What’s on Your Mind?

What’s on Your Mind? 2020 IT Needs

It’s 2020, the holidays are over and you’re back to managing your organization’s IT needs in support of their core initiatives. So, what’s on your mind? For many of our Clients, this can be summed up by three questions:

Are we adequately protected against Ransomware and can we recover from an attack?

Ransomware is a reality for individuals and businesses alike; no person or entity is immune. To someone responsible for protecting an entire organization from a Ransomware attack, the specter is ever-present. One that requires 24/7 vigilance. But these same individuals are keenly aware of that. Despite all their efforts to keep the attack from happening, they may be called upon to recover from an attack. We hear about this topic so much from our Clients that there are two BLOGS on the Zunesis website focusing on it exclusively. I would encourage you to read both Posts.

Mitigating the risks associated with Ransomware attacks requires a diligent adherence to a set of practices that include (but are not limited to):

Keeping virus protection software up to date to keep up with the changing profiles of Ransomware attacks.
Staying current with firmware patches on all devices (firewalls, switches, routers, serves, storage, etc.) to make sure your devices have the most recent protections.
Staying current on Operating System updates and patches to plug security holes as they are identified.
Managing usernames and passwords and segmenting authentication domains to reduce spread of an attack.
Locking down non-essential ports to reduce points of entry.
Segmenting LANs to minimize spread of an attack.
Training of end-users to help them understand what to look for in emails and other external entry points. End-users are the most common entry point for attacks and the need for constant training cannot be over-emphasized.

If you are compromised, rather than paying a ransom, you’ll want to provide your organization with their best chance for recovery of your data. To accomplish this, you’ll need to spend time reviewing your backup/recovery and disaster recovery plans.

When reviewing your plans look for how they address the following:

Are the frequency and retention policies designed to give you acceptable RPO and enough granularity to restore data that has not been compromised?
Do you test your data for potential compromise?
When looking at your backups, are they isolated from the rest of the network? Is there a possibility of being a target of attack (corruption or deletion)?
Do you have multiple copies of your backups, on different media, and offsite?
Does your backup/recovery software have built-in checks for warning of possible compromise?
Do you have a standard practice of testing recovery of data?

While not exhaustive, the points outlined above, emphasize the multi-faceted approach an Organization needs to take in order to give themselves the best chance of avoiding the consequences of a Ransomware Attack. As I stated earlier in this post, Ransomware is top of mind for all our Clients and we will likely spend a lot of time working with them on this in 2020.

How will we get all our projects accomplished in 2020 and still manage the day-to-day tasks?

The challenge of not having enough resources and time have been a persistent issue in IT. I’ve been working in the industry for over 35 years and it seems there has never been enough money, time, or people to execute on the strategies developed to evolve and maintain the IT needs of an organization. In 2020 that is certainly not going to change.

The fact is, IT will always compete for the resources of the Organization because, for most organizations, their Mission Statement has nothing to do with building a world-class IT infrastructure. However, organizations across industries are more reliant than ever before on technology to carry out their primary Mission. For this reason, there will be an increasing array of projects that ultimately will need to be carried out by IT; the challenge of efficient resource utilization is not going to abate any time soon.

Is our infrastructure ready to support the needs of the Organization in a world where Digital Transformation is a constant, iterative process?

In the next decade, we will no doubt continue to see the evolution of how and where IT resources are utilized. After all, Digital Transformation is a journey, not a destination. More organizations are moving toward becoming Data-Driven, (leveraging Artificial Intelligence and Data Analytics to glean customer insights and make better decisions).

With this move, we will see the proliferation of Edge Computing devices, leveraging of IoT, and Machine Learning. These technologies will push us to adopt different strategies for on-premise and Cloud-based Compute, Network and Storage resources. For some IT organizations this will be a continuation of what they’ve already begun and for others it may mean a complete revamp of their existing infrastructure.

In the midst of protecting your organization from the bad actors, executing on new projects and maintaining the day-to-day tasks that are part of every IT organization, you and your team need to stay up with a constantly evolving industry that presents you with a myriad of options for continuing your Digital Transformation Journey. You can’t ignore the advances in technology, nor the relevance they might have for your organization, but finding the time to understand them and assess their value won’t be easy.

Our Available Services

Advisory Services- Zunesis Of course, there is no one response that can answer any of the topics mentioned above. However, Zunesis has been partnering with our Clients to navigate difficult problems since 2004. As technologies have evolved, so have our abilities to address the needs of our Clients to support their IT Infrastructure, including the issues summarized here.

Whether you just want to sit down and discuss what’s on your mind, or you have already identified an area we can jump in and help, we are ready to engage. Just to give you an idea of what we have to offer, I’ve included a summary of some of the practices we have developed over 15 years to help our Clients achieve their goals.

NOTE: For any service we provide (one-time or ongoing), there is a standard process and set of deliverables we use as a starting template. From there, we will work with you to customize the service based on your specific needs. If there is one thing we know for certain, you have unique circumstances. We want to make sure our services conform to your specific needs.

Here are a few of our standard offerings:

IT Infrastructure Assessment – The objective for this assessment is to provide an analysis of where your infrastructure is today, where you want to see it in the future, and what will be required to bridge the gap.

Typical Tasks and Deliverables include:

Discovery of Compute, Network, and Storage environment:
- Inventory/document configuration of on-premise equipment.
- Inventory/document applications (on-premise and cloud-based).
- Document hyper-visor and OS configurations.
- Document the types of data stored on-premise and, in the cloud.
- Review Backup/Recovery Infrastructure and policies.
- Review Disaster Recovery Policies.
- Conduct stakeholder roundtables.
Produce Logical and Physical Drawings.
Document of observations.
Document actionable recommendations.
Produce a roadmap to go from where you are to where you want to be.

BC/DR Assessment – The objective of this assessment is to provide an analysis of your current Backup Recovery and Disaster Recovery architecture and processes. Because Ransomware is such a threat, we will conduct this assessment with a sub-focus on recovery from Ransomware attacks.

Typical Tasks and Deliverables here include:

Discovery:
- Inventory/document configuration of backup environment.
- Inventory/document configuration of disaster recovery environment.
- Provide documentation on the types of data stored on-premise and in the cloud.
- Document SLA’s associated with applications and data.
- Log your Backup/Recovery policies.
- List details of Disaster Recovery Policies.
- Conduct stakeholder roundtables.
Produce Logical and Physical Drawings.
Document of observations.
Document actionable recommendations.

Recurring Data Center Advisory Service (RDCAS) – The objective of this service is to provide ongoing management of our Clients HPE environment. We monitor their device firmware and configuration. This helps them maintain best practices per HPE documentation. This service is provided over the course of a 12 Month period.

Typical Tasks and Deliverables include:

Perform an initial inventory of all HPE devices, documenting firmware, configuration, and alerts.
Monitor Critical Alerts published by HPE throughout the life of the service. Report these to the Client with recommendations for action.
Monitor all alerts from HPE and report non-critical alerts in a quarterly report.
Monitor release of new firmware and report to Client on quarterly basis (unless firmware is deemed critical).
Offer assistance in deployment of firmware if needed.
Assist in resolution of configuration if it doesn’t meet best practice per HPE documentation.
Provide assistance in resolution of HPE support tickets as a Client advocate.
Provide Quarterly environment reviews with Client.

Again, these are just examples of the ways we have helped our Clients address their challenges over the last 15 years. We have a team of technology professionals that are ready to assist you with all your infrastructure needs.

Have a great 2020. We look forward to hearing from you.

What’s on Your Mind?