It has been almost two years since the Covid-19 pandemic began, with the first lockdown in March 2020 forcing businesses to adopt a remote working approach. Now that South Africa is opening up, a hybrid model is quickly becoming the norm, with employees splitting their time between the office and their home.

As a result, the IT departments role has become more complicated than ever, owing to the rapid increase in remotely connected devices. Cyberattacks have, in turn, become more common.

The most high-profile cyberattack happened in July, when Transnet, the state-owned railway company, was forced to shut down for a week. This attack, however, was only one of many, as global statistics show that a cyberattack takes place every 11 seconds.

This article looks at five factors that businesses can implement to secure their workforce:

When establishing policies and standards, companies must consider their cloud platforms, software development lifecycles, DevOps procedures and technologies, and compliance with regional regulations. Basic security hygiene alone is not sufficient at enterprise level to protect against advanced cyberattacks.

When putting together policies, businesses should keep in mind the following:

It is importantto educate all employees on the evolving threatlandscape. Businesses should educateall stakeholders about the many types of dangers from phishing to ransomware to social engineering. Are your staff aware of these threats, the damaging results of such an attack, andtrained to know what to do andwhom to call in the event of an attack?

Businesses should provide basic security tools to their employees, such as password managers, multi-factor authentication, data backup, and behaviour threat analytics. Threat analytics, especially, can help warn users and administrators when an account is accessed from an unknown IP during odd hours.

Perhaps consider incentivising employees with a rewards programme. For instance, internal cybersecurity and bug bounty initiatives at Zoho have aided immensely in educating and rewarding responsible staff.

Identity and key protection should be a primary priority for every cybersecurity team.Its critical to securelyauthenticate and authorise individuals, services, devices, and apps toensure that only valid accounts/devices are able toaccess the companys data. For example, many businesses now use SSH keys and SSL certificates in the background to perform safe cryptographicoperations.

When it comes to identity management, the beginning point is to implement tactics such as strong passwords, passwordless authentication, multi-factor authentication, role-based access, identity-based perimeters, and zero-trust access control strategies.

Once an identity has been granted access, a user can gain access to numerous endpoints and applications owned by the company using the identity. In a hybrid environment, enterprise data is communicated over smartphones, IoT devices, BYOD, cloud servers, and more,and many companies still rely on traditional firewalls and VPNs to restrict access.

Rather than relying on these legacy models, companies should adopt a least-privilege access strategy for users, applications, systems, and connected devices. Its important to provide only a minimum level of access based on job roles and responsibilities. This technique has the following important benefits:

Unpatched systems and apps are some of the easiest targets for hackers. Whenever a new security patch is issued, attackers will attempt to exploit the flaw before the patch is applied in order to obtain access to corporate data.Thus, enterprises should take advantage of patch management and vulnerability management tools thatoffer immediate implementation. Other benefits include improved efficiency and simplified compliance, helping avoid unwarranted fines.

Businesses in South Africa are currently more interconnected than they have ever been. While this is a development that will help many industries thrive, it also implies that businesses must prioritise cybersecurityto ensure successful benefits realisation. The truth is that its a matter of when, not if, your company will be targeted, and being preparedwith a robust cybersecurity and resilience strategyis the greatestdefence.

See the original post here:
5 cybersecurity best practices for businesses to support their workforces - Review - Review

Organizations operating today balance flexibility and time-to-market. Theyre managing cyberattacks, COVID-19 shutdowns, and other threats to a businesss ability to function. Managing these issues and moving forward in a digital world requires a responsive and iterative infrastructure.

Businesses require hybrid work models offering the flexibility of home or the office. Making this happen seamlessly requires the right technology and resources in place to enable people to do their jobs regardless of their location or access device. Theres a need for a new model for business infrastructure, where digital tools, security tech, and connectivity all come together. Realizing this new modern infrastructure involves a host of strategies, including a more secure virtual desktop, hybrid clouds, and more available business applications.

Leverage Virtual Desktop Infrastructure (VDI)

To manage security concerns for remote workers, many firms offer virtual desktop infrastructure, or VDI. With VDI, companies can offer virtual desktop PC environments. These are hosted on a server, and users can then access virtual desktop images that are running a central server. All the virtual machines are host based and managed through a virtual machine monitor which establish and run the various VMs running on the VDI.

Its an efficient way to give organizations the workforce flexibility they and their workers need along with enhanced security. VDI centralizes the infrastructure, so information is never flowing outside of the data center where it stays under strict monitoring. If the device is compromised, the data is not at risk. It eliminates a core concern about virtual desktop usage, where employees open them on unsecured devices that arent under corporate control.

For firms handling large remote workforces, VDIs are purpose built for scale. It reduces capital costs because theres less hardware required, and the company does not need to provide laptops for the employees home usage. Theres also inexpensive deployment for firms that have server architectures in place, and theres long-term cost benefits for firms that need a bigger initial investment.

VDI simplifies remote working, by allowing access through any device and location for maximum flexibility for todays global teams. This boosts productivity and VDIs reliability removes downtime issues, so workers can gain access with confidence. The centralized control means IT and management can provide seasonal workers, consultants, and other vendors with access without exposing the companys data.

Use Containers for Applications

Remote workers utilize network resources throughout the day and night. With global teams and flexible hours, some staff need application access at midnight on a Saturday. Supporting this requires firms to transform their legacy applications so they function with a remote mobile device-based workforce. Pick some of the companys applications accessed through mobile and introduce a container architecture, where code and dependencies come together, so IT can shift an application to a different server without needing any adjustments. This removes downtime caused by server maintenance because the application moves to another server, so theres little to no downtime and reduced infrastructure costs.

These containerized applications also offer enhanced security, since theyre running as their own processes, independent of others. With this structure, a threat would not reach the centralized host system, giving IT more time and opportunity to remedy the situation. It improves application availability to enable productivity and reduces the costs of a potential breach.

Bring in a Qualified Vendor for Hybrid Clouds Capabilities

Developing a hybrid cloud strategy is an ideal way to add agility to an organization. It provides flexibility and security for remote workforces. Firms using this model can support both distributed and remote employees with instant data access that is not coming through a single central location. The firm can shift sensitive data to on-premises secure servers as it moves apps and various employee and partner-focused services to a public cloud. IT and senior leadership leveraging hybrid clouds also hedge against spikes in demand because they can simply pay for more cloud resources, instead of worrying about massive capital costs with growing their infrastructure.

Consider shifting applications to public clouds within a hybrid model to reduce latency. If some of the remote workforce lives within a narrow area, then pick cloud services close by for the optimal performance. Encourage IT to look at the most often used applications and those that receive more complaints and a poor user experience due to connectivity issues. Another tactic is using edge caching to reduce latency. Talk to IT about caching some content on your internal servers, such as static information like profile data or product documentation.

Leveraging a third-party firm for hybrid cloud implementation gives companies a guided hand and outside perspective. The best partners will utilize a DevOps-down approach that includes discussions with the development and application departments. Theyll propose cloud strategies that align with the clients change management initiatives, operations, complementary technology choices, and conceptual architecture. Its part of a new way of looking at business infrastructure that optimizes security, connectivity, and growth.

Written by Michael Norring.

Track Latest News Live on CEOWORLD magazine and get news updates from the United States and around the world. The views expressed are those of the author and are not necessarily those of the CEOWORLD magazine. Follow CEOWORLD magazine on Twitter andFacebook. For media queries, please contact: info@ceoworld.biz

Read this article:
The New Agility and Resiliency Model Businesses Need to Survive - CEOWORLD magazine

Over the last few years, technology has evolved through an acceleration of innovation across industries, bringing forth new combinations of technologies, new use cases and new business models. Technologies such as the Internet of Things (IoT), cloud computing, machine learning and big data have combined to solve business challenges that plagued industries for decades.

What is a hybrid cloud?

According to IBM, a hybrid cloud is an infrastructure that connects at least one public cloud and at least one private cloud, but the definition can vary. A hybrid cloud provides orchestration, management, and application portability between public and private clouds to create a single, flexible, optimal cloud infrastructure for running a companys computing workloads.

Despite the growth in public cloud computing, enterprises often need to use a combination of public and private (on-prem) clouds. Often overlooked in the hype around public cloud computing, private clouds offer greater flexibility, security and compliance.

A private cloud environment is generally accessible only through private and secure network links, rather than the public internet. Industries such as healthcare and finance have specific regulations about storing and processing data and thus favour using private clouds. A company can run a private cloud on-premises in its data centre, local server room or access it as a securely hosted offering by a cloud service provider (CSP).

Crucially, hybrid cloud computing enables companies to accelerate their digital transformation efforts, primarily if they work with legacy hardware and infrastructure. They can extend their existing infrastructure by adding one or more public cloud deployments modernizing applications and processes in stages rather than a complete digital transformation upheaval.

What is computing on the edge?

IoT technology is ubiquitous, with connected devices collecting more and more information through sensors, cameras, accelerometers, LiDAR and depth sensors. All this information requires collection, storage, processing and analysis to create data-driven insights. Some of this data comes from mission-critical applications where a split-second delay can have significant consequences. For example, factories, smart traffic consoles, an insulin pump, and smoke and noxious gas monitoring.

As a consequence, edge computing use cases have grown. Edge computing places processing (and some storage) capabilities close to the data source, enabling fast data analysis in real-time. Its particularly useful in poorly connected environments such as oil refineries, mines and wells. Companies are moving more of their compute and financial investments toward edge computing. Grand View Research predicts that companies will spend $43.4 billion on edge computing by 2027, a compound annual growth rate of 37.4%.

Despite the predictions of some analysts, this does not mean the death of cloud computing. Cloud computing and edge computing have a beneficial functional relationship. And this relationship extends the hybrid cloud concept.

According to Gartner, Edge computing augments and expands the possibilities of todays primarily centralized, hyper-scale cloud model and supports the systemic evolution and deployment of the IoT and entirely new application types, enabling next-generation digital business applications.

Combining hybrid cloud and edge computing

A hybrid environment with workloads at the edge and various cloud locations offer advantages to companies seeking greater efficiency and cost savings. Running a business and time-critical workloads at the edge ensures low latency and self-sufficiency. This means transactions can occur even in rugged environments where internet connections are poor.

Take the example of industrial IoT and a factory that uses sensors to monitor machines for temperature, sound, pressure and vibration. The factory can use a locally hosted compute device from a nearby cloud provider, or even something like a Raspberry Pi, to process and filter and aggregate data from the machines in near real-time. If this edge compute instance detects an urgent anomaly, then it can generate an alert for investigation. It can send the filtered and aggregated data to a public cloud instance during regular operation to perform further analysis, machine learning processing, decision making, and storage with a service that provides better efficiency and value for such tasks.

Connected cars are another example, which are effectively data centres on wheels with hundreds of in-car sensors creating a deluge of data. Autonomous driving systems, such as those tested by Equinix customer Continental, must aggregate, analyse and distribute that data, as well as data from other sources such as traffic and weather information, in real-time with all the necessary security and privacy controls in place. And as the degree of autonomy advances (from level one for some driver assistance to level five for fully autonomous), the amount of data to aggregate and analyze will continue to soar. Current test drives for L2 autonomy are generating up to 20 terabytes (TB) of data a day, while more advanced sensor sets for higher levels of autonomy (L4 and above) may generate up to 100 TB/day.

A car needs some of this data in real-time to make split-second decisions, like whether to move lanes or whether the road is clear of pedestrians. The processing of this data could happen on the onboard computer or on any available local edge compute instances the vehicle happens to be near at the time. When the car returns to a WiFi connection, it can then upload any other less important data to a public cloud instance, receive software and machine learning model updates, a driver can review their data, or the manufacturer can download for analytical purposes.The communication between edge computing and the rest of the hybrid cloud neednt be in one direction. Once compute services have processed, analyzed and reached decisions on the data they have, they can then push relevant updates to edge compute instances.

Are you looking to introduce a hybrid cloud solution?

Like many other aspects of modern infrastructure, containers and orchestrating them with Kubernetes can help standardize edge and cloud deployments. Kubernetes standard runtime layer enables you to develop, run and operate workloads consistently across computing environments and move workloads between edge and cloud.

Equinix Metal provides the foundational building blocks that give businesses the ability to create and consume interconnected infrastructure with the choice and control of physical hardware and the low overhead and developer experience of the cloud. Digital leaders use Equinix Metal to create a digital advantage by activating infrastructure globally, connecting it to thousands of technology ecosystem partners, and leveraging DevOps tools to deploy, maintain and scale their applications. This means that on-demand bare metal servers with dedicated GPUs optimized for edge-type workloads such as machine learning are within your reach.

Metal integrates with a range of common hybrid cloud toolings such as Anthos, VMWare Tanzu, and RedHat OpenShift, allowing public cloud vendors and users alike to leverage any existing infrastructure and tooling.

Equinix Fabric supplements Equinix Metal by offering software-defined interconnection to connect Equinix Metal and your other infrastructure together, including all leading cloud providers. Equinix Fabric helps companies who want to take advantage of hybrid multi-cloud but need to reinforce privacy and security for data as it travels between edge and public cloud locations. On top of providing these security guardrails, Equinix Fabric is affordable and performant, not adding any other overheads to applications.

To learn more about how to enable the hybrid cloud for your organisation today, download the Equinix Whitepaper on enabling the hybrid cloud.

By Equinix

References

View original post here:
Pushing to the edge with hybrid cloud - iTWire

Abby Kearns, CTO of Puppet, delves into the pros and cons of cloud infrastructure types and strategies in the market today

Establishing what kind of environment and strategy is right for your business is key to cloud success.

You dont have to do much Googling to find articles, podcasts and tweets featuring me talking about both multi-cloud and hybrid cloud. More companies than ever are choosing a hybrid cloud approach that leverages a multi-cloud strategy, so its prudent to revisit the pros and cons of hybrid and multi-cloud, as well as public and private cloud infrastructure.

I am defining public and private clouds as the environments in which an organisation chooses to host its infrastructure. Hybrid and multi-cloud are the strategies organisations employ for these environments.

I will caveat everything Im about to say with the fact that you should choose the right environment for the right workloads. What problem are you solving and why? There is a case to be made for private cloud infrastructure, and there is a case to be made for public cloud it entirely depends on what type of applications you are running and what the requirements are around that application.

Today, one of the key private cloud advantages is data be it addressing data sovereignty requirements, or because you have a large data lake in your private cloud and need close access to it (for low latency application requirements), or you have specific regulation requirements on who has access to that data and where that data sits. Data is often at the heart of private cloud strategies.

Another benefit of private cloud to an organisation is the customisation it gives the business, granting greater flexibility and the means to design a bespoke environment for specific business needs and users.

So, what are some of the drawbacks of private cloud?

They can be high maintenance. A dedicated team is required to manage the environment full-time, ensuring the environment stays up to date, including addressing any CVEs, as well as reliability, minimising any failures or downtime. A private cloud can be costly, as it requires a data centre as well as the physical infrastructure, in addition to the customised private cloud software to manage the environment in a way that mimics a public cloud experience (ease of access, self-service, etc.). You also run into limitations on scale that you would not have in a public cloud; while this is addressable, it does require forward-looking planning on what possible scale your environment would need to run in a variety of scenarios.

What about public clouds?

Public cloud can be less expensive because the data centre, hardware, and software are owned and operated by a third-party provider. Because a public cloud provider is responsible for dozens or hundreds or thousands of customers, the network of servers is vast and largely diminishes the risk of failure, so count high reliability as yet another perk of public cloud. This combination of a massive network of servers and a 24/7 service team provides an additional benefit: scalability.

Are there any downsides to public cloud?

Remember how private clouds are able to be customised for an organisations specific business needs? Public cloud is often a one-size-fits-all solution, meaning a company no longer has as much control or flexibility with the public cloud. Public clouds can also be costly, especially if you have a growing footprint of workloads that require intensive data requirements. Additionally, egress fees can be quite high if you are looking to pull your data out of the cloud.

Adrian Rowley, senior director EMEA at Gigamon, discusses why the accidental hybrid cloud exists, and how to effectively manage it. Read here

A multi-cloud strategy simply means that an organisation has chosen to use multiple public cloud providers to host their environments. A hybrid cloud approach means that a company is using a combination of on-premises infrastructure, private cloud and public cloud and possibly more than one of the latter, meaning that company would be implementing a multi-cloud strategy with a hybrid approach. At times, these terms are used interchangeably.

Companies choose a multi-cloud strategy for a multitude of reasons, not least of which is avoiding vendor lock-in. Spreading workloads across multiple cloud providers increases reliability, as a company is able to fail over to a secondary provider if another provider experiences an outage.

Optionality is a huge benefit to companies who want to be able to pick and choose which services will most seamlessly integrate into their environments, as each major public cloud provider provides some unique services for different types of workloads. Furthermore, when a company uses multiple public cloud providers, it retains flexibility and can transfer workloads from one provider to another. Finally, global organisations can leverage multi-cloud to address complex compliance requirements, which vary from country to country.

These are all very strong cases for multi-cloud, but what are the downsides?

Cost forecasting and containment can be challenging when using multiple providers charging different rates for different services. Also, spreading workload across multiple cloud providers does increase reliability, but it can also increase risk and make it more difficult to know where data is and who has access to it. There are both benefits and downsides to multi-cloud, but I am a proponent of a multi-cloud strategy whenever possible.

Why do organisations choose a hybrid approach?

Many companies especially large enterprises that existed for decades host their environments in the data centre, and lack of resources, funding, staff, executive buy-in, or a host of other reasons may prevent them from shifting their legacy architecture to the cloud. However, certain teams within the company may be spinning up cloud-native environments for new projects, and other teams may be working on implementing a lift-and-shift to the cloud from the data centre.

For most organisations large and small, a multi-cloud strategy with a hybrid cloud approach is the way of the future. As applications grow across organisations, their infrastructure needs change as well. For example, you might be running a large CRM system in a private cloud, but you may choose to run newer, cloud-native applications in a public cloud where you can leverage the cloud infrastructure to the fullest extent.

At the end of the day, organisations should choose the right infrastructure for the right workload and business needs, whether thats a hybrid and/or multi-cloud strategy using either/both public and/or private clouds.

View post:
Pros and cons of cloud infrastructure types and strategies - Information Age

Latency originates from two separate sources: a data center's network or its storage system. To reduce latency in your data center, consider its potential causes, then evaluate the various ways to troubleshoot it.

You can implement a variety of tools to help manage latency. Consider using latency monitoring software -- such as EdgeX Foundry or traceroute -- to pinpoint bottlenecks or keep tabs on network speeds, or adopt more latency-resistant hardware, including NVMe drives, persistent memory and SD-WANs.

Latency is the primary way to judge overall performance when it comes to storage systems. Low latency leads to faster transactions, which in turn leads to reduced storage costs for your business.

Storage latency comes from four main sources: storage controllers, storage software stacks, internal interconnects and external interconnects. You can reduce latency in each of these sources by selecting a fast CPU for your storage controller server, adopting storage software that prioritizes efficiency and CPU offload, implementing remote direct memory access networking and utilizing NVMe drives.

Persistent memory can also optimize storage and cut down on storage latency. It connects directly to the memory bus and offers two separate operating modes -- one to convert it to volatile memory, and the other to use it as a high-performance storage tier.

Network latency determines how long it takes between a request for data and the delivery of that data, which affects an entire infrastructure. High network latency can increase load times and even render certain applications unusable. Network latency usually comes from sources such as poor cabling, routing or switching errors, storage inefficiencies or certain security systems.

To improve network latency, start by measuring packet delay. Know how long it takes for your network to fulfill a request. Tools such as Ping, Traceroute and MTR can help you with this. Next, identify potential bottlenecks in your network. Depending on the source of your network latency, you can take steps such as improving routers or implementing network speed amplifiers. Finally, introducing nearby edge servers can also reduce networking strain and improve latency. Such edge servers can shorten the distance that a request packet must travel, thereby improving your system's response time.

Cloud latency can create significant issues for both organizations and end users. Distance often causes the majority of cloud latency, but equipment such as WANs can also create cloud latency problems.

Implementing SD-WAN instead of WAN networking can reduce cloud latency. Most SD-WAN offerings feature increased reliability, end-to-end security, and extensibility and management automation. You can improve remote connections, but SD-WAN requires virtual endpoint appliances.

Edge computing moves data and calculations out of the data center to edge locations. To minimize decision-to-action latency, some cloud providers have even moved their cloud environments to the edge. This process cuts out public commercial internet traffic to enable faster and more efficient delivery of services to customers.

However, due to its remote nature, the edge can present its own problems with latency. Software that monitors edge devices should measure latency in real time. Edge device monitoring services such as AWS IoT services, EdgeX Foundry and FNT Command all possess latency monitoring tools or features.

When monitoring latency in large, complex systems, first ensure that monitoring latency won't increase latency. Synthetic monitoring and log monitoring tools can often do more harm than good when it comes to latency issues. Metrics- and event-based monitoring tools cause less strain in comparison but can also still increase latency.

You can ensure your latency monitoring tools don't negatively affect latency by evaluating and altering the sequence of scripts your monitoring tools run. This enables you to scale back on the frequency of latency testing and prevents your latency monitoring tools from creating issues.

Continued here:
Bust latency with monitoring practices and tools - TechTarget