The InfoSec Student Part 3: A Focus on the Fundamentals

Written by Daniel Deter on Thursday, August 22nd 2019 — Categories: IT Operations, Security

In InfoSec we continually encounter the unknown, the unfamiliar. Technology marches ever forward, application design matures, bells and whistles chime and toot. This commonly results in the InfoSec professional needing to responsibly secure technology that they don’t holistically understand. Attackers know this, for it is within those gaps in understanding that malicious activity may most readily occur and may do so without notice.  

A common InfoSec response to the unfamiliar is to attempt to cover all potential angles of attack, regardless of whether they are pertinent to the technology. This is done in order to ensure that we meet both risk and governance management goals. The result of this approach is rarely better security. Rather, it typically results in unnecessarily complicated security control implementations that are neither functional (e.g., they don’t do what we want/expect them to do) nor operational (e.g., our personnel can’t adequately manage them). 

How do we avoid over-complication in our security controls? We focus on the fundamentals: Preparation, Awareness, Response. 

Continue Reading...


Azure Functions and Logic Apps: Differences and When to Use Them

Written by Joe Kozlowicz on Wednesday, July 10th 2019 — Categories: Azure, Datacenter Automation, Cloud Hosting, DevOps, IT Operations, Microsoft

Microsoft Azure offers native serverless computing features. Two of the most crucial to master are Azure Functions and Azure Logic Apps. Each of them help enable business logic that automates your Azure workflow, but they have key differences and in fact can be used together in a complementary manner to offer flexible, powerful control over your cloud resources.

Let’s take a closer look at how each of these serverless automation platforms work within Azure and some use cases for them.

Continue Reading...


Integration as a Service Connects Your Apps to the Cloud

Written by Joe Kozlowicz on Wednesday, July 3rd 2019 — Categories: Managed Services, Multi-Cloud, Cloud Hosting, DevOps, Enterprise Applications, IT Operations, Software Development

Hybrid cloud management spans beyond setting up your IaaS environment. The majority of enterprises use a mix of on premises infrastructure (both legacy and newly deployed) and cloud-based resources. Often a major hurdle remains: applications that are not ready to connect to the cloud.

Enter Integration as a Service. We know, we know. Everything as a Service overload! This emerging field involves a vendor who can help architect enterprise IT apps to work across on premises and cloud environments, complete with real-time exchange of data.

How does Integration-a-a-S work and what should you expect from a cloud integration provider?

Continue Reading...


The Infosec Student Part 2: DevOps is the Answer to Engagement Sprawl

Written by Daniel Deter on Friday, June 28th 2019 — Categories: DevOps, IT Operations, Security

If you’ve newly set foot on the path of an InfoSec student, you will benefit from understanding this topic. If you’ve been around awhile, you’ve lived it.  

There are two basic types of Information Security engagements in terms of how they are scoped. This is most applicable to managed services providers (MSPs), though it remains relevant to a practitioner supporting an internal corporate or public sector security team. For the sake of simplicity, I’m going to call them FFP and T&M. The purpose of this blog isn’t to dig deep into financial models, but rather to discuss, in a simplified manner, how they drive the delivery of work. And then, to discuss an alternative model.  

With both Fixed Firm Price and Time & Materials engagements – and really any other model of InfoSec contract scope – there are some overlapping goals and realities. 

Continue Reading...


Agile Methodology for Cloud Administration is Like Peanut Butter and Jelly

Written by Josh Larsen on Thursday, May 23rd 2019 — Categories: Cloud Hosting, DevOps, Enterprise Applications, IT Modernization, IT Operations

DevOps — the marriage of the development and operations departments within a software organization — and Agile methodology have been mentioned alongside cloud computing for years now, and with good reason. Using Agile in the cloud is a classic pairing that goes together like peanut butter and jelly or macaroni and cheese…okay, let me go grab a snack before this simile gets me drooling.

But seriously, even if Agile and cloud technology aren’t as tasty as PB&J, they can still have you smacking your lips in satisfaction as you react to business problems with technology solutions in a much faster and more reliable manner.

Here’s why Agile software development practices work so well when you’re working with cloud infrastructure, even if you aren’t a software development company.

Continue Reading...


Three DevOps Pitfalls to Avoid

Written by Joe Kozlowicz on Wednesday, May 15th 2019 — Categories: DevOps, IT Modernization, IT Operations, Software Development

As you transition towards CloudOps, DevOps, DevSecOps, and general continual iteration and continuous improvement type IT management strategies, there are a number of common mistakes you’ll want to avoid.

DevOps at all costs is not going to provide any additional business value. Nor is it likely to be great for your IT team morale. Make sure you keep in mind these three common DevOps pitfalls as you evangelize and adopt DevOps practices throughout your IT department or larger organization.

Continue Reading...


The InfoSec Student Part 1: InfoSec Roles and Archetypes to Close the Skills Gap

Written by Daniel Deter on Tuesday, May 7th 2019 — Categories: DevOps, IT Operations, Security

It is generally understood, with broad industry concurrence, that an InfoSec skills gap exists and presents a significant challenge for those of us responsible for managing risk within an organization. To close the skills gap, an organization must first understand the competencies required by security teams in their pursuit of information technology risk management.

Information security consists of three core archetypes: builders, breakers, and defenders. It is through recruiting and building the skills of these archetypes that the foundations of highly functional security teams are formed.

Continue Reading...


Defining Your Enterprise Monitoring Strategy: Close the Gaps with SCOM 2019 and Azure Monitor

Written by Sameer Mhaisekar on Wednesday, April 17th 2019 — Categories: Azure, SCOM, Datacenter Automation, Cloud Hosting, Enterprise Applications, IT Operations, Microsoft, Monitoring, White Papers

When using Microsoft technologies in your enterprise IT stack, you have a few native options for systems monitoring and alerts. Two recent product developments — folding Operations Management Suite (OMS) functionality into Azure Monitor, as well as the release of the new SCOM 2019 — have reignited the debate to determine whether Azure Monitor can entirely replace the long standing, good-old SCOM (System Center Operations Manager).

In a way, I feel this comparison is a bit unfair, like comparing apples with oranges. Ultimately the two products can work together and overlap in order to eliminate monitoring gaps in your environment. So which monitoring solution would work the best for your enterprise? Let’s try to figure out!

Continue Reading...


Importing Data Into Beekeeper Patch Automation Software

Written by John Hann on Tuesday, March 26th 2019 — Categories: Software, Patching, Datacenter Automation, Enterprise Applications, IT Operations, Beekeeper Software, Documentation

When you enter data into Beekeeper Patching Automation, you use the UI to add servers groups, Windows Failover Clusters, and Exchange DAGs.  Then, you assign validation tasks to these server groups or clusters.  To create the execution job, you assign the server groups or clusters to a schedule.  This can be time consuming.

I have created PowerShell scripts to do these tasks.  In a series of blog posts, I will share these PowerShell scripts and go over their usage.

The first PowerShell script will export servers from an SCCM collection into a CSV.  Then another script will import that CSV to create the appropriate Application groups, Windows Failover Clusters, or Exchange DAGs.

Continue Reading...


Implement Cloud Tagging to Simplify Automation and Administration

Written by Joe Kozlowicz on Thursday, March 21st 2019 — Categories: Azure, Multi-Cloud, Datacenter Automation, Cloud Hosting, IT Operations, VMware

Whatever your cloud or virtualization platform of choice, you can implement tags on your resources in order to easily apply configuration changes or search by group.

As multi-cloud environments continue to become more and more popular and your virtual servers, storage, and associated components sprawl across various providers, efficient governance becomes even more critical.

By implementing a cloud resource tagging policy, you lay the groundwork to consistently apply automated or manual actions relating to allocation, reporting, chargeback, compliance, security, patching, software installation, and even decommissioning or scaling resources when required.

Continue Reading...

Chat Now