Author Archives: Thrive

Are your applications and data properly protected? Our Thrive5 Methodology helps answer that critical question for businesses every day.

Our consultative approach takes a deep dive into multiple segments of IT operations and infrastructure to understand business requirements and provide solutions. At Thrive, we’re well-positioned to provide solutions to existing IT issues while working to prevent potential emerging threats.

The Thrive Technology Assessment

Does your organization need someone to lift up the hood and take a closer look at your IT operations? There’s a good chance the answer to that question is, “Yes.” During the initial phase of the Thrive5 Methodology, we perform a technology assessment that includes an in-depth review of your:

• Servers
• Networking
• Cybersecurity
• Governance
• Messaging

Looking at the existing solutions, we compare them against IT best practices to identify gaps that can be eliminated to mitigate risk and deliver greater efficiency for the business.

We all know that in 2020, IT departments were thrown a significant curveball. More specifically, backup and disaster recovery became a critical piece of our assessment process as many Americans worked from home. Just last month, a large-scale Google outage struck, affecting end users and their ability to access e-mail, YouTube, Google Drive, and Google Classroom, among other things. We help organizations plan for these types of scenarios, among others, to mitigate downtime.

We evaluate business processes as well as technology to ensure you’re meeting your company’s uptime requirements. What is your business willing to tolerate from a downtime or data loss perspective when unexpected events occur? Typically, that tolerance is low. We peel the layers back to understand your current technology stack and make specific recommendations to fill in the gaps and provide perspective on cost and priorities.

Solutions that Meet Your Specific Needs

Nine times out of ten, a company is missing critical tools that enable them to understand the current state of their environment on a real-time basis. That makes it nearly impossible to know how to deploy upgrades and new solutions.

For example, we have seen several organizations using on-premise hardware when it makes more sense to be in the cloud. Part of our assessment process maps out how our clients will migrate to the cloud. Some customers require a full overhaul, while some may only need minor updates. What the majority, if not all of our customers need, is the latest generation of security products, including our fully-developed SIEM/SOC solution, EDR-based protection for workstations, next generation firewalls, and disaster recovery.

As many of our services are standardized and consistent across the board with best practices, we have built out our service delivery and account management structure with the flexibility to align with our clients’ specific needs. Our service delivery teams also have vertical alignments, enabling them to provide additional value and expertise in both their recommendations as well as implementation and a best-in-class customer service experience.

__________

No matter where your employees are currently working, the team at Thrive is here to answer the call and provide solutions through our Thrive5 Methodology. To learn more about creating an IT roadmap for your organization, get in touch with us today!

For businesses of any size, keeping employees connected, working and productive is critical. But managing the IT needs of an organization is complicated. That’s why the NextGen technology experts at Thrive have created the Thrive Platform, powered by ServiceNow.

Creating an IT framework isn’t just about protecting intellectual property or trade secrets – it’s about stopping attacks that can disable your business. By laying out an IT framework, you’re ensuring devices are protected and business operations run smoothly.

Finding the right framework fit for your organization’s IT approach is easy when working with a team that understands the current landscape and requirements of your business. With Thrive, you can have a customized IT framework that provides transparency, security and performance.

Thrive’s Top IT Frameworks: ITIL & CIS

There are two frameworks we tend to use here at Thrive: ITIL (IT Infrastructure Library)-based and CIS (Center for Internet Security)-based. ITIL-based frameworks govern things like efficiency, capacity planning, liability planning, and end user requests. Lately, my focus has been on CIS-based frameworks, which give insight into what is being done well within an organization and where improvements can be made.

Oftentimes, we identify areas in which there may be framework gaps. This can be anything from comprehensive asset management and discovery to software packages. One big challenge organizations currently face is the concept of “shadow IT.” With different business units utilizing the cloud, there’s no need for employees to request permission to install applications or contact IT to perform a basic action, like using Google Drive. However, this can raise its own set of problems.

Staying On Top of Security

By going through CIS software discovery controls, we help raise awareness to ensure that a business is aware of all applications, both cloud and internal, and account for them.

This helps answer important questions like:

• How is a member of the organization authenticating themselves?
• What’s the nature of the data that’s being stored?
• When someone leaves an organization, is HR aware that files can be transferred, putting company information at risk?
• Are unauthorized users accessing sensitive or proprietary information?

We help organizations understand hardware and software controls, who should manage authentication for systems, what level of encryption is present, and whether endpoint patching and endpoint detection and response systems are in place.

If something happens, how do you respond if there is suspicious activity? How are employees notified of a potential incident, and who should be contacted for the next steps? We go through these controls with IT leaders and key members and stakeholders at the executive team level to enlighten organizations.

Using Frameworks to Set Priorities

Within the CIS framework, there are benchmarked levels that a company can strive to reach, and we often help clients evaluate which level is the right fit for them. This helps keep an IT organization aligned on which actions can efficiently produce the best outcome (or reduce the risk of bad outcomes) instead of sinking resources into something beyond their needs.

Security training goes a long way, and bringing your workforce up to speed can have several benefits. A SIEM service can identify and respond to security anomalies, but if you can educate your user community for a relatively low cost, you now have more eyes trained to identify anomalies or limit the likelihood of a phishing attack.

DNS filtering should be another standard. How does your company figure out what cloud applications employees are using? With DNS filtering across all devices, you’re opening the lines of communication with employees, with the ability to add controls to account for who is logging into the system. This allows you to track how data is flowing and how to protect it.

By laying out a framework in phases, we can show the steps that should be taken, including the basics, to make sure your users are educated and endpoint devices are protected. Typically, in a first phase, we focus on security awareness training, to show executive teams how many employees have failed when it comes to a phishing-type attempt.

When putting in something like EDR (endpoint detection and response), we can show visibility into the types of issues that can happen. It’s not just about protecting trade secrets – it’s about protecting business uptime and minimizing downtime.

__________________

The Thrive team is here to adopt the framework that will be the best fit for your organization.

Interested in learning more? CONTACT US TODAY!

No two cloud environments are identical. How can you figure out what’s best for your individual business?

Companies of all sizes must consider many factors when choosing the type of cloud infrastructure that will best suits their unique needs. These include issues like office location, number of remote workers, compliance requirements, the need for security and control, and more.

There isn’t a single right or wrong way to leverage the benefits of cloud, and the process of choosing between public, private and hybrid cloud environments can be complicated. Whether you’re running a family office, a midsized asset management firm or a large umbrella group of jointly managed pension funds, you’ll want to design an individual cloud strategy that reflects your business goals.

We encourage all of our clients to reflect on their short and long-term objectives when evaluating the potential benefits of cloud migration. Are you most interested in saving money? Opening new offices in a geographically distant location? Or perhaps closing all of your physical offices entirely and moving to a remote-work only model? Only by beginning with the ends in mind can you be confident that you’ll achieve your desired result.

To help you navigate the complexities of cloud decision-making, we’ve put together this brief guide highlighting the six primary factors to consider.

#1: Control

If you’d like to maintain full control over where your data is located, where your applications are running or who has access to this data center, you’ll want to avoid the public cloud. At any given time in the public cloud, you do not know the exact location from which you are accessing your data. The major public cloud vendors have multiple datacenters within a single region and/or availability zone and you do not have input on exactly where your data is “live”. You also do not have the ability to override public cloud vendor maintenance windows, which affect where your data is located during those times.

Similarly, if your uptime requirements are stringent, you should be aware that there’s no way to avoid downtime in case of major system outages like those that have been known to impact global users of Microsoft Teams, Office 365 and Outlook. While public cloud providers strive to provide extremely high availability and uptime rates, in cases where their systems do fail, you’ll have to wait – just like millions of other impacted users – for the cloud provider to resolve the problem.

With a private cloud environment, you’re in control of exactly where your data is stored. You can be confident of the physical and logical security measures that are in place, can know exactly what steps are being taken to recover from outages at any stage in the process, and can stay informed about who works inside the datacenter. If for instance, your data is subpoenaed for use in a government investigation, Microsoft is under no obligation to inform you or gain approval prior to handing it over to the authorities. A provider offering a private-only platform like Thrive’s hybrid cloud will let you know immediately.

Even within a single alternative investment firm, not all applications require the same degree of control and security. Designing a hybrid cloud environment allows you to exert fine-grained control over your most sensitive workloads while enjoying cost-savings and scalability by relegating those that are less sensitive to the public cloud.

#2: Security

It’s certainly possible to design a public cloud environment that’s just as secure as a private cloud solution, but it requires care, forethought and attention to the specific cloud options and configurations you select.

When it comes to application security and data protection, public cloud providers and Software-as-a-Service (SaaS) vendors like Microsoft offer multiple different “tiers” of service depending on the enterprise licensing plan you select. Although the least expensive tiers may seem attractive due to their lower per-user costs, they generally don’t provide adequate file protection, identity and access management capabilities or other advanced security provisions needed to meet compliance requirements in the financial services industry. For more effective security that mitigates the real-world risks of a breach – as well as the devastating loss of investor confidence that would follow – you’ll need to choose the top-level (and most expensive) licensing plan.

Major public cloud providers maintain hundreds of datacenters around the world. They leverage enterprise-grade hardware and advertise that they adhere to industry-leading physical security standards. Still, you’ll never know exactly where your data resides and you’ll never have precise control over the physical security measures present in its environment.

#3. Governance

There’s no global regulatory board governing the financial services industry. Instead, your firm is responsible for meeting all local and national requirements in every country where you’ve established an office. These can vary greatly around the world, as well as for different firm sizes and types. In China, for example, there’s a mandate that firms who retain a managed service provider (MSP) must maintain independent access to their data via a system that’s outside of the MSP’s control. Highly specific requirements like this one may steer you toward a private cloud environment, or conversely, make public cloud infrastructures more appealing.

#4: Cost

Much like the great myth that there are no outages in the Public Cloud, there is also a common opinion that the public cloud is always cheaper. However, this isn’t always reflected by reality. To make certain the public cloud environment you’re choosing will cost less on a monthly basis, you’ll need to add up all the additional costs that public cloud vendors price on an à la carte basis. Many of these additional costs are typically covered by private cloud providers in a service package. These can include backup features (How often are snapshots taken? How long are they retained?), security options, data availability guarantees and service uptime rates. In addition, it’s worthwhile to consider whether or not technical support is included: if not, per-minute charges for open tickets can add up fast.

Furthermore, such monthly costs typically change as your technology estate evolves with your business requirements. Cost control is therefore a key consideration. A traditional private cloud has a fixed cost base and, more often than not and against popular belief, at a commercial rate that is either on par or lower than a public cloud alternative with the above considerations. Public cloud providers, Microsoft in particular, increase their prices year after year, often on more than once each year. It’s important to be aware that commercially attractive propositions on Day 1 are very likely to change considerably over the months and years that follow.

Lastly, consider your migration costs. For start-ups that have little data to move and no legacy in-office hardware, it can be much more economical to leverage public cloud options. Larger and more established firms may find that month-to-month cost savings are minimal if not non-existent and migration charges exorbitant.

#5: Migration

Make no mistake — a cloud migration project is a large-scale undertaking that’s guaranteed to take time and cost money. Depending on the size of your firm, your tolerance for disruption and downtime, and the number of legacy software applications that are mission-critical for your business, it may make sense to keep some systems on premises. Hybrid environments can provide a best-of-both worlds approach that allows you to migrate nonessential applications gradually.

#6. Users

Where your partners and employees live and work will have significant implications for which cloud computing model will best meet their needs. Performance is best when datacenters are located in the same region as their users. This may not have big drawbacks when you consider occasional employee travel. But it may be very important if you open an office in Hong Kong that performs time-sensitive trading.

Be aware that Microsoft does not offer global tenancy to customers with fewer than 250 seats. What does this mean? An international small business will have to run out of a single Microsoft datacenter location. This has the potential to create latency issues for the majority of its employees.

Policies like this are constantly changing, though. In early 2019, Microsoft’s requirement for global tenancy was over ten thousand seats. It’s essential to keep up with the latest offerings to understand what’s currently possible in the public cloud.

Perhaps you’re thinking that this was a detailed discussion? In fact, we’re only scratching the surface of the issue. There are a myriad of considerations to take into account when designing a cloud computing environment. Check out the upcoming articles in this series to learn more about the pros and cons of each type.

Need help choosing a cloud solution for your alternative investment firm? Contact us for a complimentary consultation.

You’ve embraced remote working – are you still secure?

The trend towards remote working has been growing for several decades, but recently due to world events, many businesses have had to adopt supporting technologies and processes quickly and under pressure. The remote working trend has also dovetailed with the move to the cloud and software-as-a-service applications like Office 365. Cloud services are a great help in implementing remote working and in helping teams to collaborate even when not working in the same location. Cloud-enabled services and applications are often misunderstood, however, when it comes to security measures. Along with their SaaS services, businesses also need to consider using cloud-based security and disaster recovery services in parallel from a trusted DRaaS provider.

SaaS and Cloud providers like Microsoft, Salesforce, Google and others promise to secure the infrastructure that hosts the cloud application. But these SaaS providers are not responsible for covering all of the possible data and security issues that can arise, so customer support for backup, replication, and recovery services needs to be considered.

While the cloud provider takes care of the infrastructure, data and access remain the customer’s responsibility. The access risks compound as workers increasingly work remotely and communicate through email, which is the number one vector for malware.

Secure access to the cloud for remote workers today is usually ensured by either using an SDP or split-tunnel VPN. In either case, the security of remote access relies on user authentication. It is important not to make the mistake of relying on the employees to set up and manage their passwords. Individuals are notorious for setting easy-to-remember but also easy-to-guess passwords. Set up strict corporate password policies and enforce them. Also enforce regular intervals for employees to update their passwords.

Even with these stricter password policies in place, businesses would also be wise to employ multi-factor authentication (MFA). There are a number of ways for bad actors to manipulate or trick your employees into unintentionally revealing their passwords making it a good idea to have a second authentication method as a further roadblock. Traditionally, MFA was done using tokens, but it has become much simpler today to use the employee’s smartphone to send a code that they then enter into the SaaS login credential screen. There are a number of good choices for MFA available such as Google Authenticator, or options recommended by Microsoft. Need help determining which MFA solution is the best fit for you? Ask our Microsoft 365 experts today!

Even MFA access through SDP or a VPN will not always guarantee security for your most precious data; internal employees can also act maliciously. Therefore, it is a good idea to design your internal data access policies to ensure that each end user only has access to the applications and data that they need to do their jobs.

Segmenting your data collections is another good policy to adopt for additional Cybersecurity and data protection. Having all your eggs in one basket is never a good idea. Using various software-defined networking techniques such as SDPs or SD-WAN, you can literally define the connection between the user’s device and a specific server. They can be completely restricted to this network slice. Finally, think carefully about which workers get remote access; not everyone needs it all the time.

One main vector for security breaches is via email “spear phishing” attacks, which attempt to induce people to reveal personal information, such as passwords and credit card numbers by posing as reputable companies.

Phishing is a common technique for extracting passwords from employees with some IT professionals reporting 1000+ phishing attempts hitting their email inboxes a month. Other malicious email campaigns include sending attachments with embedded trojan code, or links pointing to compromised websites that auto-download malware onto users’ systems.

All employees are at risk of making a split-second poor decision and exposing their computer to these attacks. Threat actors are adept at choosing topics that people are eager to learn more about, often playing off trending fears and anxieties to lessen people’s natural caution and common sense. As a sign of the times, many organizations are reporting increased email phishing and Business Email Compromise (BEC) attacks since the beginning of the COVID-19 pandemic, with many messages claiming to offer breaking news or free tests. Once the pandemic has finally abated, threat actors will move on to the next anxiety-provoking topic.

While Microsoft and other email SaaS providers often try to help filter unwanted senders’ messages by verifying the IP address to guard against phishing, oftentimes their off-the-shelf attempts lack comprehensive protections and may lag behind in updating against the latest threats. IT professionals should look to enhance their email security by looking for Managed Anti-Spam and Anti-Virus solutions that offer services for scanning both inbound and outbound emails to eliminate spam and known attacks and Managed IT Services for analytical reporting, Cybersecurity, and on-demand expertise from a trusted DRaaS provider.

While it is critical to stay on top of the latest security threats and trends, it is also the case that malicious actors are constantly innovating new attack strategies. Barely a week goes by that some new kind of threat is launched and discovered. From denial of service to trojan horses and ransomware, you can never rule out the possibility that your business will be the next headline victim and cautionary tale.

How does a DRaaS Provider enhance Microsoft 365 data protection and cybersecurity?

That is one of the most important, but not the only, reasons to have a comprehensive backup and rapid disaster recovery service. Another reason is that employees unintentionally delete data all the time. They are the most common source of data loss. Even IT professionals can make configuration mistakes that can open data to being hacked or even lost. So, a comprehensive backup and disaster recovery option is essential for restoring your data.

This is where cloud services expand their usefulness from a means to collaborate efficiently, to storing and protecting your critical and everyday business data. Disaster Recovery as a Service (DRaaS) has become increasingly important in an era of escalating natural disasters, cyber-attacks targeting critical public institutions and businesses, and sophisticated social engineering campaigns bombarding your business day and night.

The good news is, as the importance of DRaaS has risen, the affordability has too. Many savvy organizations are leveraging the flexibility and rapid responsiveness inherent in cloud-enabled backup and recovery. After all, one of the many reasons that you adopted a cloud model was to get away from the capital costs and ongoing operating expenses associated with running and maintaining your own internal data infrastructure. Now that there are a range of cost-effective disaster recovery services available, businesses are finding that DRaaS makes good common sense.

In addition to helping you to recover from a disaster, an experienced DRaaS provider can also proactively help you to prevent data disasters from occurring in the first place and enable your business to work securely no matter where your end users are located. As a third party specializing in helping businesses recover from various disasters, they are best placed to anticipate what your business might face in the future. They can help you to design your security approach, as well as prioritize your data resources, segmenting them and working with you to create a plan for ensuring that the most critical data is restored as quickly as possible to keep you up and running.

The possibility of remote working and cloud-based services have been a godsend for many businesses, allowing them to remain operational in these difficult times. It is unlikely that the workplace will return to what it was and remote work is probably the new normal or highly significant for many businesses going forward. Your DRaaS provider can make sure that you do it securely and ensure that you can also recover gracefully if anything goes wrong.

Want to know more?

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global DRaaS provider of comprehensive Cloud, Data Protection, and Cybersecurity services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind. Thrive is an accredited Microsoft Office Level 1 backup and DRaaS provider.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as Cloud to Cloud Backup for Microsoft 365, email archiving, and Thrive DR services. Regardless of internal user error, ransomware attacks, or when a health disaster strikes, ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Questions? Ask Our Experts!

“Learn More about NextGen IT Service Delivery for Your Business”

No single solution has existed to automate IT tasks, enable anytime, anywhere self service for employees, and deliver a 360º view of an organization’s technology assets.

The Thrive Platform is an easy-to-use portal that creates a superior IT experience by giving employee end users, approval managers and IT points of contact a personalized view of what they need to see.

Sign up today to schedule a demo with the Thrive Platform team and see how it can transform IT service delivery.

You may already be managing backup services for some of your clients, but haven’t yet expanded to offering a complete disaster recovery service. Or you simply haven’t added Managed Backup or Disaster Recovery (DR) to your service portfolio at all. Either way, there are good reasons to consider offering your customers DR, not just as a source of recurring revenue, but also as a sticky service that can create a more trusted advisor relationship that leads to new business. It has become easier to add DR to your portfolio with the advent of Disaster Recovery as a Service (DRaaS), especially when working closely with a DRaaS partner.

DRaaS is a perfect example of an on-demand cloud service that is always on and scales with your client’s needs. For you and your customers, there is the added benefit that you don’t need to keep a second data center for redundant servers and communications services. An additional perk for you is that DR brings in new customers, such as SMBs, who will find it easier to start small and scale as they grow.

DRaaS offers three other main benefits to your customers:

1. Immediate recovery from any kind of disaster with system failover to a secondary infrastructure within minutes.
2. Depending on needs and resources, customers get the flexibility to customize the scope of recovery from all types of disasters, from malware and ransomware to hurricanes and wildfires.
3. DRaaS offers seamless redundancy and no single point of failure to keep data securely protected in the cloud and away from the primary site.

Working closely with a customer to plan for recovery from a disaster that could jeopardize their business, requires that you get a clear understanding of their key operations and those parts of the business that are mission-essential. This disaster recovery planning approach is more strategic and collaborative between provider and customer than with a managed backup service, and requires you and the customer to predefine playbooks for exactly how to respond to different disaster scenarios. This is your opportunity to take your relationship with your customer to a new level. If you are able to add value and insights, you can earn their trust and develop a longer-term relationship with greater revenue potential.

Working on the disaster plan will involve taking the customer through a thorough risk assessment to identify vulnerabilities in their infrastructure. You may ask, which components are the most important and how do they impact their critical business functions? You will need to calculate both the financial and non-financial costs. Besides loss of revenue, there is the potential loss of opportunity; for instance, companies that recover faster, gain a competitive advantage.

The goal of all this analysis is to develop with the customer what they believe is their realistic recovery time objectives (RTO). In other words, how long can their infrastructure afford to be down? This is often a compromise between what they view as ideal and what they can afford. Similarly, you will also set the recovery point objectives (RPO), which define what level of data must be recovered and at what time-based increment or schedule, which should follow directly out of the analysis of critical business functions.

Qualities and Benefits of a Reliable DRaaS Partner

Having a technology partner that is focused on providing disaster recovery can be helpful during this process. A good DRaaS partner will have extensive experience in helping companies recover from many different kinds of disasters. This experience can be leveraged in formulating a sound disaster plan. Should the time come that a disaster does occur, it’s good to have team members onboard who routinely handle disaster situations and can meet the challenge with a measured and effective response that only comes with experience.

Your DRaaS partner will be particularly useful in the setting and defining of RTO and RPO objectives. These objectives set the parameters for the SLA you agree to and define your relationship and your obligations going forward. This includes identifying the cost-effective services and configurations that are recommended for your customer to meet their RTO and RPO, including full or partial failover, and hot site or warm site replication. It is critical to get it right at the beginning, and this is where the extensive experience of a DRaaS partner can be drawn upon to ensure that the defined service achieves the customer’s objectives as well as your own.

Finally, your ultimate objective in defining a DR plan for your customers is to identify where they are most vulnerable and to help them to address those weaknesses to prevent disasters altogether. Again, you will have to move the needle on your relationship to go beyond reacting to their needs to anticipating them, and as a result, positively shape the way they operate their business.

This is why DRaaS is much more than an additional revenue stream or a sticky service, although it is both of these things. It is above all an opportunity to move you from being regarded as just a service provider to being a trusted strategic long-term partner for their business.

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global provider of comprehensive cloud, data protection, and security services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery Services from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

We usually think of being ready for a disaster as a kind of insurance policy against a low-probability event. This approach treats SMB and enterprise DR planning as necessary, but hardly strategic, and most of us would never consider it as a competitive advantage. We should.

In the spring of 2007, just before the 2008 financial crisis hit, Nassim Taleb presciently published a widely read book called The Black Swan: The Impact of the Highly Improbable. As if reading from a crystal ball, Taleb laid out his thesis that as our global economy scales and becomes more and more complex, we begin to see the unforeseen and unpredictable more and more often. He argued that to be competitive and truly profit from these unpredictable “black swan” events, you have to organize your business strategy to be ready for them, even if they seem very unlikely.

Effective Enterprise DR Planning Includes Cybersecurity, Public Health, and Natural Disasters

Since then we have had at least two of these worldwide seismic events. The most recent, the current pandemic, has been a wake-up call for every business worldwide. Disasters on a global scale do happen and, as it turns out, some businesses have been better prepared to meet the needs of their customers during this event. These companies have not only realized a short-term competitive advantage, but they have secured a firm foundation for their future growth.

But if disasters are unpredictable black swans, how do you plan for them? Taleb shows through a series of examples how important it is to think through the worst kind of risks that you might face and take out insurance against those possibilities. If the risk seems low to everyone else, then it will probably turn out that it doesn’t cost that much to insure yourself against it. And a corollary of this principle, if the worst happens, you will also probably be one of the few survivors. Which can put your business in a very strong competitive situation.

One of the important pieces in your disaster insurance strategy has to be a good disaster recovery plan for your company’s data. Cybersecurity events fall into that class of newly emerging black swan threats that face every business. As we embrace autonomous technologies built around IoT, AI, and machine learning, we are unleashing tremendous productive potential, but we are also setting ourselves up for a potential perfect digital storm.

Much as public health professionals have been warning us of the possibility of a pandemic for the last few decades, cybersecurity professionals have been trying to alert the world to its precarious state around digital security. No one knows exactly how or what will occur, but most who work in this field are concerned that we have a good chance of seeing a major cybersecurity event in the coming decades. Will your business be ready to survive and potentially even profit from it?

Key Considerations for SMB and Enterprise DR Planning

As gloomy as these threats are to contemplate, effective enterprise DR planning has to start with thinking through the worst-case scenarios that you might face so that you can ensure that resources and processes are in place to prevent or rapidly recover from a disaster.

Here are some key considerations at a glance.

1. Start by looking at what parts of your business systems, applications, and data that you simply cannot afford to lose.
2. Then take it to the next level by asking, “If all of my competitors were knocked down by the same event as me, what kinds of data recovery would give me an immediate advantage?” There could be an easily achievable difference between being minimally operable and able to pounce on a once-in-a-lifetime opportunity.
3. In developing a good data disaster recovery plan, you need to analyze the vulnerabilities in your IT infrastructure and identify the critical components of your operations. This has to be linked to a thorough analysis of your business functions and an assessment of which are the most critical to your ability to not only survive but successfully compete.
4. You must also ensure that your disaster recovery plan is well understood by your teams. Ensure that they are prepared to execute the DR plan when the time comes. This is difficult to do when the threat is a black swan event that is unpredictable and looks to most people consumed in their daily to-dos as highly theoretical, at best.
5. For this reason, it is important to fully script out the responses to a wide variety of emergency scenarios. Training and periodic trial runs — fire drills — are also a good way to ensure that when the moment comes, people will have developed some engrained patterns that they can fall back on when their amygdala has gone into overdrive.
6. To ensure that you have the skill sets and coverage needed during a disaster, also think about engaging the services of a third-party disaster recovery team. We have firefighters and other first responders for a very good reason. Training and constant practice in dealing with disasters is the only good way to be prepared for them when they strike. However, most businesses and organizations want to avoid having ‘constant practice’ with recovering from disasters for obvious reasons.

A Disaster Recovery partner can allow you to focus on your day-to-day operations, while also having access to reliable and specialized backup and recovery support. A DR partner can apply the deep expertise that they have honed with disasters day in and day out to your specific business needs. They can help you think through your business priorities, identify vulnerabilities in your systems, design backup systems and protocols, and provide critical and rapid response support. This will ensure that you cannot only recover gracefully but seize the moment when your competitors cannot.

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global provider of comprehensive cloud, data protection, and security services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around data loss prevention and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Over the past six months, the cybersecurity landscape has undergone a seismic shift. Nearly overnight, corporate network perimeters expanded to include employees’ homes, new virtualized infrastructures and far more widespread usage of cloud applications. New challenges emerged. From how to keep newly remote teams engaged and collaborating productively to how to repair devices when many IT service providers weren’t able to offer field support, there were far more questions than answers.

By now, we’ve begun to adjust to this so-called “new normal,” and alternative investment firms are beginning to look to the future. A clear majority of employed Americans worked from home during the global pandemic, and 80 percent report that they enjoyed the experience. 69 percent say they were at least as productive if not more so when telecommuting.

From Google and Facebook to small asset managers seeking to reduce the expense of renting office space in dense urban centers, many companies will never return to the ways of working they’d adopted prior to the pandemic. Some will reopen their offices but continue to rely on more flexible hybrid infrastructures and agile business processes in order to be better prepared to weather upcoming uncertainties; others may permit or even encourage increasing numbers of employees to telecommute while they maintain physical workspaces.

This means that the security concerns that arose during the initial lockdown period are being supplanted with more complex, longer-term questions. Microsoft Teams, for example, had 25 million users in March, and by late May this number had soared to 75 million. Such a rapid transition to a distributed workforce simply couldn’t have been accomplished without the cloud, but many cloud services are thin on security features, especially if default configurations are applied. And many users simply haven’t been educated on how to work securely from their home networks, how to evade phishing attacks, or how to follow best-practice remote access protocols. It’s also unclear what kinds of regulatory changes the global financial services industry can expect to see in the months and years to come.

What’s needed is increased attention to building resilient infrastructures that can stand up to the ongoing change that likely will be the only constant in tomorrow’s distributed and hybridized world. Security must become multi-layered, user education must become ongoing, and compliance must shift from preparation for a point-in-time certification to proof of diligence over a longer period through continuous logging and configuration management. It’s challenging to design and implement security plans that allow users to work from home safely without adding roadblocks or inhibiting their productivity, but it can be done.

Let’s take a closer look at what securing cloud-based environments in the “new normal” will entail.

Multi-layered security will become essential.

No single physical or logical access control measure is adequate to secure today’s complex, perimeter-free computing environments. Multi-factor authentication (MFA) can be circumvented by a determined attacker or foiled by a careless user’s thoughtless click on a text notification. Even the most complex passwords can be compromised in brute force attacks. And remote desktop protocol (RDP), often thought to be highly secure because it doesn’t allow files to be downloaded or executed locally, has recently been used as a vector for ransomware attacks.

Multi-layered security relies on redundancy to extend coverage from the endpoint to the cloud with consistent rigor. Multiple security measures should be configured to control access across every entry point into your cloud environment. This includes conditional access policies that ensure that passwords are complex and are changed regularly. It should also include MFA as well as blocking of unauthorized applications and unregistered devices. Device registration allows you to ascertain that all patches for applications and operating systems (OSs) are up-to-date on end user devices before they’re permitted to connect to corporate resources.

Solutions like data loss prevention (DLP) or properly configured remote access protocols can automatically block copy/paste, printing or file transfer from in-office computers or corporate virtual machines to end users’ personal devices. And containerization can greatly increase application-level security.

Here at Thrive, we designed our CyberSuite service portfolio with the specific needs of alternative investment firms in mind. We understand what it takes to secure data and assets, and know how to bolster investor confidence, ensure regulatory compliance, and provide peace of mind. Our cybersecurity consulting and solutions have always been grounded in a multi-layered approach, which has long been a best practice in information security. Today, it’s imperative.

User education will become an ongoing process.

No matter how comprehensive and robust your policies and security controls, your financial firm will remain vulnerable as long as your employees don’t know how to use systems properly or can’t recognize the signs of an attack. Human error remains the second leading cause of disruption to cloud services, and is often the enabling factor that permits malicious activities to succeed.

Security awareness training programs can do a great deal to close this gap. If your hedge fund, private equity firm or other alternative investment firm adopted new cloud applications or altered remote access or authentication procedures during the unexpected shift to remote work, it’s especially important to educate your users on security best practices for unfamiliar tools and solutions.

The best cybersecurity education programs incorporate a variety of mediums and methods (videos, email reminders, test “phishing” attempts, etc.) to boost end user engagement and encourage long-term retention of the material. Training should be ongoing and provide additional reinforcement to employees who struggle.

Organizations will move beyond point-in-time compliance.

In the wake of the COVID-19 pandemic, regulators around the globe have had a range of different responses. In the U.S., the Securities and Exchange Commission (SEC) hasn’t pushed out any new rules yet, while the Cybersecurity and Infrastructure Security Agency has updated only their Office 365 security recommendations. In the U.K., the Information Commissioner’s Office (ICO) has updated its guidelines for data storage in contact tracing applications as well as on customer log retention. More frequent advisories and notifications have been issued, with a particular emphasis on security awareness training for employees.

Going forward, regulators anticipate an increase in the number of organizations adopting 100 percent remote work models. The likely responses will include changes in audit processes to better support virtual auditing and a shift in emphasis from point-in-time certifications to more longer-term oversight to ensure that processes are adequate and there aren’t gaps in due diligence. A more modern approach to risk management will attempt to mitigate vulnerabilities iteratively on an ongoing basis rather than merely preparing for audits since this emphasis results in more robust security overall.

We’re proud of the early and frequent successes we’ve had in helping our clients navigate the transition to distributed workforces with ease. Our field engineers continued to provide vital on-site support throughout the lockdown period, and our 24x7x365 help desk maintained its commitment to industry-leading white glove customer service for clients around the globe. The agile, diverse and highly customized cloud solutions we create for CloudSuite Platform clients made the adjustment smoother, easier and more secure.

We see these successes as a harbinger of things to come. As we look to the future, we see alternative investment firms not just surviving but thriving as they support fully or partially remote work environments. We know that many challenges are still to come, and we look forward to partnering with our clients to overcome them together.

Would you like to learn more about how cybersecurity risks are evolving in tandem with the transition to remote work? Our subject matter expert for Cloud Architecture and Security, Michael (MJ) Laudenslager, teamed up with a group of leading experts from Thrive our partner, eSentire, to present an informative panel discussion on the future of security and regulatory compliance in the cloud.

View the panel discussion now: Digital Distribution and the Regulatory Landscape: Key Learnings and the Path Forward.

Participants include UK Information Security Manager Ian Bowell at Thrive, Christopher Tiu, Managing Director and Head of Asia Pacific at Thrive, Chris Bradden, Vice President of Global Channels and Alliances at eSentire, and Eldon Sprickerhoff, Founder and Chief Innovation Officer at eSentire.

The 2020 Atlantic hurricane season began on June 1 and is well underway; for the first time in recorded history, nine named tropical storms formed before August and thirteen formed before September. Out of those storms, Hanna developed into the first hurricane of the summer as a category 1 event, striking South Texas in July and leaving behind an estimated $485 million USD in damage. That’s one heck of an opener to the season!

The escalating frequency and severity of these natural disasters is posing an urgent and critical threat to businesses and organizations located along the Gulf of Mexico, the North American Eastern Coast from Florida all the way to Newfoundland and Labrador, and the Caribbean. Already struck by economic hardships from the pandemic, these regions simply cannot afford another catastrophe on their shores – and yet they are barreling towards them at an alarming pace with many organizations unprepared and without hurricane disaster recovery in place.

While the season typically peaks by September 10, the second half of the 2020 season is projected to be just as volatile. The National Oceanic and Atmospheric Administration (NOAA) has predicted that in total, we may see between 19 – 25 named storms between June and November 30 – the first time that the agency has ever predicted that we may have to start using the Greek alphabet to name our storms.

Out of those 19 – 25 named storms, NOAA forecast that 7 – 11 will become hurricanes, with 3 – 6 of those becoming major hurricane events with extreme damage and potential loss of life. As of this writing in early September, we have already seen 15 named tropical storms. Out of those, 5 became hurricanes with one developing into a major 3+ category storm. The 15th tropical storm was named Omar on September 1, breaking the previous record held by Ophelia in 2005 for earliest named 15th storm of the season.

Enabling Effective Hurricane Disaster Recovery

While early preparation is the best way to mitigate risks to businesses from a wide range of threats, given the early onset, rapid succession and severity of these storms, many organizations have been caught flat-footed. Most have had little time to check that their hurricane disaster recovery plans are in place and updated after only recently activating pandemic planning processes. Many are looking for help to address IT business continuity with their already stretched resources and expanded demands for DR.

An experienced cloud backup and disaster recovery service provider can address many of those business needs by lending their specialized expertise for effective hurricane disaster recovery planning and best practices while also recommending the best and most cost-effective Disaster Recovery as a Service (DRaaS) solutions. DRaaS providers can support your team with on-demand services such as managing your offsite data replication to a secure datacenter and ensuring that data is stored geographically distant from threatening storm systems.

Have questions? Our team is ready to help you weather the storm. Contact us today!

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrivee is a trusted global provider of comprehensive cloud, data protection and security services.

Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability and support that your business demands.

Contact us today to discover your options around data loss prevention and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.