees, something unheard of with legacy whiteboards – unless power tools are involved.
  • A familiar user experience. The Spark Board delivers an experience smart device-savvy attendees should be very accustomed to at this point. White boarding can be done with either a Cisco Spark Pen or with the tip of a finger. The Spark Board even features a home button. The result is a device meeting hosts can begin extracting real value from with only a minimal learning curve required.
  • End-to-end data encryption. Businesses that sacrifice security in the name of convenience risk paying a heavy price. The Spark Board asks for no such concessions. Instead, it secures device connections using the Secure Real-Time Transport Protocol. Meanwhile, a variety of Advanced Encryption Standards are leveraged to provide end-to-end data encryption.
  • Wire-free connectivity. How many meetings have you been in where the first few moments were squandered as attendees or hosts attempted to sync essential devices? How many quests have been launched in search of the correct dongle or adapter for the job? While this isn’t a concern with legacy whiteboards, it also isn’t a concern with Spark Board, which connects wirelessly using the Spark app to all applicable devices, allowing meetings to start right on time.
  • High-quality audio and video. Sure, the Spark Board can’t transport remote attendees into an onsite conference room, however, it can do the next best thing. The Spark Board promises high-quality, 20-kHz audio coupled with equally high-quality video. The Spark Board comes with a built-in 4K camera and a high-resolution, 4K screen to match. The fixed lens camera covers an 86-degree field of vision, giving remote attendees a view almost as good as if they were there. Additionally, the camera is discrete so as not to inspire any awkwardness early on.

Bring the Spark Board to your conference rooms

Want to talk more about modernizing your conference rooms and your overall collaboration capabilities? Arraya’s Cisco Practice can answer all of your Spark Board and Spark questions and help you plan out a proper upgrade strategy. They can be reached by visiting: https://www.arrayasolutions.com//contact-us/

Also, you can leave us a comment on this blog post by way of our social media presence: Twitter, LinkedIn, and Facebook. While you’re there, be sure to follow us to stay updated on our latest blogs, industry insights, and exclusive events.