Category: IT Security

Unique Ways to Reduce IT Cost

by Jim Conwell, posted in Cloud and IT Consultants, Cloud Computing, IT Security, itam, open-source software, protecting cloud resources, SAM, Software Development

(Information in italics courtesy of BOERGER CONSULTING, LLC)

IT_cost-Asset-Management

image courtesy of connectedgear.com

All businesses today receive benefits from Information Technology (IT) but many still consider it a problematic cost center of their business. As technology has progressed, more forward-thinking organizations have started to see IT as a valuable tool and an investment in their business’s future. Still, every business is looking to reduce costs and IT is often the first place they look to trim their budget.

Some of the traditional ways IT cost has been reduced started in IT hardware with the origin of cloud computing and virtualization. Virtualization is a software system that allows IT hardware to provide much greater capacity and functionality, reducing hardware costs. Other popular cost savings have come from hiring less expensive personnel such as interns or outsourcing IT personnel entirely. A more recent trend has been to utilize open source software for business processes. Open source software is developed within a community and offered for free with options to pay for technical support. However, many businesses and business functions don’t have the flexibility for open source and are required to maintain relationships with the software companies, utilizing expensive and complex licensing for their software. This has led to larger organizations taking cost reduction steps by investigating their physical assets and software licenses — a practice commonly referred to IT Asset Management (ITAM). The savings in both cost and time are staggering with a proper business management plan.

Boerger Consulting, a partner firm of Two Ears One Mouth IT Consulting (TEOM), is an innovator in the ITAM consulting realm. Their focus is helping businesses reduce the overall operational cost of their IT department by properly managing, measuring, and tracking their hardware and software assets. According to Boerger Consulting, the threat is real:

“Some software publishing firms rely on software license audits to generate 40% of their sales revenue. These companies wait and watch your volume license agreements, your merger & acquisition announcements, and the types of support tickets called in, to pinpoint exactly when your organization is out of license compliance. They count on your CMDB and SAM tools to be inaccurate. They make sure the volume license agreement language is confusing and convoluted. And they make sure their auditors always find something – unlicensed software, expired warrantees, unknown network segments – to justify your penalty.”

The payoff, however, is also real. Citing a 2016 paper from Gartner, Boerger Consulting suggests an organization could eliminate THIRTY PERCENT (30%) of their IT software budget with a proper software asset management (SAM) program:

“Part of that savings is finding the hardware and software lost in closets and under desks and odd corners of your warehouse. Another part is identifying and eliminating licenses, support, and warranties for programs and hardware your organization no longer needs. The last part is proactively locating and eliminating audit risks before the auditors do, and then pushing back on them when it is time to renew your volume license agreements.”

Although we focus on different technologies, a synergy has been created between TEOM and Boerger Consulting. We have found that when a business makes the decision to move their IT infrastructure off-site unforeseen challenges can occur. These challenges can be related to privacy and data protection compliance, resulting from retiring on-premises servers, or it may be that there are different software licensing practices required in the cloud. These are two examples of issues that TEOM and Boerger Consulting can solve.

If after reading this article you still have questions about any of these technologies, Jim Conwell and Jeremy Boerger would be happy to meet for a free initial consultation. Please contact:

Jim Conwell (513) 227-4131     jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net

we listen first…

 

Trends for Cloud and IT Providers from the Past Year

by Jim Conwell, posted in Cloud and IT Consultants, Cloud Computing, data center, IT Regulation, IT Security

cloud trends for 2018 cloud trends for last year[/caption]

One of the primary benefits I offer to support my customers is insight and expertise for Cloud and IT services for business. I develop my insight and best practices for clients through working closely with a wide breadth of supplier partners that create the trends in their technology. These IT innovators range from the largest public companies earning billions of dollars each quarter to small entrepreneurs providing IT services to small and medium sized businesses (SMB). Staying current with technology is vital to my customers. Once a year I like to take time to review the trends for the cloud and IT. Here, I will describe recent trends by the primary technologies that are my focus, Infrastructure as a Service (IaaS), Unified Communications as a Service (UCaaS) and IT Managed Service Providers (MSP).

IaaS

Much of the change that occurs in IaaS is created by technologies and services delivered by the cloud hyperscalers such as AWS, Microsoft Azure and Google Cloud Platform. They have created environments that are open to virtually all operating systems and software applications. In a similar fashion, the regional data centers and cloud providers I partner with have evolved to hyper-converged platforms.  Hyper-converged platforms create a software defined IT infrastructure that replaces some of the traditional components of cloud such as storage area networks (SAN) or networking components like firewalls and switches. This trend has also spread to private clouds for organizations that create their own cloud infrastructure on premises.

In addition to hyper-convergence, most IaaS providers have also capitalized on traditional technologies like bandwidth that allows them to better compete with the hyperscalers. These include cloud configurations with a fixed and budget friendly cost structure for data transaction cost or egress. Many hyperscalers customers have been shocked by a low initial cost that rises quickly as their data requirements increase. Most of the trends in IaaS happen first at the hyperscaler then move downstream to the regional cloud providers as they reach general acceptance.   

UCaaS

UCaaS, or hosted IP phone service, has experienced exponential growth with both business users and the cloud providers. The purchase of BroadSoft by Cisco early in 2018 has led the way for many very cost effective UCaaS solutions with enhanced communication features. It is becoming apparent that providers are beginning to reach a critical mass of prospects where the product is being commoditized and the price is a key component of the buyer’s decision process. There have been a handful of providers that have been able to differentiate their UCaaS services through integrations with Customer Relationship Management (CRM) software or other SaaS products. Additionally, some innovative software developers have intrigued customers by taking an “out of the box” view voice communications. Companies like Dialpad, created by ex-Google engineers, have guided their customers to rethink the idea of UCaaS as more than a phone system hosted in the cloud. They have created a new age open communications platform that integrates all the enterprise communication tools. Their solutions often create a voice communication platform without a traditional desk phone. Whatever the technology or provider UCaaS has become ubiquitous. When the business accepts the OpEx model of monthly rental for voice communications the advantages of UCaaS are undeniable.  

Managed Service Providers (MSP)      

In my work to provide guidance to my clients for the best alternatives for cloud providers I often uncover needs for tradition on site IT services. These needs are most often driven by a loss of IT personnel or rapid growth of the company. I wrote an article earlier this last year, Is the MSP Model Right for Your Business, that covered this subject in greater detail. The trend described in the article continues to evolve toward a partner-like relationship between MSP and customer covering the full range of services such as an internal IT department would provide. This mindset is effective if the MSP listens to the customer’s needs and is flexible enough to customize their offering to their specific requirements.

As I stay close and communicate frequently with my supplier partners, I stay abreast of the provider’s changes and how they relate to the industry. I look forward to 2019 as a time of continued growth in cloud computing offerings. As the technology matures it will provide more opportunity to display how the cloud will add value to the business’ IT strategy. Understanding these trends of technology as they evolve will allow Two Ears One Mouth IT consulting to provide valuable insight to clients for years to come.        

          If your business is unique and requires a personalized IT provider strategy and solution

Contact us @ Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net

we listen first…

Cloud Security is a Shared Responsibility

by Jim Conwell, posted in Cloud and IT Consultants, Cloud Computing, data center, IT Regulation, IT Security

shared security model cloud security is shared[/caption]

When I first became familiar with enterprise cloud computing, one of the primary objections of cloud adoption was the security of the data within the applications. Today that has changed; as cloud has matured it is now seen as an option for IT infrastructure that can be designed to be more secure than on premises solutions.  Through the process of designing a cloud infrastructure IT professionals have become aware of the increase security benefits cloud offers. Concurrently, IT data exposure and breaches have become more widespread and security has become a greater responsibility. These factors have led all cloud architects, whether with a cloud provider or working within an enterprise, to realize that cloud security is a shared responsibility. Cloud security is shared in two respects, first within the different groups of the enterprise and secondly, the responsibility of securing data is split between the enterprise and the cloud provider. For the purpose of this article we will focus on the sharing of security responsibilities between the enterprise and the provider. I will segregate three categories of cloud computing responsibility in order to simplify the roles and responsibilities: infrastructure, operating systems including applications and customer data.  

Private Cloud

Most IT users today consider a virtualize stack of IT infrastructure on premises a private cloud. In this scenario, as existed before cloud computing, the enterprise is responsible for all aspects of security. In an on-premises private cloud infrastructure the enterprise needs to secure their data from all physical, technical or administrative threats. With large organizations the security responsibilities can be shared within groups of their IT departments which may include network, security, application and compliance.

Infrastructure as a Service.

The greatest security coordination concerns come from a public or hybrid cloud configuration such as infrastructure as a service (IaaS). With an IaaS environment the enterprise has agreed to have the provider manage the infrastructure component of the IT security. This enables the enterprise to outsource all security and regulatory concerns concerning the actual server hardware. They also realize benefits of physical security because their IT infrastructure is off premises and in a secured facility. Many times, regulation or even large customers, will mandate an audited data center standard such as SOC 2 for their IT infrastructure as a requirement of the business partnership. Creating an audited SOC 2 compliant data center on premises can be costly and time-consuming. The hosting of their IT infrastructure in an audited and physically secure data center is one of the greatest benefits of IaaS.

Beyond the physical infrastructure, the IaaS or cloud provider also assures the security of the software hypervisor that orchestrates the virtualized cloud operating systems and services. However, the enterprise is still responsible for the operating systems of the virtual servers and the security patches the software developer issues for them. Additionally, the enterprise is responsible for the security of all their own software applications and the data that resides on them. Some cloud providers will offer managed services to their clients that will include security functions. The provider may offer a managed firewall, monitoring and even malware protection for the virtual servers they host. These services add value as the provider is more familiar with security best practices in the IT infrastructure stack than the enterprise. Still there is always a shared responsibility for security with the enterprise always responsible for their own data. 

Software as a Service (SaaS)

SaaS is the cloud technology the majority of businesses have the most experience with and understand the best. Common SaaS platforms like Microsoft Office 365, Google G Suite or CRM based software like salesforce.com have made SaaS commonplace. Virtually the whole IT stack is owned by the provider in a SaaS platform, however, the enterprise still does still have security responsibilities. The enterprise’s primary security responsibility is concerned with their own data. The business owns their data and needs to ensure it is free of malware and other external threats. They also need to protect the end points such as laptops and tablets that are used to access the SaaS data.

Additional Considerations

Other IT security responsibilities the enterprise needs to consider in any Cloud environment are connectivity, authentication and identification services as well as managing abandoned resources.

Connectivity to the cloud provider is most secure when a private circuit or connection can be implemented. If a private connection is not practical the enterprise needs to create a secure connection such as a virtual private network (VPN) and assure a secure connection is created over public internet.

Authentication and identification of network users is an integral part of any enterprise IT network. Additionally, it is equally important to integrate any authentication or directory service with the cloud solution. A solution like Microsoft Azure AD is considered by many as a best practice for this complicated process. It was described in some detail in a previous article Active Directory (AD) in the Cloud. Finally, a frequent cause for concern, especially with enterprises that employ large IT staffs, are abandoned resources. These are cloud instances that were created and have lost their relevance and have been forgotten. They can reside in a public cloud for years, with continued billing, and the customers data is open to the public since they were created in a  time with less stringent security policies. Periodic billing review and the monitoring services security platforms offer can eliminate this waste.

Business cloud solutions offered to the enterprise come in many different configurations that vary as to the type of infrastructure, software and services offered. In all cloud environments security requires a shared responsibility as well as a layered approach coordinated between the cloud providers and the enterprise.  A supplier agnostic advisor like Two Ears One Mouth IT Consulting can assist by helping a business find the right provider and security services for your business’s applications.      

 

If your business is unique and requires a custom cloud security solution for IT Support

Contact Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net

we listen first…

         

MSP model

Is the MSP Model Right for Your Business?

by Jim Conwell, posted in Business Practices, Cloud and IT Consultants, IT Regulation, IT Security

mspornot2

In my initial article, What’s a Managed Service Provider (MSP), I introduced the concept of an MSP and its advantages. The article describes how a growing organization evolves when it transitions from calling an individual IT service provider each time an issue presents itself to developing a relationship with a  trusted partner that delivers a full scope of IT services. To review some pertinent definitions: an IT services provider follows a traditional model of being contacted when needed and are paid for their services by time and materials. An MSP provides the full scope of services and in many cases, the outsourced MSP is the business’s IT department. Today the MSP deliverable of a flat fee for services has become widespread and accepted. For a business to transition to an MSP, one vital characteristic must be present… trust. Trust can be difficult to create if the company has no prior experience with the provider. On the other hand, trust can be built when the provider is transparent with their motivations and offerings within the MSP model. In this article, I will dig deeper into the MSP offering to help answer the question is the MSP model right for your business?

Primary Components of the MSP

The concept of managed services has become so popular that some IT providers fail to offer other options to their prospects. A typical MSP agreement will include all phone and remote support services as well as an allowance for on-site labor. Projects out of the scope of the agreement are billed according to time and materials. MSP customers will typically receive a discounted labor rate on project work. The MSP model allows the provider to include a rental fee for certain critical IT infrastructure hardware. Critical IT hardware may be devices such as firewalls, the first defense of IT security and ethernet switches that are the foundation of the IT network. The MSP requires a detailed understanding and control of all the devices on the network in order to manage them properly.

What’s driving the MSP model?

The growth of the MSP model has come from the way it benefits customers as well as advantages realized by the MSP. While the MSP Model is not always the customers first choice, there are factors in the market that are driving customers to embrace this model. To follow are the primary factors that have driven the customer to accept the model.

A scarce and competitive marketplace for talent-

Most small and medium-sized businesses can’t find or can’t afford the IT resources their company requires. When they do find affordable candidates, they typically have a specific skill set that can’t match the depth of expertise the MSP can deliver.   

Organic growth and mergers-

Because of the organization’s explosive growth, sometimes through mergers, it is impossible for the customer to maintain or even be aware of the IT team they require at any given time. The MSP relationship and their technical staff can allow the business to scale up or down quickly their IT support.

Chief Information Officer (CIO) as a service-

Since its inception, IT providers have always looked for ways to create additional value for their clients. One of the first ways they accomplished this is by making recommendations for future technology to test and implement. This is the type of service the CIO provides for a large enterprise, which can take the form of periodic meetings where the provider is updated on the business strategy to help determine technological recommendations. These regularly scheduled meetings or Quarterly Business Reviews (QBRs) initiate a mutually beneficial relationship that lead to a long-term partnership.

As a service instead of purchase-

Renting technology infrastructure instead of an outright purchase may be advantageous due to IT hardware’s limited life. It can also create positive cashflow and other financial advantages for the business. This is an “as a service” model introduced by the cloud computing industry where expensive server hardware is rented instead of purchased.

The IT provider will also receive benefits from the MSP model. It was in large part designed by providers to solve the challenges of both parties.

Consistent revenue

Historically the small IT service provider has struggled, as any small business, creating a consistent revenue and cash flow. The MSP model with its monthly recurring charge (MRC) helps to relieve this challenge. Predictable revenue in addition to an educated customer who is more aware and consistent with their IT demands helps to build the successful model. In a similar fashion, the MSP model helps with hiring decisions and scheduling technicians for customer service calls. With this partnership, the MSP gets to know the needs of the customer better and can predict their requirements more accurately.

Outsourcing by the Outsource-

Some parts of the total MSP solution are not provided by the local provider but rather outsourced to one of their vendors. These services are typically security and monitoring based offerings that offer great value but are costly to implement without large quantities of clients. These services will take the form of malware and antivirus software for endpoints coupled with proactive monitoring as a service. These services enhance the offering and can add profit margin for the MSP. Some popular providers of these types of services are SolarWinds, Webroot and Datto. These companies have grown significantly as part of the MSP trend. They work exclusively with MSPs, never end-users, which helps protect the MSP product.

The MSP model makes sense for most businesses, but not all businesses all the time. When a client has recently experienced growth and is desperate for quality support it can be an easier conversion for the MSP provider. It will be a challenge to justify the cost if the customer’s experience has been in the pay-as-you-go model. This is where the MSP needs to show flexibility and understand that trust is a major part of the solution. They may need to scale back some services and present a custom solution that eases the customer into the MSP model and builds the trust required. A supplier agnostic advisor like Two Ears One Mouth IT Consulting can assure the supplier selection process is transparent and the best option is chosen that will enable trust and a long term partnership.

If your business is unique and requires a custom solution for IT Support

Contact us @ Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net

we listen first…

a cloud buyers guide

A Buyer’s Guide to Cloud

by Jim Conwell, posted in Business Practices, Cloud and IT Consultants, Cloud Computing, colocation, data center, disaster recovery, IT Regulation, IT Security, Latency, migration, protecting cloud resources, Uncategorized

buyguide_Cloud

Most businesses have discovered the value that cloud computing can bring to their IT operations. They may have discovered how it helps to meet their regulatory compliance priorities by being in a SOC 2 audited data center. Others may see a cost advantage as they are approaching a server refresh when costly hardware needs to be replaced. They recognize an advantage of placing this hardware as an operational expense as opposed to the large capital expense they need to make every three years. No matter the business driver, the typical business person isn’t sure where to start to find the right cloud provider. In this fast paced and ever-changing technology environment these IT managers may wonder, is there a buyer’s guide to Cloud?

Where Exactly is the Cloud?…and Where is My Data?

Except for the cloud hyperscalers, (Amazon AWS, Microsoft Azure, and Google) cloud providers create their product in a multi-tenant data center. A multi-tenant data center is a purpose-built facility designed specifically for the needs of the business IT infrastructure and accommodates many businesses. These facilities are highly secured and most times unknown to the public. Many offer additional colocation services that allow their customers to enter the center to manage their own servers. This is a primary difference with the hyperscalers, as they offer no possibility of customers seeing the sites where their data resides. The hyperscale customer doesn’t know where there data is except for a region of the country or availability zone. The hyperscaler’s customer must base their buying decision on trusting the security practices of the large technology companies Google, Amazon, and Microsoft. These are some of the same organizations that are currently under scrutiny from governments around the world for data privacy concerns.  The buying decisions for cloud and data center for cloud seekers should start at the multi-tenant data center. Therefore, the first consideration in a buyer’s guide for the cloud will start with the primary characteristics to evaluate in the data center and are listed below.

  1. Location– Location is a multi-faceted consideration in a datacenter. First, the datacenter needs to be close to a highly available power grid and possibly alternate power companies. Similarly, the telecommunications bandwidth needs to be abundant, diverse and redundant. Finally, the proximity of the data center to its data users is crucial because speed matters. The closer the users are to the data, the less data latency, which means happier cloud users.
  2. Security– As is in all forms of IT today, security is paramount. It is important to review the data center’s security practices. This will include physical as well as technical security.
  3. People behind the data– The support staff at the datacenter creating and servicing your cloud instances can be the key to success. They should have the proper technical skills, responsiveness and be available around the clock.

Is My Cloud Infrastructure Portable?

The key technology that has enabled cloud computing is virtualization. Virtualization creates an additional layer above the operating system called a hypervisor that allows for sharing hardware resources. This allows multiple virtual servers (VMs) to be created on a single hardware server. Businesses have used virtualization for years, VMware and Microsoft HyperV being the most popular choices. If you are familiar with and have some secondary or backup infrastructure on the same hypervisor as your cloud provider, you can create a portable environment. A solution where VMs can be moved or replicated with relative ease avoids vendor lock-in. One primary criticism of the hyperscalers is that it can be easy to move data in but much more difficult to migrate the data out. This lack of portability is reinforced by the proprietary nature of their systems. One of the technologies that the hyperscalers are beginning to use to become more portable is containers. Containers are similar to VMs however they don’t utilize guest operating systems for the virtual servers. This has had a limited affect on portability because containers are a leading-edge technology and have not met widespread acceptance.

What Kind of Commitment Do I Make?

The multi-tenant data center offering a virtualized cloud solution will include an implementation fee and require a commitment term with the contract. Their customized solution will require pre-implementation engineering time, so they will be looking to recoup those costs. Both fees are typically negotiable and a good example where an advisor like Two Ears One Mouth can assist you through this process and save you money.

The hyperscaler will not require either charge because they don’t provide custom solutions and are difficult to leave so the term commitment is not required. The hyperscaler will offer a discount with a contract term as an incentive for a term commitment; these offerings are called reserved instances. With a reserved instance, they will discount your monthly recurring charge (MRC) for a two or three-year commitment.

Finding the best cloud provider for your business is a time-consuming and difficult process. When considering a hyperscaler the business user will receive no support or guidance. Working directly with a multi-tenant data center is more service-oriented but can misuse the cloud buyer’s time. The cloud consumer can work with a single data center representative that states “we are the best” and trust them. Alternatively, they can interview multiple data center provider representatives and create the ambiguous “apples to apples” spreadsheet of prospective vendors. However, neither is effective.

At Two Ears One Mouth IT consulting we will listen to your needs first and then guide you through the process. With our expertise and market knowledge you will be comforted to know we have come to the right decision for you company’s specific requirements. We save our customers time and money and provide our services at little or no cost to them!

If you would like assistance in selecting a cloud provider for your business contact us at:

Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net

we listen first…

migrating datta to cloud

Creating a Successful Cloud Migration

by Jim Conwell, posted in Cloud and IT Consultants, Cloud Computing, data center, disaster recovery, IT Security, migration, protecting cloud resources

cloud-migrationIf you’ve been a part of the growth of cloud computing technology, you know that creating a successful cloud migration goes far beyond what can be covered in a short essay. However, this article will communicate guidelines or best practices that will greatly improve the success of your migration project. A successful cloud migration will include at least these three stages: planning, design, and execution. Each phase builds on the previous one and no step should be ignored or downplayed. The business cloud migration requires an expert, internal or external to the organization, to manage the process.

Planning: what type of cloud works best?

When we speak of a cloud migration we are referring to a business’s transition to Infrastructure as a Service (IaaS). Migrating to IaaS is the process of converting your on-site IT infrastructure to a cloud service provider and initiating an OpEx financial model for the business. When approaching this migration the business will investigate three provider solution types: hyperscaler, national cloud service provider and a hybrid of a cloud provider with a portion of the infrastructure remaining on-premises.

The largest public cloud providers, AWS, Azure, and Google are often referred to as hyperscalers.  This name is appropriate as it is what they do best, allow customers to scale or expand very quickly. This scaling is served up by a self-service model via the provider’s web portal which can be very attractive large organizations.  Small and medium sized businesses (SMB) have a harder time adjusting to this model as there is very little support. Self-service means the customer is on their own to develop and manage the cloud instances. Another drawback of the hyperscaler for the SMB is that is nearly impossible to budget what your cloud infrastructure is going to cost. The hyperscalers transactional charges and billing make costs difficult to predict. The larger enterprise will often take the strategy of building the infrastructure as needed and then scale back to meet or reduce the cost. SMB typically does not have this type of latitude with budget constraints and will opt toward the more predictable national or regional cloud provider.

The regional or national data center is a better fit for SMB because of their ability to conform to the businesses needs. Often SMB will have unique circumstances requiring a customized plan for compliance and security or special network requirements. Also, this type of cloud provider will provide an allowance of internet bandwidth in the monthly charges. This eliminates unpredictable transaction fees the hyperscaler charges. In this way, the business can predict their monthly cloud cost and budget accordingly.

There are times when an application doesn’t work well in the cloud infrastructure, yet it is still required for the business. This is when a hybrid cloud environment can be implemented. Hybrid cloud in this instance is created when some applications move off-site while others stay and are managed separately. The challenge is to integrate, or make seamless, this non-cloud application with the other business processes. Over the long term, the application creating the hybrid environment can be repurposed to fit in the cloud strategy. Options include redeveloping the existing software to a cloud native architecture or finding a similar application that works more efficiently in a cloud environment.

Design: a cloud strategy.

A cloud strategy requires not only a strong knowledge of IT infrastructure but also a clear understanding of the business’s operations and processes. It is vital that the customer operations and management teams are involved in the cloud strategy development. Details regarding regular compliance and IT security need to be considered in the initial phases of development rather than later. The technical leader of the project will communicate a common strategy of building a cloud infrastructure wider as opposed to taller. Cloud infrastructure is better suited to have many servers with individual applications (wide) instead of one more powerful server handling many applications (tall).

Once all the critical business operations are considered, a cloud readiness assessment (CRA) can be developed. A CRA will dig deep into the business’s critical and non-critical applications and determine the cloud infrastructure needed to support them. In this stage, each application can be considered for its appropriate migration type. A “lift and shift” migration will move the application off-site as is, however some type of cloud customization may be completed before it is migrated. Connectivity also needs to be considered at this stage. This includes the bandwidth required for the business and its customers to connect with the cloud applications. Many times, an additional private and secure connection is required for access by IT managers or software developers through a VPN that will be restricted and have very limited access. IP addresses may need to be changed to a supplier issued IP block to accommodate the migration. This can create temporary Domain Name System (DNS) issues that require preparation. Finally, data backups and disaster recovery (DR) need to be considered. Many believe migrating to the cloud inherently assures backup and disaster recovery and it does not! Both backups and DR objectives need to be uncovered and planned out carefully.         

Execution and day 2 cloud.

Now that the best cloud provider and the application migration timeline have been determined, the project is ready for the execution phase. The migration team should have performed tests on the applications as a proof of concept (POC) to assure everything will work as planned. After the tests are complete, the data will then be migrated to the provider via an internet connection or a physical disk delivered to the provider. The business’s IT infrastructure has now been moved to the cloud, but the work is not over. The business’s IT infrastructure is in a place called cloud day 2.      

The two services that deliver and assure success in your cloud going forward are monitoring and support. These can be handled internally, or they can be provided by the cloud supplier or another third party. When purchasing the professional services from the cloud provider, it is important to understand their helpdesk operations and have expectations for response times.  Make sure you discuss service level agreements (SLAs) for response both during business hours and after. The service provider should be monitoring the health or “state” of all VMs and network edge devices; security falls under these ongoing services. Many security-minded organizations prefer a more security focused third-party provider than the cloud provider itself. It is critical to understand the data backup services that have been included with your cloud instances. Don’t assume there is an off-site backup included in the cloud service, many data center providers have additional charges for off-site backup. DR goes well beyond backups and creates data replication with aggressive SLAs to restore service during an outage. An often-overlooked part of DR strategy is the “fallback” to your primary service location once the primary site has been restored to service.

A migration of IT infrastructure is a complicated process that needs to be performed by a team of experts. Just as important, the team needs to be managed by a seasoned project manager that has your business interests as primary. This is accomplished when the project manager is not a part of the cloud provider’s team. Having the right manager and team can assure your business can migrate to the cloud without a disruption to your business. Two Ears One Mouth IT Consulting can be the partner that guarantees a successful cloud migration.

If you would like to talk more about cloud migration strategies contact us at:

Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net

we listen first…

Security and Cloud

Security in the Cloud

by Jim Conwell, posted in Business Practices, Cloud Computing, data center, IT Security, protecting cloud resources

When cloud computing first gained acceptance and began to gain momentum in business IT security became a headwind holding it back from even greater acceptance. After all, the IT manager may have thought moving his/her data from the premises to an off-site location is sure to be risky. Similarly, they wondered how their data could be secure when they don’t own and manage the hardware it resides on or even know where it is. While these arguments seem logical, logic does not equal security. How the data is protected is far more important than where it is geographically speaking regarding security. Many times, the data center or cloud provider is better at laying the foundation for IT security than the IT leader of a business, but it is best when there is a team effort between the two.

Beginning with Compliance

Many businesses today are faced with the challenge of regulatory compliance in their IT services. Compliance is a complicated and tedious process that includes not only IT operations but virtually all aspects of the business. A regulated business needs to consider processes that affect the datacenter as well as other departments such as employee and visitor access to data, audits and reporting, and disaster recovery. These are functions that data center providers consider as a primary part of their business. These practices are defined by certifications, with today’s most common certification being Service Organization Controls or SOC. Today you will find most data center using SOC 2. SOC 2 is a set of standards the data center complies with and reports on to satisfy their customer requirements. The audits of SOC 2   will authenticate the data center is doing what it says it does regarding monitoring, alerts and physical security. When a business moves or migrates their IT infrastructure to a SOC 2 compliant datacenter they are assured to have met their compliance goals without managing the difficult process themselves.

Encryption, Cloud Securities Best Practice

Many of the most valued processes of IT security in whole hold true for a cloud and data center environment. No single exercise is as important as encrypting the vital data of the business. Encryption is one of the most effective data protection tools because it converts the data into a secret code that renders it useless without a key. The encryption software produces a key that must be used to unlock and read the data. Data can be encrypted at rest, as when it resides in storage in the datacenter or in transit between the datacenter and the data users. Data encryption in transit is typically created by an appliance that creates a Virtual Private Network (VPN). Encryption is a vital technology to secure data wherever the data resides, encrypting the data in transit is an additional layer of security that helps keep data secure as it moves on and off site.

The Future of Security in the Cloud

It is difficult to predict future trends across industries, but this exercise proves to be especially difficult in technology. To consider how security in the cloud will be handled in the future it is important to understand how the cloud itself with be evolving. In cloud technology, containers are the technology that is gaining acceptance and market share at the current time. Containers are similar to the virtual machines (VMs) of today’s infrastructure but are more independent and create an environment for the use of microservices. Microservices is a concept that a single application for a business should consist of many smaller services instead of one monolithic application. This allows for greater overall uptime as the entire application doesn’t need to be taken down due to a single service requiring maintenance or an update. The same benefit can be realized for security. However, microservices can create a very complicated “mesh” of services that will complicate all aspects of the infrastructure including security. To alleviate these complications for security there have been opensource software packages developed. One helpful opensource software package is Istio. Istio is an opensource package that allows the infrastructure manager to secure, connect and monitor microservices. Itsio can be implemented in a “side-car” deployment where it will secure services from outside the service or container. Today we often think of security services, such as anti-malware as another application running within the server or VM it is protecting. Software like Itsio makes security more of an integral part of the application as opposed to something added to a completed solution. Opensource services like Itsio are making complicated systems easier to manage. Containers and microservices are the strongest evolving trends for the cloud, so one should look to them for the future of security in the cloud.

With each change in technology, the landscape seems to get more complicated. Security can add to the complication; however, it can be simplified if it can be considered prior to the service being developed as opposed to after. The cloud computing industry is taking the lead in corporate IT infrastructure as well as the dual role of creating new ways to approach securing a business’s data.

If you would like to talk more about security in cloud strategies contact us at:

Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net

www.twoearsonemouth.net

we listen first…

Should We Eliminate or Embrace Shadow IT?

by Jim Conwell, posted in BYOD, Cloud Computing, IOT, IT Regulation, IT Security

shadowit_image

With cloud computing’s acceptance in business coupled with the ease of entry and setup with public cloud offerings, the terminology of Shadow IT has reemerged. Wikipedia defines Shadow IT as “a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval”.

If the cloud initiated this reemergence, the Internet of Things (IOT) and the Bring Your Own Devise (BYOD) phenomenon’s have exacerbated it. When employees started bringing their mobile phones and tablets to the office they began integrating applications they used in their personal life to business. Likewise, Machine Learning (ML) applications have influenced corporate IT and its guidelines throughout the enterprise. Opponents say Shadow IT challenges the IT governance within the organization. What may appear to be a disadvantage to the IT department may be advantageous to the company. To follow are some of the advantages and disadvantages of shadow IT.

Advantages

  • Increased agility – departments within an organization can create their own IT resources without depending on the lag time and processes of the IT department.
  • Empowering employees – employees will be more productive when they feel they have the power to make decisions, including IT selections, on their own.
  • Increased creativity – putting the process of creating IT resources in the hands of the user often creates a better product and experience for that user.

Disadvantages

  • Security – Employees outside the IT department rarely consider security when implementing IT services.
  • Cost- When IT resources can be implemented at the employee level, as opposed to being purchased centrally, there will be wasted resources.
  • IT governance and compliance –Outside of the IT department, purchasers will not consider the regulatory concerns and governance. Processes and rules for IT need to be in place regardless if the resources are centrally implemented.

IT departments are not wrong to have contempt for the concept of Shadow IT. However, we believe they can learn to work with aspects of it. If a business can communicate across all departments and overcome the disadvantages listed above, we believe Shadow IT can be a win/win for the entire enterprise.

If you need assistance designing your evolution to the cloud or data center

please contact us at Jim Conwell (513) 227-4131      jim.conwell@twoearsonemouth.net      www.twoearsonemouth.net

 

What is a Software Defined Wide Area Network (SD-WAN)

by Jim Conwell, posted in Cloud Computing, data center, Edge Computing, IOT, IT Security

sdwan2

image courtesy of catchsp.com

The trend for software or applications to manage technology and its processes has become commonplace in the world of enterprise IT.  So common, in fact, that it has created its own prefix for IT solutions, Software Defined or SD. Virtualization software from companies like VMware revolutionized the way the enterprise built datacenters and coined the phrase “software defined network”. Today this concept has expanded out from the corporate datacenter to the Wide Area Network (WAN), and ultimately to the enterprise branch offices and even to customers. The Software Defined WAN (SD-WAN) can simplify management of the WAN and significantly reduce the cost of the telecommunication circuits that create the WAN.

What’s a WAN?

A Wide Area Network, or WAN, allow companies to extend their computer networks to connect remote branch offices to data centers and deliver the applications and services required to perform business functions. Historically, when companies extend networks over greater distances and sometimes across multiple telecommunication carriers’ networks, they face operational challenges. Additionally, with the increase of bandwidth intensive applications like Voice over Internet Protocol (VOIP) and video conferencing, costs and complications grew. WAN technology has evolved to accommodate bandwidth requirements. In the early 2000’s Frame Relay gave way to Multi-Protocol Label Switching (MPLS). However, MPLS technology has recently fallen out of favor, primarily because it has remained a proprietary technology.

Why SD-Wan?

MPLS, a very mature and stable WAN platform, has grown costly and less effective with age. The business enterprise needs to select one MPLS vendor and use them at all sites. That MPLS provider needs to look to a local telecom provider to provide the last mile to remote branches and possibly even the head end. This has historically brought unwelcomed blame and finger pointing as the circuit develops troubles or is out of service. It also creates a very slow implementation timeline for a new site. MPLS solutions are typically designed with one Internet source at the head end that supports the entire WAN for Web browsing. This will create a poor internet experience for the branch and many trouble tickets and frustrations for the IT team at the head end. SD-WAN can eliminate these problems unless it isn’t designed correctly, in which case it has the potential to create problems of its own.

SD-WAN uses broadband internet connections at each site for connectivity. The software component of the solution (SD) allows for the management and monitoring of these circuits provided by multiple vendors. The broadband connections are ubiquitous and inexpensive, provided by local cable TV providers. Broadband internet connections offer more bandwidth and are much less expensive than an MPLS node. Additionally, broadband circuits can be installed in weeks instead of the months required for a typical new MPLS site. In an SD-WAN deployment, each site has its own internet connectivity, the same broadband circuit that is delivering connectivity. This greatly increases the satisfaction of the branch users for internet speed and reduces total traffic over the WAN. However, it creates a challenge for the cyber security of the enterprise. When each remote site has its own internet, each site needs its own cyber security solution. Producing a valid cyber security solution can reduce the cost savings that result from the broadband internet.

Gartner recently has labeled SD-WAN as a disruptive technology due to both its superior management of a WAN and its reduced costs. Implementation of an SD-Wan implementation requires a partner with expertise. Some providers today pride themselves on having the best database to find the cheapest broadband circuits for each site. However, it is vital to pick a partner that also can provide an ongoing management of the circuits at each site and a deep understanding of the cyber security risks of an SD-WAN solution.

If you need assistance designing your SD-WAN Solution please contact us at:

Jim Conwell (513) 227-4131      jim.conwell@outlook.com      www.twoearsonemouth.net

#sdwan #sd-wan

 

COMPLIANCE, SECURITY AND GOVERNMENT REGULATION Can your business stay current?

by Jim Conwell, posted in Cloud and IT Consultants, IT Regulation, IT Security
compliance

In this time of IT security breaches, businesses of all sizes have become aware of the consequences of not having a solid IT framework and security policy. What previously was a concern for only large enterprises has now become a challenge all businesses share. Government regulation, such as the Health Insurance Portability and Accountability Act (HIPAA), have mandated compliance for the security of Protected Health Information (PHI) for any size of enterprise that stores PHI. A recent trend has been for large enterprise to relay their compliance and security requirements downstream to their suppliers which may be smaller businesses. One of the initial causes for this was the Target breach. Target, who was fully compliant with their regulatory environment,[1] (PCI DSS), was breached through an HVAC vendor. This Target business partner was primarily responsible for compromising credit card information for millions of its customers and causing large scale damage to Target’s finances and reputation. To learn more about the total cost of a data breach please see my previous article: https://twoearsonemouth.net/2017/11/22/preparing-for-the-cost-of-a-data-breach/ .

In addition to government regulation, industry associations have aligned to create a compliance standard for their data. One primary example of this is the PCI DSS previously mentioned above in regard to Target. PCI DSS develops a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents. The PCI Security Standards Council originates the standards for compliance to all credit card information as well as an approved list of assessors who audit and validate an entity’s adherence to PCI DSS.

Businesses are not completely on their own to navigate through this complex regulatory and IT security environment. There have been a series of IT frameworks developed that an organization can use to reach their goals. These frameworks describe IT “best practices” which are written in general terms. Typically, businesses use them as a reference to achieve regulatory or security compliance. Below are some examples of the most common IT frameworks available today:

  • COBIT– A framework designed by Information Systems Audit and Control Association (ISACA) to provide management and business process owners with an IT governance model that aids in delivering value from IT and understanding the management of risk associated with IT.
  • ISO 27002– An IT security standard originated and maintained by the International Organization for Standardization (ISO) and the International Electro Technical Commission. (IEC)
  • ISO 38500– Similar framework to ISO 27002 for IT used by management and originated and maintained by the International Organization for Standardization (ISO) and the International Electro Technical Commission. (IEC)

IT security best practices at the highest level can be classified in 3 categories; physical safeguards, administrative safeguards and technical safeguards. Below is a brief description of each.

Physical Safeguards are tools such as alarm systems (video), key card systems, secure locks for offices and drawers where laptops and phones are stored, a guard or receptionist always at the front door and a secure IT server room.

Administrative Safeguards are processes that include creating a security officer and/or department, creating training programs to make all employees aware of what data needs to be protected and how it is protected, a company policy for storing and archiving of protected data and business continuity policies.

Technical Safeguards are IT tools such as Unified Threat Management (UTM) and Next-Gen firewalls, malware and virus protection software on servers and workstations, encryption of data in transit and at rest and a strong Business Continuity and Disaster Recovery (BCDR) plan that is tested on a regular basis.

Following these principles and best practices not only help to achieve a business mitigate risk  but also make good business sense.

 

Contact us so that we may learn more about the IT challenges within your organization. We will provide an initial consult at no cost! We can provide best in class IT Project Management in Cincinnati or remotely.

Jim Conwell (513) 227-4131      jim.conwell@outlook.com      www.twoearsonemouth.net

[1] PCI DSS is an acronym for Payment Card Industry Data Security Standard. PCI DSS is an industry based regulatory authority for the credit card industry.

above image courtesy of RF IDeas