Author Archives: Maria Koblish

Over the last few years, a big theme in technology has been, “this is the year that passwords die.” Then somehow, someway, they continue to be a part of our lives. Over time we have added in a few alternatives, and even added security on top of the password, but we haven’t killed the password outright. Below, you can learn why passwords are now considered weak, how password security has evolved, and why we’ve been holding on to the password for so long.

Why are Passwords Considered Weak?

Remember the good ole days when every password/code you used was a simple four-digit code or short word? As the years went on and hackers got more clever, password requirements increased too; more characters, upper and lowercase letters, and symbols. So, why did the original password end up failing? Simple, it was weak. Passwords like this were easily cracked by hackers looking to gain access to your personal or business information. Passwords rely on something the user knows, which in many cases means that hackers (given enough time) can know it too. Another reason passwords became a prime target is because once hackers got your password (and especially if you used that password across multiple applications), they had unfettered access to your account(s). Far too often, individuals use the same or similar password across dozens of accounts, making it easy for cybercriminals to gain access to sensitive information. Password reuse is common, though extremely risky. It’s so common because it’s easy, and because people tend to think that their information isn’t worth hacking (this is a fallacy, hackers will use or sell anyone’s passwords).

The Anti-Password Movement

The anti-password movement began once experts realized that the simple, everyday password just wasn’t working anymore. “They’re easy to steal, hard to remember, and managing them is tedious.” – Google. Passwords are inconvenient and create numerous ways for cybercriminals to acquire your data and begin profiting. The most common way hackers make money off this information is by selling it on the dark web for a quick buck. Before they do this, they attempt to drain every account of any monetary value by making purchases, stealing funds, liquidating gift cards, or taking personal info (Social Security Number, address, emails, etc.). There are even advanced attacks on logins that aim to shut down entire companies or initiate ransomware. The most known version of password hacking is credential stuffing, which takes advantage of reused credentials by automating login attempts against systems using known emails and password pairs. Once they have one login, they are guaranteed to get into other sites. At the root of all these problems lies a system that depends on authentication through a password which is why there are many experts part of the anti-password movement.

It’s Not Just a Password Anymore

We can’t rely solely on a 15-character password with a capitalized letter, special character, and a number anymore. No matter how “strong” you think your password is, it’s always vulnerable to attacks. So, what has been created in conjunction with, or instead of the password?

Multi-Factor Authentication:

A single password requirement to get into an account is called single-factor authentication. This form has been relied on for many years but is now outdated. A newly formed best practice is multi-factor authentication, where two or more of the following are required for account access:

• Something you know. This may be a password or PIN number.
• Something you have. This may be an HID card or a server-generated, one-time code given to a user (most of the time on their cellphone), that must be keyed into the device being accessed.
• Something you are. This consists of fingerprints, facial recognition, eye scans, and other biometrics.

It adds a second layer of complexity to log-in but provides another barrier of entry against ransomware and data thieves. This encourages them to move on to other, easier targets. While it’s not foolproof, it deters attackers to look for another option, potentially saving you from a disaster.

Passphrase:

A passphrase is a sentence-like thread of words used for authentication, instead of the traditional 8–16-character password. Its common characteristics include several random, common words, up to 100 characters in length. This may seem a bit intimidating, but passphrases are actually easier to remember since they don’t include character substitutions, capitalization, or numbers. A major benefit, aside from memorization, is actually the difficulty to hack. Since passphrases are several words long and could include an infinite amount of word combinations, it makes it extremely difficult for hackers to break into a system. Passphrases don’t have to be implemented throughout your whole organization; they can be used at any time if the account doesn’t have a password character limit. This is a cheaper and easier version to MFA, which could be helpful to smaller companies or individuals.

Is it Time to Retire the Password?

As popular as MFA and passphrases have become, neither are considered the perfect remedy for password security. The original computer password was invented back in 1960. It was doing great until the first known instances of “hacking” came about in the ’80s. Slowly but surely people began to realize that the password was not dependable by itself. Bill Gates said in 2004, “The password is dead.” So why is it that so many organizations are still using it even though we’ve created different options?

1. Scalable and affordable

Passwords require no charge because they only depend on a piece of information from the user. This is one of the main reasons many companies are holding on. Since it’s essentially free for both the user and company, it’s one of the only scalable authentication systems because it works for everyone.

2. User privacy

Privacy has been a major discussion the past couple of years, and different authentication systems have been part of the blame. From fingerprints to face IDs, users have been afraid that too much of their personally identifying information is getting out into the virtual world. Especially when biometric data is being held in data systems that could very well be hacked too. As long as the user doesn’t include their personal info, then passwords are one of the most private authenticators.

3. The first factor in MFA

Getting rid of the password all together may mean a reconfiguration of MFA as well. Since it is the first step in most MFAs, where you enter a password and then confirm again with something you have or something you are.

4. Replacement

Passwords are one of the only authenticators that can easily be replaced if a massive data breach occurs. For example, if an organization that uses biometrics gets hit, how is the user supposed to reset their face or fingerprint?

5. Change resistant users

One of the major factors are the organizations that fear the disruption and challenges that come with replacing the password completely. Since there isn’t a one-fix solution just yet, many leaders are skeptical to the idea that it will ever happen.

Even though the perfect solution hasn’t been created yet, doesn’t mean people aren’t trying. Very recently, companies have been taking on a new approach to MFA. They only use one factor, but it’s not a password. For example, Microsoft is now allowing users to log into accounts such as outlook with just a code sent to their device and no password. Maybe in the next few years with different methods continuing to be tested, we’ll finally say goodbye to our good friend, the password.

Tips to Keep Your Data Secure with Thrive

So, what do we do in the meantime while we’re waiting for the safest solution? For sites that still use SFA, be sure to choose a password with strength. It’s tempting to use one that you’ve used before in order to remember it, but in doing so you may release your sensitive information (you can see if your account information has already been compromised here). Other best practices include not allowing your computer to automatically save passwords, especially on work computers, and changing your password regularly.

Thrive has been a long-time advocate of organizations requiring frequent password changes and having a layered approach to security put in place. If you can, work with your service provider or technology team on setting up MFA for your organizations. This one step could mean the difference between getting hacked or not. Thrive partners with top security providers to bring our clients peace of mind. We can also help with managed threat detection and external vulnerability scans to stop cybercriminals before they can start. Contact us today for help with your data security needs.

While the idea of zero trust architecture has been present in our lives for over 10 years, the recent changes in how and where people work has increased the importance of the zero trust model.

With remote work, bring-your-own-device (BYOD) policies, and employers giving employees more flexibility, the modern workforce is always on the go. However, this can also bring new cyber security risks that organizations must pay attention to. The zero trust security model was meant for this moment, to support remote and hybrid work environments and minimize cyber security risk.

CISOs understand that intellectual property, customer data, and other valuable information should be protected, while avoiding business system downtime and protecting key applications. Traditional security approaches have evolved, making the zero trust model a must-have for all organizations, regardless of size and scope.

Updating an Outdated Approach

The traditional cyber security approach assumes any device, user, or infrastructure that falls under the corporate network umbrella is safe and trustworthy. This is no longer the case. Applications have come out from behind the firewall, and end users can access data and information from a personal device through their own home network.

A conventional security approach could be thought of as a perimeter-based model. The IT team created a security perimeter that surrounded the network, important assets were protected, and hackers had a difficult time accessing the network, applications, or data. This approach unfortunately presents some issues.

It requires trust that the security perimeter is actually secure, including the end users. It also assumed a centralized on-premises network that wasn’t focused on a digital workspace or Cloud-based architecture that may include SaaS applications and programs.

The zero trust security method makes no exceptions, summarized as, “never trust, always verify.” Any user or IT resource must be properly verified prior to authentication to prevent unauthorized users or malicious actors from reaching the environment.

Implementing the Zero Trust Architecture 

While the idea of zero trust has been around for quite some time, it took a pandemic for many to understand the benefits. With a shift to Cloud computing and remote work, it has become clear that a zero trust architecture should be in place. Adoption can protect against top security issues – such as phishing attacks, malware, and data theft – by protecting users, their devices, and the applications they have access to.

With zero trust in place, a few important principles should be adhered to:

• All networks should be treated as untrusted. If the networks are untrusted, then the users should be, as well.
• End users should only have enough access to do their job, and access should be removed when it’s no longer required for the user.
• A verification method such as multi-factor authentication can ensure users are who they say they are.
• On the device front, access should only be granted to trusted devices, be it a personal or work laptop, desktop, mobile phone, or tablet. Devices must be checked at every access point, to ensure no risk is involved to the network.
• As for applications, with the rise of the Cloud, and the need to support in-house on physical infrastructure, access policies must be in place across the organization. These policies should consider the identity of the user, the location, and the device in use, so that access is only granted to those who need it.

With environments now mixing on-premise with multi-Cloud infrastructures and SaaS applications, it can leave entry points open for attackers to move easily within a network. Users are more susceptible than ever to phishing attacks and malware, something organizations must be aware of. Implementing a zero trust security model is a way forward in this new era of work. Contact Thrive to see how zero trust solutions provide flexibility and enhance the organizational cyber security posture.

IT lifecycle management enables businesses to plan, examine and budget for the replacement of outdated technology.

What Is IT Lifecycle Management, And Why Is It Relevant?

When purchasing one or more pieces of technology or equipment for your business, there is a time when they will become obsolete, slow, or fail to meet your needs. Maintaining or running ineffective technologies can be financially strenuous, especially when waiting for the system to break down. Hence, it is essential to incorporate the latest technologies to streamline various operations in your IT department, whether outsourcing or running IT in-house.

IT lifecycle management enables businesses to plan, examine and budget for the replacement of outdated technology. But what exactly is IT lifecycle management, and why is it valuable in modern business? Read on to find out.

What Is IT Lifecycle Management?

In a nutshell, the lifecycle of a piece of technology or equipment refers to the provision, through operations, to replace outdated systems. Each IT department’s IT system, workload, and resources have a life cycle. Hence, determining the duration of a reliable, efficient, and productive system is critical. Once this period elapses, it becomes difficult for the technology to provide the required services.

IT lifecycle management involves all the stages of Information Technology hardware, software, or infrastructure from purchasing to disposing of or replacing it. It lets businesses learn when to plan, budget, and buy new systems to phase out outdated technologies. Keeping track of different technologies facilitates infrastructure efficiency, mainly in today’s rapid digital changes. Hence, businesses using IT lifecycle management get proper system timing regarding when to purchase more efficient and the latest systems.

Generally, a sturdy IT lifecycle begins with strategic planning, considering how the new technology will operate, total operating costs, and lifespan. After purchasing and adopting new technology, most of its lifecycle is spent during use. This is the period when you get the most returns, experience the least downtime and minimal operating costs, keeping your IT department efficient and productive.

Some IT resources to consider in your lifecycle management plan are:

• Operating systems
• Mobile devices
• Desktop PCs
• Network hardware like routers and switches
• Servers
• Business-critical applications

IT Lifecycle Management Stages

• Planning: Before an existing asset reaches the end of its life, it is crucial to plan when to replace it. Waiting until the current system breaks down or becomes obsolete could incur high costs, affect productivity, cause security concerns and expose your IT department to compliance liabilities.
• Procurement: This is the actual stage of financing and purchasing new technologies. In this stage, it is essential to evaluate technology or equipment options before procuring and deploying them into your existing infrastructure.
• Deployment: Once you have received new technology or equipment, the next stage involves scheduling, testing, and configuring your infrastructure.
• Management: It is vital to monitor and maintain new technologies to avoid overrunning other assets in your infrastructure. This involves compliance, maintenance, financial and backup management, ensuring the equipment is efficient and operates as required.
• Decommissioning: When the system reaches the end of its life, decommissioning helps acquire new systems and resources to replace inefficient and outdated technologies.

Benefits of IT Lifecycle Management

With ever-evolving technology, your hardware and systems require regular updates, but it should be done correctly. IT lifecycle management ensures you get the right timing for decommissioning and deploying new technologies. Below are the critical benefits of IT lifecycle management:

Better Budgeting

Any successful business requires future expenditure planning to keep up with the competition and remain productive. And with IT being part of millions of modern businesses, hardware and software upgrades are necessary to streamline the IT department. IT lifecycle management provides practical ways to forecast technology needs in any IT infrastructure, crucial for budgeting and financial management. This ensures businesses save costs associated with upgrading systems, especially when decommissioning outdated hardware and software systems.

Minimize Unforeseen Downtime

Keeping track of technologies in your infrastructure allows you to gain insights into when to purchase and replace outdated hardware and software applications. This reduces unexpected infrastructure fails that would otherwise result in downtimes. IT lifecycle management ensures you replace your IT infrastructure before it fails, allowing employees to stay productive and generate more revenue.

Promote Infrastructure Security

Outdated systems are a significant target for malicious actors since they create vulnerabilities in your IT department. With sophisticated attacks used by hackers today, outdated technologies are unlikely to defend against these threats, making it easier for attackers to breach networks or access critical company data. IT lifecycle management lets businesses know the appropriate time to decommission outdated systems and replace them with secure, more efficient, and the latest technologies.

Informed Purchase Decision

Unplanned IT infrastructure fails can result in a business making swift decisions to replace or upgrade systems with the intent of mitigating downtime. Most businesses replace outdated systems with the same software or hardware type, although there are better alternatives on the market. IT lifecycle management ensures you have adequate time to research and consider highly efficient and cost-effective infrastructure. This enables you to make versed decisions and purchase the right technology ideal for your IT department.

Prevent Delays Associated with Outdated Software and Hardware

Slow networks, crashing software, and arduous workarounds are infrastructure challenges associated with outdated technologies that lead to lost productivity. Besides, it can cost you more money, especially when the underlying problem leads to additional problems. IT lifecycle management helps avoid working with outdated IT systems and networks, which can be slow and affect your productivity. This ensures employees have the right software and hardware necessary to accomplish core company objectives.

Bottom Line

Lacking an IT lifecycle management plan can be dangerous for modern businesses embracing the digital environment. Security breaches, affected productivity, and high operating costs are some challenges you may experience without monitoring the life cycle of your infrastructure. Although it is daunting to replace hardware and software applications, it is an effective way to remain competitive and achieve your business goals much faster.

At Thrive, we understand the value of upgrading and replacing outdated technologies in your infrastructure. Our IT experts can help you stay ahead and avoid issues associated with old and inefficient systems. To learn more about IT lifecycle management or to schedule an appointment with us, contact us today!

Have you ever wondered, “do I need a Managed Services Provider?”, “what does an MSP do?”, or “what benefits could one bring to my organization?” If so, then this is a great place to start. An MSP can bring great value to your organization, keeping your IT running effectively while removing the burden from your staff, allowing them to focus on more important projects. Before we go into the benefits of an MSP, we will cover what they are, if you need one, and how to identify a good partner.

What is a Managed Services Provider?

A Managed Services Provider is a partner who takes on the responsibility of managing your IT infrastructure. You delegate your operational and support duties to them, and they keep your infrastructure up-to-date and at peak performance.

To accomplish this, an MSP uses a variety of tools that automate daily maintenance tasks. They also remotely review system logs, automated alerts for equipment failures, and the thresholds that can cause stress on your systems. Whether it is improving efficiency by saving time and money, or catching problems before they occur to avoid costly disasters and repairs, a managed services provider can bring great value to your business.

Who Needs an MSP?

“Every business is different, and so are its needs.”

We’re going to be completely honest, as beneficial as MSP’s can be, not every organization needs one. Some organizations (especially those with large IT teams) can flourish without one by using a public cloud, or by managing their environment themselves. Although for others, specifically small and mid-sized organizations, MSP’s can offer the right partnership to secure their IT infrastructure.

If you answer yes to any of the questions below, you may be the right fit for a Managed Services Provider.

• Do you not have the time and/or resources to devote to your IT needs?
• Is the industry you’re in compliance-driven?
• Is the industry you’re in heavily targeted by cybercriminals?
• Do you struggle to keep up with the latest technologies?

What To Look For in an MSP

If you are looking for an MSP, here are seven questions to ask a potential partner.

1. How will you review my systems for errors and stresses?
2. How will you ensure my business remains operational in the event of a failure or disaster?
3. What level of expertise does your team provide its clients?
4. How can I refocus my existing IT personnel while you take over management of my infrastructure?
5. What tactics do you employ to ensure the security of your environment?
6. Do you provide offsite and onsite services?
7. How will documentation of your systems be shared?

5 Benefits of an MSP

1. Time & Money

Hiring, training, and maintaining a full IT staff that would meet organizational requirements just isn’t feasible for most small and mid-sized organizations due to a lack of time and/or budget. MSP’s give you access to a full team of experts, without having to pay their salary. Another benefit of an MSP is that they allow for your IT needs to be predictable and set into a budget so there are no surprise costs. And, to save your organization valuable time, MSP’s not only take on the monotonous IT tasks, but they also plan for automated maintenance and fast implementation of new services and updates. Additionally, they help protect you from experiencing expensive downtime, helping you recover quickly, and preventing as much significant loss as possible.

2. Compliance

Organizations that are bound by compliance regulations—like government agencies abiding by CJIS, and healthcare providers tied to HIPAA and HITECH legislation—can benefit from a reputable provider that offers protection, while keeping up with ever-evolving compliance laws so that internal attention can be focused on the bigger picture.

3. Security

Data breaches, power outages, even Mother Nature. There are many data destroyers looking to bring down your business. A good MSP will help you plan for the worst by protecting your data and ensuring that you can recover from a disruptive event. They will also help protect your network from cybercriminals and the ever-present threat of ransomware. Make sure that your plan includes regular security testing and monitoring. A reliable MSP will ensure overall business continuity throughout backup and recovery plans.

4. Focus on Your Business

An MSP enables you to outsource all of your IT support needs, freeing up valuable staff resources to focus on business objectives, rather than the tedious tasks that can eat away their time.

5. Peace of Mind

If you already have an existing IT staff, MSPs act as a 24x7x365 partner. If someone falls sick or goes on vacation, you know you’re covered. If you are starting from scratch with little-to-no IT staff, an MSP can be your IT staff, making sure that your support needs are met. Instead of putting all the pressure on your limited staff, you can have peace of mind knowing that there is a dedicated team of experts at your disposal. If or when disaster strikes, you never have to worry because you aren’t alone, you have a partner to guide you through it.

Thrive as Your Partner:

The right MSP can provide all the tools and services you need to keep your infrastructure in order. Think of them as an extension of your IT department, or for smaller organizations, you can consider using them as the IT Department, providing you with the expertise and resilience that your company is looking for. At Thrive, we ensure the availability of your core business applications, comprehensive visibility into your infrastructure no matter if on-premises or in the cloud, and we intercept problems before they cause disruptions. Looking to speak with a dedicated team of experts about Managed IT Services for your business? Contact Thrive today, or learn more about our offerings here.

What do you do with those servers and applications which either cannot, or you don’t want to migrate to a private or public cloud right now? It is highly likely they are sitting in a large comms room feeling pretty lonely with the rest of your infrastructure now having moved to the cloud.

This is likely to be creating a problem; not only are they taking up valuable real-estate that the business would love to repurpose, but also the cost of maintaining these on-premise in terms of power, cooling and management is now disproportional and uneconomic.

Does Colocation Provide The Solution?

Colocation is not new, in fact, many third-party data centres started their life as colocation services, providing a purpose-built facility to accommodate organisations looking to relocate their compute and storage infrastructure off-site.

As IT teams evolve their hybrid-clouds, the colocation option often gets forgotten, but if anything, the benefits it offers are stronger now than ever before:

Freeing-up Space – taking those final elements out of the now oversized comms room and freeing it up to be repurposed.

Reducing Operating Expense – removing the on-premises cost of power, cooling and security and gaining the economies of scale of a purpose-built and efficient data centre.

Reducing Environmental Impact – by moving to a facility that provides a greener option, leveraging efficiencies and sustainable resources to reduce your environmental impact.

Reduce Business Risk – by gaining the inherent resilience delivered by a professionally managed and operated data centre.

Selecting The Right Colocation Provider Is Critical

Colocation is only suitable if it meets your unique requirements and delivers the benefits that you need. Not all data centres nor providers are equal and as such, selecting the right partner with the most appropriate facility is essential. There are many factors that differentiate one provider from another, so you must ask yourself and them the right questions. We believe there are four critical areas where you need to do your due diligence.

(i) Operational & Commercial Flexibility

It is important that your Co-Lo provider meets your needs rather than you having to meet theirs. They should be able to accommodate the exceptions such as oversized racks or special power requirements.  They should offer contractual flexibility not lock you in beyond your needs, but more importantly, they need to value your custom and not push you to one size to accommodate that monster client looking to expand.

(ii) SLAs Are Important

Uptime, security and connectivity are as crucial in a Co-Lo facility as they are with a private cloud environment. You are looking to gain greater business continuity through moving to colocation and as such, you want someone who can guarantee 100% uptime, operates to a recognised standard such as ISO27001 and provides you with choice and resilience on connectivity.

(iii) It’s About More Than Just A Rack

You should be looking for a colocation that extends your facility and a partner that becomes a virtual part of your team. Having experts on-site around the clock to assist you avoids having your people go out to every incident, and ensuring the location is convenient and you have 24×7 access ensures that if you need to be on-site, you can be.

(iv) Colocation Is Part of Your Journey To The Cloud

You are likely to be utilising colocation as a step in your journey to the cloud and as such you should be looking for a partner that can assist you on this progression; a partner that can assist you with the migration of your on-premise infrastructure to Co-Lo, and then transition this to a public or private cloud infrastructure and provides you with additional value of bolt-on cloud services.

At Thrive we feel strongly about the value that a Colocation service should offer customers. We have been doing this for over a decade now and truly understand the importance of flexibility, reliability and service. Contact us today.

• If you need further motivation for your efforts to improve your cybersecurity, how about this? President Biden signed an executive order for enhancing the nation’s cybersecurity.

  The Executive Order on Improving the Nation’s Cybersecurity was signed shortly after the recent, highly publicized ransomware attack on Colonial Pipeline.

  From the White House Fact Sheet:

  “Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals. These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”

  The lessons from these high-profile stories can be useful for anyone, like small-business owners and cybersecurity professionals – even the general public. A lapse in security – whether an improperly configured security appliance or an ignored firmware update – can lead to a chain of unfortunate events.

  Cybersecurity has to be a priority.

   

  Take steps to prepare for ransomware attacks – now

  The White House is urging business owners and leaders to gear up and get ready for ransomware attacks.

  “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” said Anne Neuberger, deputy national security advisor for cyber and emerging technology.

  Indeed, whether you’re a multinational corporation or a mom-and-pop shop, you can be a victim of ransomware and other cyber threats. While bigger companies can have more valuable data, they typically also have stronger cyber defenses. Thus, hackers can actually be quite indiscriminate in their attacks.

  Costly downtime and cleanup, tarnished reputation, and even a death blow to your business can all be results of a successful ransomware attack.

  Fortunately, there are some things you can start doing that can help prevent these.

   

  Use these five steps to improve your cybersecurity

  “Cybersecurity may sound like an incredibly complex topic – and it is one – but there are easy-to-follow protocols and simple habits you can start doing now to help stay safe from cyber threats,” said Brian Walker.

  “Ready to harden your network security? Here are four ways to start.”

  1. Enable two-factor or multi-factor authentication – Weak and recycled passwords can all lead to a hacker getting into your network. Multi-factor authentication can be a stalwart second layer to help defend your systems even if a hacker overcomes the initial authentication barrier. Enable multi-factor authentication where you can.

  2. Patch ’em up! – Updates are not to be ignored – they often contain vital patches to vulnerabilities. Keep all software, firmware, and systems up-to-date. You may even consider using a centralized patch management system to ensure nothing slips through the cracks.

  3. Segment your network – A successful ransomware attack can seriously disrupt your operations. By segmenting your network and limiting access to the production and operation side of your business, you can help mitigate a cyber incident.

  4. Back up your data – In a layered array of security measures, data backups can prove to be the ultimate last line of defense. When all else fails, restoring from a recent data backup can give you a huge leg up in getting back to business.

  5. Think before you click – This may seem like an overly simple concept, but it is a big part of staying safe. Before making quick decisions online or in your inbox, think before your click on that button or link. If an offer, email, or request sounds fishy or a little off, take a moment to review before making an action. Seek advice from your IT department or managed security provider.

   

  Time to get cyber-serious

  “By taking cybersecurity seriously, you can help your business stay safe from the increasingly sophisticated threats knocking at your network walls,” continued Walker.

  “Thrive, a nationally recognized IT managed service provider, can help your business withstand attacks through our comprehensive and battle-tested security services. Contact our cybersecurity experts today to learn more.

  “Connect with us on social media – or keep up with our blog – to stay informed of the latest threats and get useful tips and tactics. Or, contact us today for a free cybersecurity consultation.”

The Software-Defined Era is transforming IT infrastructure. No longer is it about the component parts, but how these dynamically work with each other to deliver the end-to-end service to users, from the cloud to network edge. How this environment is configured, interoperates and self-optimises is changing the way we think about Managed Services.

Traditional IT Support, Maintenance and Managed Services no longer cut-it as we look for ways to augment skills sets, redefine lifecycle management and match infrastructure agility with commercial flexibility. At Thrive these are key areas we look to address with our managed services – let us explain.

IT’S NOT MAINTENANCE, BUT LIFECYCLE MANAGEMENT

As the software-defined era accelerates the separation of the hardware and software layers of our IT infrastructure, it no longer just about maintaining the individual components but managing the lifecycle of the holistic infrastructure to ensure compatibility, license utilisation and avoid end-of-life scenarios.

A key element of support and managed services is adding value to this lifecycle management; to create and maintain accurate asset registers of both hardware and software, consolidate and align contracts and proactively manage refresh cycles to not only deliver commercial value, but reduce business risk.

At Thrive we call this Double Red.  We help you to manage your IT infrastructure by focusing on two factors: first, the lifecycle stage of each component; is it within contract, is it nearing end-of-life, etc. The second factor is prioritising its business criticality. Both of these key insights enable you to make more informed decisions when managing the end-to-end lifecycle of your environment.

IT’S NOT OUTSOURCING A PROBLEM, BUT AUGMENTING YOUR CAPABILITY

It may be an overused cliché, but at Thrive we focus on becoming the trusted partner of our customers and not just their outsourced provider. There are far too many outsourced support companies out there; we don’t want to add to this.  We want to make sure that for every customer we are able to add true value and by doing this, we benefit from enviable customer loyalty.

To us, adding value is not offering a set of rigid support services, but tailoring our proven managed services around the needs of our customers. We don’t want you to outsource your problem but to leverage the breadth and depth of expertise we have at Thrive to augment your own capability – to inject accredited skills in the areas you have gaps, to take the pressure off your IT team to enable them to focus on moving your IT services to the next level, and being the trusted advisor along every step of your journey.

IT’S NOT JUST ABOUT PRICE, BUT COMMERCIAL FLEXIBILITY

All of the above falls down if the support and managed services being offered do not make commercial sense. This is where both the scale and financial stability of your managed service partner is critical.

At Thrive we believe we have both of these factors just right. We are of the size to be important to key vendors such as Cisco and we have that all important access directly to the vendor specialists to back-up our team while also having the economies of scale to deliver this level of service in a cost- effective manner.

Our longevity as a business and financial stability enables us to be both flexible in tailoring services to the specific requirements of our customers and in creating commercial terms that meets the needs of their business.

At Thrive we are very proud of our capability to not only support our customers but to deliver the value-adding, proactive managed services that they truly need. We would love to talk to you about your specific challenges and explore ways that Thrive can augment your team in delivering an exceptional IT experience to your business and your end-users. Learn more about Digital Transformation today.

Gone are the days when we think of IT support as merely break/fix. The IT landscape has changed; we operate hybrid-environments that leverages on-premises equipment, cloud services and a plethora of end-user devices.

The software-defined era has made it less about the hardware and more about the applications that inject the intelligence into our infrastructure, and the boundaries that used to exist between infrastructure, communications and security have well and truly been blurred.

This means that basic vendor maintenance fails to deliver what IT teams need and traditional support services only scratch the surface of what is required. This is why at Thrive we don’t focus on just keeping the lights on, but making them shine brighter through expertise in and partnerships with leading vendors such as BT, Cisco, Microsoft, NetApp, VMware, and Veeam to name but a few.

IT’S NOT ABOUT THE HARDWARE BUT THE END-TO-END SERVICE

Whereas individual hardware components are still critical, what determines business continuity is how all of these components and software combine to deliver the end-to-end service delivery. Identifying the root cause of issues across today’s IT infrastructure can be complex; it is as much about having the expertise in how the elements of compute, storage, networking, connectivity and security work together as it is about the individual components.

This is why at Thrive we have built expertise across the complete IT landscape; we are not just the collaboration guys or the security specialists, we are experts in end-to-end service delivery. We understand each of the technologies, but more importantly, bring a wealth of experience of how these components work together and are interdependent on each other.

IT’S NOT ABOUT KEEPING LIGHTS ON, BUT MAKING THEM SHINE BRIGHT

In the past, IT performance was based on the simple metric of availability; a component was either up or down, and unplanned downtime was a bad thing. Today, we are not judged on whether the lights are on, but whether they are shining brightly. Is our IT infrastructure delivering the experience that our end-users expect and require?

At Thrive we believe that proactively monitoring the complete IT infrastructure is key to delivering an assured end-to-end service to end-users. By combining the best practice we have evolved over 29 years of doing this with industry-leading toolsets we are able to meticulously monitor your environment around the clock, continually optimising performance and addressing anomalies before they become business-affecting.

At Thrive we are very proud of our capability to not only support our customers but to deliver the value-adding, proactive managed services that they truly need. We would love to talk to you about your specific challenges and explore ways that Thrive can augment your team in delivering an exceptional IT experience to your business and your end-users. Learn more about our Managed IT Services.

Criminal Justice agencies, ranging from local police departments to the FBI, document various aspects of criminal justice information (CJI). This may include fingerprints, body-worn camera footage, or a facial recognition gallery made up of mugshots and related criminal history. It’s obviously crucial that this kind of information remain safeguarded and only accessible to those who truly need such information to perform their job. Each criminal justice agency must be on the same page about protecting this data; this is where CJIS compliance and data encryption come into play.

Learn more about the relationship between data encryption and CJIS compliance, and why the right data encryption methods are essential for maintaining the confidentiality required of criminal justice information.

What is CJIS Compliance?

Every day, criminal justice and law enforcement agencies on the local, state, and federal levels access the Criminal Justice Information Services (CJIS) databases for information necessary to perform background checks and track criminal activity. It’s important that this data not fall into the wrong hands — the security of CJIS data could mean the difference between civil liberties being secured or violated.

CJIS compliance keeps networks on the same page when it comes to data security and encryption, and ensures that sensitive criminal justice intel is locked down. However, there is no nationwide, uniform certification system for CJIS compliance; instead, each state government manages CJIS compliance semi-independently through a state-appointed CJIS Systems Officer (CSO) who administers policy for computers, networks, and other parts of the CJIS infrastructure. The CSO is also tasked with ensuring that organizations are obeying regulations, documenting compliance, and reporting back to the FBI.

What Is Data Encryption?

In cryptography, or the art of writing or breaking codes, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information.

Like multi-factor authentication, data encryption adds an extra layer of security to your data — if a criminal gains access to an encrypted file or communication, that information is useless without the key to decrypt it.

The purpose of data encryption is to protect digital data as it is stored on computer systems and transmitted using the internet or other computer networks. These encryption algorithms provide confidentiality and drive key security initiatives including authentication, integrity, and non-repudiation – or the inability to refute responsibility.

Understanding How Data Encryption is an Essential Part of CJIS Compliance

Despite not having a national standard for how its information is secure, CJIS itself has established requirements for the use of data encryption when storing and using sensitive data, as well as including CJI in communications. Such regulations stipulate a minimum of 128 bit encryption be required, and keys used to decrypt data must be adequately complex – at least 10 characters long, a mix of upper and lowercase letters, numbers, and special characters – and changed as soon as authorized personnel no longer need access.

Common Data Encryption Methods

There are two types of common data encryption methods:

• Symmetric Encryption: Symmetric encryption uses a single key to encrypt as well as decrypt data; the key needs to be shared with all authorized people.
• Asymmetric Encryption: Also called public key cryptography, asymmetric encryption uses two separate keys: one that is public, or shared with everyone, and one that is private, known only to the key’s generator. The public key is used to encrypt the data and the private key helps to decrypt it.

Then there are a variety of ways to implement data encryption, such as:

Advanced Encryption Standard (AES)

Advanced Encryption Standard is a symmetric encryption algorithm that encrypts fixed blocks of data (of 128 bits) at a time. The keys used to decipher the text can be 128-, 192-, or 256-bit long. The 256-bit key encrypts the data in 14 rounds, the 192-bit key in 12 rounds, and the 128-bit key in 10 rounds. Each round consists of several steps of substitution, transposition, mixing of plaintext, and more. AES encryption standards are the most commonly used encryption methods today, both for data at rest and data in transit.

Rivest-Shamir-Adleman (RSA)

Rivest-Shamir-Adleman is an asymmetric encryption algorithm that is based on the factorization of the product of two large prime numbers. Only someone with the knowledge of these numbers will be able to decode the message successfully. RSA is often used in digital signatures but works slower when large volumes of data need to be encrypted.

Triple Data Encryption Standard (TripleDES)

Triple Data Encryption Standard is a symmetric encryption and an advanced form of the DES method that encrypts blocks of data using a 56-bit key. TripleDES applies the DES cipher algorithm three times to each data block. TripleDES is commonly used to encrypt ATM PINs and UNIX passwords.

ECC Asymmetric Encryption Algorithm

In 1985, two mathematicians named Neal Koblitz and Victor S. Miller proposed the use of elliptic curves in cryptography. After almost two decades, their idea was turned into a reality when the ECC (Elliptic Curve Cryptography) algorithm entered into use in 2004-05.

In the ECC encryption process, an elliptic curve represents the set of points that satisfy a mathematical equation (y2 = x3 + ax + b).

Like RSA, ECC also works on the principle of irreversibility. In simpler words, it’s easy to compute it in one direction but painfully difficult to reverse it and come to the original point. In ECC, a number symbolizing a point on the curve is multiplied by another number and gives another point on the curve. Now, to crack this puzzle, you must figure out the new point on the curve. The mathematics of ECC is built in such a way that it’s virtually impossible to find out the new point, even if you know the original point.

Gain Peace of Mind in Your Data Protection With Thrive!

By relying on Thrive’s unique CJIS-compliant bundled cloud solutions to provide the safest and most cost-effective cloud migration, you can eliminate uncertainty, shorten implementation time, and stay focused on achieving your organizational goals!

Our bundled cloud services package provides a single, easy-to-consume solution that combines Thrive’s local CJIS private cloud and Microsoft Azure’s CJIS cloud. This enables you to receive a maximum ROI while minimizing the financial risks and up-front investments often associated with cloud migration. Learn more and contact one of our IT experts today for a free consultation.

Think getting access to powerful Microsoft Office applications like Teams, Excel, Word, and PowerPoint – along with cloud storage, email, and many other features – is out of your budget?

Think again.

There may have been a time when you were paying so much in licensing that you questioned its value. But these days, getting Microsoft Office 365 for your associates is probably more affordable – and more flexible – than you imagine.

Read on to learn how Microsoft Office 365 can be the perfect fit for your team – and your budget.

Powerful. Scalable. Affordable

Microsoft Office 365 is a subscription-based service. Pay per employee, per month.

Essential business productivity apps – email, spreadsheets, word processors, slideshows, and more – are included in the suite. And Microsoft Teams is a game-changer, especially with distributed workforces.

In many ways, Office 365 is a better version – and better value – than the traditional licensed Office counterpart, like Office 2019.

Check out some of the top Office 365 features:

• Scalability
  Scalability is key for growing and changing businesses. Have a new employee who needs Office 365? Get a license, and they will have access to the suite. Need to remove a license? You can do that, ensuring there are no wasted licenses.
• Synced files
  With 1TB of storage and file syncing across devices, you’ll be sure to keep up with the latest files – from you and the team.
• Mobile and Web Apps
  Whereas the traditional Office license allowed for installation on a single computer, Office 365 lets you install on several devices – desktop or mobile. Work the way the suits you. Start on one device and pick back up on another later.
• Microsoft Teams
  Many are still working remotely. And some companies have found that remote employees can still be extremely productive, and thus have placed a priority on getting tools in place to facilitate remote work and collaboration. Hence the rise of the Teams app. With Office 365 with Teams, you can use desktop or mobile devices to start an important one-on-one meeting, chat with your associates, or jump in on a team-wide conference. Easily and securely.
• Always up-to-date
  With its cloud-based nature, Microsoft Office 365 stays up-to-date. Keep up with the latest features, stay patched and secure, and ensure your apps remain compatible – without having to lift a finger!
• 24/7 support
  As with all services Thrive provides, we offer 24/7 local support.

“So, where do we go from here?”

Thinking about tapping into the power of Microsoft Office 365?

“Getting Office 365 for just yourself or your family is typically a simple process,” said Brian Walker. “But for a whole office full of associates, it can be trickier. Email migration presents an especially daunting challenge, and there’s unfortunately not a lot of support during this process.”

“As a longtime Microsoft Partner, we have a lot of experience with products such as Office 365,” explained Aaron Allen. “Our team knows Microsoft Office 365, and we can help your company in all phases, from initial consultation, mail migration, install and configuration, as well as continuing support.”

Get a free Microsoft Office 365 consultation

Ready to learn more about Office 365 and how it can benefit your business? We’d love to help! Contact us today for a free consultation.