References http://www.onlinetech.com/resources/references Mon, 11 Dec 2017 22:54:09 +0000 Joomla! - Open Source Content Management en-gb ariddle@onlinetech.com (OnlineTech LLC) Is public, private or hybrid cloud right for you? http://www.onlinetech.com/resources/references/is-public-private-or-hybrid-cloud-right-for-you http://www.onlinetech.com/resources/references/is-public-private-or-hybrid-cloud-right-for-you It was not that long ago when the word "cloud" referred only to the visible mass of condensed water vapor floating in the sky. In 2016, it is often used to describe almost anything on the internet. However, in the IT world, it refers to the physical and virtual infrastructure to host applications and store data and there is increasing pressure to "move to the cloud" because of the tremendous benefits. But which cloud is right for your business?

Well, it depends on what your business does. Do you have a lot of sensitive data that needs protecting? You’ll probably want a private cloud. Does your business do a lot of email or file sharing between employees? Maybe a public cloud would be a better fit. Or, maybe you need both.

Here’s a breakdown of each type of cloud:

Public cloud: Public clouds have their resources shared between customers, and are great for those looking to try out the benefits of the cloud or have an application that is coded to take advantage of the massive infrastructure resources a public cloud can provide. A common myth about public clouds is that because they are public, that means they aren’t secure. This is not necessarily true. Public clouds have come a long way, and many providers strive to keep up with the latest security technology. However, if your organization requires security to comply with federal regulations or are hosting truly mission-critical applications, you may need to look to a private cloud instead. Public clouds can store a variety of applications including CRM software, email, and websites and is typically best suited for applications which can afford to have downtime. There are plenty of companies who use public clouds, including Dropbox and Netflix.

Private cloud: Whereas a public cloud is spread across several companies, a private cloud is dedicated to a single business. You still get many of the same benefits as a public cloud, such as scalability and paying only for what you use, but if your business has security or privacy regulations to comply with, high uptime demands or other requirements that can’t be spread across a public cloud, then a private cloud may be a better fit. Because the hardware in a private cloud is dedicated solely for your organization, there are no unknown variables when it comes to who else might be sharing your resources—no one else is. This is particularly useful for complying with regulations such as HIPAA. Private clouds can be fully managed by a third-party provider, or you can manage them yourself if you desire.

Hybrid cloud: Hybrid clouds, as it might be guessed, use a little bit of both. It uses a mix of public and private cloud and sits on the spectrum between privately hosted and shared hardware. A hybrid cloud solution also makes sense for those who have certain mission-critical applications that must be hosted in a private cloud, but other applications that do not need the same expensive attention.

The hybrid cloud is particularly useful for businesses whose workloads vary drastically at various times. This type of deployment is called cloud bursting, and examples of organizations who benefit from it include retail companies who need extra resources during peak usage moments, such as holiday shopping seasons or clearance sale weekends. Another example of a hybrid cloud solution is a healthcare organization who needs to store patient data in a secure, compliant private cloud but can store its public-facing applications in a public one.

Want to learn more about cloud environments? Read more about private cloud security and our top 5 tips for cloud computing security, or you can download our white paper about adopting hybrid cloud.

blog hybrid cloud cta 1

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Sat, 27 May 2017 00:30:15 +0000
How can Disaster Recovery as a Service (DRaaS) protect your business? http://www.onlinetech.com/resources/references/how-can-disaster-recovery-as-a-service-draas-protect-your-business http://www.onlinetech.com/resources/references/how-can-disaster-recovery-as-a-service-draas-protect-your-business We’ve talked about continuous data protectiondeveloping a DR plan, and offsite backup. What do these things all have in common? They are all a part of Disaster Recovery as a Service.

Disaster Recovery as a Service (DRaaS) in its entirety offers the full suite of components of disaster recovery by a third-party vendor. It consists of a replication product (continuous data protection), an offsite backup product (point-in-time recovery), a disaster recovery plan and vaulting that plan so you can access it in an emergency. A DRaaS provider should also work with you to test your infrastructure, workloads, and all associated components of your applications, including the applications themselves.

dr 815x397

Why is DRaaS a good investment?

Building your own infrastructure can take a vast amount of time and resources and many businesses may not have access to those types of resources. Investing in a DRaaS provider can reduce the costs associated with this type of undertaking. The technology and infrastructure a provider has can offer peace of mind when it comes to backing up your business.

However, as with any outsourced IT project, there is a certain level of trust you have to place in your provider. With DRaaS, your provider must be able to implement the disaster recovery plan and meet the specified recovery point and time objectives without incident. That can be a sizable undertaking, so be sure to thoroughly vet your vendors.

DRaaS is just that—a service. Providers across the board can offer the same or similar technologies, but it’s the people who provide the service that will make the biggest difference when comparing companies. Do they claim to be compliant? Confirm that by checking their reports to make sure they’re practicing what they preach. If you have specific recovery point and time objectives, your DRaaS provider should work with you to achieve them, outlined in a service level agreement.

If you are looking to save money but already have a disaster recovery site in place, you can use a concept called reverse DRaaS. Reverse DRaas allows the customer to host their production environment with a cloud service provider, and in the event of a disaster, fail over to their own infrastructure. This particular service can be useful because it allows clients to use the latest technology for their main site, and then their own site for disaster recovery.

In the end, DRaaS is a good idea for businesses of all sizes looking to put at least part of their infrastructure in the cloud, and it can help give you and your organization a sense of relief when you have to face the unexpected. When researching DRaaS providers, don’t forget to do your due diligence by making sure they are compliant with whatever controls you need, whether that’s SSAE 16HIPAA or PCI. Finally, while the DR portion is key, don’t forget that the “S” stands for service – your provider is there to work with you to help your business whenever you need them! This is what will set each company apart from the other.

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Sat, 27 May 2017 00:42:08 +0000
Why disaster recovery is important to HIPAA compliance http://www.onlinetech.com/resources/references/why-disaster-recovery-is-important-to-hipaa-compliance http://www.onlinetech.com/resources/references/why-disaster-recovery-is-important-to-hipaa-compliance There are many aspects of complying with HIPAA regulations, and all are equally important to avoid facing the stiff penalties that come as a result of any violations. In addition to technical and physical safeguards for your PHI, the administrative safeguards of the HIPAA Security Rule require a contingency plan. This is comprised of a data backup plan, emergency mode operation plan, testing and revision procedures as well as application and data criticality analysis. We’ll discuss how critical a contingency plan is as it relates to HIPAA compliance.

dr 815x397

Why is this particular component so important? If you’re in healthcare, you know HIPAA is the federal security standard that protects the availability, confidentiality and integrity of PHI. That availability, confidentiality and integrity is directly tied to the strength and reliability of your infrastructure, as everyone is required to have an electronic health record (EHR). Hospitals operate 24/7, so it is imperative that patient data always be accessible.

To that end, developing a contingency plan is important not just from a compliance perspective, but a practical one. If you suffer a system, network or hardware failure and lose access to your data (or even the data itself), it’s paramount to have a strong recovery plan to prevent as little downtime as possible. Think about how much more disastrous your situation would be if you had a medical emergency on top of your IT one. Therefore, it’s wise to be prepared for any kind of setback.

As part of your recovery plan, don’t forget to implement failover testing. Any problems that arise as a result can be fixed before an actual disaster happens, which will make for a smoother process when an emergency actually happens. If you outsource your disaster recovery or are thinking about doing so, make sure you work with your provider to utilize failover testing and make any procedure changes as necessary.

For more information, you can download our disaster recovery white paper, or view these helpful resources:

With everything else you need to be HIPAA compliant, it’s important you don’t neglect your disaster recovery. Ensuring you have an emergency plan for your most critical infrastructure and data will help keep your business running smoothly should the unexpected happen. If you’re ready to put together your own contingency plan, or want to check your current plan against HHS recommendations, download your template here (Word document).

For more information about HIPAA compliance, download our white paper on HIPAA compliant hosting, or check out these links:

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Sat, 27 May 2017 00:50:12 +0000
What is ransomware and how do you protect against it? http://www.onlinetech.com/resources/references/what-is-ransomware-and-how-do-you-protect-against-it http://www.onlinetech.com/resources/references/what-is-ransomware-and-how-do-you-protect-against-it Ransomware data 03.17.17 BLOGRansomware has been rising at an “alarming rate,” according to security researchers, with a 3,500 percent increase in criminal use of net infrastructure that helps run ransomware campaigns. According to Microsoft, the U.S. has the highest number of ransomware attacks, with more than 300,000. It can affect anyone with a computer or mobile device, and there are already plenty of examples of large businesses, especially healthcare, being victimized and shelling out large amounts of money to get their data back.

How does ransomware work?

Ransomware is malware that is downloaded onto your computer. It allows someone to block access to your files or your computer using encryption until you pay a ransom, usually in Bitcoin. Ransoms vary from a few hundred dollars to a few thousand, depending on the user (individual or business). It puts victims in a bind: On the one hand, if the ransom isn’t paid, they risk permanent data loss. On the other hand, most companies don’t recommend paying because doing so doesn’t guarantee safe return of your files.

It’s up to you whether you want to pay to get your data back, and how much you can afford the downtime associated with an attack and the risk to your data if you don’t pay the ransom. And unfortunately, once you are already a victim of ransomware, crooks are more likely to target you again because they’ve gotten past your vulnerable systems.

Remove ransomware safely

What can you do if you’re locked out? It might seem like an impossible task, but you should try to recover your systems before paying any kind of ransom. If you back up your files regularly, you may have a previous version you can restore to before the infection. Contact your IT department so they can shut down your network and take any other precautions necessary.

If your business computer or network was infected, you may need to alert certain authorities that your data has been compromised, such as the Office of Civil Rights for healthcare companies. In most ransomware attacks, data is not stolen, merely encrypted.

Protect against ransomware

How can you thwart an attempt by hackers to ransom your data? For one, train your employees to recognize phishing emails that are most likely hiding malware and to avoid downloading files from people they don’t know. Employ strong anti-virus software and keep your applications patched and up to date. Malware is also quite popular in macros for Office documents, so you should disable macros in your Office security settings. Finally, install ad blockers to prevent malicious ads from automatically downloading malware onto your computer.

Backing up your data regularly to a secure, offsite facility is also smart. Some versions of ransomware can encrypt onsite backups, meaning they are useless to you if ransomware affects those files as well. Have a strong backup solution in place that is easily recoverable should you need it. It exists for a reason!

Remember, always be vigilant about your security. Train your employees to recognize and avoid suspicious content, including untrusted websites that are malware breeding grounds. Having a strong technical security solution can also help prevent ransomware attacks.

Other ransomware resources:

If you're curious about ransomware, learn more from these blog posts:

Ransomware and healthcare: What you need to know: Ransomware was officially a billion dollar crime in 2016, with more than 4,000 attacks since Jan. 1 and at least 25 variants of ransomware discovered. Researchers have predicted they would discover more than 100 variants before year’s end... (read more)

Seven best practices for securing yourself against ransomware in 2017: Ransomware may have possibly taken the crown as THE crime to beat in 2016, with record growth and profits for criminals. While payments used to start around $50, the average payout is now $679, with $209 million paid out in Q1 of 2016 alone... (read more)

How does Ransomware as a Service work? Ransomware has made headlines time and again for its devastating effectiveness on governments and organizations, but researchers are starting to pay attention to a developing trend within ransomware: Ransomware as a Service (RaaS)... (read more)

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Sat, 27 May 2017 00:36:05 +0000
Advantages and challenges of hybrid cloud adoption http://www.onlinetech.com/resources/references/advantages-and-challenges-of-hybrid-cloud-adoption http://www.onlinetech.com/resources/references/advantages-and-challenges-of-hybrid-cloud-adoption According to the RightScale State of the Cloud 2017 report, hybrid cloud is the preferred strategy for enterprise IT. Eighty-five percent of organizations have a multi-cloud strategy, up from 82 percent in 2016. It’s safe to say the IT industry is trending towards hybrid solutions—at least for now.

That being said, hybrid clouds have their own set of challenges and opportunities, and organizations considering whether to move to a hybrid cloud should weigh their options carefully. In this article, we’ll talk about the advantages and challenges organizations face in deploying a hybrid environment.

blog hybrid cloud cta 1

Advantages

More flexibility and optimized workloadsAs mentioned before, this is the biggest advantage to a hybrid cloud. A hybrid environment is designed to maximize efficiency and still allow for scalability. Not all workloads are created equal—some are better placed in a public cloud provider, like application development, backend processes or applications that require bursts of compute and/or storage power, while others that require more security and low latency, such as real-time trading deal applications or patient health records are more suited to a private or virtual private cloud. Some applications don’t even need to be in the cloud at all—perhaps bare metal or a physical server is the best place for them. A hybrid solution lets you choose where you put your applications where they run best, giving you way more flexibility than before.

Billing optimization: One of the biggest concerns executives have with the cloud is cost management, and the hybrid cloud offers a solution that is win-win for everyone. Essentially, a hybrid solution lets you respond to your business needs the way you see fit. With hybrid, you can decide whether to model your business on an OPEX or CAPEX model, giving you the ability to respond to your business’ needs as you see fit.

Stability and availability: Downtime is bound to happen sometime. But when you run applications in and outside of your company network, you can better protect yourself from an outage, whether it occurs in the public cloud or within your own network.

Talent acquisition: When you work with experts who really know their stuff about the public cloud, you can rest assured knowing you’re getting the most out of your cloud spend. Your cloud team will be able to tell you which workloads belong where and how to optimize them, leading to more efficiency and better growth.

Challenges

Handling multiple cloud providers: This perhaps the biggest challenge to managing a hybrid cloud by yourself. On average, according to RightScale, organizations are running at least 1.8 public clouds and 2.3 private clouds. Having multiple providers often leads to confusion over which cloud environment is being deployed when and keeping track of those costs, whether it’s your outsourced provider or your in-house IT team. So even though a hybrid cloud can help you manage your costs by maximizing your workload efficiency, it can also cause more headaches because you’re dealing with more than one provider. You’ll want a strong communication plan between your IT team and your providers’ teams.

Billing optimization: Yes, it’s a benefit of hybrid cloud, but without proper management, it can also be a huge challenge and a detriment to adopting hybrid cloud in the first place. It’s very easy to lose control of your public cloud spend, and if you’re juggling spending for multiple lines of business, cloud waste can be a major problem. You’ll want to keep a careful eye on your cloud bills.

Talent acquisition: Again, as with billing optimization, talent acquisition can also turn out to be a challenge for those organizations who choose to manage their hybrid cloud by themselves. Knowledge about the public cloud is still relatively new, and experts in Azure or AWS are hard to find. Unless you’ve already hired a team of public cloud gurus, you’ll have to invest a lot of time and money into training your employees, so they can keep up with the ever-changing public cloud landscape. Make sure you have the resources and talent you need available so you can take advantage of all the public cloud has to offer.

Communication between clouds: A hybrid cloud is all about maintaining connectivity between the public and private cloud networks and ensuring data transfer. How does your cloud strategy address this issue?

Solutions in mind

How do you go about solving these challenges? Perhaps the best solution is to use a managed hybrid cloud. A managed provider should have the public cloud expertise you need at your fingertips and can handle the headaches of multiple providers and billing charges. Once you find that provider, you end up with all the benefits hybrid cloud offers without the hassle of taking care of it.

Hybrid cloud offers many benefits that are enormously helpful to organizations, but perhaps the most important one is more flexibility with data placement. Companies can place their data where it runs best, therefore maximizing efficiency and creating room for growth as they need it.

However, there are some challenges to deploying a hybrid solution yourself, and if they are not considered and mitigated carefully, they can prevent an organization from fully realizing the potential a hybrid solution offers. If you develop your cloud strategy around a managed cloud provider who can handle the challenges of billing, talent, and cloud communication, you’ll save your organization a lot of time and money.

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Sat, 27 May 2017 00:14:38 +0000
What is hybrid cloud? http://www.onlinetech.com/resources/references/what-is-hybrid-cloud http://www.onlinetech.com/resources/references/what-is-hybrid-cloud Hybrid cloud When it comes to cloud computing, organizations are shifting away from a purely public cloud model towards a hybrid model. According to the 2016 State of the Cloud report by RightScale, private cloud adoption grew from 63 to 77 percent, driving hybrid cloud adoption from 58 to 71 percent year over year. This year, the report shows that while private cloud adoption fell, hybrid cloud is still the preferred strategy for enterprises, and 58 percent of businesses plan to adopt hybrid cloud. Currently, cloud users are running multiple clouds, with an average of 1.8 public clouds and 2.3 private clouds. Top cloud concerns for executives? Cost management; lack of resources and expertise; and security. How does hybrid cloud adoption fit into this picture?

What is a hybrid cloud?

Let’s first review what exactly a hybrid cloud is. According to the National Institute of Standards and Technology (NIST), hybrid cloud is "two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).” In other words, if you want to run part of your application on a public cloud and have a different part in a private cloud, combine the two to get a nice, hybrid cloud that balances both environments but remains connected, based on the unique needs of your organization.

What are the benefits of a hybrid cloud?

Hybrid cloud is about maximizing workloads in the best environment and managing costs. It’s not necessarily all about public or private cloud, but how to orchestrate both. The AWS outage in late February demonstrated how helpless many companies became by having all their eggs in one cloud(y) basket. In addition, despite the public cloud’s touting of cheap services, costs can quickly get out of control, as Snapchat admitted in February.

A hybrid cloud environment doesn’t solve the problems of cost management and uptime visibility by itself. Multiple providers means multiple bills and more costs to manage. The best solution is a fully managed hybrid cloud, where the provider acts as a cloud aggregator and manages all your cloud environments for you within a single service. The benefits shouldn’t be ignored: The ability for an organization to see all of its cloud services in one window eliminates confusion between the different providers, and gives the CIO more control over their IT spend as well as clear visibility into current costs and uptime.

Hybrid cloud is slowly but surely becoming the new model for IT organizations and service providers. That means a mix of public and fully managed clouds that quickly enable scalability and growth while providing consistent uptime and cost management. For SMBs, the complexities that arise from managing multiple environments can quickly become overwhelming, and it’s most likely more cost effective for them to move their infrastructure to a service provider who can integrate the different environments into a single window. Once that’s done, the business can regain control over its infrastructure without worrying about managing it or maintaining it.

blog hybrid cloud cta 1

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Sat, 27 May 2017 00:06:36 +0000
How do you manage Shadow IT? http://www.onlinetech.com/resources/references/how-do-you-manage-shadow-it http://www.onlinetech.com/resources/references/how-do-you-manage-shadow-it Managing shadow ITWith the era of easily shareable apps and cheaper(er) devices in full swing, Shadow IT has emerged as a growing priority to manage for IT organizations. And it’s with good reason—when technology is being used behind your back, it’s tough to know if your business is as secure and compliant as it should be. What can you do to minimize the risk?

Here are five ways to handle shadow IT in your business.

  1. Stay on top of what’s going on: No matter what devices an organization uses, IT must know where the data lives and how it’s being used. When you know where your data lives, it’s much easier to keep track of any new devices entering the field and how they are being managed. One way of doing such monitoring is with vulnerability scanning (link to OT page). Daily log review (link to OT page again) is another way to manage your network (is it?)
  2. Meet with Lines of Business (LOB) regularly: One of the biggest reasons for shadow IT is because the internal structure is too cumbersome to deal with. It’s time to change that. When you are alerted to Shadow IT, respond proactively. Why didn’t that LOB come to you? How can you improve the processes around new devices and software? Working directly with other departments can help everyone be more communicative and efficient, and it reduces the risk of security and compliance breaches.
  3. Implement technology better: Once you’ve identified the problems in your IT process, it’s time to change them! LOBs will not want to come to you if you listen to what they need but still have slow and outdated implementation processes. Changing how you operate by becoming more agile is a must if you want to stay on top of shadow IT.
  4. Manage guidelines around devices and applications: Establishing clear rules will help departments understand better what they can and can’t do. To follow up on that, it is helpful if IT also puts into place a process that can quickly approve or disapprove new technology/software sought by LOBs.
  5. Forgiveness is key: Shadow IT happens, and chances are you won’t be able to catch every user who bypasses standard-issued platforms. However, allowing users to explain why they did so without fear of punishment could lead to better communication overall.

Shadow IT is seen as a threat in many organizations because of the security and compliance risks it poses. However, with network monitoring, better communication between IT and LOBs as well as faster and smoother processes surrounding implementation and approval, it can managed. In fact, if you’re the best choice for the consumer (your colleagues), then they have no reason to use anyone else.

 

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Fri, 23 Sep 2016 23:37:52 +0000
What to look for in a DRaaS provider http://www.onlinetech.com/resources/references/what-to-look-for-in-a-draas-provider http://www.onlinetech.com/resources/references/what-to-look-for-in-a-draas-provider Disaster Recovery as a Service (DRaaS) makes recovery simpleWhen it comes to the your disaster recovery infrastructure, it can get pretty complex. There is a LOT to think about, and for many decision makers, the whole process can be overwhelming and feel a lot like you’re at sea with no life jacket.

But there is help at hand. The key is finding an expert – whether a partner, full service provider, or industry guru – who has built and continues to manage complex primary and DR infrastructures. Disaster Recovery as a Service (DRaaS) products will ease the expense and time constraints on your IT department, freeing them up for other priorities. There are three key points you should look for when canvasing potential partners and services:

  1. Leverage economy of scale: Besides the cost of 2N infrastructure to support full operational capacity, you will also need to acquire the replication technologies making the configuration and data redundancy possible. As a small or medium size business, your options for DIY will be limited by the cost of Fortune-500 level technology. Can you afford it? Maybe – bearing the full cost of such technologies for only the slice you need is wasteful, but with a service provider you can leverage their buying power to acquire only the slice of product you need and buy-by-the-drip as you grow.
  2. Leverage economy of knowledge: Buy from and partner with someone who has built and are running both DR and production infrastructures today. Why is this important? In that moment, you need experience in successfully orchestrating a failover to the recovery site as well as a partner that understands production application concerns such as security, compliance, and data protection. Ideally, look for a full service provider who is an expert in all things disaster recovery. They should have extensive experience implementing and failing over to recovery infrastructure, and if you have security or compliance concerns, those should be successfully dealt with as well. This isn’t something you can find in every service provider, so be sure to shop carefully.
  3. High visibility: Regardless of the solution you choose and implement, it is imperative to be able to view the status and test the recovery site at any time. Status of the recovery site, replication, and testing should be visible to your NOC team. Test should be clear, and options for non-disruptive self-serve testing are ideal. The status and management of your site should be available in real time, easy to understand, and come with the capability to test any time you like. 

Finding the right full service provider will minimize the complexity and difficulty of managing and maintaining a successful DR strategy. At the end of the day, when you have a partner that can competently manage, failover, and report on the technology for you, all you have to do is focus on preventing that worst day from happening.

dr 815x397

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Sat, 24 Sep 2016 00:09:42 +0000
What is Shadow IT? http://www.onlinetech.com/resources/references/what-is-shadow-it http://www.onlinetech.com/resources/references/what-is-shadow-it Shadow IT solutions

Causes of Shadow IT

Let’s say you’re an employee at a medium size organization, and you’re doing some internet surfing when you come across a new application that allows you to share and store your documents more easily than your current one—and you can connect it to any email account. You’ve been looking for just such a solution! You immediately download it and tell your colleagues about it, and they think it’s the best thing since sliced bread. You start using it, and everyone goes on their merry, more productive way. Sounds great, right?

Now picture yourself as the CIO or IT director of that same organization, and just discovered a department went off and started using some new software you had no idea even existed. Is the application a secure method for document sharing? No idea. Is the information being shared being done so in a way that is compliant with regulations such as HIPAA or PCI? How knows, because you weren’t told about this application, and it’s a good bet the department who downloaded it didn’t ask beforehand. How are the licenses being handled for the application? If there is any unlawful licensing, you could be held liable and sent to jail or fined. Picture that across several departments, and you have a nightmare on your hands trying to regain control over your company’s IT infrastructure. How did this happen?

This is shadow IT, and it’s caused headaches for IT organizations of all shapes and sizes. Back in the old days of IT, technology was harder to acquire and maintain for anyone outside IT. Now, applications for making our lives easier and more efficient are all over the place, and cheap to get. This has led to a loss of control by internal IT departments.

Shadow IT solutions

One suggestion for companies to fight against shadow IT is for internal It to offer solutions as easily as the free market does. With corporate IT releasing control over the technology itself (which it doesn’t truly have any more anyway) and focusing on control of consumption of services, it acts as a broker of services, leading to faster turnaround of requests and fewer departments trying to figure IT out on their own. This business model change is known as IT as a Service

Shadow IT is a problem that still exists, but there are ways to manage it. In a future post, we’ll discuss how you can manage shadow IT in your organization. In the meantime, if CIOs make sure their departments can easily procure cloud and infrastructure resources to meet the needs of their clients, it will go a long way toward improving company security and compliance, better communication between departments and IT, and improved transparency. Better business agility means more efficiency and a less strained relationship between IT and other lines of business.

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Sat, 24 Sep 2016 00:01:19 +0000
Disaster recovery glossary of terms http://www.onlinetech.com/resources/references/disaster-recovery-glossary-of-terms http://www.onlinetech.com/resources/references/disaster-recovery-glossary-of-terms Online Tech provides Disaster Recovery as a ServiceWhen doing research about disaster recovery, you may come across some key terms that are unfamiliar. The following is a glossary designed to help you navigate the waters of disaster recovery.

Disaster recovery: A subset of business continuity, disaster recovery is how your organization will recover and maintain operations during and after a disaster has been declared. Disasters can come in all forms, from fires and floods to electrical outages, cyber attacks, and administrative failures. Disaster recovery plans are critical to any organization, but it’s important to remember that there are many facets that keep a business running, and to plan outside the scope of IT.

Business continuity: The concept of business continuity a series of procedures and protocols your business has in place to keep all operations running smoothly. What do you do if there is a fire? How about if your CEO suddenly has to step down, or there is a bout of flu, and half of your employees call in sick? Or if your website crashes? Each of these potential scenarios should be addressed in a business continuity plan, starting with a business impact analysis or risk assessment analysis to identify and minimize threats to the organization.

RPO/RTO: RPO stands for Recovery Point Objective, and it’s the specific amount of time that a business decides it can survive a period of data loss. When you decide how often you need to back up your data – whether that’s every five minutes, or every five hours – that is your RPO. RTO, on the other hand, stands for Recovery Time Objective, and is the most amount of time a business can afford to have their systems unavailable. How long can you have your systems down before it negatively affects your organization?

Cold/Warm/Hot site: These are different types of recovery sites, and each level signifies the amount of time it takes to fail over to and start operations from. With little hardware, a cold site takes the longest to get operational, while a hot site can be failed over almost instantly with all infrastructure components up and running.

Failover: When you switch from your production to your recovery site, that’s a failover. Essentially, when your production site fails, you go over to your recovery site. When your production site has been repaired and you’re ready to return, you execute a failback.

Continuous data replication: There are two types of continuous data replication: True and near. True continuous data protection (CDP) is real time replication of data as it is being written to disk. Each time a change is made, it is copied to a separate disk when that change is made. With continuous data protection, you can achieve minimal RPO and ensure the data at your recovery site is as up to date as possible with your production site. 

Near CDP is a similar concept; however, it uses snapshots to recover to a certain point in time. Near CDP has specific points of recovery that are much more frequent than traditional backup (say, every hour instead of every 24), but you don’t have the ability to return to any point in time you wish, as you can with true CDP. 

DRaaS: Disaster Recovery as a Service, or DRaaS, is a method of disaster recovery where infrastructure, personnel, testing and other associated costs and equipment is outsourced to a third-party provider. It consists of a replication product (continuous data protection), an offsite backup product (point-in-time recovery), a disaster recovery plan and vaulting that plan so you can access it in an emergency. A DRaaS provider should also work with you to test your infrastructure, workloads, and all associated components of your applications, including the applications themselves.

Backup: Data backup is categorized into onsite and offsite, and there are many different levels of backup within those two categories. They include how often you decide to back up your data, and what level of granularity you want. However, no matter what your backup plan calls for, the concept includes having a copy of your data stored either onsite or offsite. If you need quick access to your data and can’t wait for it to be restored from an offsite location, then onsite backup is for you. However, if you’re looking for data protection, offsite data backup is more reliable if something happens to your production site.

High Availability: High availability is when your environment, whether production or recovery, has a high amount of uptime, or availability. The higher your availability, the less likely you will be subject to downtime. Some businesses require a certain amount of availability – measured in nines (ie 99.999 percent)—in their SLA with service providers.

Mirroring: When data is copied exactly from one site to another. Mirroring is done in real time, and can be done at an offsite facility, or onsite. If done offsite, mirroring is a handy disaster recovery tool that allows an organization to quickly recover the most up-to-date version of their data from a completely different location.

dr 815x397

]]>
ckennedy@onlinetech.com (Carrie Kennedy) References Fri, 23 Sep 2016 23:43:45 +0000