Archive for the ‘Insight’ Category

Ransomware – 5 Best Practices

Posted on: August 27th, 2021 by McCrory Brian

There are three kinds of organisations in the world — those who have been hacked, those that are next in line or, worst of all, those that don’t know they’ve already been hacked.

Thinking that you and your business won’t be a target, or that you don’t have any valuable or interesting data, is a false sense of security and the most common mistake most people make.

As you navigate through the digital world, you leave digital traces behind like digital breadcrumbs. Every time you register at a website, or even simply sign up for an event, you use a username and password.  The username is usually your email address and the password is, for 60 % of people, a re-used password.

Cybercriminals are constantly, and successfully, attacking these websites to harvest login information like email addresses, login names, domain names and any other information they can retrieve. This is just the first piece in a larger, more elaborate digital jigsaw. The data they retrieve will be placed in cloud caches, analysed and enriched with other data sources like a social media post, LinkedIn profiles and multiple other telling pieces of information that is readily available.

As soon as cybercriminals establish relationships between these digital jigsaw pieces, they create a profile and you become a target.   Armed with this digital profile, they have the keys and further opportunities to gain access to newer, larger and more sensitive data sources.  Every piece of additional information they gather, brings them many strides closer to successfully hacking you personally, and worse still, your extremely valuable corporate IT systems.

The National Institute of Standards and Technology (NIST)  produced its Cybersecurity framework (CSF), that sets out 5 best practice functions that are widely considered to be the default standard for building a robust cybersecurity program.  They are applicable to organisations of all sizes, and all industries, whether you’re just getting started in establishing a cybersecurity program, or if you’re already running a mature program.

  1. Identify: Know what you have, where you have it and the value is of every single resource individually plus the value all resources combined.
  2. Protect: Develop and implement appropriate safeguards to ensure critical infrastructure service delivery and proactively support your ability to limit or contain the impact of a potential cybersecurity event.
  3. Detect: The faster a cyber event is detected, the faster the repercussions can be mitigated.  The early discovery of cybersecurity events is a critical step to a robust cyber program
  4. Respond: Develop appropriate techniques and actions to take when a cybersecurity incident has been detected.  The faster and more effectively you respond to a possible detection of a cyber incident, the faster you can stop the threat in its tracks or mitigate its damage and reduce any potential financial impact.
  5. Recover: Maintain appropriate plans that can be implemented to restore any impaired capabilities or disrupted services due to a cybersecurity event. Timely recovery to normal operations reduces the impact of a cybersecurity event.

OSG partners with industry leading backup and recovery technology solution providers.  We can help review your current security posture and build and implement comprehensive and robust cybersecurity program that guarantees the security and protection of your digital estate.

Importantly, we provide you with the absolute confidence, backed by contractual commitments and SLAs, that your business can recover from any incident within an acceptable, defined and predictable timeframe.

Don’t wait until after an event, take some pro-active steps today and make security a priority for your business.

Record Breaking Performance

Posted on: July 30th, 2021 by Sara

It’s that season again where sport is dominating the headlines and screens are filled with athletes competing and pushing themselves to achieve their absolute best on the world stage of the Olympics. Everyone is striving to attain the top performing gold medal and make their home country proud

Like Paul O’Donovan and Fintan McCarthy, who won Ireland’s first gold medal of the Tokyo Olympics on Thursday with a stunning victory in the lightweight men’s double sculls. Hours on the water and years of training paid off.

In a humorous interview with the BBC, asked how being an Olympic gold medal-winning athlete sounded, O’Donovan said: “It’s alright, yeah. You can’t complain about it really. I wouldn’t go around introducing myself like that though.”

He seems fully aware and not at all bothered that the Olympic coverage will fade over time and will likely be happy to get back on the water and “do what we always do, the best we can.”

Some similarities could be drawn to the initial hype around Public Cloud. When first launched over a decade ago it promised infinite scale, global reach, on-demand flexibility, rapid deployment, super low unit cost and consumption based ‘only pay for what you use’ billing.

Public Cloud has delivered on all these areas.  In most cases exceeding expectations. The exception to this is costs – the reality of the super low unit cost and consumption-based billing model, is increased costs.  Not the savings everyone expected.

There is no doubt that if time is spent using cost calculators available (note: these are sales and marketing tools), the numbers always look favourable.  However, the unit-based costs are allocated to absolutely everything – including things that happen ‘under the hood’ on the platform that most people don’t understand, let alone know how to translate their own requirements and use cases to.

This is in absolutely no way a failing or misrepresentation by Public Cloud providers.  They’ve been upfront and honest with their transparent pricing and low unit costs.  It’s simple misunderstanding, people getting carried away with all the hype, that has led most businesses to expect to achieve considerable cost savings, by moving to Public Cloud.

There will always be examples of companies that have achieved reduced costs.  However, organisations that are heavy users of IT or applications, or just have heavy applications, often, will have realised considerably higher costs post move.

In addition to increased costs, another unexpected or undesired realisation is lack of certainty or predictability around monthly costs.  Cloud infrastructure and resources are not consumed in a uniform or consistent way, leading to variables that are difficult to predict, manage, and in some cases impossible to control, leaving budget holders with an unenviable task.

Public Cloud does, and will, always have its place. 

However, companies that have embraced these platforms should begin to review their longer-term strategies; and consider a multi-cloud operating model which is becoming ever more prevalent.  Which involves moving those applications that don’t necessarily need global reach or hyper scale whilst still having access to all the other goodness that Cloud offers. Including typically high levels of performance, that can be delivered close to their end users

No matter where you are on your journey, it’s important to review and assess regularly to make sure you are embracing the technologies and platforms that allows you to evolve and adapt, and not be locked in to any one vendor or platform.

Not all clouds are created equally.   

No one size fits all.  It will take a hybrid and multi cloud approach and operating model to best fit all your requirements (known and unknown).  That may include public cloud, but most likely will incorporate specialist private and hybrid cloud platforms managed by trusted partners and delivered closer to home, and importantly closer to your end users.

OSG provides an enterprise grade private and hybrid cloud platform, with guaranteed performance, recoverability, with predictable commercials.

For us it will never be about the hype but doing the best we can with the technology available to ensure your business can always access gold medal standard cloud services and solutions.

Get in touch to discuss how we can help your business leverage cloud.

 

Failing to Plan is Planning to Fail. 

Posted on: July 8th, 2021 by Sara

Having a disaster recovery plan for your business is prudent, it’s a de facto insurance policy for your business.

Getting to that point of having a policy in place that is fit for purpose and appropriate for your business (and allows you to sleep easy at night) can be a journey in itself.  It may seem daunting from the outset, but choosing the right partner to help you navigate your way through the process is essential and can help underwrite the entire service when you come to rely on it the most.

The 5 essential things to identify are:

  1. Scope – what should be included in your recovery plan.
  • Review your users, systems and data, and identify what you rely and depend on the most and evaluate the impact should they become unavailable either temporarily or permanently.
  1. Recovery Time Objective (RTO)
  • Once you’ve identified all the relevant components that need to be considered as part of any recovery activities, you should then prioritise each – those that need to be recovered first, second and so on.  This will inform the recovery plan, and defines the recovery time objectives (RTO) for your IT services and users.
  1. Recovery Point Objective (RPO)
  • Next you need to establish what your tolerance, if any,  is to partial and / or complete data loss.  This will determine your recovery point objectives (RPO) – the point in time that if you recovered to, you could comfortably continue in an almost business as usual way, without any material impact P&L, productivity, services, customers, and suppliers.
  1. What are the scenarios that might trigger a recovery event?
  • Completing some scenario and ‘what if’ planning will help shape the plan, as you will quickly understand the ramifications of different types of events, as well as the practicalities of what the recovery would or needs to look like.  This, along with your scope, RTO and RPO will underpin your DR plan and identify any extra resources or services that need to be in place to facilitate it.
  1. Pick the right partner and technology.
  • Most importantly you need to engage a partner that you can trust, and you know will be by your side through out what could be one of the darkest and most stressful times your business has faced.  It’s no good picking a vendor to install a solution and then walk away.   Over time, systems, people, priorities will change, so it’s important that the recovery solution is regularly reviewed for appropriateness, as well as fully tested and verified against the plan.  Your chosen partner needs to be contractually retained to fully assist in a recovery event, so that they are responsible and accountable for the solution.

There are different technologies, services, approaches and methods for recovery, and it’s likely that the right plan for you will have some combination of these. 

If, at a minimum, you nail 1 to 5 then you can take comfort that when you come to rely on your DR plan the most, your expectations will be fully met with no surprises when you execute your plan.

We provide a full suite of recovery options, ranging from

  • Back-up as a Service,
  • Disaster Recovery as a Service
  • And, recently launched ‘World First’, Failover as a Service.

If you don’t yet have a suitable DR or recovery plan, or are lacking complete confidence with what you have, then get in touch! Let our expert team design the best solution for you, that we will 100% stand over and underwrite.

 

On The Road To Recovery

Posted on: July 1st, 2021 by Sara

Recovery has been talked about a lot over the last few months, as we look forward to the new post-pandemic world. Without doubt everything has changed and our way of living and working will be different.  Some good, some bad.

Perhaps now we all understand better how important recovery is across every aspect of our lives, businesses, and worlds.  It’s a common thread that exists across almost everything: economies, environment, sport, health, relationships, a good night out; the list is endless!

The principles of recovery are common:

  • It’s about getting back on your feet;
  • And recovering to at least the position you were before, or a better one.

Recovery can be approached in two ways: reactively or proactively.  Most of us take a reactive approach, we roll with the punches, re-evaluate, and cut our cloth accordingly.  That’s absolutely fine for the majority of things that we face personally.

However, for the really important things that have the potential to impact populations, industries, our businesses and our livelihoods; we must be pro-active.  That means, everyone needs to plan for the worse case scenario, and be sure those plans can stand up to the test when they are needed the most.

Before the event, it’s very difficult to conceive how real the risk of the worst happening actually is.

  • Pre 9/11 no one could have imagined those horrific events unfolding;
  • Pre 2008 no one could have predicted just how quick and deep the financial impact would hit;
  • Pre 2020 and Covid, enough said…

With the benefit of hindsight and our newfound experiences of these events; looking back it was almost, inevitable.  Simply a matter of time.

It’s important that we learn from history, and make sure that we’re always prepared for the worst.  There is no need to try and foresee every possible eventuality or categorise every tiny conceivable risk that might trigger an event.  However , we do need to think about the impact and the potential “what ifs” of an event itself.

In the context of IT and recovery, it should not be about all the things that could cause an availability issue, a security breach, or corruption (or even worse crypto locking) of data.  The cause is irrelevant (in the context of recovery – prevention and mitigation, well that’s one for another day).  Instead, the focus should be on what the impact of the event is to our business, and make sure that we have a plan, tried, tested and continually verified;  that can be executed, when needed, that will enable the business to get back as quickly as possible to at least the same position it was previously.

The ugly truth of recent months is that the worst does and will happen. 

Only you can decide how impactful or disastrous that might be to your business, and if it deserves a reactive or proactive response.

Want to know more about what you can do right now to put your business in the best position? 

Get in touch with one of our team to find out more. Take action today.

First Dell Cloud Service Provider in Northern Ireland.

Posted on: April 12th, 2021 by Andrew

OSG Cloud are proud to be recognised as the first, and only, Dell Cloud Provider in Northern Ireland

For over 20 years Outsource have enabled businesses across the UK and Ireland to solve tomorrow’s problems today. We take care of our customers’ technology needs and make life better so they can focus on what is really important, their people, business and customers.

Our team of experts have been collaborating with the team at Dell Technologies to create, design and deliver world class cloud services  to enable us to rapidly deploy scalable infrastructure for our customers. OSG Cloud delivers scalable, secure, high performing solutions to maximise the agility needed by business to drive success and enable growth in our rapidly changing digital world.

The hybrid cloud infrastructure on Dell’s VxRail and Unity platforms, powered by Intel and VMWare provides us with exactly what we need to deliver guaranteed performance, security and availability to our customers.

OSG Cloud removes the barriers and complexities of cloud enablement to allow businesses to choose an IT delivery model that fully meets their exact needs.

Check out our video gallery to hear more from Jason Ward, VP Dell Technologies, Terry Moore and Brian McCrory on what they think about this achievement.