Arraya Insights

August 24, 2016 by Arraya Insights

A couple of dangerous truths are spotlighted in the Cisco 2016 Midyear Cybersecurity Report. The first is that many businesses are making cybercriminals’ jobs easy by sticking with
aging, sometimes poorly-maintained infrastructure. That leads to the second truth, which is cybercriminals don’t need the help. Their methods are paying off at record rates already and they have even more diabolical schemes in the works.

Luckily there’s plenty of time left in 2016 to start making changes that will make your business more secure this year and in the years ahead. Here are five places to concentrate on according to Cisco’s researchers.

Focal Point #1: Cybersecurity strategies are too slow, lack visibility

The average time between when a system is compromised and when the threat is detected (called time-to-detection, or TTD) currently sits between 100-200 days. That’s a fairly wide range, but either end of it is still far too long. Just think of the amount of damage an attacker could inflict if left unchecked for that length of time

One of the main ideas found in the Midyear Cybersecurity Report is that, while the current state of security may not be excellent, excellence is achievable. Consider Cisco, who’s been able to reduce their median TTD to a mere 13 hours.

What to do: In order to achieve a similarly idyllic end state, businesses must sunset legacy infrastructure components and security tools and embrace advanced solutions. These solutions must enable the speed and visibility current solutions lack, a fact which has kept that average TTD rate too high.

Focal Point #2: Ransomware set to get even nastier

Ransomware is nothing new, however, it is enjoying quite the moment in the sun. In the Midyear Cybersecurity Report, ransomware was dubbed “the most profitable malware type in history.” As a threat, it’s evolved past the point of being a costly nuisance to become an industry unto itself. According to Cisco’s estimates, ransomware attacks generate roughly $34 million annually.

And things may only get worse. The Midyear Cybersecurity Report contains a few predictions about what the future holds for ransomware – and it’s not pretty. This includes the ability to self-propagate, putting all corners of business networks, regardless of connectivity status, at risk. Future strains of ransomware could also alternate tactics to increase efficiency while also actively avoiding detection.

What to do: Businesses must prepare not only for the highly-effective strains of ransomware circulating today, but for what’s next. In addition to having a modernized IT environment, it’s also essential to secure an organization-wide commitment to proper cybersecurity hygiene. When best practices are known and followed, it severely limits what ransomware can do.

Focal Point #3: Vendors are getting better with patches, others are not

Vendors have significantly reduced the gap between when a vulnerability is exposed and when a patch becomes available. In fact, in some cases this gap is nonexistent.

As good as vendors have gotten at producing and releasing patches, end users have not followed suit when it comes to applying them. One example covered in the Midyear Cybersecurity Report concerns Microsoft Office 2013 deployments. Cisco’s analysis turned up three major versions of Office running concurrently:

Version 15.0.4420 (20% adoption)
Version 15.0.4454 (28% adoption)
Version 14.0.4762 (52% adoption)

What to do: Microsoft’s applications were far from the only solution organizations were failing to consistently upgrade. These trends must not continue or businesses will be left exposed. In the case of Office – short of switching to the always-up-to-date, cloud-based Office 365 – businesses may want to engage a Managed Services partner who can shoulder some of the load carried by IT teams, freeing them to monitor and implement upgrades and patches.

Focal Point #4: Finance is firmly in the crosshairs of cybercriminals

Finance is a favorite target for cybercriminals looking for a way in to an organization’s network. The folks handling bills and invoices are being heavily targeted by social engineering schemes designed to get them to click on malicious links or attachments.

For proof, here are the most frequent keywords appearing in spam messages uncovered by Cisco’s researchers:

Invoice, Payment
Purchase Order
Invoice, Payment, Shipping Confirmation
Payment, Transfer, Order, Shipping
Quote Request, Product Order

What to do: With so many scams directed at one department, it makes it easy to streamline end user training/awareness exercises. That’s not to say other areas are immune. However, efforts must be made to guarantee Finance staffers have the knowledge they need to spot, react to, and report suspicious activity.

Focal Point #5: Attackers excel at hiding behind HTTPS

HTTPS encryption provides a sense of security – but it may prove to be false. Between Sept. 2015 and March 2016, Cisco’s researchers recorded a five-fold increase in HTTPS traffic tied in to malicious activity. This intensive effort by attackers to use HTTPS to cover their tracks contributed to organizations’ struggles with TTD.

Further mucking the waters are cryptocurrency, Transport Layer Security, and Tor. These utilities allow threat actors to communicate and collect their ill-gotten profits anonymously.

What to do: In this situation, it helps to know what not to do. That little lock icon next to URLs may convey an air of safety, but it must not be fully trusted. Instead, end users must consistently practice smart web browsing and never let their guards down.

Let us be your partner for a more cyber-secure future

The time to start planning for the cybersecurity landscape of 2017 and beyond is now. Arraya Solutions is committed to providing the solutions and support organizations of all sizes, across all industries, need to secure their data regardless of whether it lives on prem or in the cloud.

To start a conversation with our team of security experts, reach out to us at http://www.arrayasolutions.com/contact-us/. Or, contact us through our social media presence: Twitter, LinkedIn, and Facebook.

August 22, 2016 by Arraya Insights

Remember that fictitious business project we started a few weeks ago? Happily, it’s going through the project management phases with ease. So far, our Project Manager (PM) has helped us complete the Initiation phase, where the groundwork for success was set by establishing stakeholders, lines of communication, and more. Next, we stormed through the Plan & Design phase, during which goals were established, resources were selected, and everything was boiled down into an actionable project plan.

That brings us to the third phase of the project management lifecycle: Implementation. Luckily for our Project Manager, this is the part where she gets to kick back and relax while everyone else does the work. After all, the foundation is done, the project plan is set – what else is there to do but wait for the wrap-up call, right?

Not so fast. If we want that fictitious business project to come in on time, on scope, and on budget, our Project Manager still has quite a lot of heavy lifting to do.

Keeping project teams on the same page

We spoke with several members of Arraya’s Project Management Office (PMO) to find out more about their role during the Implementation phase and how they help lead projects to the finish line.

Executing project strategies – During Implementation, the PM essentially steps into the shoes of an orchestra conductor. Everyone involved in the project knows what part they must play and they’re an expert in that position. However, someone with a big picture view is needed to keeping everyone pulling together. That’s where the PM comes in. PMs coordinate the tactical movements of the various pieces, steering everyone around possible obstacles, such as business politics, supply delays, technical/mechanical issues, etc.
Communicating progress – No one likes being kept in the dark. This is especially true of organizations who have undertaken a project, regardless of size. They want to know where things stand, and they want to know how that aligns with the project plan. It’s up to the PM to ensure customers have timely access to that information. This is true when the news is good and it’s true when the news is bad.
Managing schedules – Whether the project involves two people or twenty-two people, the potential exists for scheduling conflicts. PMs must monitor the schedules of resources involved to guarantee availability as the project progresses. Beyond that, there’s also the project plan itself to consider. If this schedule does not accurately reflect the tasks and time needed to complete the project, the team will run into difficulties. PMs must account for any delays – and adjust the project plan to accommodate them.

Mini case study: Repairing communication breakdowns

Organizations of all sorts love talking about the “lines of communication.” As we’ve already mentioned, in projects, PMs are the ones hanging those lines. Once they’ve been established, PMs also must maintain them. If something isn’t working, PMs must be ready to fix it.

One of our PMs encountered a situation like this during the Implementation phase of a recent project. After sending a few status updates, she detected the customer was struggling to follow along with the project plan. As soon as she noticed the issue, the PM took action.

She worked with the customer to determine exactly what they needed from her in the way of communication and adjusted her technique. By staying in tune with the customer, this PM spotted the confusion early. Then, she engaged with the customer and made the changes needed to clear things up for them.

Arraya’s PMO has spent decades leading business projects to successful conclusions. Find out what they can do for you by visiting www.arrayasolutions.com/contact-us/.

Our team can also be reached on social media: Twitter, LinkedIn, and Facebook.

August 18, 2016 by Arraya Insights

A move to Microsoft’s Office 365 is supposed to make IT’s workload easier to manage – and that’s usually exactly what it does. However, there was one inefficiency the cloud solution was previously unable to correct. As soon as Microsoft released a pair of new features in Azure AD Connect that seemed to address this, members of Arraya’s Microsoft Collaboration team headed for our demo lab to try it out.

The Problem

During a company’s termination process, IT may attempt to move an email account from a terminated employee and temporarily assign it to his or her manager. The issue was that an SMTP address could only exist in one account at a time. So, if IT made that full switch on premises and then attempted to sync to the cloud, it would unleash a chain of error messages when DirSync was launched. The change wouldn’t take and IT would be stuck.

In order to properly execute this, IT had to first remove the SMTP address from the terminated user’s account and launch DirSync to remove that address from the employee’s account in Office 365. Only after the sync was completed could IT add that SMTP address to the appropriate manager or supervisor as a secondary address. A second DirSync would need to be executed to reflect this change in the business’ Office 365 deployment.

These two syncs couldn’t be performed concurrently. This left IT with two choices:

1) Move on to other tasks during the process and risk leaving the task unfinished should some type of fire pop up.

2) Stick to the task at hand, which could mean two or more hours where a staffer left other duties and projects unattended to wait while the necessary syncs were performed.

Besides that, many of the IT staffers tasked with maintaining employee accounts lacked the credentials to execute a DirSync. Before these staffers could complete their assignment, permissions would need to be altered to allow them to do something that should be fairly routine. Giving more employees access to DirSync is itself a hazard as DirSync mistakes can have major consequences.

The Experiment

While reading up on some of the new features contained within Azure AD Connect, one member of Arraya’s Microsoft Collaboration team noticed something very interesting: two features that work together by quarantining an attribute if it is a duplicate of an existing attribute, instead of simply failing the entire process. The features are called DuplicateProxyAddressResiliency and DuplicateUPNResiliency. He passed word along to the rest of the team and soon he and another team member were hard at work in Arraya’s demo environment to see if this feature would solve IT’s account management headaches described above.

To start, they set up a couple of test accounts in our demo lab. These would play the role of manager and terminated employee, respectively.

Next, our demo lab’s Azure AD Connect was upgraded to the latest version. By doing this, it ensured Azure AD Connects resiliency features would come into play. With these features at their disposal, our team would be able to accurately judge whether or not these features would be the solution they predicted.

From there, the pair moved the SMTP address from the test employee account to the test manager account. Then they performed the necessary syncs. Once the move and the syncs had been completed, our Microsoft Collaboration team members analyzed the results.

The Findings

The new Azure AD Connect features did make a huge difference in account management. With the quarantine feature in place, the cumbersome, time-consuming old process was no more. Instead of nearly three hours, this process had been slashed to an average of 30 minutes total.

Under the new method, IT was able to remove an address from one account and add it to another, all on prem. Then, it came time to launch DirSync. Two syncs were still necessary to achieve the desired result. This first time through, DirSync would delete the address from the original account. A second DirSync would add it to the new account. Unlike the old arrangement, this could be executed error-free.

An added bonus of the new feature is that it also eliminates the need to reassign DirSync permissions to the folks handling maintenance. The next time DirSync is launched, it automatically recognizes the necessary movements and sorts them out itself. Once again, it does this without triggering a string of error messages.

Have a Microsoft Collaboration question of your own? Reach out to our team at mssales@arrayasolutions.com. Or get a hold of us on social media: Twitter, LinkedIn, and Facebook.

August 16, 2016 by Arraya Insights

Static, stationary, inactive – it’s doubtful any of these terms describe your organization’s vSphere deployment. In actuality, hosts and virtual machines are always on the move, with some changes occurring as often as daily. The ripple effects of these movements can be felt across IT environments and organizations as a whole and can make it tough to keep vSphere running at an optimal level.

Businesses looking to maximize their vSphere investment would be well-served to schedule a vSphere Health Check with the Arraya Solutions’ Virtualization team today. These assessments analyze existing vSphere deployments and compare the findings against VMware’s own best practices. This information can give companies clear, actionable insights into the strengths and weaknesses of their environment and what steps to take next.

What does a vSphere Health Check look like?

A vSphere Health Check is, at most, a three-day engagement. Only one of those days requires a member of Arraya’s Virtualization team on site, while the other two days are conducted remotely.

The first day is onsite and it’s geared towards information-gathering. The Arraya staffer will talk with the customer to learn more about their goals with their vSphere deployment, as well as any concerns they have or issues they’ve noticed. These conversations will help steer the rest of the Health Check. While onsite, the Arraya staffer can perform an inspection of the customer’s physical data center. Following that, he or she will run a utility to analyze the customer’s virtual environment. The data uncovered by this tool will be translated into a full report.

Day 2 takes place off-site. The Arraya team member conducting the vSphere Health Check will review the report generated by the utility and use the knowledge of the customer’s environment gathered during Day 1 to validate and organize it. Results pertaining to any issues the customer identified as top priorities can be highlighted in the report. If any possible false alarms are sounded, the Arraya employee can investigate and – if appropriate – indicate them as such in the final version.

Day 3 is once again offsite and it involves a conference call between Arraya and the customer. Our team will walk the customer through the final version of the report. If any issues are uncovered that require follow-up conversations, those can be planned for as well.

How to prepare for a Health Check

Preparing for a vSphere Health Check is easy enough. The only real technical requirement – outside of having vSphere – is ensuring Arraya’s staffer has access to the vSphere environment.

Before the Health Check, a customer’s IT team and stakeholders should spend a little time discussing their environment and what they want to get out of the Health Check. This isn’t mandatory and it’s possible to perform a broad scale Health Check. However, the benefits of Health Checks tend to be amplified when the Check includes at least some amount of customer direction.

What happens next?

Once the Health Check ends, the customer will get to keep the final version of the report. This allows their team to go back through it on their own, discuss it even more in depth, and save it for their records.

Within the report, suggested action items are graded on the following scale:

P1: Red – Item requires immediate attention
P2: Orange – Item is of potential concern and may need additional investigation
P3: Yellow – Item doesn’t adhere to accepted VMware best practices, yet doesn’t present a high risk
OK: Green – Item meets VMware best practices
N/A: Gray – This item doesn’t apply to the customer’s environment

Of course, the Arraya Virtualization team will be ready to assist in any way necessary following the Health Check. Our team can make recommendations on performing the upgrades or fixes called out by the Health Check. We can also work directly with the customer to execute the upgrades and new deployments.

Schedule your vSphere Health Check today

Considering the fluctuations common to most vSphere deployments, regular Health Checks are a must to keep them running at the highest level. Interested in seeing what you might learn about your business’ virtual environment? Visit us at http://www.arrayasolutions.com/contact-us/ to schedule your Health Check or to connect with a member of our Virtualization team about another topic.

Arraya can also be reached through our social media presence: Twitter, LinkedIn, and Facebook.

August 11, 2016 by Arraya Insights

Modern cybersecurity is often referred to as an arms race. In one corner are the organizations seeking to keep their data safe in their data center or in the cloud. In the other are the cybercriminals and hackers who look at that data and see dollar signs. Just like with any race, this one can’t be won by standing still – yet some businesses seem to be doing exactly that.

While reading through Cisco’s Midyear Cybersecurity Report, I was struck by its findings on the continuing struggle to adhere to the basic principles of IT security. For instance, there are few things more fundamental than patching. Yet according to Cisco’s report, there’s a significant gap between when patches are released and when they’re actually implemented. That’s if they’re implemented at all.

In case you haven’t checked out the report, it includes a section where Cisco analyzes a large sample of core infrastructure devices, such as routers and switches. On average, each of these Internet-connected devices contains 28 known vulnerabilities. That’s troubling on its own, but it gets worse when you explore how long some of those vulnerabilities have been out in the open:

More than 23% of the devices in the study were running vulnerabilities first identified in 2011.
16% of the devices had vulnerabilities dating back to 2009.
Finally, and even more amazing, close to 1-in-10 had vulnerabilities over a decade old.

That’s a long time to allow vulnerabilities to go unaddressed. It’s tempting to put off patches or infrastructure upgrades, especially as seemingly more pressing projects surface. Continually doing so – especially to the extent Cisco uncovered – only serves to make life easier for those on the outside of a business’ network looking to break in.

Bouncing back from cybersecurity incidents

Arraya recently conducted a security study of our own which we believe dovetails nicely with Cisco’s Midyear Cybersecurity Report. The findings of our study will soon be available in a whitepaper that we call the 2016 Cybersecurity Tactics Snapshot. The objective of this report – which was compiled using input provided by attendees of this summer’s Arraya Tech Summit – was to look into what leading organizations in the Mid-Atlantic region are doing to protect their data. By sharing it, we hope other companies will discover new approaches to IT security and adjust their strategies.

Among the trends highlighted in our report, one of the most compelling involves organizations who’ve suffered a security incident in the past 12 months. Of the businesses who endured a breach, 62% said they currently review their security policies at least semiannually. Of that same group of companies, 46% review cybersecurity best practices with end users at least twice a year.

What about companies who haven’t been breached? In terms of those organizations, 38% review their cybersecurity policies and processes at least twice a year. Meanwhile, 31% of these companies say they never review best practices with end users.

To me, that is a clear indication of the post-data breach mindset. Organizations who’ve gone through an incident aren’t interested in standing still. Instead, they’re eager to invest whatever time and effort they feel is needed to avoid becoming a repeat victim of cybercrime. This includes assessing their environment and ensuring end users, typically a favorite target of cyber crooks, have the updated tools and training to defend themselves.

True security needs the right tools and support

Cybersecurity, as a discipline, is constantly in motion. It’s a never-ending series of adjustments between those on the security side and those looking to bypass them. It’s the aforementioned IT arms race. From the perspective of businesses, they can’t afford to stop adapting or attempt to stand pat with what worked before. It’s doubtful those on the other side have any plans to stand still either.

Having an environment stocked with the latest security tools goes a long way towards keeping data safe. Every modern cybersecurity strategy must also address the “little” things like routine patching, regular process reviews, and end user training. Putting these obligations off only serves to chip away at an organization’s security foundation. The accompanying refrains of “I’ll get to it tomorrow” or “I would have done it but…” are music to the ears of cybercriminals.

August 8, 2016 by Arraya Insights

Imagine this scenario: With the help of a project manager, you’ve completed the first phase of a business project. Together you’ve determined who has stake in the project, initiated a dialogue, and outlined the scope of the project. What takes place during the second phase, Plan and Design, is equally important. A successful plan and design helps direct the focus of the project team and make the remaining phases easier. Short change this step, however, and you’ll find yourself struggling to meet expectations.

Design a winning project

Arraya has long been a proponent of the value Project Managers (PMs) bring to engagements of every kind. We spoke with a member of our Project Management Office (PMO) about what goes into the Plan and Design phase, difficulties encountered, and how they can be overcome.

In terms of steps, those he felt best represent the work done by PMOs during this phase are:

Setting project goals/baselines – High-level conversations about project motivations take place during phase one of a project. During the Plan and Design phase, PMs collect feedback from participants on targets they want met and steps they want taken. This ensures participants’ needs and desires are accurately reflected in the finished project.
Identifying/qualifying resources – Once the PM understands the work that needs to be done, he or she must compile a project team with the right skill set and bandwidth to accomplish it. Another part of this involves reconciling stakeholder expectations for a project with the expertise and experience of those delivering it. During these back-and-forth exchanges, PMs can spot sticking points or overreaches.
Creating an actionable project plan – After a project’s scope has been refined, the PM is tasked with translating it into a workable project plan. This living document includes task lists, task owners, key dates, and progress reports. The project plan allows PMs to monitor movement and make/track any necessary adjustments throughout the duration of a project.

Mini case study: Is ‘enough’ really enough?

“I’ve got enough to get started.” Those words are the equivalent of “It was a dark and stormy night” to Project Managers. A member of Arraya’s PMO heard this phrase while working on an intranet web portal project. Even though a key business stakeholder had yet to be consulted, one party felt they had enough details to begin the project. That sent up a barrage of red flags for our PM. He knew a complete, approved list of requirements must be a prerequisite.

He diligently worked to convince the first party that an additional design meeting with all stakeholders was needed before work began on the project. Eventually, he managed to do so and, lo and behold, the design changed. Just as he’d expected, there hadn’t been enough info to go on.

This PM’s persistence, and his ability to recognize critical path deliverables, prevented the delays and rework that would have arisen once the portal wasn’t up to the stakeholder’s expectations. Despite the initial push to get started, everyone agreed the additional meeting had been a lifesaver once it had been completed.

Arraya’s PMO has decades of experience supporting business projects of all types for all industries. To open up a dialogue about how it can help your business reach its goals, tech and otherwise, visit: www.arrayasolutions.com/contact-us/.

Arraya can also be reached on social media: Twitter, LinkedIn, and Facebook.

August 4, 2016 by Arraya Insights

SharePoint’s purpose has always been to make it easier for people to access files and collaborate. However, we’ve seen many SharePoint sites that, while accessible, are far from easy.

Too often SharePoint sites are being overwhelmed by folders. It makes sense as people are used to organizing documents via a folder structure. Familiar or not, this habit can make searching SharePoint for a particular file much harder than it needs to be.

Instead of going through layer after layer of folders, SharePoint users have a better, more effective option: metadata, which can be defined as “data about data.” It doesn’t take a web developer to incorporate metadata and doing so can make SharePoint sites more searchable and collaboration more efficient.

Making the case for SharePoint metadata

Let’s dive in deep to the benefits of metadata:

Freedom from folders. Metadata allows organizations to forget the folders and subfolders and sub-subfolders should they so choose. Information often conveyed through folder names can be organized into metadata columns. These columns are sortable and filterable. They can be displayed in any view and can identify things like document type, date created, document status (draft, final version), etc. To add a metadata column, simply:
- Click on “Create Column” in Library Settings.
- Give the column a name, such as “Document Type,” select “Choice” as the column type, then add each choice on a separate line in the box.
- Tip: Alphabetize the choices, it makes it easier for the users to find the correct choice.

Ensure consistent usage. The benefits of metadata will be limited without everyone sticking to the conventions an organization has laid out. Organizations can ensure users are including all desired metadata by making it mandatory. The following steps make it so a file can’t be saved unless a specific metadata column is filled out:
- Navigate to the Library Settings.
- Select the column by clicking on the column name and you can make the column mandatory by selecting the Yes radio button under “Require that this column contains information”

Easy to hit the ground running. The good news for time-strapped users is SharePoint makes it easy to get going with metadata. For example, if multiple files fall under the “Marketing Materials” document type, it’s possible to enter that info once. After a column has been added and the choices for that column configured, switch to the Quick Edit view, (also known as the Datasheet view). This view brings up a grid that looks similar to an Excel spreadsheet. When you click in one of the cells, you will see that the cell gets highlighted with a border. Click and hold on the tiny square at the bottom right corner of the box and drag the box down through all applicable rows. The values from the box get copied down to all the cells you’ve highlighted (just like in Excel). This saves time, especially when adding multiple documents of the same type or during the early stages of a SharePoint reorganization.

Amp up SharePoint searches. SharePoint searches already had an advantage over other options (such as File Explorer) in that they scan the entire text of a document, not just the title. This already robust option is amplified by the use of metadata. SharePoint considers this info in searches to provide users with better and more accurate results.

Metadata: Time-saver or time drain?

One of the common counterarguments to metadata use is “I don’t have time for that!” Some users see filling in those extra columns when uploading a document to SharePoint as a time drain. In actuality, the opposite is true. Metadata seeks to eliminate the tedious process of digging through multiple levels of folders.

Want to learn more about how to optimize your organization’s SharePoint site? Have questions about how to become a more efficient SharePoint user? Our Microsoft team can be reached at: http://www.arrayasolutions.com/contact-us/.

Or reach out to Arraya Solutions on social media: Twitter, LinkedIn, and Facebook.

August 3, 2016 by Arraya Insights

Routine backups are an excellent way to minimize the impact of ransomware or malware infections – unless the backups themselves are comprised. As their techniques advance, cyber criminals are better able to probe more deeply into the networks they invade, putting backups at greater risk. Should they manage to cut that cybersecurity safety net, organizations who thought they were prepared could end up at the mercy of the enemy.

Even advanced examples of ransomware and malware can’t exploit something they can’t see. That’s the idea behind EMC’s Isolated Recovery Solution. Picture this technology like a bank vault for IT in that it secures copies of an organization’s most precious data under lock and key. However, unlike a bank vault, it’s not always connected to the rest of the bank. This way, if criminals stage a break-in, their access – and the damage they can do – will be limited.

5 must-know things about EMC’s Isolated Recovery Solution

We sat down with Arraya’s Data Management Practice to find out more about EMC’s Isolated Recovery Solution and its role in malware defense.

Q: How can I be sure my data is secure?

A: The Isolated Recovery Solution creates a hardened depository for data deemed critical to ensuring operational continuity. This cache contains no permanently active network links. Instead, it connects to the rest of the network only for brief periods to sync up with the latest versions of files. This “air gap” ensures a version of mission-critical files remains untouched during an attack. In the event of a recovery situation, the depository can be reconnected to the network in minutes, allowing normal business operations to quickly resume.

Q: What if the Isolated Recovery Solution syncs with a malware-infected file?

A: This solution maintains multiple restore points and should include integrity checks on incoming copies of data. If the Isolated Recovery Solution detects any issues, an alert will be triggered to disregard the latest version and lock down the system. This ensures the data it manages stays uncorrupted.

Q: Will the Isolated Recovery Solution make it harder to manage my security environment?

A: No, this solution won’t significantly add to the management complexity of a business’ IT security environment. Once deployed, EMC’s Isolated Recovery Solution can be set to automatically pull in the latest version of data at regular intervals and test the integrity of that version. While the solution handles backups and data protection, IT staff will be free to focus on other responsibilities.

Q: How will I know if the Isolated Recovery Solution is right for my business?

A: Businesses contemplating EMC’s Isolated Recovery Solution will first want to perform an internal assessment of their existing IT environment. The primary objective of this assessment should be to identify the applications, processes, etc. the business would be least able to go without. In addition, those leading the assessment should gauge whether their business has the infrastructure in place to support the solution, and if not, what changes they will need to make.

Q: Does the Isolated Recovery Solution work exclusively with EMC storage solutions?

A: No, the Isolated Recovery Solution works across multiple storage platforms. Configuration of the solution is dependent upon the infrastructure that supports the data/processes/etc. the organization wants to protect. For systems or data residing on EMC and non-EMC storage, businesses can leverage technologies including Data Domain and/or RecoverPoint in order to enable the Isolated Recovery Solution.

A helping hand in the cybersecurity effort

Security concerns, malware and ransomware aren’t going anywhere. The latter especially is simply too good of a business model for cyber criminals to abandon. That fact, combined with recent predictions about the next generation of ransomware, seem to plainly indicate cybersecurity pros’ efforts in this sphere are only going to become more time-consuming in the coming years.

Want to learn more about EMC’s Isolated Recovery Solution or any of the backup and recovery solutions supported by Arraya’s team of data management experts? Visit us at www.arrayasolutions.com/contact-us/ to start a conversation today.

Arraya can also be reached via social media: Twitter, LinkedIn, and Facebook.

July 28, 2016 by Arraya Insights

With tech upgrades, there’s no such thing as too much information. More information allows IT leaders to better assess whether a solution meets their needs – in terms of technology, the business, and the budget.

More information, better decisions is the guiding principle behind the trio of free VMware assessments Arraya Solutions offers. These assessments are meant to better familiarize customers with a solution, help them build a business case for that solution, and uncover truths about their own environments along the way.

Here’s an idea of what you can expect from each of these assessments:

vSphere Optimization Assessment

Who Should Be Interested?

The vSphere Optimization Assessment is for vSphere-powered IT environments that haven’t yet been equipped with vRealize Operations Manager.

What Does It Involve?

This assessment involves installing a free 60 day trial version of vRealize Operations Manager in the participant’s IT environment. Once this is installed, the assessment will run for up to 30 days, depending on the customer’s goals and the number of virtual machines it supports.

In addition, Arraya’s VMware team will provide an introductory tour of the features unique to vRealize Operations Manager and help participants digest the wealth of information it generates.

What Can It Tell You?

Over the course of the assessment, vRealize Operations Manager generates regular, customized, and actionable reports on capacity, performance, and configuration, highlighting misconfigured VMs, throughput logjams, and over-worked (or under-worked) VMs.
The assessment can collect data concerning only configuration issues, it can monitor configuration and performance, or it can cover all three.
- Should a participant only require configuration or configuration and performance monitoring, the assessment could be over in as little as a day, depending on the size of the virtual environment. This data is collected early and doesn’t change over time.
- The same can’t be said for capacity. The longer vRealize Operations Manager runs in the environment, the more it will learn about an organization’s usage patterns, resulting in more accurate analysis and forecasts. For larger virtual environments looking to explore configuration, performance, and capacity, the assessment will be closer to that 30-day timeframe.

VSAN Assessment

Who Should Be Interested?

The VSAN Assessment will be of particular interest to vSphere-enabled organizations looking to refresh or add storage and who are considering a software-defined storage platform like VMware’s Virtual SAN or VSAN-based Hyper-Converged appliances, such as VCE VxRail.

What Does It Involve?

During this assessment, a virtual appliance will be deposited into the organization’s existing vSphere environment by the Arraya VMware team. Over the next seven days, this appliance will analyze the I/O trends found within that storage environment.

Considering today’s security and privacy conscious world, it’s worth noting the appliance takes a hands-off approach to sensitive data. Organizations of all industries – even those which are heavily-regulated – can take part in this assessment without exposing themselves to compliance risks.

What Can It Tell You?

The assessment grades VMs on their VSAN readiness. Higher scores make for better VSAN candidates.
These grades can help determine if a VM handles enough intensive workloads to require all-flash VSAN, or if it would be better served with a hybrid configuration.
The VSAN Assessment also suggests hardware upgrades needed to support the recommended changes to virtual environments.
This assessment can also make the business case for the upgrade for you. It breaks down the CAPEX and OPEX metrics associated with the change – including total cost of ownership (TCO) and key savings.

vCloud Suite Assessment

Who Should Be Interested?

The vCloud Suite Assessment would benefit organizations whose IT environments are predominantly or entirely virtualized and who are considering a move to the full VMware software-defined data center suite.

What Does It Involve?

Again, the Arraya team will install a virtual appliance in the customer’s environment. After it’s deployed, this device will monitor resource use in the environment. How long the assessment runs depends on whether or not vRealize Operations Manager was running in the customer’s environment prior to kickoff.

If it was running, but had done so for less than seven days, the assessment will last until seven days of data have been collected.
If it was running for longer than seven days, the assessment may take a little as 24 hours to complete.
If it wasn’t running prior to the assessment, a trial version will be installed and will then have to run a minimum of seven days in order to compile enough data to capture a picture of the environment.

What Can It Tell You?

The vCloud Suite Assessment can give organizations greater insight into the performance of highly-virtualized environments.
The topography of the virtualized environment will come into focus as well, including the location of non-functioning VMs, over-provisioned VMs, and under-provisioned VMs
Just as is the case with the VSAN Assessment, the vCoud Assessment can provide valuable business data, including CAPEX and OPEX metrics and TCO.

Special Offer: Valuable business insights at your fingertips

Our VMware team will work with you to ensure your organization gets the most out of each of these free assessments. Click HERE to schedule your assessment now or to simply learn more about them.

You can also reach the members of the Arraya team via our social media presence: Twitter, LinkedIn, and Facebook.

July 27, 2016 by Arraya Insights

Companies seem to be at one of several stages when it comes to the cloud. There are thought leaders that have embraced it and are in the process of transforming their business. The largest group by far are those just ramping up their cloud strategies and starting to dip their toes in. The last group are traditional companies that flat out refuse to use the cloud for anything.

When we question the reason behind the “no cloud” stance, it always comes out that upper management has handed down an edict stating so. The reason will vary, but typically it involves the sensitivity of data. No matter the cost savings or innovation or competitive advantage the cloud may bear, no cloud will be used at said company.

The interesting thing is that I can almost guarantee these “no cloud” companies are using cloud-based services without a second thought and no, I am not talking about shadow IT. I would go further to say these companies have been doing it for years. In fact, regardless of where you are on your cloud journey, if your company believes employees are your greatest asset, you’ve likely been hosting your most sensitive data in the cloud for years.

While the modern cloud was born out of IT, or at least developers needing scalability quickly, hosting sensitive data offsite was born from the needs of Human Resources. Let’s flash back 20+ years.

When I was in high school, I worked at a power plant during the summer. I had to fill in a timesheet on paper. From there, the accountant would enter my time into a payroll server that resided in a closet somewhere. Back then, the compiled timesheet information would be printed and mailed off to a payroll company for processing. Soon after, a modem was hanging off of the server to dial in and transmit the data. As the web became more prevalent, the on-premises software would connect over a secure SSL connection. Today, that software runs offsite and I can just login to it to see my paycheck – completely paperless. That is the cloud, only no one calls it that.

Payroll services isn’t the only example of how Human Resources innovated the cloud without people realizing it. Remember pensions – those stalwart retirement plans, which still exist out there? Companies would host pension data locally until a qualified actuarial service came along with a mainframe. When 401(k)s came out, it was over. Companies could no longer keep up with the math of complex markets and the whole retirement system became outsourced. Retirement systems today are completely sold as a cloud commodity service and have been for years.

Lastly, consider employee benefits. This is a service that has virtually never been hosted on-premises. Your company has likely been outsourcing its employee benefits to an insurance provider for decades with your personal information going completely off-site. Today, we readily give those companies access to our most personal data without hesitating. Even the massive hack of Anthem Insurance didn’t have us questioning this service. It simply doesn’t work any other way.

When I go out and talk to customers about the cloud, the audience is usually IT-based. As it turns out, Human Resources has been the true cloud innovators. Outsourcing these services and those cumbersome processes gave birth to the cloud-based services nearly every company now relies on. The innovation was so incremental that we don’t even consider the risks of having our payroll, banking, and employee information hosted as a service. If you haven’t considered these Human Resource services as cloud-based, you should.

Today, more than ever, IT has a responsibility to keep their company’s sensitive data safe. Through solutions like Microsoft’s Enterprise Mobility + Security solution, you can help secure the authentication level to these platforms easily and reign in control. For example, who disables administrator access when a Human Resource employee leaves your company?

Once you start securing the cloud-based services that you almost certainly have, it might be time to start developing a cloud strategy. After all, if you aren’t figuring out the cloud, your competitors almost certainly are.

For more information on what Microsoft is doing to help protect customers’ data in the cloud, check out our high level overview and contact us to learn more!