Azure Governance: Defining Your Organizational Hierarchy

Written by Joe Kozlowicz on Wednesday, October 2nd 2019 — Categories: Azure, Cloud Hosting, DevOps, IT Operations, Microsoft

A fundamental building block for your successful adoption of cloud services is the organizational hierarchy, a mode of organizing your cloud services, resources, and virtual machines in such a way that you ensure cloud governance and can better resolve billing within your organization.

Cloud governance is the answer to common questions like:

• “How do I keep my data compliant with industry regulations?”

• “How can I implement chargeback within my organization so I know which departments are consuming cloud services and account for that usage?”

• “How can I mandate security and access measures across our cloud environment?”

By implementing a flexible set of controls and overall organizational hierarchy within Azure, you can enable adoption of the cloud services your business units require and avoid shadow cloud use. A well-designed enterprise cloud environment can accommodate modern agile practices alongside traditional workloads.

Here’s how to structure your organizational hierarchy within Azure so you can set governance requirements and encourage speed of delivery for your individual departments and business units.

Continue Reading...


When It Comes to Application Security Testing, Should You Go Dynamic or Static?

Written by Joe Kozlowicz on Thursday, September 26th 2019 — Categories: Patching, DevOps, Security

There are two main categories of application security testing: dynamic and static. They can be thought of as testing from the outside-in and from the inside-out, respectively.

Dynamic testing is performed as an application is running and focuses on simulating how an outside attacker might access that application and associated systems. Static testing, on the other hand, examines the code itself and related documentation, often throughout the actual development process, to try and discover potential vulnerabilities before the application reaches production.

Should you use DAST or SAST for your applications? In truth it is not an either/or situation, as DAST and SAST are complementary and evolved indivually. First let's take a look at the key differences between them.

Continue Reading...


Ransomware Attacks Ramp Up on State and Local Governments

Written by Joe Kozlowicz on Wednesday, August 28th 2019 — Categories: Security

Ransomware is a digital attack in which an executable or malicious link opened by an unsuspecting (and likely untrained) user installs a program that blocks access to applications, phone systems, and/or data until a ransom is paid. It’s been making the rounds for many years now. But only lately have hackers begun zeroing in on a specific vertical: state and local governments.

In 2019, over 22 governments have been affected by ransomware – and that number was prior to recent news breaking that an additional 22 small towns in Texas were all targeted in a single coordinated attack.

Over 200 state, county, or city government IT systems have been targeted in recent years. With thousands and thousands of cities and towns across America, that may seem like a drop in the bucket. But ransomware is becoming easier and easier to distribute and users continue fall victim; usually via phishing emails or web exploits that deliver malware without any user action outside of visiting an apparently innocuous site.

Why are governments becoming a preferred target for ransomware? And how can you improve your chances of avoiding or mitigating ransomware?

Continue Reading...


Top Priorities for Securing Office 365

Written by Joe Kozlowicz on Wednesday, August 14th 2019 — Categories: O365, Security

Migrating e-mail and productivity apps to the cloud is a no brainer. Continuous updates, access from anywhere, no need to manage the supporting servers and associated hardware…the benefits are clear. As with any IT outsourcing, however, careful planning around security measures is essential. And with your O365 environment exposed to the public internet, security best practices are even more important.

While securing Office 365 is an ongoing effort, there are several top priorities that should be first to be addressed after your migration.

Continue Reading...


Five Key Questions to Control Cloud Costs

Written by Joe Kozlowicz on Friday, August 9th 2019 — Categories: Azure, Cloud Hosting, IT Modernization

With some organizations looking to move cloud workloads back on-premises to mitigate costs and regain control over their hardware and audit trails, you might be questioning cloud-first and cloud-only initiatives for infrastructure procurement.

After all, for years marketing pushed lower overall costs after migrating to the cloud. So what gives? Why are many cloud workloads ending up more expensive than their on-prem counterparts?

You've probably heard the old joke before that the cloud is “just someone else's data center.” That may have been true a decade ago, but no longer.

Forcing a cloud migration is not the key to savings. You must understand the business value, catalog and think deeply about the existing and desired state of your infrastructure, rearchitect your workloads, and adjust your workflow to this new paradigm. Here are the five key areas you need to plan things out.

Continue Reading...