Author Archives: Thrive

A SharePoint intranet is a connected workspace that allows teams within your organization to connect, collaborate, and share information, whether you’re in the same building or distributed across the world. When built correctly and used successfully, intranets are a powerful tool to engage people and to connect them with the knowledge and resources they need to do their jobs.

To ensure your team correctly utilizes the powerful capabilities of an intranet, we put together this guide of nine best practices to follow to help you get started.

DOWNLOAD our white paper today!

Microsoft SharePoint helps organizations achieve specific collaboration, business process or operational goals as part of their larger digital transformation strategy.

Learn how to build a comprehensive SharePoint governance plan that works for your organization by managing the three main pillars: IT governance, information management and application management.

DOWNLOAD our white paper today!

Microsoft Teams is a great team collaboration solution that Thrive supports as part of our Digital Transformation services. After integrating the people, content, and tools into Teams, it’s important to establish a strong governance approach to ensure long-term satisfaction and security.

Learn a more organized and strategic approach to preparing, documenting, configuring, implementing, communicating, maintaining, and adjusting your Teams governance journey.

DOWNLOAD our white paper today!

Thrive White Paper Teams Governance Cover

There’s no question that the COVID-19 pandemic has changed the way we look at work. It has meant spending more time than ever in our homes.

That has led to an increase in employees using personal laptops and PCs for work. Just a few short months ago, it was fairly easy to maintain things when in the office. Now, there are new challenges, as team members may not connect back into an office network to receive updates to the software or operating system.

If you standardize a remote desktop environment, however, you can control what’s happening from anywhere, from configuration updates to software maintenance to managing employees.

__________

There’s no need to design, build, and maintain a Virtual Desktop Infrastructure (VDI) in-house when Thrive can do it for you. Our Cloud Workspace gives your organization access to virtual desktop and applications from any device while maximizing performance. The secure, private cloud platform cuts out the need for expensive hardware.

Standardizing the Virtual Desktop Infrastructure allows us to access the management platform quickly. Without having to try to connect to a device remotely, we cut down the amount of time a helpdesk request takes.

Think about your organization or team for a moment. There’s a good chance that employees have joined the team, while others have departed during COVID-19. How are you onboarding new users and bringing them up to speed, or safely handling offboarding tasks?

Thrive has automated its service delivery model in recent years to help organizations onboard new users and handle offboarding tasks in a matter of hours. The days of manually punching in sales orders or having to approve files are gone. In the past, it could take three to four days to finalize software and hardware for an end user, leaving them waiting.

These days, once a new hire has been brought on board, they can log in from anywhere in the world if VDI is in place. All managers need to do is fill out a form, follow HR protocols, and a new user can be activated. On the flipside, if a user leaves the company, it’s easy to go in, fill out the form, and disable an account so that the user no longer has access. We continue to add all kinds of automation to the platform as time goes on, making it easier to reduce costs, increase data security, and enable end users to access desktop applications and data faster.

__________

The Thrive Cloud Workspace delivers Desktop-as-a-Service (DaaS), with back-end VDI fully managed and hosted by Thrive. Thrive’s Cloud Workspace allows for remote desktop environments or VDI depending on the requirements of your organization.

To learn more about advancing your remote computing environment in these times, and in the future, contact the team at Thrive today!

Are your applications and data properly protected? Our Thrive5 Methodology helps answer that critical question for businesses every day.

Our consultative approach takes a deep dive into multiple segments of IT operations and infrastructure to understand business requirements and provide solutions. At Thrive, we’re well-positioned to provide solutions to existing IT issues while working to prevent potential emerging threats.

The Thrive Technology Assessment

Does your organization need someone to lift up the hood and take a closer look at your IT operations? There’s a good chance the answer to that question is, “Yes.” During the initial phase of the Thrive5 Methodology, we perform a technology assessment that includes an in-depth review of your:

• Servers
• Networking
• Cybersecurity
• Governance
• Messaging

Looking at the existing solutions, we compare them against IT best practices to identify gaps that can be eliminated to mitigate risk and deliver greater efficiency for the business.

We all know that in 2020, IT departments were thrown a significant curveball. More specifically, backup and disaster recovery became a critical piece of our assessment process as many Americans worked from home. Just last month, a large-scale Google outage struck, affecting end users and their ability to access e-mail, YouTube, Google Drive, and Google Classroom, among other things. We help organizations plan for these types of scenarios, among others, to mitigate downtime.

We evaluate business processes as well as technology to ensure you’re meeting your company’s uptime requirements. What is your business willing to tolerate from a downtime or data loss perspective when unexpected events occur? Typically, that tolerance is low. We peel the layers back to understand your current technology stack and make specific recommendations to fill in the gaps and provide perspective on cost and priorities.

Solutions that Meet Your Specific Needs

Nine times out of ten, a company is missing critical tools that enable them to understand the current state of their environment on a real-time basis. That makes it nearly impossible to know how to deploy upgrades and new solutions.

For example, we have seen several organizations using on-premise hardware when it makes more sense to be in the cloud. Part of our assessment process maps out how our clients will migrate to the cloud. Some customers require a full overhaul, while some may only need minor updates. What the majority, if not all of our customers need, is the latest generation of security products, including our fully-developed SIEM/SOC solution, EDR-based protection for workstations, next generation firewalls, and disaster recovery.

As many of our services are standardized and consistent across the board with best practices, we have built out our service delivery and account management structure with the flexibility to align with our clients’ specific needs. Our service delivery teams also have vertical alignments, enabling them to provide additional value and expertise in both their recommendations as well as implementation and a best-in-class customer service experience.

__________

No matter where your employees are currently working, the team at Thrive is here to answer the call and provide solutions through our Thrive5 Methodology. To learn more about creating an IT roadmap for your organization, get in touch with us today!

For businesses of any size, keeping employees connected, working and productive is critical. But managing the IT needs of an organization is complicated. That’s why the NextGen technology experts at Thrive have created the Thrive Platform, powered by ServiceNow.

Creating an IT framework isn’t just about protecting intellectual property or trade secrets – it’s about stopping attacks that can disable your business. By laying out an IT framework, you’re ensuring devices are protected and business operations run smoothly.

Finding the right framework fit for your organization’s IT approach is easy when working with a team that understands the current landscape and requirements of your business. With Thrive, you can have a customized IT framework that provides transparency, security and performance.

Thrive’s Top IT Frameworks: ITIL & CIS

There are two frameworks we tend to use here at Thrive: ITIL (IT Infrastructure Library)-based and CIS (Center for Internet Security)-based. ITIL-based frameworks govern things like efficiency, capacity planning, liability planning, and end user requests. Lately, my focus has been on CIS-based frameworks, which give insight into what is being done well within an organization and where improvements can be made.

Oftentimes, we identify areas in which there may be framework gaps. This can be anything from comprehensive asset management and discovery to software packages. One big challenge organizations currently face is the concept of “shadow IT.” With different business units utilizing the cloud, there’s no need for employees to request permission to install applications or contact IT to perform a basic action, like using Google Drive. However, this can raise its own set of problems.

Staying On Top of Security

By going through CIS software discovery controls, we help raise awareness to ensure that a business is aware of all applications, both cloud and internal, and account for them.

This helps answer important questions like:

• How is a member of the organization authenticating themselves?
• What’s the nature of the data that’s being stored?
• When someone leaves an organization, is HR aware that files can be transferred, putting company information at risk?
• Are unauthorized users accessing sensitive or proprietary information?

We help organizations understand hardware and software controls, who should manage authentication for systems, what level of encryption is present, and whether endpoint patching and endpoint detection and response systems are in place.

If something happens, how do you respond if there is suspicious activity? How are employees notified of a potential incident, and who should be contacted for the next steps? We go through these controls with IT leaders and key members and stakeholders at the executive team level to enlighten organizations.

Using Frameworks to Set Priorities

Within the CIS framework, there are benchmarked levels that a company can strive to reach, and we often help clients evaluate which level is the right fit for them. This helps keep an IT organization aligned on which actions can efficiently produce the best outcome (or reduce the risk of bad outcomes) instead of sinking resources into something beyond their needs.

Security training goes a long way, and bringing your workforce up to speed can have several benefits. A SIEM service can identify and respond to security anomalies, but if you can educate your user community for a relatively low cost, you now have more eyes trained to identify anomalies or limit the likelihood of a phishing attack.

DNS filtering should be another standard. How does your company figure out what cloud applications employees are using? With DNS filtering across all devices, you’re opening the lines of communication with employees, with the ability to add controls to account for who is logging into the system. This allows you to track how data is flowing and how to protect it.

By laying out a framework in phases, we can show the steps that should be taken, including the basics, to make sure your users are educated and endpoint devices are protected. Typically, in a first phase, we focus on security awareness training, to show executive teams how many employees have failed when it comes to a phishing-type attempt.

When putting in something like EDR (endpoint detection and response), we can show visibility into the types of issues that can happen. It’s not just about protecting trade secrets – it’s about protecting business uptime and minimizing downtime.

__________________

The Thrive team is here to adopt the framework that will be the best fit for your organization.

Interested in learning more? CONTACT US TODAY!

No two cloud environments are identical. How can you figure out what’s best for your individual business?

Companies of all sizes must consider many factors when choosing the type of cloud infrastructure that will best suits their unique needs. These include issues like office location, number of remote workers, compliance requirements, the need for security and control, and more.

There isn’t a single right or wrong way to leverage the benefits of cloud, and the process of choosing between public, private and hybrid cloud environments can be complicated. Whether you’re running a family office, a midsized asset management firm or a large umbrella group of jointly managed pension funds, you’ll want to design an individual cloud strategy that reflects your business goals.

We encourage all of our clients to reflect on their short and long-term objectives when evaluating the potential benefits of cloud migration. Are you most interested in saving money? Opening new offices in a geographically distant location? Or perhaps closing all of your physical offices entirely and moving to a remote-work only model? Only by beginning with the ends in mind can you be confident that you’ll achieve your desired result.

To help you navigate the complexities of cloud decision-making, we’ve put together this brief guide highlighting the six primary factors to consider.

#1: Control

If you’d like to maintain full control over where your data is located, where your applications are running or who has access to this data center, you’ll want to avoid the public cloud. At any given time in the public cloud, you do not know the exact location from which you are accessing your data. The major public cloud vendors have multiple datacenters within a single region and/or availability zone and you do not have input on exactly where your data is “live”. You also do not have the ability to override public cloud vendor maintenance windows, which affect where your data is located during those times.

Similarly, if your uptime requirements are stringent, you should be aware that there’s no way to avoid downtime in case of major system outages like those that have been known to impact global users of Microsoft Teams, Office 365 and Outlook. While public cloud providers strive to provide extremely high availability and uptime rates, in cases where their systems do fail, you’ll have to wait – just like millions of other impacted users – for the cloud provider to resolve the problem.

With a private cloud environment, you’re in control of exactly where your data is stored. You can be confident of the physical and logical security measures that are in place, can know exactly what steps are being taken to recover from outages at any stage in the process, and can stay informed about who works inside the datacenter. If for instance, your data is subpoenaed for use in a government investigation, Microsoft is under no obligation to inform you or gain approval prior to handing it over to the authorities. A provider offering a private-only platform like Thrive’s hybrid cloud will let you know immediately.

Even within a single alternative investment firm, not all applications require the same degree of control and security. Designing a hybrid cloud environment allows you to exert fine-grained control over your most sensitive workloads while enjoying cost-savings and scalability by relegating those that are less sensitive to the public cloud.

#2: Security

It’s certainly possible to design a public cloud environment that’s just as secure as a private cloud solution, but it requires care, forethought and attention to the specific cloud options and configurations you select.

When it comes to application security and data protection, public cloud providers and Software-as-a-Service (SaaS) vendors like Microsoft offer multiple different “tiers” of service depending on the enterprise licensing plan you select. Although the least expensive tiers may seem attractive due to their lower per-user costs, they generally don’t provide adequate file protection, identity and access management capabilities or other advanced security provisions needed to meet compliance requirements in the financial services industry. For more effective security that mitigates the real-world risks of a breach – as well as the devastating loss of investor confidence that would follow – you’ll need to choose the top-level (and most expensive) licensing plan.

Major public cloud providers maintain hundreds of datacenters around the world. They leverage enterprise-grade hardware and advertise that they adhere to industry-leading physical security standards. Still, you’ll never know exactly where your data resides and you’ll never have precise control over the physical security measures present in its environment.

#3. Governance

There’s no global regulatory board governing the financial services industry. Instead, your firm is responsible for meeting all local and national requirements in every country where you’ve established an office. These can vary greatly around the world, as well as for different firm sizes and types. In China, for example, there’s a mandate that firms who retain a managed service provider (MSP) must maintain independent access to their data via a system that’s outside of the MSP’s control. Highly specific requirements like this one may steer you toward a private cloud environment, or conversely, make public cloud infrastructures more appealing.

#4: Cost

Much like the great myth that there are no outages in the Public Cloud, there is also a common opinion that the public cloud is always cheaper. However, this isn’t always reflected by reality. To make certain the public cloud environment you’re choosing will cost less on a monthly basis, you’ll need to add up all the additional costs that public cloud vendors price on an à la carte basis. Many of these additional costs are typically covered by private cloud providers in a service package. These can include backup features (How often are snapshots taken? How long are they retained?), security options, data availability guarantees and service uptime rates. In addition, it’s worthwhile to consider whether or not technical support is included: if not, per-minute charges for open tickets can add up fast.

Furthermore, such monthly costs typically change as your technology estate evolves with your business requirements. Cost control is therefore a key consideration. A traditional private cloud has a fixed cost base and, more often than not and against popular belief, at a commercial rate that is either on par or lower than a public cloud alternative with the above considerations. Public cloud providers, Microsoft in particular, increase their prices year after year, often on more than once each year. It’s important to be aware that commercially attractive propositions on Day 1 are very likely to change considerably over the months and years that follow.

Lastly, consider your migration costs. For start-ups that have little data to move and no legacy in-office hardware, it can be much more economical to leverage public cloud options. Larger and more established firms may find that month-to-month cost savings are minimal if not non-existent and migration charges exorbitant.

#5: Migration

Make no mistake — a cloud migration project is a large-scale undertaking that’s guaranteed to take time and cost money. Depending on the size of your firm, your tolerance for disruption and downtime, and the number of legacy software applications that are mission-critical for your business, it may make sense to keep some systems on premises. Hybrid environments can provide a best-of-both worlds approach that allows you to migrate nonessential applications gradually.

#6. Users

Where your partners and employees live and work will have significant implications for which cloud computing model will best meet their needs. Performance is best when datacenters are located in the same region as their users. This may not have big drawbacks when you consider occasional employee travel. But it may be very important if you open an office in Hong Kong that performs time-sensitive trading.

Be aware that Microsoft does not offer global tenancy to customers with fewer than 250 seats. What does this mean? An international small business will have to run out of a single Microsoft datacenter location. This has the potential to create latency issues for the majority of its employees.

Policies like this are constantly changing, though. In early 2019, Microsoft’s requirement for global tenancy was over ten thousand seats. It’s essential to keep up with the latest offerings to understand what’s currently possible in the public cloud.

Perhaps you’re thinking that this was a detailed discussion? In fact, we’re only scratching the surface of the issue. There are a myriad of considerations to take into account when designing a cloud computing environment. Check out the upcoming articles in this series to learn more about the pros and cons of each type.

Need help choosing a cloud solution for your alternative investment firm? Contact us for a complimentary consultation.

You’ve embraced remote working – are you still secure?

The trend towards remote working has been growing for several decades, but recently due to world events, many businesses have had to adopt supporting technologies and processes quickly and under pressure. The remote working trend has also dovetailed with the move to the cloud and software-as-a-service applications like Office 365. Cloud services are a great help in implementing remote working and in helping teams to collaborate even when not working in the same location. Cloud-enabled services and applications are often misunderstood, however, when it comes to security measures. Along with their SaaS services, businesses also need to consider using cloud-based security and disaster recovery services in parallel from a trusted DRaaS provider.

SaaS and Cloud providers like Microsoft, Salesforce, Google and others promise to secure the infrastructure that hosts the cloud application. But these SaaS providers are not responsible for covering all of the possible data and security issues that can arise, so customer support for backup, replication, and recovery services needs to be considered.

While the cloud provider takes care of the infrastructure, data and access remain the customer’s responsibility. The access risks compound as workers increasingly work remotely and communicate through email, which is the number one vector for malware.

Secure access to the cloud for remote workers today is usually ensured by either using an SDP or split-tunnel VPN. In either case, the security of remote access relies on user authentication. It is important not to make the mistake of relying on the employees to set up and manage their passwords. Individuals are notorious for setting easy-to-remember but also easy-to-guess passwords. Set up strict corporate password policies and enforce them. Also enforce regular intervals for employees to update their passwords.

Even with these stricter password policies in place, businesses would also be wise to employ multi-factor authentication (MFA). There are a number of ways for bad actors to manipulate or trick your employees into unintentionally revealing their passwords making it a good idea to have a second authentication method as a further roadblock. Traditionally, MFA was done using tokens, but it has become much simpler today to use the employee’s smartphone to send a code that they then enter into the SaaS login credential screen. There are a number of good choices for MFA available such as Google Authenticator, or options recommended by Microsoft. Need help determining which MFA solution is the best fit for you? Ask our Microsoft 365 experts today!

Even MFA access through SDP or a VPN will not always guarantee security for your most precious data; internal employees can also act maliciously. Therefore, it is a good idea to design your internal data access policies to ensure that each end user only has access to the applications and data that they need to do their jobs.

Segmenting your data collections is another good policy to adopt for additional Cybersecurity and data protection. Having all your eggs in one basket is never a good idea. Using various software-defined networking techniques such as SDPs or SD-WAN, you can literally define the connection between the user’s device and a specific server. They can be completely restricted to this network slice. Finally, think carefully about which workers get remote access; not everyone needs it all the time.

One main vector for security breaches is via email “spear phishing” attacks, which attempt to induce people to reveal personal information, such as passwords and credit card numbers by posing as reputable companies.

Phishing is a common technique for extracting passwords from employees with some IT professionals reporting 1000+ phishing attempts hitting their email inboxes a month. Other malicious email campaigns include sending attachments with embedded trojan code, or links pointing to compromised websites that auto-download malware onto users’ systems.

All employees are at risk of making a split-second poor decision and exposing their computer to these attacks. Threat actors are adept at choosing topics that people are eager to learn more about, often playing off trending fears and anxieties to lessen people’s natural caution and common sense. As a sign of the times, many organizations are reporting increased email phishing and Business Email Compromise (BEC) attacks since the beginning of the COVID-19 pandemic, with many messages claiming to offer breaking news or free tests. Once the pandemic has finally abated, threat actors will move on to the next anxiety-provoking topic.

While Microsoft and other email SaaS providers often try to help filter unwanted senders’ messages by verifying the IP address to guard against phishing, oftentimes their off-the-shelf attempts lack comprehensive protections and may lag behind in updating against the latest threats. IT professionals should look to enhance their email security by looking for Managed Anti-Spam and Anti-Virus solutions that offer services for scanning both inbound and outbound emails to eliminate spam and known attacks and Managed IT Services for analytical reporting, Cybersecurity, and on-demand expertise from a trusted DRaaS provider.

While it is critical to stay on top of the latest security threats and trends, it is also the case that malicious actors are constantly innovating new attack strategies. Barely a week goes by that some new kind of threat is launched and discovered. From denial of service to trojan horses and ransomware, you can never rule out the possibility that your business will be the next headline victim and cautionary tale.

How does a DRaaS Provider enhance Microsoft 365 data protection and cybersecurity?

That is one of the most important, but not the only, reasons to have a comprehensive backup and rapid disaster recovery service. Another reason is that employees unintentionally delete data all the time. They are the most common source of data loss. Even IT professionals can make configuration mistakes that can open data to being hacked or even lost. So, a comprehensive backup and disaster recovery option is essential for restoring your data.

This is where cloud services expand their usefulness from a means to collaborate efficiently, to storing and protecting your critical and everyday business data. Disaster Recovery as a Service (DRaaS) has become increasingly important in an era of escalating natural disasters, cyber-attacks targeting critical public institutions and businesses, and sophisticated social engineering campaigns bombarding your business day and night.

The good news is, as the importance of DRaaS has risen, the affordability has too. Many savvy organizations are leveraging the flexibility and rapid responsiveness inherent in cloud-enabled backup and recovery. After all, one of the many reasons that you adopted a cloud model was to get away from the capital costs and ongoing operating expenses associated with running and maintaining your own internal data infrastructure. Now that there are a range of cost-effective disaster recovery services available, businesses are finding that DRaaS makes good common sense.

In addition to helping you to recover from a disaster, an experienced DRaaS provider can also proactively help you to prevent data disasters from occurring in the first place and enable your business to work securely no matter where your end users are located. As a third party specializing in helping businesses recover from various disasters, they are best placed to anticipate what your business might face in the future. They can help you to design your security approach, as well as prioritize your data resources, segmenting them and working with you to create a plan for ensuring that the most critical data is restored as quickly as possible to keep you up and running.

The possibility of remote working and cloud-based services have been a godsend for many businesses, allowing them to remain operational in these difficult times. It is unlikely that the workplace will return to what it was and remote work is probably the new normal or highly significant for many businesses going forward. Your DRaaS provider can make sure that you do it securely and ensure that you can also recover gracefully if anything goes wrong.

Want to know more?

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global DRaaS provider of comprehensive Cloud, Data Protection, and Cybersecurity services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind. Thrive is an accredited Microsoft Office Level 1 backup and DRaaS provider.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as Cloud to Cloud Backup for Microsoft 365, email archiving, and Thrive DR services. Regardless of internal user error, ransomware attacks, or when a health disaster strikes, ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Questions? Ask Our Experts!

“Learn More about NextGen IT Service Delivery for Your Business”

No single solution has existed to automate IT tasks, enable anytime, anywhere self service for employees, and deliver a 360º view of an organization’s technology assets.

The Thrive Platform is an easy-to-use portal that creates a superior IT experience by giving employee end users, approval managers and IT points of contact a personalized view of what they need to see.

Sign up today to schedule a demo with the Thrive Platform team and see how it can transform IT service delivery.