Arraya Insights

by

The way a business invests in their technology will determine whether they remain competitive within their industry. Our world is rapidly changing. From the way employees report to work to the way businesses interact with their customers, flexibility for the future is a necessity.

Businesses looking to stay ahead are taking advantage of the digital transformation process and migrating to the cloud. However, what good is migrating to the cloud if you’re not able to take full advantage of its benefits? The next step, application modernization, is where the true advantages lie.

We’ve touted the numerous benefits of application modernization many times, but there’s no doubt that this transformation saves businesses time, money, and provides them with the flexibility they’ll need in the future.

For those looking to begin the application modernization process, this blog will outline how to assemble the right team and what to expect throughout each stage.

How to Get Started: Acquiring the Right Skillsets

As with most projects, the initial stages of the application modernization process are critical to set up the following phases for success.

Before getting started, all necessary skillsets must be on board to ensure your team is prepared for every stage.

This team should include a:

  • Executive Sponsor: Evangelizes the project, identifies business objectives, and sets the timeline and budget
  • Business Analyst: Documents use cases and business requirements, creates UAT scripts, and creates As-build documentation
  • Business Subject Matter Expert (SME): Acts as representative of the business unit and provides insights into use cases and business processes
  • DevOps Engineer: Builds IaC automations and DevOps pipelines and deploys new code
  • Data Engineer: Analyzes requirements for application data, recommends future-state for data, and executes on data plan
  • Software Developer/Tester: Updates and writes code based on project plan and requirements, provides testing/peer review of new code, and manages sprint pipeline tasks
  • Security & Compliance Engineer: Informs architectural and infrastructure decisions based on security requirements and performs audits on any secure coding requirements
  • Project Management: Creates project plan and timeline, manages communication methods, and facilitates deployment schedules

With a complete team in place, your business will ensure that each stage of the application modernization process is addressed and handled appropriately.

Step-by-Step: The Application Modernization Process

Every step of the application modernization process provides crucial information that will help your business select the right migration path for each individual app.

As always, preparation is key. Putting the work into the early stages of this process will ensure this project is successful and your application’s lifetime will be extended well into the future.

  1. Evaluate

We consider this step to be the most critical and the easiest to get started on. In this stage, the Business Analyst will complete a migration readiness assessment and begin to focus on the application migration process, which will include:

  • Defining the business case
  • Planning the migration to establish who will be involved, what resources are needed, and how the migration will be completed
  • Completing a skills assessment
  • Evaluating the application’s landing zone
  • Identifying the application scope, such as dependency mapping, performance analysis, data discovery, and maintenance 
  • Addressing security & compliance within the anticipated landing zone

2. Plan

In this next step, the Business Analyst will assess the future requirement of each application and create a strategic path forward.

3. Design

In the third phase, the Solution Architect will determine how the migration will take place, depending on the specific app. There are various ways in which this process can be mapped out.

The app may be:

  • Rehosted (Lift & Shift)
  • Replatformed (Lift & Reshape)
  • Repurchased (Drop & Shop)
  • Refactored (Rearchitect)
  • Retained
  • Retired

This process should assess the future requirement of each application before creating a strategic path forward.

4. Pilot

Once the migration path has been mapped out, the pilot phase will test out the existing plan in a phased approach:

  • Define your success criteria with set objectives and build requirements documentation
  • Document business processes, create use cases based on business processes, and build a team of test users
  • Conduct agile sprints for quick release of functionality
  • Deploy the app and release code into production
  • Allow users to execute testing scripts, evaluate their function, and provide feedback

5. Deploy

Once the application has been deployed and is live, it’s time to remediate issues from the pilot’s deployment, identify a new scope of users and use cases, and perform UAT for those new use cases using automated pipelines.

Finally, the team will complete any fixes related to bugs marked in the backlog and use auto-deploy scripts to push out changes.

6. Normalize

Once the application has been fully deployed, there will always be the need for continual process improvements and problem resolution.

7. Maintain

Throughout the application’s lifespan, consistent monitoring will ensure that any incidents are reported and resolved quickly, and service levels remain high. This maintenance process will involve:

  • Using integrated monitoring tools, logs, and telemetry to identify any issues
  • Leveraging backlogs and branch management to identify root causes of any user issues
  • Updating support documentation with information from bugs and backlogs
  • Updating IaC scripts as necessary to account for unintentional changes to service performance

Most commonly, these projects fail due to lack of defined requirements and poor communication. Setting appropriate objectives and defining your strategy at the start of the project will ensure your business can appropriately track the modernization progress and perform troubleshooting for any bumps along the way.

Next Steps: Plan for the Future of Your IT Environment

Leveraging modern application technology allows businesses to build apps that are more flexible, extensible, and easier to administer.

If you’re still waiting to begin the application modernization process, you’re missing out on reduced development time, automated deployments, and normalized troubleshooting, in addition to significant cost savings.

To learn more about the application modernization process, check out Arraya’s 5-part Application Modernization virtual series on-demand. These sessions outline the steps and strategy for a successful app modernization journey – one that will allow your organization to truly realize the benefits of digital transformation.

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedInTwitter and Facebook.  

Follow us to stay up to date on our industry insights and unique IT learning opportunities. 

by

Digital transformation has become an essential step for businesses looking to advance in their industry and remain competitive. For the many businesses who are considering or have already started their migration to the cloud, the journey doesn’t stop there. The next phase, the app modernization process, is where the true benefits of digital transformation lie.

Businesses that are still relying on legacy applications are going to run into numerous pain points and security implications. These legacy applications are production applications that are not yet leveraging modern DevOps and cloud technology. Without application modernization, legacy applications are unable to fully embrace the benefits of modern digital technologies.

In this blog, we’ll further explain what application modernization is, along with its impact and various benefits.

What is Application Modernization?

App modernization is the conversion, rewriting, or porting of a legacy application system to a modern computing programming language, architecture, software library, protocol, or hardware platform.

This process protects an organization’s investments in their technology and refreshes their software portfolio. This in turn allows them to take advantage of modern infrastructure, tools, languages, and more. Further, this process helps to resolve the potential security risks related to legacy applications.

The Benefits of Application Modernization

Whether your business is pursuing an opportunity to bring new features to the market first, migrate an internal on-premises app to the cloud, or is looking to reduce cloud spend, the app modernization process provides several key benefits, including:

  1. Increased Developer Productivity through Operational Automation and Standardization

There’s no question that technological advancements bring about increased efficiency, functionality, and flexibility. Your tech should be working harder for you. Operational automation allows your applications to manage key processes without the need for human intervention. This significantly frees up developer time to focus their efforts elsewhere.

Following the app modernization process, your team should expect an overall enhanced experience in:

  • Planning: Define and track tasks with automated boards and manage backloads with custom dashboards
  • Developing: Automatically peer review code and automate deployment to Dev/QA/Production
  • Delivering: Leverage containers to automate version control of production applications, normalize delivery pipelines to manage user feedback, production deployments, and QA testing
  • Operating: Automate monitoring, security, and compliance through AI-based cloud security tools and normalized infrastructure deployment through IaC

The app modernization process improves efficiency overall. Expect faster time to market, the development of new, bigger application features, and the ability to run mission-critical applications on a future-ready platform.

2. Support and Maintenance

Maintaining legacy software comes with many headaches. Once outdated, legacy software can accumulate bugs, become incompatible with new technologies, and rely on old code that’s more cumbersome and costly to maintain.

Following the app modernization process, users can expect:

  • Shorter timeframes for DevOps teams to rapidly create and version infrastructure in the same method as their source code through Infrastructure as a Code
  • More granular control through versioning and increased reliability of each deployment through automation of versioning
  • The ability for DevOps to set a desired state for modern applications by leveraging containerization and orchestration

Finally, it can be difficult to find someone who can work on a legacy system. It might be necessary to train developers to provide support and maintenance as they’re generally working on the most current forms of software available.

3. Reduction in Costs

Overall, the application modernization process protects your business’s investment in your applications, increases revenue, and therefore improves profitability.

It’s important to note that the larger your footprint in the cloud, the larger your cost savings will be. If you already have a sophisticated set up within the cloud, your cost savings could be even higher.

On average, the mid-market cost savings of application modernization total:

  • 25% to 80% reduction in virtual application server costs
  • 50% to 75% reduction in production time for new features
  • 75% reduction in production incidents
  • 80% reduction in IT admin time for apps on Azure

The application modernization process protects the future of your business’s applications.

Technology is the structure that holds a business together. Without the right flexible technology in place, it’s impossible to maintain a competitive edge against others in your industry.

Next Steps: Begin Leveraging Modern Application Technology

A company’s technology is an enormous investment. But what good is that investment if your applications have an expiration date?

In a rapidly changing world, your applications need to be flexible, extensible, and easier to administer. Otherwise, those investments in your legacy applications will become obsolete.

Following your migration to the cloud, it’s time to start taking advantage of the modern capabilities of technology. Through the modernization process, your migration to the cloud will start paying off. In short, application modernization saves businesses both time and money, making it no surprise that this industry is expected to double to over $16 billion by 2025.

To learn more about the application modernization process, check out Arraya’s 5-part Application Modernization virtual series on-demand. These sessions outline the steps and strategy for a successful app modernization journey – one that will allow your organization to truly realize the benefits of digital transformation.

Visit https://www.arrayasolutions.com//contact-us/ to connect with our team now. 

Comment on this and all of our posts on: LinkedInTwitter and Facebook.  

Follow us to stay up to date on our industry insights and unique IT learning opportunities. 

by

There are two sides to cyber security defenses: prevention and mitigation. While prevention is the first line of defense, a proactive mitigation plan is a realistic necessity in today’s cyber climate.  

It’s always best to be on the offense of your cyber security and conducting proactive security assessments can help you. The results of these assessments will help your IT team make better decisions to improve your security moving forward.   

While we’ve focused on business impact assessments and penetration tests in the past, this blog is going to target cyber tabletop exercises, which are an important part of your business’s incident response preparation.   

The reality organizations face today is that they will likely fall victim to a cyber-attack, specifically ransomware, if they haven’t already. Regularly conducted cybersecurity tabletop exercises will proactively prepare your organization for the worst-case scenario. A well-thought-out response will allow your business to act fast and decisively, limiting the damages associated with ransomware attacks.  

What is a Tabletop Exercise?  

A tabletop exercise is a way to assess your business’s current incident response plan processes and procedures. This type of functional exercise involves gathering all IT team members and business stakeholders into a classroom-type setting and completing a run-through exercise of a real-life cyber event scenario.   

The only prerequisite of a tabletop exercise is an established incident response plan. Without an incident response plan in place, there will be nothing to test throughout the tabletop exercise. An incident response plan is “a set of instructions to help IT staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work.”   

Instead of testing your actual cyber security methods, a tabletop exercise is a test of your business’s response policies, your business’s knowledge of those policies, and the efficacy of those policies. In addition, a tabletop exercise is a test of your business’s ability to communicate with one another and with outside parties. Not only does a tabletop exercise test your procedures, but it also provides your team with valuable practice within a safe and controlled environment.   

In addition to strengthening your security, performing these exercises will demonstrate the validity of your existing plan which can positively impact your cyber insurance coverage.  

Who Should be Involved? 

For an effective tabletop exercise, someone from every department of your organization should participate.  

This includes, but isn’t limited to: 

  • IT 
  • Legal 
  • Finance 
  • Business Operations 
  • Risk Management 
  • Communications 
  • Executive Leadership 

These discussion-based, full-scale exercises will help address everyone’s role and responsibility so your organization can determine your plan of action on potential real-life scenarios. What will be your ransomware response? Will you pay the ransom? How will you notify clients, customers, or any other effected parties?  

While there are many different types of tabletop exercises, ransomware tabletop exercise scenarios in particular can make a significant impact on your ability to recover from this type of cyberattack. When everyone clearly understands their role and the overall plan of action, a fast response can significantly mitigate the damages associated with ransomware.  

How Often Should Tabletop Exercises Be Conducted?  

Throughout the tabletop exercise, any gaps in your current incident response plan will be identified so they can be addressed and improved upon in the future. As these exercises represent a point in time, tabletop exercises should be completed regularly as a consistent check-in.   

Many companies conduct these exercises annually, although the more frequent the better. The biggest challenge businesses face in conducting these is simply getting all necessary parties together in a room at the same time so regular, pre-scheduled testing is recommended.   

Next Steps: Test, Review & Improve Your Incident Response Plan  

These exercises provide your organization with valuable information that can significantly improve your cyber security posture, your processes and procedures, and your team’s communication abilities.   

It’s important to not only complete these exercises but to take advantage of the wealth of information that they provide so your business can make better decisions moving forward. Your business will be able to uncover possible gaps in your policy and gain clear, tangible remediation guidance so you’ll be prepared when you face a real cyber incident.  

As the cyber threat landscape continues to change every day, there are endless improvements that can be made.   

From guiding your team through an entire attack scenario and exercise process to helping your business act on your results, our Arraya experts here to assist.   

Contact us today to start a conversation.   

VisitContact Us – Arraya SolutionsArraya Solutions to connect with our team now.    

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.    

Follow us to stay up-to-date on our industry insights and unique IT learning opportunities.    

by

Numerous industries continue to grapple with supply chain shortages and PC sales are facing significant delays. Shipping issues and semiconductor shortages are leading to back orders, sometimes for up to four months.  

As businesses and employees simply can’t operate without PCs, many businesses have turned to the bring your own device (BYOD) method. This allows employees to use their own personal devices to connect to their employer’s network and complete all necessary work-related activities.  

BYOD can be a great policy that benefits both the employer and the employee. The employer doesn’t have to spend money on new hardware and the employee won’t have to carry around multiple devices. However, a BYOD policy can also present security risks. In today’s high risk cyber climate, you should not be using BYOD devices without seriously considering and addressing this exposure.  

This is where a secure virtual desktop infrastructure (VDI) solution steps in.  

The Benefits of Using a VDI Monitoring Solution 

A VDI solution is a “desktop virtualization technology wherein a desktop operating system, typically Microsoft Windows, runs and is managed in a data center. The virtual desktop image is delivered over a network to an endpoint device, which allows the user to interact with the operating system and its applications as if they were running locally.”  

While we’ve already discussed the flexibility that remote access grants employees and the cost savings that it provides for employers, this solution also provides a more secure environment in several ways:

  • Disaster recovery: As VDI is hosted in the corporate data center, IT teams can move a VM to a healthy host if the current one experiences a hardware failure. 
  • Data security: Virtualization centralizes data on premises or in the cloud rather than on endpoint devices. 
  • IT control: VDI provides IT teams with the ability to enable or disable key features, such as USB access, print capabilities, and cut and paste. 

When using VDI, implementing the recommended best practices will go a long way in supporting your security. This includes establishing stringent policy-driven access controls, quarantining intrusions with micro-segmentation, investing in employee education, and applying the latest security patches.  

To learn more about available VDI solutions, check out our blog: Is Your Remote Work Experience Working for Your Company?  

Enhancing Your End User’s VDI Experience 

Whether you’re in the early stages of implementing a VDI solution or looking to improve your employee experience with your current one, a VDI monitoring solution can make a significant difference. This type of solution monitors performance management, security, and technical issues so you’re in full control of your environment.  

For your employees, a VDI monitoring solution can drastically improve their daily workflows. By proactively monitoring the VDI environment, businesses can detect and resolve issues proactively, rather than waiting to learn about issues directly from the end users.  

The result is a smoother workspace for employees and a more secure environment for the employer.  

Next Steps: Selecting the Right VDI Monitoring Solution  

At Arraya, we leverage a variety of tools and customized solutions to address each customers’ individual needs within the VDI space.  

We can help your business find the right tools to monitor your environment in real time. With visibility across all desktop users, machines, and apps, your help desk will address issues more efficiently and your employees can expect a more seamless experience overall. 

Whether you’re in the early stages of considering a VDI monitoring solution or looking for assistance in managing your ongoing environment, our team is available to help you through the entire process.  

Reach out today to start a conversation.  

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.  

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up to date on our industry insights and unique IT learning opportunities.  

by

Spring cleaning is upon us and that includes your IT environment. Now is the time to take account of your existing solutions, platforms, and networks, and get organized.  

In this blog, our Hybrid Infrastructure team got together to create a list of VMware software that will be reaching it’s end of support dates in 2022.  

With an advanced plan in place well ahead of these dates, your business will be able to make the right decisions for your environment at the best cost.  

Planning Ahead for 2022: End of General Support 

The general support phase of a product begins on the date of general availability. During this phase, VMware provides maintenance updates and upgrades, bug and security fixes, and technical assistance for the product. Once the product reaches the end of general support date, these services will no longer be provided. At this point, it’s best for users to upgrade to continue to receive this support before the product reaches the end of its life cycle altogether. 

Included here is a list of software that’s reaching end of general support this year: 

End of General Support: October 15, 2022 

vSphere 6.5 

VMware’s vSphere 6.5 will reach end of support on October 15, 2022. To maintain support of this virtualization software, VMware recommends an upgrade to vSphere 7.  

Technical guidance for vSphere 6.5 will be available until November 15, 2023, through a self-help portal.  

vSphere 6.7 

While this was originally scheduled for 2021, VMware’s vSphere 6.7 will now also reach end of support on October 15, 2022. The original EoTG (end of technical guidance) date of November 15, 2023 will still apply.  

VMware recommends that vSphere 6.5 & 6.7 users upgrade to vSphere 7. This will offer new capabilities, including the ability to run modern containerized applications natively on vSphere, improved operation capabilities, and enhanced security.  

VMware Horizon 7 

The original end of support date for Horizon 7 version 7.13 was in March 2021. However, VMware provided an extension of general support for this release until October 2022 to allow customers more time to plan their upgrade to the next release, Horizon 8.  

Customers must have a valid support agreement with VMware in order to utilize the extension. For those who wish to continue using version 7.13 after October 2022, an extended support contract can be purchased to extend this date to October 2024. Otherwise, Horizon 7.13 will reach end of technical guidance by March 2023.  

Preparing for Your vSphere 7 Upgrade 

With vSphere 7, users can expect tighter security, simplified software patches and hardware upgrades, reduced complexity, increased scale, and more.  

Prior to your upgrade, here are two steps to take to ensure your transition is seamless: 

  1. Confirm your hardware compatibility  

Prior to completing the upgrade to vSphere 7, it’s best to confirm whether your existing hardware is compatible. Using the VMware Compatibility Guide, you can input your hardware specifics to confirm if you’re in the clear to move forward with the upgrade or if your existing hardware will present an issue.  

  1. Implement more reliable, and higher-performing storage devices 

In the past, users could rely on SD cards or USB devices to free up device bays and lower the cost of installing ESXi hosts. VMware reports, “With the new partition schema in vSphere 7.x, only the system boot partition is fixed at 100 MB. The rest of the partitions are dynamic, meaning partition size will be determined based on the boot media size.”  

Further, all non-boot partitions such as core dump, locker, and scratch partitions are now consolidated under the new partition called ESX-OSData (VMFS-L) partition. This new partition will require a high endurance persistent storage device.  

Next Steps: It’s Time to Get Organized  

If your business is facing any of these end of support dates, Arraya can help you with the transition.  

It’s important that IT teams allow plenty of advanced planning for these upgrades and transitions. You don’t want to be backed into a corner at the last minute, forced to make a change out of desperation.  

We can help you look ahead, weigh your options, and determine how to best move forward with a clear plan in place. To learn more, contact one of our Arraya experts today.  

VisitContact Us – Arraya SolutionsArraya Solutions to connect with our team now.   

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up-to-date on our industry insights and unique IT learning opportunities.   

by

Dell Tech World 2022 kicked off last week. While virtual events were still offered, over 5,500 people attended in-person in Las Vegas for the first time since 2019. The event offered over 150 breakout sessions, hands-on labs that explored the latest technologies, interactive sessions with Dell’s leading technology experts, and more.  

Coming off of Dell’s record full-year revenue of 101.2 billion (up by 17%), the energy was high as professionals connected for the first time in years.  

Among the games, entertainment, and installations, there were numerous announcements that may impact your business moving forward.  

With a focus on the future of technology, there was a heavy emphasis on data from multiple perspectives. From the hybrid multi-cloud to new data recovery measures, the theme was rapid innovation in how we organize, store, use, and protect data.   

 As a few of Arraya’s experts were in attendance, here are the announcements that stood out to us: 

  1. New Cybersecurity Apex-as-a-Service Offering:  

In its aim to help customers reduce the overall downtime of a cyber attack, Dell announced its latest offering: Apex-as-a-Service Cyber Recovery.  

This offering will include the hardware, software, and services you need to protect your critical data. For those who don’t have in-house expertise, this solution simplifies the recovery from a cyber attack and removes the operational burdens so users can instead focus on their strategic objectives. Users will be able to manage their environment and complete testing cycles to ensure the recovery will be ready should they fall victim to an attack.   

With a secure Dell-managed vault, user data is properly identified, isolated, and the vault is scanned for any potential abnormalities.  

This is now available for channel partners and customers in the US with global plans later this year.  

  1. Dell PowerProtect Cyber Recovery for Microsoft Azure 

This is a new service that protects and isolates critical data from cyber threats by deploying an isolated cyber vault in the Azure public cloud. With Dell PowerProtect Cyber Recovery for Microsoft Azure, users can rely on a vault that provides physical and logical separation of data and immutability for the highest level of security. This maximum control of data coupled with a secure cloud environment provides multiple options for recovery post-attack.   

This will be available globally in the second half of 2022.  

  1. CyberSense for Dell PowerProtect Cyber Recovery for AWS 

CyberSense for Dell PowerProtect Cyber Recovery is meant to act as an organization’s last line of defense against cyber attacks. This offering will implement machine learning to find corruption within your data with 99.5% confidence and detect suspicious changes within your core infrastructure.  

This is fully integrated with the Cyber Recovery offering for ransomware protection. Once you’re aware that backup data may have been compromised via CyberSense, you can effectively diagnose, recover, and help avoid business interruption costs. 

This will be available globally in the second half of 2022.  

  1. Dell & Snowflake Partnership for Cloud, Data Storage 

Dell recently announced that they’re partnering up with Snowflake, a cloud data analytics company, to connect data from Dell’s storage portfolio to the Snowflake Data Cloud.  

This will give customers greater flexibility through operating in multi-cloud environments, help users meet data sovereignty requirements, and turn more data into insights. With the ability to derive insights from data no matter where it resides, this partnership with Snowflake eliminates these silos so businesses can gain more value from their data.  

Dell and Snowflake will pursue a joint go-to-market effort in the second half of 2022.  

  1. Project Alpine 

It was announced that Dell is working towards Project Alpine, which will be Dell’s answer to the challenge of providing consistent operations from on-prem to multiple clouds.  

This is Dell’s future hybrid cloud storage strategy in which all of Dell’s storage software (block, file, and object) will be brought to the public cloud. This will allow users to combine the storage capabilities of Dell’s enterprise data services with the features of major hyperscalers, like analytics and AI.  

No time frame has been provided for Project Alpine’s release to date.  

  1. PowerStore to Support Native Metro Sync  

As one of the many new software enhancements that Dell announced, PowerStore, Dell’s popular all-flash data storage appliance, will now support native metro synchronous block replication.  

This provides a highly available shared storage environment across sites at no additional cost to existing PowerStore customers. Users will be able to protect any workload within the PowerStore solution all through software-based capabilities.  

Next Steps: The Future is in Your Data 

As businesses become more data driven, data protection and insights are top of mind.  

As higher quantities of data are being collected, managing it has become unnecessarily complicated. Dell’s emphasis on the hybrid multi-cloud is aimed to help customers better manage their data centers so they can draw insights from this data while taking advantage of increased security and simplified recovery processes.  

To learn more about Dell’s latest offerings, contact an Arraya expert today to start a conversation.  

VisitContact Us – Arraya Solutions to connect with our team now.   

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.   

Follow us to stay up-to-date on our industry insights and unique IT learning opportunities.   

by

Cyber security can be an unsatisfying experience. While there are certainly good, better, and best cyber security methods, there is no solution or practice that will be able to prevent all cyber attacks.

At Arraya, we’ve found that our clients often look for reassurance or confirmation that they’re protected from the various cyber threats we hear about every day. Like many things in life, there will always be uncertainty.

The good news is enterprise security does have an impact and is working. In general, cyber criminals are after one thing: rapid monetization. As more businesses prioritize cyber security in their investments, it’s getting more challenging for these malicious actors to reach their objectives.

The threat landscape constantly evolves and the way we interact with technology changes, making cyber security a never-ending journey. However, know that your security efforts are making a significant impact in reducing risk for your organization.

Our advice? Stay the course! Here are some steps you can implement to take your cyber security posture from good to great.  

4 Steps to Improve Your Organization’s Cyber Security

Not all security methods and practices were created equal, and it can be difficult to keep up with the latest standards.

If you haven’t implemented them already, here are four security practices that will help keep your business secure:

  1. Implement a Zero Trust Foundation

Without a Zero Trust model, your business won’t have the necessary foundation and framework to implement fundamental security controls. A Zero Trust model always authenticates, uses least privileged access, and always assumes breach.

This model embraces the hybrid workplace and protects people, devices, apps, and data wherever they’re located by authenticating who is using the endpoint.

2. Separate Your Online Identities

Malicious actors can source an overwhelming amount of information on both businesses and individuals through your online presence. This information is then pieced together to guess your username/email and password combinations and access various online accounts.

Users can better secure these accounts in two ways:

  • Use multiple email addresses

Most online accounts require an email address or username, password, and hopefully, a second layer of authentication. While most know to keep their passwords confidential, emails are readily available within your online presence. Using a separate email for your most confidential accounts, such as finances, will make it more difficult for malicious actors to access those accounts.

  • Never reuse passwords

If an account is compromised, a password that has been reused could lead to multiple compromised accounts. While reusing a password on multiple accounts can be easier on your memory, this can lead to significantly more damage. Each login should have it’s own, unique password.

3. Adopt Biometric Authentication

At this point, we’re assuming you’ve already implemented multi-factor authentication. If not, it’s time that you do.

As a step beyond MFA, biometric authentication is a form of authentication that uses a person’s unique biological characteristics to verify their identity. This could be facial recognition, a fingerprint scan, and more.

A relatively new and more advanced form of biometric authentication is composable identity. This type of authentication learns the way the user interacts with their device. This could be how the device is held or the normal pattern in which the user interacts with an application. If the interaction is out of the ordinary, access can be denied. However, composable identity also requires an enormous amount of data to provide these capabilities.

4. Encourage Training & Awareness

The ever-evolving nature of cyber threats make them uniquely difficult to protect against. As human error continues to be an enormous vulnerability, keeping your employees up to date should be an ongoing priority. The risk of human error is like building the strongest door possible, only to have an employee accidently open it for the wrong person.

As cyber attacks continue to make headlines, awareness of cyber threats has drastically improved in recent years. However, there will always be new ways in which these threats are carried out. Consistent training will help employees stay vigilant, know when to be suspicious, and what steps to take should they identify an attack.

While even the most robust cyber security practices can’t guarantee complete protection from cyber attacks, they can significantly reduce your risk. Just like wearing a seatbelt won’t always save a life, you’re going to take the extra precaution.

Threats Your Business Should Know

One of the main differences between good security and great security is understanding the threat landscape and how it’s shifting. Recognizing the motivations and techniques of your adversaries is key. To recap, a cyber criminal’s goal is almost always rapid monetization, and they generally don’t want to waste time on things they can’t monetize quickly.

The more your executives and your employees know, the better you can anticipate and plan ahead.

Here are some of the latest threats and techniques your business should know:

  1. Insider Threats

This type of threat can be particularly concerning, especially as the workforce endures the “great resignation.” Insider threats can come in two forms:

  • The disgruntled employee who may “go rogue” and want to disrupt their employer. The recent sale of Twitter to Elon Musk has led to reports of Twitter locking down its source code to prevent upset employees from sabotaging the platform.
  • Cybercriminals who recruit employees to provide them with network access through their VPN and RDP credentials in exchange for money. These aren’t always disgruntled employees but individuals looking to make extra cash.

2. SIM Swapping

While it’s known that MFA is highly effective as an additional layer of security, SIM swapping is a tactic that malicious actors use to bypass this. This technique literally takes over your phone, allowing the cyber criminal to control it for a period of time. They do this by stealing your phone number and assigning it to a new SIM card, which is then inserted into a different phone. Many mobile carriers are working to implement controls to stop this.

If your phone ever stops responding or working, this could be a sign that a SIM swap attack is underway.

3. Endpoint Targeting

Because MFA is making cyber criminal activity much more difficult and most employees are still logging in remotely, endpoints have become the most popular target for attacks. However, focusing on authentication, use of a VPN, and a VDI solution can increase endpoint visibility and security.

Next Steps: Stay Vigilant in Your Security Efforts

While the constant bad news surrounding cyber security can be draining, the good news is that security efforts do make a difference. With the right practices in place, your business can maintain a stable environment and unlock the future growth of your organization.

For more information, check out the on-demand access to Arraya’s Director of Cyber Security, Scott Brion’s, recent presentation: All Your Eggs in One Basket. This presentation outlines how the success of enterprise security programs have made the endpoint a preferred target for attackers and user behavior has resulted in more sensitive and valuable information being at risk on these endpoints.

Contact one of our Arraya experts to start enhancing your organization’s cyber posture today.

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.    

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.    

Follow us to stay up to date on our industry insights and unique IT learning opportunities.   

by

In this Expert Q&A, Chris Bovasso, Arraya’s Director, Application Services, and Mike Wishnefsky, Solutions Engineer, discuss when organizations should consider moving to SharePoint Online. In addition, they outline the top reasons to move SharePoint to the cloud, the benefits of doing so, and highlight what users can achieve through integrations and customizations with the online version.

by

Cyber attacks are a high priority for business owners in today’s climate. As a result, data protection is more important than ever. Backing up data is a fundamental part of a business continuity plan and has an enormous impact on a business’s ability to recover from a disaster, including a ransomware attack. However, the security and strength of backups vary.

A business is only as good as their last backup. If your business is going to lose crucial data between the present and the last time a data backup occurred, there will be problems. When considering the strength of your backups, there are numerous questions you should be asking to tailor your back up plan to weather the worst storms.

From the location of your backups to recovery testing, here are essential questions to consider:

  1. Do you have a business continuity and disaster recovery plan?

A business continuity plan or disaster recovery plan is a recorded policy that is designed to implement a recovery process, should the company fall victim to a potential threat. This plan is a fundamental part of a company’s backup strategy and should define your:

  • Data retention policy: What is your protocol on archiving data and how long will data be stored? This may come down to days, weeks, months, or years.
  • Number of saved copies: What is the appropriate number of copies to save? This will vary depending on the business and the amount of critical data stored.
  • Location of saved copies: Where will you store your saved copies? It’s recommended that they are saved in different locations, such as locally, offsite, or in the cloud.

Within this plan you should determine your business’s individual RPO/RTO:

  • Recovery Point Objective: The amount of data that can be lost within a period of time before significant harm occurs. This starts from the data loss event and goes back in time up to the most recent backup.
  • Recovery Time Objective: This is the amount of time that a system, network, or application can be down before significant harm occurs. This includes the time spent restoring the application and its data.

Both parameters should be defined ahead of time to help dictate your disaster recovery plan overall.

2. Are you backing up your data?

We can’t talk about improving your business’s backup strategy if you don’t have one to start. Backing up your data allows your business to continue operations in the event of a major outage or cyber attack. Without a backup in place, your business will face not only significant loss of data, but substantial business interruption costs if unable to continue operations as normal.

3. Are you identifying and classifying your data?

Recovering after a ransomware attack does not necessarily mean restoring all your data. This means businesses should be identifying and classifying their data to determine what is critical. When the time comes, this classification will speed up the recovery response time. Attempting to recover all data following a ransomware attack will slow the recovery process down unnecessarily.

More data means a longer recover period. Think about reducing the overall size of your critical data by optimizing your data-recovery strategy. This in turn will reduce your RTO.

4. Are you conducting recovery testing & validating your most critical data?

Critical data must be backed up more frequently and a policy should be put in place to define this. Regular recovery validation testing should be completed to ensure this critical data will be there when it’s needed most.

If you don’t regularly test your backup system, you face the risk that your backup data won’t be there when you need it. Regularly testing your recovery methods will bring any issues to the surface. Whether your backups were quietly hit by a cyber attack and you were unaware, or a technical flaw has caused an issue, the sooner you know the sooner you can take corrective measures.

5. Should you consider backup immutability?

As the threat of ransomware grows, ransomware attackers are now targeting backups. This will leave victims with nowhere to turn once their environment is compromised.

Backup immutability provides copies of your data that cannot be altered, encrypted, or deleted. This leaves ransomware attackers without the leverage to make a ransom demand. From healthcare providers to law enforcement, backup immutability provides a stronger wall of safekeeping for any data that is considered the most critical.

6. Where do your backups live?

The location of your backups will impact the amount of time it takes to restore them. Backups stored offsite will take significantly longer to restore than backups housed within your network. However, an offsite backup can be more secure. Each individual organization must weight these options.

If your organization opts for offsite storage, extra time should be factored into your business continuity plan to account for the longer recovery period.

7. What type of access control do you have?

With the right access controls in place, companies can limit the risk of unauthorized devices, networks, and individuals reaching their data backups.

Ideally, every business would have both network access control and role-based access controls implemented:

  • Network Access Control (NAC): NAC supports network visibility and access management through policy enforcement on network attached devices. This provides a barrier between the data backup and unauthorized devices or locations.
  • Role-Based Access Control (RBAC): RBAC restricts network access based on the roles of individual users within a company. Each employee should only be able to access information that is pertinent to their role and nothing more. This reduces the risk of a single compromised account reaching the data backup.

In addition, multi-factor authentication has become a necessary portion of access control. This security measure requires two pieces of information to verify your identity, such as a PIN or fingerprint, rather than just a standard password.

Next Steps: Set a Plan to Harden Your Backups

If your business does not have clear answers to the questions above, there’s work to be done. If your backups are at risk, your entire organization is at risk.

If you need assistance building a backup plan or your existing strategy could use some fine tuning, contact Arraya for a backup assessment. Through this process we can determine the strength and security of your current backups and set a plan for remediation to respond to identified risks.

Contact an Arraya expert today to start a conversation.

Visithttps://www.arrayasolutions.com//contact-us/ to connect with our team now.    

Comment on this and all of our posts on: LinkedIn, Twitter and Facebook.    

Follow us to stay up to date on our industry insights and unique IT learning opportunities.   

by

On this episode of the Arraya Insights Vodcast, Scott Brion, Arraya’s Cyber Security Director, welcomes special guest Jonathan Nguyen-Duy, Vice President and Global Field CISO at Fortinet.

As a global security advisor and executive lead for strategy and analytics, Jonathan’s work at Fortinet is focused on strategy, data analytics and helping enterprises with digital transformation for security from the IoT edge, across enterprise networks, to hybrid clouds. He is a widely published security expert and frequent speaker at industry events with unique global commercial and public sector experience as well as a deep understanding of threats, technology, compliance, and business issues.

The discussion covers a wide range of topics facing organizations today including vulnerability management, hybrid work models and their effect on cyber security, current challenges such as staffing, supply chain, cyber insurance, and more.

Prefer an audio format? Subscribe to our Arraya Insights Radio feed in your Apple or Android podcast catcher for an audio-only version of our vodcast. Or, you can use the player below.

https://soundcloud.com/user-166960433-952960141/arraya-insights-vodcast-a-candid-conversation-with-fortinets-global-field-ciso?utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing