While the goal of most infosec professionals is ostensibly to prevent data breaches and security incidents, the daily headlines about major hacks prove that no one is completely safe. If — or perhaps we should say “when” — you are breached, one of the first steps is to perform digital forensics to help locate the attack vector, identify compromised systems, and tag any stolen data.
Cloud environments further complicate the digital forensics process, especially in an increasingly multi-cloud world, where multi-tenant hosting environments and hybrid IT infrastructure is more and more common.
Preparing a cloud forensics protocol can help your organization reduce the overall cost of a security investigation and disclosure, quickly figure out how the attacker gained access, restore system operations faster, and even garner discounts on any cyberinsurance you may have.
While many organizations combine Security and Compliance under a single banner, and there is nothing inherently wrong with having a Chief Security and Compliance Officer or managing risk mitigation under a single umbrella, the fact is that compliance and security measures are two overlapping but inherently different practices of information security.
Compliance standards often change quickly and require quite a bit of work to ensure enforcement across an entire organization. Audit trails, regulator inspections, minimum mandates…they have to be tracked and adhered to 24/7. But meeting compliance standards often puts blinders on a security administrator.
Simply meeting a compliance measure — or even four or five — does not mean that your infrastructure is up to snuff with security best practices. Nor does following industry standards of security guarantee that you’ll meet your next compliance audit.
Cloud servers are easy to provision and configure. Maybe too easy. That’s why many organizations are finding their cloud spend spiraling out of control. If you have recently experienced shock and awe at your monthly cloud bill, you may need to examine your environment for optimization opportunities.
Here are four of the top areas to reduce your cloud sprawl, and by extension, your cloud spend.
While your admins might have virtualization experience, transitioning to a cloud-first IT strategy involves a real paradigm shift across your entire IT team. You’ve heard some of this before: you’ll be more agile, your team will be focused on service delivery instead of hardware, you’ll work on business issues rather than break/fix.
What you may not have considered are how the roles of your new cloud team may shift from previous responsibilities, or just how far reaching the culture change may be. Here are some tips to build a successful cloud service team within your organization.
If you’re like many modern organizations, you’re looking towards a “cloud-first” IT strategy, where new workloads are architected with cloud deployment in mind, and older infrastructure is redesigned for the cloud as time and requirements allow. But you may also face a common obstacle to these goals: a cloud skills gap among your IT staff.
An ISACA report claims that it takes three months months to fill 55% of information security vacancies, and six months or longer for an additional 32%. Intel security discovered that 36% of organizations lack cloud skills, but are still continuing on their adoption path. Only 15% of the 2,000 surveyed IT professionals claimed they had no cloud skill shortage.
It’s clear that many enterprises and midize businesses may require help managing these new cloud environments — especially when departments are adopting shadow cloud and shadow IT services at an increasing rate, as the Intel report corroborates.
In the past decade, alongside the increased importance of digital tools for business, a new category of insurance has sprung up to cover digital data breaches and liability. With the average total cost of data breaches reaching $4 million dollars and the average cost of each lost or stolen digital record increasing to $158, it is clear that experiencing a data breach is an expensive affair.
While dedicated security response teams and encryption do decrease these costs, and IPS/IDS systems and other security measures can help reduce the risk, many organizations will still experience a data breach at some point.
Cyberinsurance can help mitigate the cost of a data breach by reimbursing your company for legal fees, helping with the cost of crisis management and investigation, notification costs, extortion liability fees, and third party damages relating to network or system outages. But does every organization need cyberinsurance?
We've all called a support vendor that makes us talk to a robot to get help. We've all had to go through a script of questions about things we've already tried or don’t even apply to the situation, just so we can get to someone that can actually solve our problem. We've all emailed a support vendor and wondered if they are really working on our problem. These communication challenges make getting support a process that many of us dread.
Some solutions to these problems include minimizing the number of systems involved and promoting strong communication to ensure the customer knows their problem is being addressed. We start by making sure the customer can reach a real person. We make sure that automated and canned responses are minimized so it's very obvious that the person needing support is getting a response from someone and not some… thing. We try to use only one ticketing system, only one email address, and only one telephone number for support communication.
These things help but it's still just not enough. It's what happens internally within the support team that really matters. This article is meant to focus on how hand-offs and escalation affect support case resolution. This article is meant to focus on how hand-offs and escalation affect support case resolution — and how improvements can help avoid SLA violations.
Automation, and in particular, computer automation, has changed everything from the jobs we do from the cars we drive. Naturally, it has reached the data center as well, the nexus that stores and controls many of the systems driving automation in other spheres. But, even in a world where hardware and software can function more intelligently than ever, it still takes people to make everything go.
Most of us have been in the spot where we just want something to work. When you fire up your laptop, you want the internet to come on, or when you look for your electronic files, you want them to be accessible in the last place you left them.
In the endless quest for uptime and systems that just work, software and hardware pieces of data centers have both seen increased automation — but the robots aren’t replacing human service technicians just yet.
For technical support technicians, sometimes the challenge isn't so much diagnosing the issue as it is effective communication with the customer/user/Aunt Bessie. As people who (usually!) understand the systems we are working with, miscommunication issues when working with other people can be frustrating for user and technician alike.
While the following won't make every single interaction a positive one, it's amazing the degree to which these two habits can transform a frustrating and unproductive troubleshooting session into a successful problem resolution. It's not magic, but sometimes it feels like it.
“Can my application run in the cloud?”
It’s a question we get more frequently than you might think — and the answer is almost always yes. Just yesterday, we got a web chat from an individual who wanted to know if a cloud server could run his e-mail server, SMTP-based, with PowerMTA, or if he would need a dedicated option. Mail servers are frequently run on virtual machines, so this configuration should pose no problem as a cloud server.
There are thousands of applications, running on a wide variety of operating systems, that play nice with VMware virtualization platforms (the basis of the gBlock cloud). Here are four hybrid cloud use cases to get you started.