Michael Johnson

Is DevOps Automation of IT Security a Better Move?

At a recent Security Roundtable that took place at Search IT Operations, one of the topics discussed was when a company should migrate their IT security to DevOps. Should it only be when IT departments are understaffed and have to resort to technology policing itself, basically, or should it be used only when there is competent staff on hand to monitor it? Some argue that it is a much better choice, to be able to “set and forget” cloud-based security parameters, with only intermittent monitoring required by IT staff members who can then quantify and track other more “hands-on” areas of IT operations. Others say that a company’s IT security and cyber threat assessment shouldn’t be left to such an “abstraction”.

Devops IT Security

Choosing Hands-Off IT Security

Many in IT circles are discussing just what “DevOps maturity” means for their company data centers and networks. The arguments go back and forth – some in favor of having a cloud-based security watchdog which can detect and auto-filter out cyber threats and other data breaches, and some saying that it’s leaving too much up in the air by basically having machines watching the machines. It appears IT security pros are pretty evenly split, with some leaning more towards seeing the benefits of having DevOps “beyond the cloud,” and some “server huggers” seeing human-controlled infrastructure as the best basis for ongoing security in data networks.

Experts Weigh In

The benefits of Amazon Web Service’s CloudTrail allow server huggers and less hands-on IT department staffers to be able to log all kinds of information that a human just wouldn’t have the capacity or time to. said Sven Skoog, information security officer at Monotype Imaging Inc., a design firm in Woburn, Mass, had this to say about it: “There are a lot of metadata asset tag changes that indicate whether [an action] was employee activity or if [the system] was externally compromised, so I might like to have that information on record.” Mark that a “Yea” vote for the DevOps security tool. IT firm Alert Logic sees it slightly different, preferring the hands-on checker of “acceptable-use alerts” to handle being the watchdog, with “chief security evangelist” Stephen Coty commenting, “Ninety-nine percent of the time, it was a false alarm. But that 99% of the time, nobody knew I was actually touching the box. With CloudTrail, you know.”

DevOps “In the Cloud”

Recently-innovated tools have pushed DevOps in the Cloud to the viable stage of being an abstract, learning situation that can allow the cloud-based tool to scan and parse alerts and decide if they are sensitive or threatening enough to cause a shut-down of user permissions within a given IT network interface. Ever-newer models are allowing more and more IT departments to realize “hands-free security”. Many new-fangled terms are being tossed around to describe the novelty of abstract security, such as service-oriented architecture (SOA), modular computing, and Web services, but they all roughly amount to the same thing – leaving cloud-based security in its own hands.

Implications and Solutions

Whether you agree or disagree with “DevOps in the cloud” thinking, the fact is that you can use this issue as a litmus test for an IT services firm that’s cutting-edge. If you ask them about this and they say “Huh?” perhaps it’s best to move on to one that can get you closer to viable, hands-off cloud-based security. InfiNet Solutions is the leader in providing managed IT services in Omaha.  Contact our expert IT staff at (402) 895--5777 or send us an email at [email protected], and we will be happy to answer your questions.

Is DevOps Automation of IT Security a Better Move? Read More »

Office 365 Users Beware: A Bold New Ransomware Threat Emerges

If you had to make a list of the most pressing threats that Internet users face today, ransomware would undoubtedly be right at the top. Now, thanks to a massive zero-day attack by a particularly tricky group of hackers, Microsoft Office 365 users in particular need to be incredibly careful moving forward.

Ransomware Office 365

What is Ransomware?

At its core, ransomware operates a lot like a traditional computer virus with a particularly sinister twist. When a rogue piece of software is downloaded and executed on a user’s computer, it snaps into action and actually encrypts the contents of that drive almost immediately. Encryption essentially “scrambles” information, making it impossible to get at a particular block of data without the appropriate encryption key.

Because only hackers have the encryption key, this essentially locks a user out of their own data. Their only choice is to pay a predetermined “ransom” to get access to the keys and to get their information back, but even this is not a guarantee.

Why Office 365 Users Should Care

Previously, ransomware only targeted files stored locally on a computer’s hard drive – meaning that anything that was stored in Microsoft Office 365 or another cloud-based service would be unaffected. According to a new report published by Avanan, however, this is no longer the case. Even though Office 365 has a number of sophisticated security tools built-in designed to prevent exactly this type of thing from happening, new variants of the “Cerber Ransomware” strain are now going after Office 365 email users in particular.

This means that if you were previously counting on Office 365 to alert you to any vulnerabilities and to prevent this type of thing from occurring, you’re out of luck. It is now more important than ever to follow Internet safety best practices and, if you’re a business owner, to educate your own employees of the same.

By far, one of the best ways to avoid becoming a target of ransomware is to avoid downloading files from senders that you are not already familiar with. If you get a random email out of the blue that has a file attached, do NOT download it and execute it on your computer. Also be on the lookout for clear signs of phishing and other types of SPAM email that could have these files hidden inside.

Regular backups to a secure, off-site location are also important as if you DO fall victim to a ransomware attack, these could be your only way to get things back up and running again when you come out safely on the other side. Even if your entire hard drive is encrypted, you can still wipe the entire operating system and start from scratch. You can then restore your system using the most recently available backup copies, circumnavigating the ransomware’s encryption and picking right back up where you left off.

This will only work, however, if the backups are stored in a secondary location NOT connected to the host computer. If they are only stored in a separate location on the same hard drive, they too will be compromised during the attack.

At InfiNet Solutions, we’re incredibly proud that you’ve chosen us as your go to source for all of the technology tips, tricks, news and other information that you need to run the type of business you’ve always wanted. If you’re looking for more information about this or any of the other important industry topics that we’ve covered, please feel free to send us an email at [email protected] or to give us a phone call at (402) 895--5777 today to speak to someone in more detail.

Office 365 Users Beware: A Bold New Ransomware Threat Emerges Read More »

Why IT Security for the Manufacturing Sector is So Vital

The manufacturing sector of our economy at large presents many challenges for business owners who plan on keeping data regarding proprietary information on goods and production methods safe and secure. Consumer goods in particular are big business, but can also present a major liability in terms of data center and networking security, compliance issues, and data theft. Theft of trade secrets and intellectual property costs manufacturing companies untold millions per year in the aftermath of a cyberattack or other type of data theft.  And although the newly-penned Defend Trade Secrets Act (DTSA) provides some relief in the form of federal civil action in the event of substantial trade data absconding by hackers and data thieves, the best action for SMEs and large corporations under the aegis of complete data protection surety is to have managed IT services in place.

Information Security

A Clear and Present Danger

According to a Verizon Data Breach Investigation Report in 2014, “Companies in manufacturing are most likely to face security threats such as cyber espionage, denial of service and Web applications attacks.” Their 2016 report shows how emergent and critical the data breach threats to companies in the financial and manufacturing sector are. “Cyber espionage” privilege misuse is on the rise, according to Chintan Gohil speaking within Verizon’s 2016 report, referencing over 2,000 notable data breaches where Web applications in particular, are opening companies up to clear and present dangers via both infiltrators and “exfiltrators” who abuse permissions to gain access to sensitive data like manufacturing trade secrets which can cost companies millions.

Hard Statistics

A 2015 global study surveyed 9,700 executives worldwide in the business and technology sectors. When examined on a by-industry basis, the study reveals that around 75% of the industrial manufacturing entities said they detected notable security incidents in the preceding 12-month period. Roughly 20% reported they had detected 50 or more such incidents, while 18% said they had noted between 10 and 49 security threats. One rather shocking statistic on this point shows that 36% of the business leaders surveyed identified employees as the number one potential data security threat.

Reliable Protection

Based on the clear evidence that manufacturing companies are facing the greatest threat to their IT networks yet in 2016, in the form of cyber espionage, or spying, which has underscored the need for significant investiture in shoring up holes in cyber defense and security. Other threats are, as mentioned, employee data breaches, which are the result of poorly managed or mismanaged mobile devices and data centers. Mobile device management (MDM) goes a long way in keeping employee cell phones, iPads, smartphones, and other mobile devices encrypted and protected from proprietary data theft. Getting reliable protection for your mobile devices and network entire is simply a matter of finding an IT services firm who acts as an outsourced team player. Often less expensive than hiring and training an IT department in-house, having an information technology MSP in your corner day and night, 24/7/365 acts as the first and last line of defense between you and trade secrets theft that could mean millions in litigation and recovery time cost.

Trust the IT Professionals

It’s worth the investment in solid IT security management via professionals who are up to speed on all the latest technology and techniques to keep their clients’ data centers and network safe. InfiNet Solutions is the leader in providing managed IT services in Omaha. Have questions? Call (402) 895--5777 or send us an email at [email protected].

Why IT Security for the Manufacturing Sector is So Vital Read More »

Digital Transformation: 4 Ways SMBs Can Profit From It

Four ways businesses can profit from digital transformation.

Digital transformation allows SMBs to rub elbows with the large businesses they could one day become. However, many SMBs don’t have an honest game plan when it comes to taking advantage of a digital transformation. With this being said, here’s a look at four ways SMBs can profit from a digital transformation.

Digital Transformation

  1. Adaptive IT – Given how much the market changes, you’re going to have to move rather quickly in the event of a transition. Thankfully, services such as productivity through the cloud and the virtualization of server-based applications allow businesses to respond to an opportunity (or threat) almost immediately.
  2. Basic Methods for Backing Up Data – When it comes to the ever-changing market, you’re going to need to back up your business data to compete. Although many assume that backing up data may be too complex or too expensive, cloud storage has made it possible to cater to any business needs in terms of storage and assistance. By removing the high costs and complexity commonly associated with data storage, SMBs (utilizing cloud storage or server-based applications) can have a shot when it comes to competing with large businesses.
  3. Scalable Storage for Data – When you begin learning how to utilize digital business to your benefit, you’ll notice that there’s quite a bit more storage available than you thought. Thankfully, there are plenty of data storage programs that allow you to scale how your business manages and stores information to fit your needs. These methods of data storage also allow businesses to seamlessly adapt to the workflow they are currently receiving (regardless of how business is going).
  4. Data Protection – Once you have your digital business practices up to par, you’ll need to consider how your IT is going to protect your business information. To begin, you’ll need to make sure that your business is running current, up-to-date software on all devices. For example, if you’re using Windows on your PCs and devices, Microsoft Enterprise Mobility Suite allows you to manage many devices from one service. To make matters even better for employees, the program can keep corporate data and personal data separate. This allows employees to get work accomplished from many different locations (without compromising any security).

Considering the information above, it’s important to take advantage of every opportunity when it comes to profiting from a digital transformation. Thankfully, InfiNet Solutions is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (402) 895--5777 or send us an email at [email protected] for more information.

Digital Transformation: 4 Ways SMBs Can Profit From It Read More »

The Cloud and Intelligent Business Disaster Recovery

A Match Made in Heaven

Thanks to the power of the cloud, true intelligent business disaster recovery is now easier than ever. However, this doesn’t mean that you don’t still have a lot of work ahead of you. The cloud is a tool, much like a hammer. It is very possible to use a hammer in the wrong way if you’re not careful. Only by keeping a few key things in mind will you create a cloud-based environment that supports you today and protects you in the event of a disaster tomorrow.

Disaster Recovery

1. It’s All About the Long Term

Cutting corners today in terms of intelligent business disaster recovery is one of the best ways to create problems for yourself tomorrow. The cloud is only a means to an end – it is not the end itself. Companies looking into secure backup and disaster recovery solutions need to implement the cloud as part of their long term plan, not allow the cloud to BE the plan.

2. Maximize Your Existing Resources

Taking advantage of hybrid-cloud technologies is one of the best ways to not only create a true intelligent business disaster recovery solution, but to also increase the return on investment of your existing resources at the same time. Your on-premise environment doesn’t have to be replaced by the cloud just yet – instead, it can be supported.

3. In With the New

One of the great things about the cloud in general is that it is agile. By taking the time to develop a secure, multi-tenant cloud architecture, organizations not only unlock the benefits of intelligent business disaster recovery but also can create redundant or “failover” processes in house in an effort to cut costs.

4. The Cloud is Only as Good as Its Architecture

When implementing the cloud as a part of your business disaster recovery process, it is necessary to understand exactly how your enterprise applications are designed. Just replicating a virtual environment from one machine to another may not be enough to guarantee continuity in the face of a disaster. You need to understand exactly what requirements there are for each individual application to have the best chance at success moving forward.

5. Not Everything is Worth Protecting

When developing your cloud friendly business disaster recovery solution, you need to understand that not all data is created equally. If you must rely on a limited disaster recovery plan, you need to assess which applications and data are mission-critical and often used and which ones are not.

6. Disaster Recovery and Business Continuity are Not the Same Thing

The key to an intelligent business disaster recovery plan involves an understanding that disaster recovery and business continuity are two different things. Disaster recovery answers the question “how am I going to get everything back online again in the event of a disaster?” Business continuity answers the question “how do I make it appear like nothing ever happened in the first place and resume productivity” in the same situation. The cloud should service both masters simultaneously.

7. Backup + Replication = Success

Your business disaster recovery plan should always be created via a combination of on-site backup and off-site archiving to maintain durability at all times. For certain mission-critical applications, real-time replication may be necessary. For others, simple off-site backups will do. The cloud can help you accomplish both of these things at the exact same time.

Users all over the world are in agreement: InfiNet Solutions is their most trusted source for all of the technology tips, tricks and breaking news they need to get the most out of their devices and systems. To find out more information about this or any of our other topics, please contact us today at (402) 895--5777 or by sending us an email at [email protected].

The Cloud and Intelligent Business Disaster Recovery Read More »

Call Now Button