(888) 864-1641 | sales@ndm.net

From Challenges to Improvements

As the saying goes April Showers Bring May Flowers.  Better yet, the IT hurdles of 2020 brought much needed improvements in technology today.

As we all know, the dark days of 2020 caused much chaos and angst across the world. It affected industries and people in a myriad of ways. The IT industry was, of course, not omitted from the all-of-the-sudden-problems. Leaders in the industry scrambled for answers and resolutions to issues that seemed to arise overnight.

The beauty of hardships, however, is that they create resiliency. The silver lining from 2020 is that issues of yesterday bring knowledge and technological enhancements of today. Namely, we are dealing with improved security, flexibility of remote working, and the much-anticipated receipt of previously purchased goods.

Ransomware boom of yesterday creates new and improved security features of today

In the world of IT, if we are not growing and changing, we are dying. Evolving is a major part of the industry. This is partly due to the nature of the beast. In this case, it is also due to the people and crisis that threaten company and individual livelihood – otherwise known as ransomware attacks and cyber hackers.

A few (of many) advances in technology that have taken off over the past few years are:

End users:

• Multi factor authentication
• Fingerprint scanners to unlock devices
• VPN’s

Companies:

• Single Sign On for apps/devices
• Trusted platform module
• Infosight style management platforms (more streamlined and easier to use alerts and logging, automatic updates, proactive alerts and patching)

Randomized MAC addresses:

• Originally introduced by Apple, this new feature randomizes your MAC address when connecting to wireless connections.

Now, of course, much of the above was around prior to 2020, but the focus on making these things higher quality with increased functionality has taken off.

Chaos of enabling a remote work environment creates flexibility and improvements to company policy

Creating a remote work environment is not easy. It’s not easy when you have the time and resources on your side to do-so, but without thorough planning to execute, it seems almost impossible. Aside from lacking time and resources, we can’t forget about the difficulties in getting our hands on the needed technologies to make this happen too.

As companies struggled to work through the difficulties of enabling a remote work environment in 2020/2021, we are now able to reap the benefits of IT’s hard work.

Positives that have come from a rushed remote set-up include:

• Flexibility that has come from the ability to work remote if need be
• Change in (some) corporate policy – leaders identifying that often times, employees are more productive at home
• Knowledge of a remote set-up – Now that, for the most part, companies have learned how to create a remote work environment. They have already either completed the procedure on how to do this, or at least gotten a taste of what needs to be done. The learning curve is less steep.

Supply chain issues – your patience of yesterday is being rewarded with the goods of today:

In 2021, depending on the product and the manufacturer, some customers were waiting in line for goods to arrive anywhere from 3-12 months out from the purchase date. Some of the many challenges with this, include :

• Public Sector entities that, due to rules and regulations, require product onsite before fiscal year-end
• The need for product to arrive immediately in order to enable a remote working environment
• Technology refresh cycles being pushed out, which of course causes security issues and can threaten support needed on any given product

In 2022, we have slowly started closing the gap between purchase date and arrival of product. Though we are not to the finish line quite yet. Again, depending on product and manufacturer, we are seeing ship dates creep back down. The most exciting thing about shipment of product that you bought 12 months ago? You likely finally have that in your hands, and that’s a great feeling! Companies are becoming more familiar with how to handle this (Purchasing further in advance, changing the way we timeline future projects, and understanding the right questions to ask when it comes to support on product).

The silver lining is alive and well and the hope is that we only continue to grow past the hardships of yesteryear! Reach out to NDM today to find solutions to help your organization bloom.

It’s that item on your to do list that you often ignore and say you will do later – software updates. Not only may you be missing out on the latest improvements, but you can create a major security risk for your organization by ignoring these updates.

One of the largest data breaches on record is the Equifax data breach in 2017. It exposed the personal information of 147 million people. Hackers were able to get in due to a known system vulnerability for which a security patch had been issued two months before the breach. Unfortunately, no one at Equifax applied the patch. It cost the company $700 million in a settlement reached with the FTC.

60% of data breaches in 2019
were the result of unpatched vulnerabilities.

Before you get distracted by another project or think that you can wait to do your next update, here are a few reasons why software updates matter.

Security

Security is the number one reason to make sure you take care of updates as soon as possible. Software vulnerabilities often give cyber criminals access to one’s computer and plant malware. Malware enables one to take control of computers and steal information. It also can encrypt files, documents and other programs so they are unusable. Security patches block these open doors in the software to protect a device from attacks.

Risks from third-party vendors account for over two-thirds of all data breaches today. Third-party applications often interact with the internet. This makes them highly vulnerable to ransomware. Hackers know companies often overlook updating various programs that don’t seem important.

Cybercriminals want to exploit the most vulnerabilities as possible simultaneously. They are constantly searching for popular third-party programs. They will jump on an opportunity to hack millions of users who delayed updating their software.

New Features

On a positive side, software updates can give you access to the latest improvements and remove the old ones that are out of date.  A software program may get a new shot of stability — no more crashing. Or an update might boost program performance — more speed. Some of these new features could save you time and most importantly enable the software to keep working and not shut down.

Protect Your Data

Your Data is your most valuable asset at any organization. Often hackers will search for personal data such as financial information, passwords, usernames or other documents with sensitive information. They will look to sell this information to the dark web and commit crimes. Allowing your customer’s information to be vulnerable can impact your company’s reputation and future business.

Improve Performance

Just like your vehicle needs regular maintenance to help improve its performance, your software can benefit from updates. Bugs are often found in programs or enhancements are made to improve the overall experience.

Ensure Compatability

With technology constantly changing, often older software will not be compatible with new technologies without the appropriate update. Microsoft, Google and Apple are frequently updating their technology interfaces. Most of us use multiple devices so compatibility is essential.

Don’t Fall for Fake Update Messages

It important to update your software but beware of fake messages or popups out there. Pop-ups are typically a scam to get you to click somewhere that you should not. Close the pop-up and go directly to the vendor website to look for downloads. There a suspicious emails making their rounds stating that your updates are past due and make an update now. It is best to reach out to the vendor directly.

You may have the option with some software to do automatic updates. Some software makes it possible to choose the time of day you update or even how often. Scheduling and automating your updates this way will make them less of a nuisance.

Take Time to Update

Like ignoring the check engine light on your car is something you shouldn’t do, the same goes for software updates. They can help protect personal information as well as company data. Contact NDM to find out more about how we can help.

Securing or Hardening

Securing or Hardening aims to protect and secure your IT infrastructure against cyberattacks by reducing the attack surface. The attack surface is all the different points where an attacker can to attempt to gain access or damage the equipment.  This blog is focused on securing Servers and storage.

The goal of server hardening is to remove all unnecessary components and access in order to maximize security.  This is easiest when a server performs a single function. For example, a web server needs to be visible to the internet whereas a database server needs to be more protected. It will often be visible only to the web servers or application servers and not directly connected to the internet.

If a single server is providing multiple functions, there may be a conflict of security requirements.  It is best practice not to mix application functions on the same server.

Implementing Hardening Policies

The information below provides a starting point for implementing hardening policies.  Some of these only apply to the servers, but others apply to all devices on the network (Servers, Storage, Networking).

All Devices:

• Change default credentials and remove (or disable) default accounts – before connecting the server to the network.
• Disable guest accounts, setup accounts and vendor accounts (Vendor accounts can be enabled when necessary).
• Install security patches and firmware updates on a scheduled basis. My recommendation is to review devices firmware, virtualization layer software, and operating systems a minimum of every 6 months.  If possible, review them every quarter.
• If possible, sign up for service update notifications from all vendors. You will be notified of critical updates.  Depending on the update, Critical Security updates may require immediate implementation.
• Develop a patch/firmware management process that includes what gets updated, when it gets updated, outage window required, can it be automated, process for patching/firmware upgrade, etc. Some devices may be updated quarterly, others monthly.
• Accurate time keeping is essential for some security protocols to work effectively. Configure NTP servers to ensure all servers, storage and network devices share the same timestamp.  It is much harder to investigate security or operational issues if the logs on each device are not synchronized.
• Ensure all devices are located in a physically secured location and restricted to approved staff only. Review and disable access for anyone that has left or changed roles.
• Review user and administrator level access to all devices. Ensure all default userids and passwords have been changed. Remove all users that are not on the approved list.  If possible, use roles-based access using Active Directory or the equivalent.
• For connection to all devices, use Secure Shell Protocol (or SSH) when possible. This enables you to make a secure connection to your network services over an unsecured network. Avoid using FTP, Telnet and rsh commands.  Use a secured protocol.

Servers:

• Turn off services that are not required – this includes scripts, drivers, features, subsystems, file systems, and unnecessary web services. Remove all unnecessary software.
• On Windows systems only activate the Roles and Features required for that host to function correctly.
• On Linux systems remove packages that are not required and disable daemons that are not required.
• Remote Access (Windows RDP) is one of the most attacked subsystems on the internet – ideally only make it available within a VPN and not published directly to the internet. For Linux systems, remote access is usually using SSH.  Configure SSH to whitelist permitted IP addresses that can connect and disable remote login for root.
• Configure operating system and application logging so that logs are captured and preserved.  Consider an SIEM Solution to centralize and manage the event logs from across your network.
• Review Administrator Access to host operating systems. Administrator accounts should only be used when required by approved personnel.
• Set password settings to require “Strong and Unique” passwords. Force password changes periodically according to internal security practices (usually 30 to 90 days).
• Configure account lockout policies. Lockout user accounts after failed attempts.
• Consider using Multi-Factor Authentication (MFA) if feasible to improve the level of security.
• Review backup policies to ensure all servers are being backed up correctly according to company retention policies. Periodically test the backup to be sure recovery is possible.
• Review monitoring requirements and be aware of any activity on each system.
• Set up custom admin accounts. They can be an Active Directory (AD) account or a local account in the administrators group.
• Limit security context on accounts used for running services. By default, these are Network Service, Local System, or Local Service accounts. For sensitive application and user services, set up accounts for each service and limit privileges to the minimum required for each service. This limits the ability for privilege escalation and lateral movement.
• For Linux systems, use Secure Shell Protocol (or SSH) when possible. This enables you to make a secure connection to your network services over an unsecured network. Use a secured protocol.
• Enable UEFI Secure Boot will further ensure only trusted binaries are loaded during boot.
• If not in use, disable the IPv6 protocol to decrease the attack surface.
• Keep partitions separated can help decrease the radius of any attack. Separate the boot partition from the user data and application data will help protect your data.

Contact NDM today if you would like more information on hardening your infrastructure.

According to IDC research, businesses are prioritizing resiliency and agility as foundational elements of their IT strategy. They want more visibility, cross-platform control, better data management, and protection from the edge to the core. While consumption-based models are playing an increasingly important role in powering those goals to accelerate digital transformation, many business leaders are hesitant when it comes to Network-as-a-Service (NaaS). Some still think of as-a-service in terms of software, compute, and storage. However, as budgets grow tighter amid an inflationary economic environment, organizations need a better way to predict the ebbs and flows of the network, with flexibility to adapt as business needs change. That’s where NaaS comes into play.

Among the newest as-a-service approaches, NaaS combines­ hardware, software, services, and support in a pay-as-you-go model that delivers network services on a subscription basis. Allowing users to consume network infrastructure through flexible OpEx subscriptions, NaaS helps businesses shift their focus from managing their architecture to driving business outcomes.

If you haven’t transitioned to Network-as-a-Service yet, here are five reasons why you should:

1. Cost savings: Network-as-a-Service allows you to acquire the network you need, when you need it, to avoid overprovisioning—in a pay-as-you-go OpEx model. Because you’re not locked into expensive infrastructure and rigid contracts, Naas allows you to more predictably manage costs and align budgets to business priorities. Additionally, with insights into all aspects of usage, including power, capacity, bandwidth speeds, and service levels, you can make more profitable financial decisions about workloads and upcoming projects.
2. Security: As the prevalence of data breeches and ransomware continues to soar, enhancing network security is crucial. With proactive network monitoring, preventative maintenance, and real-time insights into network performance, the NaaS model offers enhanced network infrastructure protection with enterprise-grade security. With that, any nefarious activity can be immediately identified—and patches can be applied to address the breech before it becomes a problem.
3. Performance and Productivity: Network-as-a-Service ensures your network operates efficiently by assessing traffic volume and making necessary adjustments. A better performing network means less downtime and greater staff productivity. Additionally, by outsourcing the full lifecycle of your enterprise network deployment, day-to-day operational management, upgrades, monitoring and troubleshooting activities to a NaaS partner, you free up your internal IT resources to focus on business-enabling tasks that add measurable value.
4. Keep up with the pace of business: NaaS provides the financial flexibility to shorten planning cycle times and the agility to keep pace with changing conditions. By ensuring your network technology is refreshed as needed to support new workloads and changing requirements, a NaaS model makes it easy to scale your network as needs change.
5. Environmental impact – NaaS offers a more sustainable way to consume network technology. With the ability to rent sustainable networks from a NaaS provider on a subscription basis, you don’t have to worry about where and how to dispose of old equipment. Plus, NaaS providers are committed to sustainable ‘reuse and retirement’ practices—and also well versed at configuring networks that are purpose-built to optimize energy consumption. By turning to a NaaS solution, you are making an environmentally sound decision that reduces your carbon footprint.

As market conditions continue to change at a rapid clip, your business needs to be one step ahead of your competition. With NaaS solutions from Aruba, NDM can help you move from reactive network management to a proactive approach that uses the network to deliver innovation and power profound business outcomes.

For more information about how you can accelerate business outcomes with Aruba’s subscription-based network consumption model, contact us here.

Downtime costs businesses an average of $84,650 per hour. A natural disaster or cyber-attack can result in weeks of downtime for a business that’s not prepared, delivering a massive financial blow. Even worse, according to the Federal Emergency Management Agency, 40% of small and mid-sized businesses never reopen after a natural disaster, and an additional 25% reopen but fail within a year. These statistics are staggering—and sadly, we’ve seen scenarios like these play out many times with our clients.

The threat of man-made and natural catastrophes is real—and in most cases, it’s something you can’t control. What you can control, however, are the safeguards you have in place to help your business recover when disaster strikes.

Enter Disaster Recovery-as-a-Service (DRaaS).

DRaaS is a pay-as-you go cloud service model that delivers backup services in a managed data center to ensure access and functionality to IT infrastructure after a disaster. It gives an organization a total system backup for rapid restoration of data servers and applications in the event of system failure. By replicating and backing up all cloud data and applications, DRaaS protects data, limits downtime, and shortens Recovery Point Objectives (RPOs) when a disaster happens.

7 Benefits of Disaster Recovery-as-a-Service:

1. Cost savings: According to Gartner, 55% to 65% of I&O leaders say they overspend in backup and recovery by at least 30%. With DRaaS, you get the same capabilities and reliability as the more costly on-premise DR systems, but in a pay-as-you-go model whereby you only pay for what you use. Plus, with the ability to rapidly recover from a disaster, you stand to save your business hundreds of thousands of dollars—or more—from unplanned downtime or lost data.
2. Immediate recovery: The longer it takes for your business to recover following a disaster, the more money your business will lose. By backing up your data to a secondary infrastructure, DRaaS offers instantaneous failover, so your business can return to normal operations within minutes—not hours or weeks.
3. Secure data backup storage: DRaaS offers a multi-layer security approach designed to address most vulnerabilities. Employing the latest security protocols, with frequent patches, multi-factor authentication, encryption, ongoing audits, and more, DRaaS providers ensure comprehensive data security.
4. Peace of mind: With redundancy for all your critical business information systems, DRaaS eliminates the worry and pressures associated with meeting recovery point objectives (RPO) and recovery time objectives (RTO), while helping you stay GDPR compliant.
5. Reduced administrative burden: Managing disaster recovery eats up a lot of time for your internal staff—and keeps them in react mode. By outsourcing your disaster recovery to a third-party provider who will manage all DR planning and maintenance activities, you free up internal staff to proactively focus on other critical IT functions, achieve greater levels of productivity, and realize greater efficiencies.
6. Specialized expertise: A DRaaS provider has advanced expertise in backup, recovery, and data security. With access to a team who knows everything there is to know about implementation, replication, failover, and more, you can unload a heavy and complex burden while letting the experts do what they do best.
7. Scale on demand: Because you only pay for what you use, not only do you avoid overprovisioning for an in-house solution, but you also get the flexibility to scale up or down as needed. If your needs grow, you can quickly, easily, and efficiently upgrade your service

At NDM, we can help you achieve modern data protection with HPE GreenLake for data protection. Ask us about how your company can install a free trial of HPE Greenlake backup and recovery.

For more information about HPE’s industry-leading backup, recovery, and ransomware protection capabilities, contact us today.