Take a unified approach to Wi-Fi security!

For many organizations, Wi-Fi access is no longer a luxury. Employees need flexible access as they roam about the office, and customers and partners expect to connect whenever they are on site. But providing unsecured access opens a host of potential security problems if access points aren’t rigorously monitored, patched and maintained. As the number of access points grows, it’s easy to let this important maintenance task slip.

Security teams are so busy fighting fires that preventing maintenance is often overlooked. Kaspersky Labs recently analyzed data from nearly 32 million Wi-Fi hotspots around the world and reported that nearly 25% had no encryption at all. That means passwords and personal data passing through those devices can be easily intercepted by anyone connected to the network.

Virtual private networks (VPNs) are one way to keep things secure, but 82% of mobile users told IDG they don’t always bother to use them. The profusion of software-as-a-service (SaaS) options encourages this. Gartner has estimated that by 2018, 25% of corporate data will bypass perimeter security and flow directly to the cloud.

The Wi-Fi landscape is changing, thanks to mobile devices, cloud services and the growing threat of cyber attacks. This means that Wi-Fi security must be handled holistically, with a centralized approach to management and an architecture that integrates both endpoint protection and network traffic analysis. Cisco has spent more than $1 billion on security acquisitions since 2015, and it has put in place the necessary pieces to provide this integration.

Cisco Umbrella, which the company announced last month, is a new approach to securing the business perimeter that takes into account the changing ways people access the internet. Umbrella gives network and security managers a complete picture of all the devices on the network and what they are doing. For example, by combining Umbrella with Cisco Cloudlock Cloud Access Security Broker technology, organizations can enforce policies customized to individual SaaS applications and even block inappropriate services entirely. They can also block connections to known malicious destinations at the DNS and IP layers, which cuts down on the threat of malware. Umbrella can even discover and control sensitive data in SaaS applications, even if they’re off the network.

Cisco’s modernized approach to security also uses the power of the cloud for administration and analysis. Cisco Defense Orchestrator resolves over 100 billion Internet requests each day. Its machine learning technology compares this traffic against a database of more than 11 billion historical events to look for patterns that identify known malicious behavior. Defense Orchestrator can thus spot breaches quickly so they can be blocked or isolated before they do any damage. Thanks to the cloud, anonymized data from around the Internet can be combined with deep learning to continually improve these detection capabilities. Predictive analytical models enable Cisco to identify where current and future attacks are staged. In other words, Cisco’s security cloud gets smarter every day.

Umbrella can integrate with existing systems, including appliances, feeds and in-house tools, so your investments are protected. It’s built upon OpenDNS, a platform that has been cloud-native since its inception more than a decade ago. It’s the bases for Cisco’s security roadmap going forward.

A great way to get started with Cisco Umbrella is by revisiting protection on your Wi-Fi access points. We know Cisco networks inside and out, so let us put you on the on-ramp to the future of network security.

Are you ready to face any unexpected interruption?

Many small and medium-sized enterprises have gaps in their technological infrastructure that prevent them from protecting themselves against the unexpected events that cause interruption to their activities.

One company had its offices robbed: servers, computers, client files and even backup copies have disappeared. How to recover from this situation quickly, and minimize consequences? Without a recovery solution, the company’s activities are seriously compromised…

Natural or industrial disasters, thefts, power outages or telecommunications breakdowns, piracy, terrorism, etc. Even a short-term interruption of operations can jeopardize your market share, make you lose several important customers, and threaten the survival of your company. It is essential for any organisation, whatever its size, to be prepared to face any eventuality by protecting its information assets.

A Disaster Recovery solution (DRaaS) allows you to secure your assets and mitigate the unfortunate consequences of an interruption of your activities. ESI offers you the protection of your environment without the burden of spending and managing a recovery site.

Our DRaaS gives you access to our Tier III certified datacentre, equipped with best-of-breed, fully redundant equipment, that guarantees elastic scaling and flexible subscription terms.

Cloud solutions tailored to your needs, affordable and offered by a company with more than 20 years of data management experience, that understands the importance of protecting and safeguarding your assets… Don’t wait for emergency situations to take advantage of it!

Alex Delisle, Vice-President Business Development, Cloud Solutions – ESI Technologies

Cloud Strategy: data collection

Here is part 6 of our series covering the key issues to consider before adopting cloud technologies. This month, we discuss how to build your strategy and data points that must be considered.

When considering & building a cloud strategy, organisations need to consider business objectives/outcomes desired, quantifiable and time-bound goals as well as identify specific initiatives that the enterprise can and should undertake in order to execute the strategy and achieve the goals set. As shown by surveys on the subject by Gartner in 2013 and 2014, process and culture are likely to be big hurdles in any move to cloud. Therefore, involving all aspects of the business and gathering the right information can assist in building the right strategy and identify potential problems ahead of time.

The first concrete step to take to building this strategy is to gather the data points to identify and define those objectives, goals and initiatives for the entreprise in the near – and mid – terms. Once the data is collected, you can review, analyze and identify the business outcomes desired, set the (quantifiable) goals and define the specific initiatives you want to put in place to achieve them. This should not be a strict price or technology evaluation.

Data Collection
The data points needed will have to come from various parts of the organisation (business units, finance, HR and IT). Some of the information required may take the form of files, but a lot of the required information will reside with your staff directly, and so interviews should be a part of the data collection process. These interviews should take up to a few hours each and focus on the interviewees functions, processes used and required/desired business outcomes, to provide insight into the actual impacts to the business before creating your cloud strategy.

With this data, you will be in a position to account for all aspects touching cloud computing, to see what it will affect and how, to evaluate its effect on the balance sheet (positive or negative) and decide on your strategy moving forward.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy – human impacts across organization

Here is part five of our series covering the key issues to consider before adopting cloud technologies. This month, we discuss the impact on human resources.

Resources in your organisation will be impacted by this change. Both on the IT side and on the business side. While helping companies move to cloud we have had to assist with adapting IT job descriptions, processes and roles within the organisation.

As the IT organisation moves into a P&L role, its success starts to be tied to the adoption by the stakeholders of the services offered. To do this, IT needs to get closer to the business units, understand their requirements and deliver access to resources on-demand. All this cannot happen unless things change within the IT group.

As companies automate their practice, and create a self-service portal to provision resources, some job descriptions need to evolve. A strong and clear communication plan with set milestones helps employees understand the changes coming to the organisation, and involving them in the decision process will go a long way to assist in the transition. We have seen that IT organisations with a clear communication plan at the onset that involved their employees in the process had a much easier transition, and faster adoption rate than those who did not.

Our experience helping customers with cloud computing shows that cloud alters significantly IT’s role and relationship with the business, and employees’ roles need to evolve. Training, staff engagement in the transition and constant communication will help your organisation significantly move to this new paradigm.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy: technological impacts

Here is part four of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on technological impacts to consider.

Not all software technology is created equal. Indeed, not every application will migrate gracefully to the cloud, some will never tolerate the latency, while others were never designed to have multiple smaller elements working together, rather than a few big servers. This means your business applications will need to be evaluated for cloud readiness. Indeed, this is possibly the largest technological hurdle, but, as with all technology, this may prove to be easier to solve that some of the other organisational issues.

One should look at the application’s architecture (n-tiered or monolithic), tolerance to faults/issues (e.g. latency, network errors, services down, servers down) and how the users consume the application (always from a PC, from the office, or fully decentralized, with offline and mobile access), to evaluate options for migrating an application to the cloud. Current growth rate and state of the organisation are often times mirrored in its IT consumption rate and requirements. Certainly, an organisation that’s under high growth rates or launching a project where growth is not easily identifiable can possibly benefit significantly from a scalable, elastic cloud model, whereas an organisation with slower growth, familiar / standard projects and predictable IT requirements will not likely assess the value of cloud computing the same way. Accountability of resources and traceability of all assets in use may be of bigger concern.

Architecture, applications and legacy environments are all technological considerations that should be factored in any cloud computing viability & readiness assessment, but that should probably not be the main driver for your cloud strategy.

Benoit Quintin, Director Cloud Services – ESI Technologies

Cloud Strategy: legal impacts across the organization

Here is part three of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on legal impacts on your organization.

“Location, location, location”. We’re more accustomed to hearing this in the context of the housing market. However, where your company’s headquarters reside, where your company does business and where its subsidiaries are located directly impact how you need to manage sensitive information, such as strategic projects, HR/personnel information, etc.; essentially, IT needs to account for data sovereignty laws and regulations.

Various countries have already voted or are moving towards voting on more restrictive data sovereignty legislations that will control the transit of information out of border. For example, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) already governs how IT organisations can collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. Essentially, all personally identifiable information must stay in country, at rest and in transit, meaning that using a cloud provider in the US or any other country with said data could expose the company – and you – to a lawsuit, unless the cloud provider can guarantee no aforementioned data ever leaves the country at any time, including for redundancy/DR purposes.

While the previous Act covered what must be protected, the American law (the USA Freedom Act, and its previous incarnation, the Patriot Act) enables the US government to access any and all data residing on its soil, without owner’s authorization, need for warrant and without even the need to notice the owner before or after the fact. The few data privacy provisions in the bill apply to American citizens and entities only. This means all data housed in the US are at risk, especially if said data is owned by an organisation whose headquarters are out of country.

If in Europe, laws vary from country to country, we find that the regulations on data protection are becoming more stringent, requiring the establishment of procedures and controls to protect personal data and obtaining the explicit authorization of persons to collect and use their information. All this imposes guidelines to the use of the cloud within the country or outside their borders.

Typically, data sovereignty should be a concern for most organisations when looking at cloud and, as the current trend is for countries to vote in more stringent laws, any and all cloud strategy should account for local, national and international regulations.

Benoit Quintin – Director Cloud Services – ESI Technologies

Cloud Strategy: business impacts across the organization

Here is the second part of our series covering the key issues to consider before adopting cloud technologies. This article focuses specifically on business impacts on your organization.

Most markets are evolving faster than ever before, and the trend seems to be accelerating, so organisations globally need to adapt and change the way they go to market. From a business standpoint, the flexibility and speed with which new solutions can be delivered via cloud help enable the business units to react faster and better. So much so, that where IT organisations have not considered automating aspects of provisioning to provide more flexibility and faster access to resources, business units have started going outside of IT, to some of the public cloud offerings, for resources.

Planning for cloud should consider people and processes, as both will likely be directly impacted. From the requisition of resources, all the way to charging back the different business units for resources consumed, managed independently from projects’ budgets, processes that were created and used before the advent of cloud in your organisation should be adapted, if not discarded and rebuilt from scratch. IT will need to change and evolve as it becomes an internal service provider (in many instances, a P&L entity) – and resources broker for the business units.

Considering the large capital investments IT has typically been getting as budget to ‘keep the lights on’, and considering that, until recently, this budget had been growing at double digits rate since the early days of mainframe; the switch from a capital investment model to an operational model can impact the way IT does business significantly. Indeed, we have seen the shift forcing IT to focus on what it can do better, review its relationships with the vendors, ultimately freeing up the valuable investment resources. In many organisations, this has also translated to enabling net new projects to come to life, in and out of IT.

Once this transformation is underway, you should start seeing some of the benefits other organisations have been enjoying, starting with faster speed to market on new offerings. Indeed, in this age of mobile everything, customers expect access to everything all the time, and your competition is likely launching new offerings every day. A move towards cloud enables projects to move forward at an accelerated pace, letting you go to market with updated offerings much faster.

Benoit Quintin, Director Cloud Services, ESI Technologies

Cloud computing: strategy and IT readiness – Transformation in IT

Here is the first of a series of articles that provide both business and IT executives insights into the key issues that they should consider when evaluating cloud services, paying particular attention to business and legal ramifications of moving to the cloud environment, whether it is private, hybrid or public.

cloud-question-mark-710x345For the last few decades, IT organisations have been the only option for provisioning IT resources for projects. Indeed, all new projects would involve IT, and the IT team was responsible for acquiring, architecting and delivering the solution that would sustain the application/project during its lifecycle, planning for upgrades along the way.
This led to silo-based infrastructures – and teams -, often designed for peak demand, without possibilities of efficiency gains between projects. The introduction of compute virtualization, first for test/dev and then for production, showed other options were possible and available and that by aggregating requirements across projects, IT could get significant efficiencies of scale and costs while getting more flexibility and speed to market, as provisioning a virtual server suddenly became a matter of days, rather than weeks or months.
Over time, IT started applying these same methods to storage and network and these showed similar flexibility, scalability and efficiency improvements. These gains, together with automation capabilities and self-service portals, were combined over time to become what we know as ‘cloud offerings’.
In parallel to this, IT, in some organisations, has become structured, organized, usually silo’d, and, unfortunately, somewhat slow to respond to business needs. This has led to a slow erosion of IT’s power and influence over IT resources acquisition, delivery and management. Coupled with the existing commercial/public cloud options these days, capital is rapidly leaving the organisation for 3rd party public cloud vendors, also known as shadow IT. This raises concerns, not the least of which being that funds are sent outside the organisation to address tactical issues, typically without regard to legal implications, data security or cost efficiency. These issues highlight IT’s necessity to react faster, become more customer driven, deliver more value and provide its stakeholders with flexibility matching that of public cloud. Essentially, IT needs to evolve to become a business partner; cloud computing providing the tools by which IT offers flexibility, scalability and speed to market that the business units are looking for in today’s market.

Benoit Quintin, Director Cloud Services, ESI Technologies

Cloud’s Biggest Challenge: Data Sovereignty Laws

Cloud technologies are now integrated in the solutions used by companies: the promise of standardization and simplification without regard to physical or geographic boundaries, meets the requirements of corporate flexibility for an access to data anywhere, at all times on all their devices.

This explosion of virtualized data now requires countries to legislate to protect their citizens’ data, and forces cloud providers to implement practices which respect increasingly strict rules of governance, requiring from companies that collect, use and store data to keep them in the country where they were collected.

Organizations rely on the expertise of cloud solution providers but the best technology does not exempt them to think and plan, as ultimately they remain accountable for their data, no matter where they are hosted. Organizations have the responsibility to respect the laws of the countries where they operate.

How can we ensure to deal with a cloud provider who complies with the laws of the country?

It is the organization’s duty to establish proper governance rules and controls to ensure compliance of solutions in place. If technology is an invaluable resource, you must not make the mistake of being influenced by a specific solution. In other words, do your homework!

Data_Center-1024x682Create your roadmap – Where do you plan to expand your market? In case of expansion, start to gather information on the laws in force in the target countries to know the restrictions imposed by their legislation to assess what it will cost you to comply with them.
Learn about your cloud provider – Where is your data stored by the provider? Does it respect your governance rules? Is the provider able to provide proof?
Assess the strategic importance of compliance – Compliance with governance rules is not the same for everyone. How important is data protection to your business and how many resources are you willing to dedicate to it? You can manage data sovereignty on your own, or entrust it to an external provider.

Canadian integrators and datacentre providers are the way to go to give companies the option to do business with partners who understand the needs of their stakeholders, close to where they do business.

Patrick Naoum, Executive Vice-President – Strategy, Alliance and Client Solutions

See on this subject the article by Mike Ettling, President of SAP SuccessFactors: http://techcrunch.com/2015/12/26/the-clouds-biggest-threat-are-data-sovereignty-laws/

The IT Catch-22

OK, so everyone’s taking about it. Our industry is undergoing major changes. It’s out there. It started with a first architecture of reference with mainframes and minicomputers designed to serve thousands of applications used by millions of users worldwide. It then evolved with the advent of the Internet into the “client-server” architecture, this one designed to run hundreds of thousands of applications used by hundreds of millions of users. And where are we now? It appears we are witnessing the birth of a third generation of architecture, one of which is described by the IDC as “the next generation compute platform that is accessed from mobile devices, utilizes Big Data, and is cloud based”. It is referred to as “the third platform”. It is destined to deliver millions of applications to billions of users.

3rd platformVirtualization seems to have been the spark that ignited this revolution. The underlying logic of this major shift is that virtualization allows to make abstraction of hardware, puts it all in a big usable pool of performance and assets that can be shared by different applications for different uses according to the needs of different business units within an organization. The promise of this is that companies can and have more with less. Therefore, IT budgets can be reduced!
These changes are huge. In this third platform IT is built, is run, is consumed and finally is governed differently. Everything is changed from the ground up. It would seem obvious that one would need to invest in careful planning of the transition from the second to the third platform. What pace can we go at? What can be moved out into public clouds? What investments are required on our own infrastructure? How will it impact our IT staff? What training and knowledge will they require? What about security and risks?
The catch is the following: the third platforms allows IT to do much more with less. Accordingly, IT budgets are reduced or at best, flattened. Moving into the third platform requires investments. Get it? Every week we help CIOs and IT managers raise this within their organization so that they can obtain the required investments they need to move into the third platform to reap the benefits of it.