Author Archives: Thrive

Creating an IT framework isn’t just about protecting intellectual property or trade secrets – it’s about stopping attacks that can disable your business. By laying out an IT framework, you’re ensuring devices are protected and business operations run smoothly.

Finding the right framework fit for your organization’s IT approach is easy when working with a team that understands the current landscape and requirements of your business. With Thrive, you can have a customized IT framework that provides transparency, security and performance.

Thrive’s Top IT Frameworks: ITIL & CIS

There are two frameworks we tend to use here at Thrive: ITIL (IT Infrastructure Library)-based and CIS (Center for Internet Security)-based. ITIL-based frameworks govern things like efficiency, capacity planning, liability planning, and end user requests. Lately, my focus has been on CIS-based frameworks, which give insight into what is being done well within an organization and where improvements can be made.

Oftentimes, we identify areas in which there may be framework gaps. This can be anything from comprehensive asset management and discovery to software packages. One big challenge organizations currently face is the concept of “shadow IT.” With different business units utilizing the cloud, there’s no need for employees to request permission to install applications or contact IT to perform a basic action, like using Google Drive. However, this can raise its own set of problems.

Staying On Top of Security

By going through CIS software discovery controls, we help raise awareness to ensure that a business is aware of all applications, both cloud and internal, and account for them.

This helps answer important questions like:

• How is a member of the organization authenticating themselves?
• What’s the nature of the data that’s being stored?
• When someone leaves an organization, is HR aware that files can be transferred, putting company information at risk?
• Are unauthorized users accessing sensitive or proprietary information?

We help organizations understand hardware and software controls, who should manage authentication for systems, what level of encryption is present, and whether endpoint patching and endpoint detection and response systems are in place.

If something happens, how do you respond if there is suspicious activity? How are employees notified of a potential incident, and who should be contacted for the next steps? We go through these controls with IT leaders and key members and stakeholders at the executive team level to enlighten organizations.

Using Frameworks to Set Priorities

Within the CIS framework, there are benchmarked levels that a company can strive to reach, and we often help clients evaluate which level is the right fit for them. This helps keep an IT organization aligned on which actions can efficiently produce the best outcome (or reduce the risk of bad outcomes) instead of sinking resources into something beyond their needs.

Security training goes a long way, and bringing your workforce up to speed can have several benefits. A SIEM service can identify and respond to security anomalies, but if you can educate your user community for a relatively low cost, you now have more eyes trained to identify anomalies or limit the likelihood of a phishing attack.

DNS filtering should be another standard. How does your company figure out what cloud applications employees are using? With DNS filtering across all devices, you’re opening the lines of communication with employees, with the ability to add controls to account for who is logging into the system. This allows you to track how data is flowing and how to protect it.

By laying out a framework in phases, we can show the steps that should be taken, including the basics, to make sure your users are educated and endpoint devices are protected. Typically, in a first phase, we focus on security awareness training, to show executive teams how many employees have failed when it comes to a phishing-type attempt.

When putting in something like EDR (endpoint detection and response), we can show visibility into the types of issues that can happen. It’s not just about protecting trade secrets – it’s about protecting business uptime and minimizing downtime.

__________________

The Thrive team is here to adopt the framework that will be the best fit for your organization.

Interested in learning more? CONTACT US TODAY!

No two cloud environments are identical. How can you figure out what’s best for your individual business?

Companies of all sizes must consider many factors when choosing the type of cloud infrastructure that will best suits their unique needs. These include issues like office location, number of remote workers, compliance requirements, the need for security and control, and more.

There isn’t a single right or wrong way to leverage the benefits of cloud, and the process of choosing between public, private and hybrid cloud environments can be complicated. Whether you’re running a family office, a midsized asset management firm or a large umbrella group of jointly managed pension funds, you’ll want to design an individual cloud strategy that reflects your business goals.

We encourage all of our clients to reflect on their short and long-term objectives when evaluating the potential benefits of cloud migration. Are you most interested in saving money? Opening new offices in a geographically distant location? Or perhaps closing all of your physical offices entirely and moving to a remote-work only model? Only by beginning with the ends in mind can you be confident that you’ll achieve your desired result.

To help you navigate the complexities of cloud decision-making, we’ve put together this brief guide highlighting the six primary factors to consider.

#1: Control

If you’d like to maintain full control over where your data is located, where your applications are running or who has access to this data center, you’ll want to avoid the public cloud. At any given time in the public cloud, you do not know the exact location from which you are accessing your data. The major public cloud vendors have multiple datacenters within a single region and/or availability zone and you do not have input on exactly where your data is “live”. You also do not have the ability to override public cloud vendor maintenance windows, which affect where your data is located during those times.

Similarly, if your uptime requirements are stringent, you should be aware that there’s no way to avoid downtime in case of major system outages like those that have been known to impact global users of Microsoft Teams, Office 365 and Outlook. While public cloud providers strive to provide extremely high availability and uptime rates, in cases where their systems do fail, you’ll have to wait – just like millions of other impacted users – for the cloud provider to resolve the problem.

With a private cloud environment, you’re in control of exactly where your data is stored. You can be confident of the physical and logical security measures that are in place, can know exactly what steps are being taken to recover from outages at any stage in the process, and can stay informed about who works inside the datacenter. If for instance, your data is subpoenaed for use in a government investigation, Microsoft is under no obligation to inform you or gain approval prior to handing it over to the authorities. A provider offering a private-only platform like Thrive’s hybrid cloud will let you know immediately.

Even within a single alternative investment firm, not all applications require the same degree of control and security. Designing a hybrid cloud environment allows you to exert fine-grained control over your most sensitive workloads while enjoying cost-savings and scalability by relegating those that are less sensitive to the public cloud.

#2: Security

It’s certainly possible to design a public cloud environment that’s just as secure as a private cloud solution, but it requires care, forethought and attention to the specific cloud options and configurations you select.

When it comes to application security and data protection, public cloud providers and Software-as-a-Service (SaaS) vendors like Microsoft offer multiple different “tiers” of service depending on the enterprise licensing plan you select. Although the least expensive tiers may seem attractive due to their lower per-user costs, they generally don’t provide adequate file protection, identity and access management capabilities or other advanced security provisions needed to meet compliance requirements in the financial services industry. For more effective security that mitigates the real-world risks of a breach – as well as the devastating loss of investor confidence that would follow – you’ll need to choose the top-level (and most expensive) licensing plan.

Major public cloud providers maintain hundreds of datacenters around the world. They leverage enterprise-grade hardware and advertise that they adhere to industry-leading physical security standards. Still, you’ll never know exactly where your data resides and you’ll never have precise control over the physical security measures present in its environment.

#3. Governance

There’s no global regulatory board governing the financial services industry. Instead, your firm is responsible for meeting all local and national requirements in every country where you’ve established an office. These can vary greatly around the world, as well as for different firm sizes and types. In China, for example, there’s a mandate that firms who retain a managed service provider (MSP) must maintain independent access to their data via a system that’s outside of the MSP’s control. Highly specific requirements like this one may steer you toward a private cloud environment, or conversely, make public cloud infrastructures more appealing.

#4: Cost

Much like the great myth that there are no outages in the Public Cloud, there is also a common opinion that the public cloud is always cheaper. However, this isn’t always reflected by reality. To make certain the public cloud environment you’re choosing will cost less on a monthly basis, you’ll need to add up all the additional costs that public cloud vendors price on an à la carte basis. Many of these additional costs are typically covered by private cloud providers in a service package. These can include backup features (How often are snapshots taken? How long are they retained?), security options, data availability guarantees and service uptime rates. In addition, it’s worthwhile to consider whether or not technical support is included: if not, per-minute charges for open tickets can add up fast.

Furthermore, such monthly costs typically change as your technology estate evolves with your business requirements. Cost control is therefore a key consideration. A traditional private cloud has a fixed cost base and, more often than not and against popular belief, at a commercial rate that is either on par or lower than a public cloud alternative with the above considerations. Public cloud providers, Microsoft in particular, increase their prices year after year, often on more than once each year. It’s important to be aware that commercially attractive propositions on Day 1 are very likely to change considerably over the months and years that follow.

Lastly, consider your migration costs. For start-ups that have little data to move and no legacy in-office hardware, it can be much more economical to leverage public cloud options. Larger and more established firms may find that month-to-month cost savings are minimal if not non-existent and migration charges exorbitant.

#5: Migration

Make no mistake — a cloud migration project is a large-scale undertaking that’s guaranteed to take time and cost money. Depending on the size of your firm, your tolerance for disruption and downtime, and the number of legacy software applications that are mission-critical for your business, it may make sense to keep some systems on premises. Hybrid environments can provide a best-of-both worlds approach that allows you to migrate nonessential applications gradually.

#6. Users

Where your partners and employees live and work will have significant implications for which cloud computing model will best meet their needs. Performance is best when datacenters are located in the same region as their users. This may not have big drawbacks when you consider occasional employee travel. But it may be very important if you open an office in Hong Kong that performs time-sensitive trading.

Be aware that Microsoft does not offer global tenancy to customers with fewer than 250 seats. What does this mean? An international small business will have to run out of a single Microsoft datacenter location. This has the potential to create latency issues for the majority of its employees.

Policies like this are constantly changing, though. In early 2019, Microsoft’s requirement for global tenancy was over ten thousand seats. It’s essential to keep up with the latest offerings to understand what’s currently possible in the public cloud.

Perhaps you’re thinking that this was a detailed discussion? In fact, we’re only scratching the surface of the issue. There are a myriad of considerations to take into account when designing a cloud computing environment. Check out the upcoming articles in this series to learn more about the pros and cons of each type.

Need help choosing a cloud solution for your alternative investment firm? Contact us for a complimentary consultation.

You’ve embraced remote working – are you still secure?

The trend towards remote working has been growing for several decades, but recently due to world events, many businesses have had to adopt supporting technologies and processes quickly and under pressure. The remote working trend has also dovetailed with the move to the cloud and software-as-a-service applications like Office 365. Cloud services are a great help in implementing remote working and in helping teams to collaborate even when not working in the same location. Cloud-enabled services and applications are often misunderstood, however, when it comes to security measures. Along with their SaaS services, businesses also need to consider using cloud-based security and disaster recovery services in parallel from a trusted DRaaS provider.

SaaS and Cloud providers like Microsoft, Salesforce, Google and others promise to secure the infrastructure that hosts the cloud application. But these SaaS providers are not responsible for covering all of the possible data and security issues that can arise, so customer support for backup, replication, and recovery services needs to be considered.

While the cloud provider takes care of the infrastructure, data and access remain the customer’s responsibility. The access risks compound as workers increasingly work remotely and communicate through email, which is the number one vector for malware.

Secure access to the cloud for remote workers today is usually ensured by either using an SDP or split-tunnel VPN. In either case, the security of remote access relies on user authentication. It is important not to make the mistake of relying on the employees to set up and manage their passwords. Individuals are notorious for setting easy-to-remember but also easy-to-guess passwords. Set up strict corporate password policies and enforce them. Also enforce regular intervals for employees to update their passwords.

Even with these stricter password policies in place, businesses would also be wise to employ multi-factor authentication (MFA). There are a number of ways for bad actors to manipulate or trick your employees into unintentionally revealing their passwords making it a good idea to have a second authentication method as a further roadblock. Traditionally, MFA was done using tokens, but it has become much simpler today to use the employee’s smartphone to send a code that they then enter into the SaaS login credential screen. There are a number of good choices for MFA available such as Google Authenticator, or options recommended by Microsoft. Need help determining which MFA solution is the best fit for you? Ask our Microsoft 365 experts today!

Even MFA access through SDP or a VPN will not always guarantee security for your most precious data; internal employees can also act maliciously. Therefore, it is a good idea to design your internal data access policies to ensure that each end user only has access to the applications and data that they need to do their jobs.

Segmenting your data collections is another good policy to adopt for additional Cybersecurity and data protection. Having all your eggs in one basket is never a good idea. Using various software-defined networking techniques such as SDPs or SD-WAN, you can literally define the connection between the user’s device and a specific server. They can be completely restricted to this network slice. Finally, think carefully about which workers get remote access; not everyone needs it all the time.

One main vector for security breaches is via email “spear phishing” attacks, which attempt to induce people to reveal personal information, such as passwords and credit card numbers by posing as reputable companies.

Phishing is a common technique for extracting passwords from employees with some IT professionals reporting 1000+ phishing attempts hitting their email inboxes a month. Other malicious email campaigns include sending attachments with embedded trojan code, or links pointing to compromised websites that auto-download malware onto users’ systems.

All employees are at risk of making a split-second poor decision and exposing their computer to these attacks. Threat actors are adept at choosing topics that people are eager to learn more about, often playing off trending fears and anxieties to lessen people’s natural caution and common sense. As a sign of the times, many organizations are reporting increased email phishing and Business Email Compromise (BEC) attacks since the beginning of the COVID-19 pandemic, with many messages claiming to offer breaking news or free tests. Once the pandemic has finally abated, threat actors will move on to the next anxiety-provoking topic.

While Microsoft and other email SaaS providers often try to help filter unwanted senders’ messages by verifying the IP address to guard against phishing, oftentimes their off-the-shelf attempts lack comprehensive protections and may lag behind in updating against the latest threats. IT professionals should look to enhance their email security by looking for Managed Anti-Spam and Anti-Virus solutions that offer services for scanning both inbound and outbound emails to eliminate spam and known attacks and Managed IT Services for analytical reporting, Cybersecurity, and on-demand expertise from a trusted DRaaS provider.

While it is critical to stay on top of the latest security threats and trends, it is also the case that malicious actors are constantly innovating new attack strategies. Barely a week goes by that some new kind of threat is launched and discovered. From denial of service to trojan horses and ransomware, you can never rule out the possibility that your business will be the next headline victim and cautionary tale.

How does a DRaaS Provider enhance Microsoft 365 data protection and cybersecurity?

That is one of the most important, but not the only, reasons to have a comprehensive backup and rapid disaster recovery service. Another reason is that employees unintentionally delete data all the time. They are the most common source of data loss. Even IT professionals can make configuration mistakes that can open data to being hacked or even lost. So, a comprehensive backup and disaster recovery option is essential for restoring your data.

This is where cloud services expand their usefulness from a means to collaborate efficiently, to storing and protecting your critical and everyday business data. Disaster Recovery as a Service (DRaaS) has become increasingly important in an era of escalating natural disasters, cyber-attacks targeting critical public institutions and businesses, and sophisticated social engineering campaigns bombarding your business day and night.

The good news is, as the importance of DRaaS has risen, the affordability has too. Many savvy organizations are leveraging the flexibility and rapid responsiveness inherent in cloud-enabled backup and recovery. After all, one of the many reasons that you adopted a cloud model was to get away from the capital costs and ongoing operating expenses associated with running and maintaining your own internal data infrastructure. Now that there are a range of cost-effective disaster recovery services available, businesses are finding that DRaaS makes good common sense.

In addition to helping you to recover from a disaster, an experienced DRaaS provider can also proactively help you to prevent data disasters from occurring in the first place and enable your business to work securely no matter where your end users are located. As a third party specializing in helping businesses recover from various disasters, they are best placed to anticipate what your business might face in the future. They can help you to design your security approach, as well as prioritize your data resources, segmenting them and working with you to create a plan for ensuring that the most critical data is restored as quickly as possible to keep you up and running.

The possibility of remote working and cloud-based services have been a godsend for many businesses, allowing them to remain operational in these difficult times. It is unlikely that the workplace will return to what it was and remote work is probably the new normal or highly significant for many businesses going forward. Your DRaaS provider can make sure that you do it securely and ensure that you can also recover gracefully if anything goes wrong.

Want to know more?

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global DRaaS provider of comprehensive Cloud, Data Protection, and Cybersecurity services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind. Thrive is an accredited Microsoft Office Level 1 backup and DRaaS provider.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as Cloud to Cloud Backup for Microsoft 365, email archiving, and Thrive DR services. Regardless of internal user error, ransomware attacks, or when a health disaster strikes, ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Questions? Ask Our Experts!

You may already be managing backup services for some of your clients, but haven’t yet expanded to offering a complete disaster recovery service. Or you simply haven’t added Managed Backup or Disaster Recovery (DR) to your service portfolio at all. Either way, there are good reasons to consider offering your customers DR, not just as a source of recurring revenue, but also as a sticky service that can create a more trusted advisor relationship that leads to new business. It has become easier to add DR to your portfolio with the advent of Disaster Recovery as a Service (DRaaS), especially when working closely with a DRaaS partner.

DRaaS is a perfect example of an on-demand cloud service that is always on and scales with your client’s needs. For you and your customers, there is the added benefit that you don’t need to keep a second data center for redundant servers and communications services. An additional perk for you is that DR brings in new customers, such as SMBs, who will find it easier to start small and scale as they grow.

DRaaS offers three other main benefits to your customers:

1. Immediate recovery from any kind of disaster with system failover to a secondary infrastructure within minutes.
2. Depending on needs and resources, customers get the flexibility to customize the scope of recovery from all types of disasters, from malware and ransomware to hurricanes and wildfires.
3. DRaaS offers seamless redundancy and no single point of failure to keep data securely protected in the cloud and away from the primary site.

Working closely with a customer to plan for recovery from a disaster that could jeopardize their business, requires that you get a clear understanding of their key operations and those parts of the business that are mission-essential. This disaster recovery planning approach is more strategic and collaborative between provider and customer than with a managed backup service, and requires you and the customer to predefine playbooks for exactly how to respond to different disaster scenarios. This is your opportunity to take your relationship with your customer to a new level. If you are able to add value and insights, you can earn their trust and develop a longer-term relationship with greater revenue potential.

Working on the disaster plan will involve taking the customer through a thorough risk assessment to identify vulnerabilities in their infrastructure. You may ask, which components are the most important and how do they impact their critical business functions? You will need to calculate both the financial and non-financial costs. Besides loss of revenue, there is the potential loss of opportunity; for instance, companies that recover faster, gain a competitive advantage.

The goal of all this analysis is to develop with the customer what they believe is their realistic recovery time objectives (RTO). In other words, how long can their infrastructure afford to be down? This is often a compromise between what they view as ideal and what they can afford. Similarly, you will also set the recovery point objectives (RPO), which define what level of data must be recovered and at what time-based increment or schedule, which should follow directly out of the analysis of critical business functions.

Qualities and Benefits of a Reliable DRaaS Partner

Having a technology partner that is focused on providing disaster recovery can be helpful during this process. A good DRaaS partner will have extensive experience in helping companies recover from many different kinds of disasters. This experience can be leveraged in formulating a sound disaster plan. Should the time come that a disaster does occur, it’s good to have team members onboard who routinely handle disaster situations and can meet the challenge with a measured and effective response that only comes with experience.

Your DRaaS partner will be particularly useful in the setting and defining of RTO and RPO objectives. These objectives set the parameters for the SLA you agree to and define your relationship and your obligations going forward. This includes identifying the cost-effective services and configurations that are recommended for your customer to meet their RTO and RPO, including full or partial failover, and hot site or warm site replication. It is critical to get it right at the beginning, and this is where the extensive experience of a DRaaS partner can be drawn upon to ensure that the defined service achieves the customer’s objectives as well as your own.

Finally, your ultimate objective in defining a DR plan for your customers is to identify where they are most vulnerable and to help them to address those weaknesses to prevent disasters altogether. Again, you will have to move the needle on your relationship to go beyond reacting to their needs to anticipating them, and as a result, positively shape the way they operate their business.

This is why DRaaS is much more than an additional revenue stream or a sticky service, although it is both of these things. It is above all an opportunity to move you from being regarded as just a service provider to being a trusted strategic long-term partner for their business.

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global provider of comprehensive cloud, data protection, and security services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery Services from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

We usually think of being ready for a disaster as a kind of insurance policy against a low-probability event. This approach treats SMB and enterprise DR planning as necessary, but hardly strategic, and most of us would never consider it as a competitive advantage. We should.

In the spring of 2007, just before the 2008 financial crisis hit, Nassim Taleb presciently published a widely read book called The Black Swan: The Impact of the Highly Improbable. As if reading from a crystal ball, Taleb laid out his thesis that as our global economy scales and becomes more and more complex, we begin to see the unforeseen and unpredictable more and more often. He argued that to be competitive and truly profit from these unpredictable “black swan” events, you have to organize your business strategy to be ready for them, even if they seem very unlikely.

Effective Enterprise DR Planning Includes Cybersecurity, Public Health, and Natural Disasters

Since then we have had at least two of these worldwide seismic events. The most recent, the current pandemic, has been a wake-up call for every business worldwide. Disasters on a global scale do happen and, as it turns out, some businesses have been better prepared to meet the needs of their customers during this event. These companies have not only realized a short-term competitive advantage, but they have secured a firm foundation for their future growth.

But if disasters are unpredictable black swans, how do you plan for them? Taleb shows through a series of examples how important it is to think through the worst kind of risks that you might face and take out insurance against those possibilities. If the risk seems low to everyone else, then it will probably turn out that it doesn’t cost that much to insure yourself against it. And a corollary of this principle, if the worst happens, you will also probably be one of the few survivors. Which can put your business in a very strong competitive situation.

One of the important pieces in your disaster insurance strategy has to be a good disaster recovery plan for your company’s data. Cybersecurity events fall into that class of newly emerging black swan threats that face every business. As we embrace autonomous technologies built around IoT, AI, and machine learning, we are unleashing tremendous productive potential, but we are also setting ourselves up for a potential perfect digital storm.

Much as public health professionals have been warning us of the possibility of a pandemic for the last few decades, cybersecurity professionals have been trying to alert the world to its precarious state around digital security. No one knows exactly how or what will occur, but most who work in this field are concerned that we have a good chance of seeing a major cybersecurity event in the coming decades. Will your business be ready to survive and potentially even profit from it?

Key Considerations for SMB and Enterprise DR Planning

As gloomy as these threats are to contemplate, effective enterprise DR planning has to start with thinking through the worst-case scenarios that you might face so that you can ensure that resources and processes are in place to prevent or rapidly recover from a disaster.

Here are some key considerations at a glance.

1. Start by looking at what parts of your business systems, applications, and data that you simply cannot afford to lose.
2. Then take it to the next level by asking, “If all of my competitors were knocked down by the same event as me, what kinds of data recovery would give me an immediate advantage?” There could be an easily achievable difference between being minimally operable and able to pounce on a once-in-a-lifetime opportunity.
3. In developing a good data disaster recovery plan, you need to analyze the vulnerabilities in your IT infrastructure and identify the critical components of your operations. This has to be linked to a thorough analysis of your business functions and an assessment of which are the most critical to your ability to not only survive but successfully compete.
4. You must also ensure that your disaster recovery plan is well understood by your teams. Ensure that they are prepared to execute the DR plan when the time comes. This is difficult to do when the threat is a black swan event that is unpredictable and looks to most people consumed in their daily to-dos as highly theoretical, at best.
5. For this reason, it is important to fully script out the responses to a wide variety of emergency scenarios. Training and periodic trial runs — fire drills — are also a good way to ensure that when the moment comes, people will have developed some engrained patterns that they can fall back on when their amygdala has gone into overdrive.
6. To ensure that you have the skill sets and coverage needed during a disaster, also think about engaging the services of a third-party disaster recovery team. We have firefighters and other first responders for a very good reason. Training and constant practice in dealing with disasters is the only good way to be prepared for them when they strike. However, most businesses and organizations want to avoid having ‘constant practice’ with recovering from disasters for obvious reasons.

A Disaster Recovery partner can allow you to focus on your day-to-day operations, while also having access to reliable and specialized backup and recovery support. A DR partner can apply the deep expertise that they have honed with disasters day in and day out to your specific business needs. They can help you think through your business priorities, identify vulnerabilities in your systems, design backup systems and protocols, and provide critical and rapid response support. This will ensure that you cannot only recover gracefully but seize the moment when your competitors cannot.

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global provider of comprehensive cloud, data protection, and security services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around data loss prevention and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Secure remote access safeguards sensitive data transmission when applications are accessed from devices outside of the corporate network. It also enhances cybersecurity by introducing complexities for threat actors. In many cases, vulnerabilities in software applications, especially critical ones, may become harder to exploit as the configuration of the service begins to move away from the generic default to a more customized configuration.

What is Secure Remote Access?

Secure remote access is an umbrella under which a number of security strategies reside. It can refer to any security policy or solution that prevents unauthorized access to your network or sensitive data.

With more remote workers, different techniques may include the use of both VPN and RDP together (using different authentication mechanisms), implementation of multi-factor authentication (MFA), restrictions on which accounts may use remote access, during what times, with what password strength, and internal operating system controls that manage and protect passwords and authentication processes.

Why is Secure Remote Access Important?

If an organization does not implement any other layers of authentication besides the standard login with a username and password, there is a higher probability of a successful ransomware attack which could result in encryption and exfiltration of data, demands for payment, damage to reputation as well as lost data and revenue.

Read our Ransomware Best Practices eBook for insights on security threats and steps that you can take to mitigate your risk and rapidly recover from an attack.

Remote Access Risk Mitigation While Keeping it Simple

Some of the most effective ways to potentially reduce the risks associated with remote access systems are also some of the simplest:

1. Disable remote access technologies if not required for the business.
2. Restrict remote access to only the users that require such access, and restrict individual user access to only the services/systems that such users may require.
3. Use current versions of operating systems and applications, and regularly update and patch. Critical patches should be applied to remote access systems within 3-7 days.
4. Enforce a strong password policy with regular password changes. A strong password policy means both the strength of the password and its complexity, lock-out policies, and similar settings.
5. Restrict and segment remote access services based on data classification.
6. Use a VPN with MFA if you do use RDP.
7. Where possible use multiple account login credentials as opposed to configuring all layers to authenticate via the same active directory.
8. Implement internal monitoring tools to ensure that access is being used correctly and that systems are not being accessed outside of normal parameters.

Thrive Can Help

Old access security measures are no longer enough to ensure that your cybersecurity strategy is protecting your data and business continuity and must be replaced with safeguards that allow employees and other verified users safe and secure access from anywhere, at any time, from any device.

We can provide your business with a suite of customized options to safeguard your business. Contact us now to get started.

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global provider of comprehensive cloud, data protection, and security services.

Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability and support that your business demands.

Contact us today to discover your options around data loss prevention and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Between market volatility and the imperative for a sudden and prolonged shift to remote work at scale, pension funds, like many other firms, are facing uncertain times. Now more than ever, having reliable technology infrastructures in place is essential for remaining productive in order to weather the storm. With the corporate perimeter having expanded to include (potentially) tens of thousands of employees’ homes but regulatory standards—and the real-world consequences of a data breach—remaining as severe as always, it’s critical to ensure that your pension fund has access to all the resources it needs, both human and technological, to continue to maintain its security posture and support its personnel.

Given this climate, it may be time to consider the benefits of outsourcing responsibility for some key functions to a highly qualified managed service provider (MSP) with deep experience in your specific industry. Avail your firm of the benefits of this type of outsourcing, and you’re likely to see a substantial reduction in costs as well as risk.

Here’s a detailed rundown of the top five benefits you stand to gain. 

#1: You can leverage economies of scale to reduce procurement costs and get advantageous pricing for services.

Even though a pension fund may be managing hundreds of billions of dollars in assets, every dollar of its operating expenditures will likely be subject to strict controls and a great deal of scrutiny. Compliance auditors and the pension’s administrative organization typically require detailed and granular cost reporting and demand that funds economize wherever possible. It’s therefore essential to find the best possible pricing for hardware and outsourced helpdesk support.

Turn to an IT service provider with longstanding relationships with the leading vendors who sell to firms in the alternative investment and financial services space, and you’ll be able to avail yourself of better pricing than you’d get if you were buying direct from the vendors. This is because the service provider or reseller is procuring hardware for the entirety of their global customer base and can offer lower per-unit prices as a result. An industry-leading reseller will also offer rapid turnaround on quotes, and will be able to have in-stock equipment delivered the very next day. This enables your pension fund to be more operationally agile while maintaining low overhead costs.

The same general premise holds true for outsourced 24x7x365 helpdesk support. A pension fund can take advantage of the always-on services that an MSP’s experienced support team can provide for a tiny fraction of the costs you’d incur by building an on-site 24x7x365 support center and retaining the talent needed to staff it yourself.

#2: You’ll see a meaningful reduction in vulnerability and risk, which can even be extended to investment decisions.

The pension funds industry generates and handles enormous amounts of sensitive data. And retirement plan sponsors hold a fiduciary duty to the fund’s participants: they’re required to protect their personal and financial information at all times. Regulators are taking notice, and institutional investors are increasingly aware of cybersecurity risk as well. In this climate, it’s vital to partner with an IT service provider with industry-specific expertise—and one that’s long proven trustworthy.

Even if your fund handles cybersecurity risk management internally—especially at a strategic level—there will likely be many times when your team might benefit from the wide-ranging insights that an active partner can share. When your IT partner has working partnerships with hundreds of hedge funds and other alternative investment firms around the globe, they’ll have a firm grasp on industry standards and best practices. You can also leverage that expertise by asking their team to perform vulnerability or risk assessments on other firms that you’re considering for investment, and you’ll know that their opinion will be impartial—but conditioned by their extensive experience in the industry.

#3: You’ll reap the rewards of high-quality support, including greater productivity and less downtime.

Some people think of IT helpdesk services as a commodity, but if your employees are spending countless hours of their limited and valuable time on hold or waiting for an email reply, the advantages of having a professional and highly available support team at the ready will be clear. If an IT service provider can offer helpdesk support in multiple regions (including yours), you won’t have to worry about language barriers or long wait times at hours that are busy for you but are “off” hours in another time zone. What’s more, a top-tier MSP with an industry-specific focus will be able to seek out support professionals with financial industry or alternative investment experience, which means they’ll already be familiar with your employees’ most common challenges and most pressing issues—even before they answer the phone.

#4: Your partnership with an MSP will enable you to free up internal resources for higher-level tasks.

Digital transformation is more of a journey than a destination: it’s a far-reaching process that will ultimately impact every facet of the organization. Not all pension funds have internal expertise in all areas where it’s needed. You might, for instance, have a top-notch security team but lack resources when it comes to cloud configuration management. Much as you’d partner with outside compliance consultant to streamline the process of meeting regulatory requirements or engage a law firm to provide legal advice, you can avail yourself of a qualified MSP’s deep internal resources in every area of technology. This means you can supplement your own team whenever and wherever you need to—without making the commitment or facing the expenses associated with hiring permanent employees.

#5: You’ll become more agile, flexible and ready to meet your industry’s ever-changing demands.

Turning to the cloud enables you to spin up new services at a moment’s notice. Employees working remotely for the first time? Cloud applications can support their productivity at home temporarily as well as back in the office when it’s time for them to return. But what you gain in flexibility you may also lose in security and control if you don’t have the internal expertise to manage cloud configurations and settings on an ongoing basis.

Partner with an IT service provider with a team of experts who understand these services and their constant evolution, and you’ll be able to manage the security risks without needing to find scarce talent or invest in salaries and compensation packages. For many pension funds, it’s easier to draw upon a services budget for outsourcing than to get an internal hire approved. And, if the MSP offers flexible contract terms, you can scale up or down services to suit the fund’s needs and budget as circumstances change.

Want to learn more about how Thrive can help your pension fund realize cost savings, new efficiencies and a stronger security posture? Contact us today to set up a free, zero-obligation consultation.

As businesses pursue digital transformation, their key assets are shifting from physical infrastructure to data. Artificial intelligence (AI), machine learning, and other kinds of analytics rely on data to power their algorithms. Data is now the most valuable asset for many businesses; not just customer and financial data, but operational data as well. Loss of that data for even a short time can bring operations to a standstill. And yet, legacy disaster recovery services and solutions such as offsite tape repositories don’t provide the immediate and dependable response needed to meet today’s business demands.

It is no surprise then that the latest trend in disaster recovery is Disaster Recovery as a Service (DRaaS). Relying on the cloud to provide flexible, scalable backup resources, DRaaS is always on and always available. Disaster recovery services provide the fastest options for restoration of operational and other kinds of data, and it can automate many of the tasks. Along with the agility and speed of recovery that DRaaS makes possible, it also provides increased flexibility, improved security and saves you money. Having access to your backup data without having access to computing to run your business is only part of the equation in a disaster.

In traditional disaster recovery, IT maintains or has access to a second, standalone data center for the disaster recovery operations. This duplication includes storage and compute resources as well as duplicate network resources such as firewalls, routers and switches. There are also extra operational processes such as configuration, maintenance and support. In addition, there is the time needed to access the equipment at the second site as well as the time needed to re-route network traffic to this new location.

The manual side of disaster recovery can be the Achilles heel for many businesses because their backup operations are manual. This puts the burden on data center employees, who unless the business is very big, are often caught up in other day-to-day operational tasks. It is not always easy to ensure backup tasks remain on the daily to-do list despite more pressing short-term issues.

Rapidly growing businesses also need to expand their redundant data center to match the growth of the business. This can impose the need for significant expenditures at a time when all available Capex is being used to increase productive capacity. As with manual operations, long-term strategic issues such as disaster recovery often fall lower on the priority list when the business is consumed with short-term issues.

Cost-effective and Reliable Disaster Recovery Services for Businesses of all Sizes

Disaster recovery services address most of these shortcomings. The pay-as-you-go approach of cloud services is one of the principal drivers of the trend to the cloud, and it is no different with DRaaS. It moves disaster recovery to the expense side of the ledger where it can more closely match the ebbs and flows in revenue, and it ensures that precious capital resources are available for expanding productivity to meet growing demand.

Disaster recovery services can automate the tasks associated with replication, backup and restoration. The cloud provider takes over the day-to-day operations, administration, and maintenance of the DR data center and associated services, which frees IT to focus on the more pressing concerns of managing the fast-growing digital operations side of the business.

In addition, disaster recovery services can also assist in disaster avoidance. Failing over just one or a few Virtual Machines (VM) and running those workloads from a Cloud site without having to formally declare a disaster and initiate all of the associated actions with disaster declaration can be invaluable.

Documenting and automating the restoration process or “run book” of Virtual Machines (VM) with your DRaaS provider through the use of features such as Failover Plans can ensure that the appropriate steps are taken more rapidly and without having to make those decisions during the disaster declaration process, since they were determined well in advance.

The DRaaS provider also brings their expertise and experience in handling disaster recovery and prevention daily; whereas most business’s IT departments will only occasionally deal with data restoration tasks and may never experience a full-blown loss of data — at least, not until it happens.

Your DRaaS provider can work with you to develop your Disaster Recovery Plan. They can help you to assess the risks and business impacts, lay out the best ways to prevent data loss from occurring and help your IT staff to prepare for how best to respond and recover from various disaster scenarios. Finally, they can help you to test these systems regularly to ensure that the plan is comprehensive and update it when new threats emerge.

This last point is perhaps the most significant. Cyber-security threats are the area most prone to rapid change, and the area where it is most difficult for IT departments to stay current. Again, the DRaaS provider is singularly focused on the security of their data center operations and is completely attuned to the current state of security threats. Their infrastructure is also separate and apart for that of the businesses they serve which offers additional protections through these barriers.

In this era of digital transformation, the cloud is playing a key role in the development of information and operational technologies. It allows businesses to be more agile, responding quickly to shifts in demand and enabling them to be more flexible and adjust their offerings and services to optimize the customer experience. Cloud providers offer the latest capabilities and leverage the most advanced technological platforms. Every business today needs to put cloud at the heart of their business strategy and, now more than ever, that includes disaster recovery services.

Thrive to the Rescue

Your Backup and Disaster Recovery Experts

Thrive is a trusted global provider of comprehensive cloud, data protection and security services.

Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services that can help you to meet your operational demands while protecting and recovering your most valuable asset – your data.