Public, private or hybrid cloud? Make the smart choice!

You know you want to move to the cloud, but you don’t know which of the three major options – public, private and hybrid – are right for you. We’re here to help with this quick overview of the options, as well as the pros and cons of each.

Public Cloud

Think of this as a server in the sky. Public cloud, also known as infrastructure-as-a-service, provides the equivalent of a data center in a highly scalable, virtualized environment accessed over the internet. Customers can provision virtual servers – called “instances” – and pay only for the capacity they use. Many public cloud features are automated for self-service. Users can deploy their own servers when they wish and without IT’s involvement. Accounting and chargeback are automated. In fact, organizations often find the public cloud delivers the most significant savings not in equipment costs, but in administrative overhead.

The best applications to deploy in a public cloud are those that are already virtualized or that run on unmodified Linux or Windows operating systems. Commercial, off-the-shelf applications are a good example. Public cloud is also a good platform to use in evaluating and testing new applications, since many public cloud providers offer a wide variety of applications on a pay-as-you-go basis. Public cloud is also well suited to developing so-called “cloud native” applications, such as mobile apps.

Public cloud isn’t ideal for every use. Homegrown applications on legacy platforms or those with significant interdependencies may not migrate smoothly. Organizations that aren’t careful to manage instances can can end up paying for unused capacity. There are also hidden costs to be aware of, such as surcharges for data uploads and downloads or upcharges for guaranteed levels of service. Regulatory issues may also limit the use of public cloud for some applications entirely.Private Cloud

This is essentially a public cloud for use only by a single customer. Private clouds may be constructed on premises using virtualization and automation software, or licensed from service providers who deliver cloud services either from their own data centers or even on the customer’s own premises.

Private cloud is popular with companies that need tight control over data, whether for security, privacy or regulatory purposes. In regulated industries that specify how customer data must be stored and managed, it is sometimes the only cloud option. It’s also attractive for companies that need guaranteed service levels without the unpredictability of the public internet. Finally, private cloud provides the highest level of control for organizations that want deep visibility into who is using resources and how.

Private cloud is typically more expensive than public cloud because service providers must allocate capacity exclusively to the dedicated environment. However, that isn’t always the case. For companies with large capital investments in existing infrastructure, an on-premises private cloud is a good way to add flexibility, automation and self provisioning while preserving the value of their existing equipment. For predictable workloads, it can be the cheapest of the three models.

Hybrid Cloud

This is the most popular option for large corporations, and is expected to dominate the cloud landscape for the foreseeable future. Hybrid cloud combines elements of both public and private cloud in a way that enables organizations to shift workloads flexibly while keeping tight control over their most important assets. Companies typically move functions that are handled more efficiently to the public cloud but keep others in-house. The public cloud may act as an extension of an on-premises data center or be dedicated to specific uses, such as application development. For example, a mobile app developed in the public cloud may draw data from data stores in a private cloud.

Many of the benefits of hybrid cloud are the same as those of private cloud: control, security, privacy and guaranteed service levels. Organizations can keep their most sensitive data on premises but shift some of it to the public cloud at lower costs. They can also reduce costs by using public cloud to handle occasional spikes in activity that overtax their own infrastructure, a tactic known as “cloud bursting.” Hybrid cloud is also a transition stage that companies use as they move from on-premises to public cloud infrastructure.

There are many more dimensions to the public/private/hybrid cloud decision. A good managed service provider can help you understand the options and estimate the benefits and trade-offs.

Cryptolocker virus : how to clear the infection

Cryptolocker is a now well-known type of virus that can be particularly harmful to data stored on computer. The virus carries a code that encrypts files, making them inaccessible to users and demands a ransom (as bitcoin, for example) to decipher them, hence their name “ransomware”.
Cryptolocker type viruses infiltrate by different vectors (emails, file sharing websites, downloads, etc.) and are becoming more resistant to antivirus solutions and firewalls; it is safe to say that these viruses will continue to evolve and become increasingly good at circumventing corporate security measures. Cryptolocker is already in its 6th or 7th variation!

Is there an insurance policy?

All experts agree that a solid backup plan is always the best prescription for dealing with this type of virus. But what does a good backup plan imply, what would a well-executed plan look like?
The backup plan must be tested regularly and preferably include an offsite backup copy. Using the ESI cloud backup service is an easy solution to implement.
The automated copy acts as an insurance policy in case of intrusion. Regular backups provide a secondary offsite datastore, and acts as a fallback mechanism in case of malicious attack.

What to do in case of infection?

From the moment your systems are infected with a Cryptolocker, you are already dealing with several encrypted files. If you do not have in place a mechanism to detect or monitor file changes (eg a change of 100 files per minute), damage can be very extensive.

  1. Notify the Security Officer of your IT department.
  2. Above all, do not pay this ransom, because you might be targeted again.
  3. You will have no choice but to restore your files from a backup copy. This copy becomes invaluable in your recovery efforts, as it will provide you a complete record of your data.

After treatment, are you still vulnerable?

Despite good backup practices, you still remain at risk after restoring your data.
An assessment of your security policies and your backup plan by professionals such as ESI Technologies will provide recommendations to mitigate such risks in the future. Some security mechanisms exist to protect you from viruses that are still unknown to detection systems. Contact your ESI representative to discuss it!

Roger Courchesne  – Director, Security and Internetworking Practice – ESI Technologies

Review of Télécom 2016

This was the 13th edition of this annual event organized by Comtois-Carignan. ESI Technologies participated in the Industry Day on Tuesday April 26 during which 34 presentations on topics related to telecom, IT and contact centres were offered.

For a third consecutive year, we presented a conference this time on threat evolution and data protection. Installing security devices such as firewalls or first-generation IPS was before common and sufficient to protect organizations against threats that might affect the operations of a company’s activities. Today, the rapid evolution of malicious activity requires installing new solutions to better protect our assets. Our presentation provided an excellent overview of these solutions: next generation firewalls and IPS, protection systems against advanced threats, security for web browsing, email security and unified authentication services.

Participants were able to ask questions about these pioneering technologies, protection solutions that provide control and visibility to better react to a threat detected in the environment.

During the industry cocktail, 42 partner booths were available for participants to discuss technologies and service offerings. This cocktail formula is highly appreciated by participants, giving them the opportunity to discuss and share views on presentations of the day.

If you missed the ESI presentation, please contact us so we can share its content with you.

Roger Courchesne – Networking and Security Practice Manager

What’s the link between coaching youth hockey and managing end users?

In the summer, I enjoy doing volunteer work as a soccer coach for kids and teenagers. I do the same in the winter when hockey season begins. I find it challenging to bring different personalities to work as a group towards achieving common goals as a team. Being a coach doesn’t come without training however. And I remember one trainer commenting on being a coach as he said “if a given player isn’t doing what you asked him to, the first question you need to ask is: did I tell him? The second question is: did the player understand? The third: did I explain it well?” He ended up by saying “if your answer is yes to all three questions, then repeat as often as necessary”.

When I found myself with a client’s network manager talking about how sophisticated phishing campaigns have become, I remembered this wise comment about that coach trainer. This network administrator in particular admitted than even his seasoned team of network managers came close to being caught in one of these sophisticated phishing campaigns. It was a well-designed one using their GoDaddy account. It’s only when someone took the time to check the links that they noticed something fishy. The average user might very well have fallen victim of this. With regards to end users, ask yourself: “if a given user isn’t doing what you asked him to with regards to suspicious emails, the first question you need to ask is did I tell him? The second question is did the user understand the potential consequences? Thirdly, did I explain it in terms the average user understands?”  I end up by saying “if your answer is yes to all three questions, then keep repeating as users will forget over time and new users become part of your community”.

Charles Tremblay, Account Manager

Advisory from Nutanix – Potential data integrity issue

The manufacturer Nutanix sent a notice to its integration partners to inform Nutanix customers of a possible problem with their data integrity. This advisory affects NOS version 4.0.3 and later and is applicable only to customers that have met all the criteria below:

  1. On disk deduplication is enabled
  2. Using: Nutanix Protection Domains (all Hypervisors) orVAAI plugin (applies only to VMware ESXi Hypervisor)
  3. Using NOS 4.0.3 or higher

If you are a Nutanix user, it is important that you verify if your environment is affected by this advisory.

Workaround

Customers should avoid the configurations that are susceptible to this issue. Please contact your ESI representative if you wish to validate with one of our experts.

An update to this field advisory update will be sent on March 11th with details of the NOS release that will resolve this issue.

Is ransomware a myth?

Ransomware-Featured

A couple of weeks ago I was enjoying a business breakfast with a client when things turned bad for him. It seems it was a bad omen to talk about the challenges he was facing with regards to I.T. security since as we were talking, he received a text message from his staff informing him that they were hit with “CryptoLocker”. CryptoLocker encrypts a victim’s documents and demands a ransom for the decryption key usually paid in Bitcoins. In its Internet Security Threat Report 2014, Symantec “…noticed a significant upsurge in the number of ransomware attacks during 2013. During January Symantec stopped over 100,000 infection attempts. By December that number had risen more than six-fold.”
Not only it is it not a myth, it has become so widespread that according to the same report, “attackers have concluded that US$100 to $400 is the optimum ransom amount, and they will move to adjust their demand to avoid pricing themselves out of the market” and so my client was asked a 500$ ransom. Luckily for him he chose not to pay and opted for backups and cleanups as our friends from SourceFire has let us know that once you pay, you are being put on a list of people that are nice enough to pay the ransom, and therefore become subjected to further attacks.
Even though ransomware does not make up a huge percentage of overall threats, it is not a myth as my personal experience shows; and despite working for a company that has the expertise to help with the cleanup operations it is not in such circumstances that I enjoy being introduced the new clients.

Charles Tremblay, ESI Account manager