Security

Blog, Cetus Solutions, Check Point, Cloud, IT Solutions, Our Upcoming Events, Security, VMware

WannaCry: What We’ve Learned One Year On


6 Comments

It felt like the world was held to ransom. All over the globe – an astounding 150 countries in fact -, little red boxes popped up on computer screens, causing dread and havoc. ‘Ooops, your files have been encrypted!’ they read, asking for between $300 and $600 (£230 to £470) in bitcoin for the safe release of the files. On Friday May 12th 2017 nations of the world collectively gasped as these faced the most devastating and widespread cyber security incident at that time. Over 200,000 machines were affected, with the perpetrators scamming over $112,000.

In Britain, the NHS was hit the hardest. The little red WannaCry pop-up appeared at 1pm on the screens of only four trusts, demanding the ransom. By 4pm, when the ‘kill switch’ was accidentally found, it had spread to 16 trusts. The cyber-attack threat was officially ‘stepped down’ by NHS England a week later, but not before the affected reached a staggering 80 out of 236 hospital trusts as well as 603 primary care and affiliate NHS organisations. Public health in the UK was seriously affected, since the ransomware attack resulted in thousands of cancelled appointments, infected systems and the diversion of A&E patients to other hospitals.

In hindsight, and a little bit of digging, it was a disaster waiting to happen. The NHS had been warned as far back as 2014 that their level of cyber security just wouldn’t cut it. With a failure to undertake the most basic of IT security procedures, which included patching and updating software, as well as not putting a strategy in place to properly deal with a cyber security incident, it’s a miracle that it didn’t happen sooner. But it was a huge wake-up call, not only to the NHS but to businesses globally. No longer would cyber security rest on the hopes of a flimsy firewall that hadn’t been updated in several years – this is a real risk, with significant consequences. So, in the year since WannaCry, what exactly have we learned?

It’s horrifying to think that WannaCry was a Gen-V cyber threat, while according to Check Point’s Cyber Security Generations Survey from March 2018, only 10% of IT security professionals are at Gen-IV and, worse still, only 3% are at Gen-V.

According to a recent report by cyber security firm Tanium, most organisations would still be unprepared should another incident like WannaCry happen again. The survey of 500 frontline IT security workers in the UK is shocking; 40% admit that their organisation is even more exposed than last year. Only 31% confessed that their organisation had invested in new security systems since WannaCry. As I stated already slightly higher up, it was basic IT security procedures that were the gateway for WannaCry, yet a staggering 66% of the IT security workers admitted that they still hadn’t improved their patch management process.

The results are definitive; it’s time to start safeguarding against further, potentially more devastating, cyber-attacks.

It’s all about the patching
WannaCry sneaked through a Windows weakness where there was a lack of security. Shockingly, it had been discovered and there had been a patch for the offending loophole two months before the attack. I know having to update is a major pain, but guys, it just needs to be done. WannaCry was a Microsoft Windows ransomware, a software that locked the files by encrypting them. This particular ransomware was particularly nasty because it was network enabled, which allowed it to essentially spread like a virus throughout not only the local network, but the internet as well. What your organisation needs right now is a patch management solution in place to patch for known vulnerabilities as soon as they arise, so that no little malware buggers can infiltrate your systems.

Backup, backup again, and verify
Had your organisation been hit with the WannaCry malware and you’d had all of your data backed up, you’d have been laughing – for the most part. Regardless of encrypting malware potentially hitting you, backups are critical for all things disaster recovery and business continuity. Whether it be tape or cloud (like Cetus Continuum), all of your data needs to be replicated somewhere safe. Regardless of where you store it (and we really do suggest cloud), it should all be encrypted. Security is, after all of this, a priority.

Use all of the threat intelligence and prevention
If you haven’t heard, micro-segmentation is really in right now. Which is really great in the face of cyber security. Life may be like a box of chocolates, but your data centre needs to be more like a hotel and protect itself from east/west traffic. This next point is important; invest in some good threat intelligence and threat security. At the moment, we’re working with Check Point and VMware to highlight how merging Infinity and NSX can create the ideal security solution to protect you.

Figure out where you stand with a security posture review
There are hundreds of ways to fall foul of a cyber-attack in this day and age. With work no longer confined to the office, mobile workspaces have become all the rage – and for good reasons. Being able to work while on the field instead of having to wait to get back to the office, being able to work from home, or just simply being able to sort out an urgent matter when on holiday is revolutionary. And everyone’s trying to get into it. However, using some random Wi-Fi is always a risk. Honestly, you’ve not lived until you stand outside an O2 store trying to rob a second of Wi-Fi to send an email. In the rain. But how secure is that? A security posture review is essential to identify where your security has slipped. And it just so happens that we offer complimentary security posture reviews, where we analyse network traffic to detect a variety of security threats, evaluate end-point security, assess any threats that lurk in your infrastructure as well as other crucial little things. Have a chat with our experts to see where the danger can find a way in.

One thing is for definite; cyber security has never been so important, and making sure that your IT reflects that is the way to protect yourself as much as possible from an attack. It’s important to be proactive in your cyber security, or you’ll be reacting to a security breach instead.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Security, Uncategorized

What Would You do in the Case of a Cyber Attack?


2 Comments

A cyber attack. You’d get shivers down your spine just thinking about it. As more of our lives- both personal and professional- are being moved online, the threat of a cyber attack increases, and with it the repercussions it would entail. We all have firewalls, anti-virus software, a few bulbs of garlic by the window, all to keep the bad from coming in. But eventually, regardless of what measures you take (most IT professionals would not recommend the garlic), there will be a breach. Speaking in statistics, 83% of businesses believe that the complexity of their organisational structures and IT infrastructure is putting their company at risk. And just think about what you have online; so much of your personal life, and your business. While both are sensitive (though I personally don’t really mind if my chocolate-eating habits become public knowledge), the latter could really affect your business reputation. While we all know that an attack is a real possibility, a lot of businesses haven’t really put much thought into it, and haven’t put a contingency plan in place.
So, what should you do in the case of a dreaded cyber attack?

Don’t panic- find out what happened
First of all, breathe. Until you know exactly what has been hacked into, there’s no point in fearing the worst and losing your cool- you’ll need it going forwards. Now, it’s important to find out what exactly caused the breach, and fast. Speed is a priority, and might just be what saves your reputation. What data has been compromised? How much data has been compromised? It’s also vital to determine whether you’re looking at a malicious attack or a technical glitch.

Secure your systems
Now that you know what exactly you’re dealing with, you need to contain the breach. You might think that the first call of action would be to shut everything down. Push that big red button, sound the alarms, go into lockdown. This may not be the best idea though; the hackers could sense that you’ve cottoned on and that could in turn make it harder to identify the culprits. Using another device, change your passwords and logins- the hackers may have installed software to track and record your movements. Implement a firewall on the affected machine to prevent it from broadcasting outside of your building. If you try and track down the source of the attack it may leave you open to further attacks. This is where good business continuity comes into play; even ten minutes of system downtime can be extremely costly, so switching over to an unaffected back-up can help minimise financial impact. So, does your IT solution include business continuity? Have a chat with our experts at Cetus to alleviate that worry.

Call in your legal army
As soon as you discover a breach, call in your army- of legal defence. If you don’t have a company lawyer, now is definitely the time to get one. There are plenty of legal issues to be considered, including whether or not to inform the regulator. In The UK, we have the Information Commissioners Office (or the ICO, who are spear-heading the GDPR movement in the country). Protecting your organisation from claims of malpractice is paramount. This includes how you will be informing those customers of yours that are affected. Clearly, having legal defence to point you in the right direction is crucial. At this point, it’s important to begin keeping detailed records of everything that happened and your steps to resolving the issue. Everyone who is participating in the incident response needs to keep detailed, ongoing accounts of what steps are being taken and why, as well as any costs incurred as a result of the attack. Things of particular importance to note; all incident-related communications, the identity of the systems, services, accounts, network and data affected by the breach. Don’t forget to record all of the information that is related to the amount and the type of damage that has been inflicted.

Stay alert- it might not be over yet
This is the last thing you want to hear, but realistically, it might not be the end of the nightmare. I know you just want to start putting things back together and start healing, but with the variety of scams at the moment, you might not know what you’ve fallen into. Depending on the nature of your attack, there might be more suitable incident plans to minimise damage. Ransomware attacks are the most common forms of attacks recently, as criminals scare you into paying them for control over your computer. Get in contact with your leading anti-virus firm, they always keep on top of the latest attacks- you might not be the only victim. Just make sure to keep your other devices secure- the hackers are also able to attack tablets and smartphones!

Hearing the word get out
Be prepared- you might be in the press spotlight after the attack. This is another reason why it is so important to work quickly and ensure that you take all the necessary steps to detail what you do to contain the breach and how you work towards minimising the damage. You’ll need to have a tailored statement ready as soon as possible- if you don’t have an internal PR department it would be worth investing in external support. But before the press even start reporting on the story, it is wise to inform your affected- or potentially affected- customers. It’s not a nice prospect, but the sooner your affected customers know that their data was part of the breach, the sooner they can take measures to protect themselves.

Learn from the attack- investigate!
You’ve made it, hopefully with minimum breach and your reputation still standing. But now is not the time to celebrate- it’s time to learn from the incident. Carry out a full investigation, determining how it occurred, its affects and any remedial factors that would prevent it from happening again.

And there we have it. While a cyber attack isn’t on anyone’s wishlist, these are some of the best ways of dealing with the aftermath. Not in the middle of a cyber attack right now? Come talk to one of our experts today to complete a complimentary security posture review, where we will analyse network traffic to detect a variety of security threats including malware infections,
evaluate end-point security with focus on mobile device management,
assess any threats posed within your infrastructure such as east west traffic, and more.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Cetus Solutions, Cloud, Continuum, Technology, Uncategorized

Keeping Up With The Backup Trend


5 Comments

It’s 2018. IT is evolving at the speed of light. Our mobile phones can do just about everything and still fit in the palm of our hands. We’re talking about 5G data and the possibility of never having to think about broadband again. Scientists are predicting holidays on Mars, being able to travel in drones and creating huge underwater cities- that we could live in. So obviously, in our little corner of computing, all things IT solutions are moving at the speed of light, right?

Right! IT solutions are keeping up and ahead of trends and security risks, while creating new and improved ways to work and use our mobile devices- and this is every day. And this includes backups.

Disaster recovery, business continuity, backups; we all know how important it is to have copies of our data ‘just in case’. And the most prolific of those is,- and has been for over sixty years-; the humble tape. But why? Surely, surely, some IT geek out there has come up with something better, cheaper, more reliable- I don’t know, digital? It’s crazy that in a world where Netflix replaces DVDs and Sky, and Spotify replaces cassette/vinyl/CD collections, we can still be storing our entire businesses onto tape en masse. Especially when we have other options to keep things safe; USB, replication, CDs? So why, with all the new advances in tech, are we still using tape?

Tape does have its limitations, there’s no doubt about that. If a file gets corrupt, you’re stuck; any error and your data will be unrecoverable. Tape can be lost; fire and floods will most definitely disagree with them. If you haven’t a good enough backup you could lose a significant amount of data. Hardware failure, poof. Gone. And if you want to be extra safe and store your backup tapes in a separate location, say to avoid losing everything in the case of a building flood or fire, the time it would take to transport all of those servers would be a cost in and of itself.

Thankfully, the future has arrived. The answer to the modern question; replication.

Replication is the copying of an organisation’s data and then moving it between that organisation’s sites. Unlike a tape backup, replication only stores a ‘snapshot’, keeping the most recent copy saved, instead of the file’s history. But, while it is expensive, it is more in tune with business continuity; should your original system go down, it can take only milliseconds (if you’ve a good one) to switch to the second site- even if it’s hundreds of miles away. You shouldn’t even notice the switch. For all businesses, this is a crucial factor; time offline can cost hundreds of thousands, even if only for a few hours.

Continuum is Cetus Solutions’ answer to all things backup. It comprises four distinct but interconnected elements to give you the best experience in backup. A local Veeam backup solution will gather backups and provide you with a local backup and restore repository. A local cloud backup will provide you with the optimum offsite cloud location for the local repository to target. A backup archive provides a long-term, deep archive repository for replicated backups. And finally, hot running provides the ability for the client’s infrastructure to be run in the Cetus Continuum Cloud. It was designed with your business needs in mind, addressing business continuity challenges that you haven’t even thought of yet;

1. Full infrastructure recovery- and not just data.
For every well-defined disaster recovery plan, there is a focus on data. And this is the focus of Continuum; recovering and protecting the underlying server and desktop infrastructure to make sure that your data remains secure and accessible is one of our top priorities after a disaster, just as much as getting your business back on its feet.

2. We test. A lot.
Testing once a year is no good. You know that, we know that. In the face of a disaster, knowing that everything was hunky-dory when we tested it out a year ago just isn’t going to cut it when you’re having issues now. So we automatically verify and check the integrity of each virtual backup server on its way to the cloud. On top of that, we perform a full recovery test on a regular basis to suit your business needs, that way you just know that if something were to happen, we’ll have you back up and running with minimal disruption. That’s true peace of mind.

3. Fully. Managed. Service.
You read that correctly. Cetus Continuum provides you with not only the state-of-the-art technology, but a whole team of IT professionals who are working behind the scenes to make your business float. We’re on hand 24 hours a day to make sure that your replications and backups are completed successfully each day, and initiate the recovery process in the face of a disaster. So you know that we’re behind you at all times, ready and waiting to come save the day. You could almost call us superheroes.

4. A holistic backup and recovery solution.
What we do at Continuum isn’t rocket science, it’s basic sense. Our ‘secret’? We combine a local backup repository with our secure cloud repository. Tah dah! Because we do it this way, Cetus Continuum provides local file and VM restoration- either under your control or ours, whichever suits you best-, restoration from our cloud or full infrastructure and workspace recovery in our cloud.

We do rave and rave about backups at Cetus. We know that while it is such an important part of your IT, it’s one of those niggly bits that you can easily ignore and put on the long finger- until disaster strikes and you kick yourself for not having sorted it out sooner.
So have a quick chat about Continuum with our experts today and step into the 21st century’s answer to backup.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Cetus Solutions, Check Point, Cloud, IT Solutions, Security, Technology, Uncategorized

Practice Safe Mobility – Protect Your Endpoints


No Comments

It’s not the naughties anymore – the age of consequence-free mobility is over I’m afraid. It’s time to start practicing safe mobility. It’s time to put some endpoint protection on your ‘device’. The result of not doing so exposes your business to risk from threats, data loss, and unauthorised access.

For decades now, endpoint security has been the domain of anti-virus software. This was because Windows endpoints were the primary target, and we all ‘knew’ that they were vulnerable. Many businesses installed AV software on endpoint and moved on to more important matters…

So, what’s changed? Well, I would suggest that things have changed from two perspectives: the ‘use case’ has changed, and the threat environment has changed.
Taking each in turn…

From a use case perspective:
• The age of the virtual desktop seemed to be upon us (at least from Cetus’ perspective) – and then came ‘the well-managed Windows 10 desktop’.

• We’ve been acting like consumers for years now – buying smart phones, tablets and phablets and then wanting to use them for work.

• We’ve also been liberating ‘our’ data – storing it in personal cloud stores like Dropbox and sending it via our personal email accounts in an effort to be more productive
So what’s changed from a threat perspective?

• The days of good ‘old-fashioned’ viruses seemed to disappear when the use of nation state cyber weapons ransomware became an everyday thing (think Wannacry).

• Threats are now specifically targeting mobile devices (think Man-in-the-Middle Attacks. Women-in-the-Middle attacks are also a threat).

• Public cloud services are now part of most corporate strategies (think OneDrive), extending network boundaries into ill-defined, global data centres.

• Increased legislation with regards to the protection of individuals and their personal data (think the GDPR and its somewhat over stated, but none the less terrifying €20m fine).

The above list is by no means exhaustive, and tries to give a flavour of the changing threat landscape. So where am I going with this? Well, the good news is that our friends at Check Point have a solution to your cyber woes. Our cyber security portfolio provides Check Point End Point Security and Security Gateway Appliances that allow us to provide end-to-end security that encompasses your data centre, end points and the Cloud.
Specifically, from an endpoint perspective – Check Point provides data security, network security, threat prevention and a remote access VPN for complete Windows, Mac OS X and mobile device security.

If you’ve been playing fast and loose with your endpoints then we’re here to help. Our free-of-charge Security Posture Review will provide you an opportunity to discuss your endpoint security challenges, as well as your wider cyber security posture with regards to perimeter, data centre and cloud components.

Speak to an expert

Blog, Cetus Solutions, IT Solutions, Our Upcoming Events, Security, Uncategorized, VMware

When ‘Traditional’ Approaches to Security Are No Longer Enough…


1 Comment

Security attacks are without doubt increasing in sophistication and frequency. With the average time to detect a breach over 200 days(!) the damage an attack could cause is frightening… Simultaneously, for many organisations their IT infrastructure and networks are becoming increasingly complex – with 83% of businesses believing the complexity of their organisational structures and IT infrastructure is putting their companies at even greater risk for security breaches.

In recent years, the number of high-profile data breaches compromising sensitive information has continued to rise. Although breaches were achieved in different ways, the majority exposed the fundamental weakness of the perimeter-centric network security model: after all, once the perimeter is breached, it is difficult to stop threats from moving laterally (east-west) throughout the data centre. These attacks have proven that investing in perimeter firewalls is insufficient and that more investment is needed to secure east-west (server-to-server) traffic.

One solution is virtualisation. Virtualisation abstracts the underlying infrastructure from the applications running on top of it, giving IT departments full visibility into the data path. Abstracting applications from the infrastructure provides the ideal enforcement point to compartmentalise applications through micro-segmentation of the network. This allows simplified security-policy creation and management. It also helps reduce the overall application infrastructure attack surface and provides the ability to effectively prevent threats from breaching the data centre. Leveraging abstraction in the data centre also protects the infrastructure from any compromise.

In our attempt to help more organisations improve their security posture, we are proud to announce that last year Cetus Solutions earned VMware’s highly sought-after specialist competency in Network Virtualisation. VMware, who pioneered the term software-defined data center (SDDC), awarded Cetus with the accolade after demonstrating technical competency, experience and expertise in delivering NSX solutions.

VMware NSX is the network virtualization and security platform for the software-defined data center. VMware NSX brings security inside the data center with fine grained policies tied to the virtual machine they protect. Essentially, with NSX, IT departments can programmatically create, snapshot, store, move, delete, and restore entire networks with the same point-and-click simplicity and speed of a virtual machine—delivering a level of security, agility, and availability never before feasible with hardware-centric or traditional operational approaches.

Our Managing Director, Mike English, had a few words on the achievement;

“We are delighted to have secured the Network Virtualisation competency from VMware. In the last twelve months, we have seen an uplift in conversations centred around data center security and particularly micro-segmentation. VMware NSX’s capabilities makes this level of protection economically and operationally feasible for the first time for a lot of customers. By gaining this competency, it shows our commitment to helping customers define, deliver and manage their security strategy in line with their business requirements.”

With the threat landscape increasing ‘traditional’ security approaches are failing to effectively secure a modern organisation. Now is the time to revaluate your approach to security. Our free-of-charge security posture review will provide you an opportunity to discuss your endpoint security challenges, as well as your wider cyber security posture with regards to perimeter, data centre and cloud components.

Speak to an expert

Blog, Our Upcoming Events, Security, Technology, Uncategorized, VMware

Micro-segmentation; As Easy as Stealing Candy From a Baby


1 Comment

I often feel that trying to come up with a good metaphor is a bit like herding cats. I know; I’ve used a simile to describe the difficulty of creating a metaphor; but that’s kind of my point. As is the case with my latest blog requirement: Micro-segmentation. You see; VMware have already nailed it with their ‘Hotel & Castle’ metaphor for VMware NSX.
It just works…

It goes like this:

1. Think of your perimeter security as your ‘castle’. A solid wall of impenetrable protection with only one way in and out (your firewall). This is your ‘North/South’ traffic protection.

2. Think of what happens when your castle walls are breached: burning, pillaging, looting; all sorts of terrible things. That’s because your protection is facing ‘outwards’. Once in; your internal (East/West) traffic is unprotected and susceptible to pillaging. Now I’m not sure what ‘pillaging’ is, but the metaphor implies that your servers are now vulnerable.

3. Now think of a hotel. You can stroll in without being challenged (usually). But once you’re in you can only access public areas. If you need to get into staff areas, rooms, gyms or whatever; you’re going to need a keycard that grants you access to a particular subset of private areas.

That’s what micro-segmentation does – well, metaphorically at least. In theory, I now only need a short statement to align the metaphor with your data centre; so here goes: Micro-segmentation provides hypervisor level, layer 4 protection for east/west traffic within your data centre; preventing cyber threats from spreading once they’ve breached your perimeter security. Clever stuff!

I think it’s fair to say that my description above is somewhat simplistic. The good news is that our VMware NSX certified experts can explain it properly to you. Our free-of-charge security posture review will provide you an opportunity to discuss your endpoint security challenges, as well as your wider cyber security posture with regards to perimeter, data centre and cloud components.

Speak to an expert

Blog, Cetus Solutions, Cloud, IT Solutions, Technology, Uncategorized

Busted! Top Cloud Security Myths


No Comments

In the lead-up panic to GDPR enforcement on the 25th of May, I thought I’d go ahead and clear up a few of the cloud security myths that have been knocking around lately. As it is, according to Steve Morgan in the Cybersecurity Business Report, malware is projected to cost the world a whopping six trillion dollars a year- and that’s by 2021. And with cloud hosting getting more popular by the day, it’s nice to know where your priorities should lie while you’re trying to sort out your GDPR compliance. So, here we go! I’m counting again (if you missed that disaster on reasons to move to cloud in 2018), so we’ll see how it goes.

1. The cloud is still a new concept, and is therefore insecure.
It’s been over fifty years since the idea of cloud became an actual thing. And it was around then that the distrust started surrounding the concept. It’s an understandable worry- data in your control is far safer; you know exactly where your data is, how it got there and who has access (in theory- but we’ll save that for a further point). The point is, the cloud isn’t new. Neither is encryption or the risk of malicious people hacking in to cause chaos. As issues surrounding these breaches have come up, cloud providers have kept up and ahead, upgrading and designing new cloud solutions to ensure continuous improvement of cloud.

One of the advantages to cloud hosting is the investment cloud providers make into security. Since your data is being stored with a cloud provider, it’s up to them to update all its firmware and configuration changes. I don’t know about you, but I’m not very reliable when it comes to updating my malware or firewall. It’s so easy to ignore that annoying notification that pops up on the bottom right-hand corner of your screen when you boot up your laptop first thing in the morning. Cloud providers have much greater expertise in the area of data hosting, and they have the technical staff to deal with any issues that arise. Isn’t that one less headache to worry about?

2. On-premise hosting is best.
You gently brush your fingers down the server casing, cool to the touch, like a whisper shared only between the two of you. You know your server, it knows you. Stored in this piece of tin is not only data, but years of intimacy between you, an intimacy that you have been relying on for so long.

Except you can’t actually rely on it.

There’s a weird concept that when your data is stored on-premise it’s safer. I understand how, in our current GDPR-focused reality, being able to see exactly where your precious data is being housed can help quell fears. But in reality, on-prem hosting brings with it a whole other host of issues- issues that are your responsibility to deal with.

Take, for example, the destruction of your building. Fire, flood, paranormal activity- you get the idea. Everything goes, and it stays goes- er, gone. Then you have the possibility of questionable back-up processes, that aren’t questionable until you actually need to rely on them and realise that they haven’t been done in the last month. Oops. Then you have to ask yourself if the security measures that you’ve put in place are up to a high enough standard to protect all of your data.

And while you’re so worried about protecting yourself from the threats of the outside, what about that troublesome employee that you’ve finally gotten rid of after years of problems? Or an accidental or negligent security breach? These are far more common than getting hacked, but they could have the same disastrous consequences for your business.

3. All cloud systems provide the same levels of security.
There is a difference between a personal ‘data cloud’ and a cloud business system. One would understandably have to have far more stringent levels of security; I’m sure you can guess which. At the same time, you can’t assume that all cloud business solutions employ the same levels of security, and it’s important to make sure that you have a checklist for the kind of security measures that are required.

A ‘best in class’ cloud provider would normally have a top-quality data centre architecture that would be geographically apart (see ‘fire, flood, paranormal activity’ of the above point). Access is a big one; a good cloud provider would ensure plenty of application security that would comprise the industry standard SSL encryption. Restricted user access; does this person work for your company, and if so, are they allowed access to the data that they’re looking for? On your checklist should also be a dedicated security team who would identify and deal with any suspicious activity. And, of course, look out for ‘best in class’ security certifications to make sure that you’re in the right hands.

So that’s the myths of cloud covered. Now, imagine this; it’s gorgeous outside, you don’t fancy sitting in your grey office for the day, and your boss agrees to let you get your work done from home. Except you don’t. You find the nearest Costa/Starbucks/Café Nero with free wifi and big bay windows to let the sun in, and you plonk yourself there for the day. With your tiny laptop, you have all the power that you’d have if you were sitting in your office building. You’re able to connect to your company desktop through Citrix, and you’re able to write and edit the documents you were working on back at the office, thanks to Office 365.

Still not sure what exactly you should be worried about? Come speak to one of our experts about our free-of-charge security posture review. It will provide you an opportunity to discuss your endpoint security challenges, as well as your wider cyber security posture with regards to perimeter, data centre and cloud components.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, Cetus Solutions, IT Solutions, Technology, Uncategorized

World ‘Your-Systems-Shouldn’t-Have-Gone-Down-In-The-First-Place’ Day


6 Comments

Having been asked to write something for World Backup Day I got to thinking: what does ‘backup’ mean? In fairness I didn’t spend long thinking about it – it means “back up” of course. So; world backup day is about getting your systems back up then. A bit dull when you think about it; I mean – wouldn’t World ‘Your-Systems-Shouldn’t-Have-Gone-Down-In-The-First-Place Day’ be a day more worthy of celebration?

Now, don’t get me wrong; I’m a big fan of backing things up – to tape, to a USB stick, to the Cloud, whatever floats your boat. It’s good to be prepared for a disaster so that you can recover from it. You might call it something like ‘Disaster Recovery’ – a good, strong sounding thing, very positive.

I was chatting with one of our excellent customers at one of our excellent events the other day. He said to his colleague, in jest, “An outage – what’s one of those? We haven’t a system outage in 5 years”. I say he said it ‘in jest’, but the truth is, they haven’t. That’s because we designed and built (and also support) their global infrastructure to avoid such things as ‘an outage’. That’s because outages cost money and, in their case, a LOT of money. Incidentally, if you’re a bit sceptical that our client said this; drop me a line and I’ll put you in touch with him – he’d be delighted to tell you all about his systems.

What our client has is a system that allows business operations to continue, despite the loss of individual infrastructure or system components. You might call it something like ‘Business Continuity’. Definitely better than having to recover, or to get ‘Back Up’.

And that’s what we do at Cetus. We design and build resilient infrastructures that are capable of continuing business operations in the worst of situations. We do so on premise, through the use of active/active and active/passive infrastructure solutions; we do so with our private cloud, to where we can replicate our clients’ infrastructures for near real-time continuity; and we are increasingly doing so by utilising the Public Cloud, by combining Citrix Cloud and Microsoft Azure to provide truly resilient solutions.

So here’s to World Backup Day. And if you’ve enjoyed this blog and have become engrossed – don’t forget to change your backup tapes before you go home. You never know when you might need them to get your entire infrastructure (i.e. business) ‘Back Up’.

Speak to an expert

 

Blog, Cloud, Cloud Hosting, IT Solutions, Technology, Uncategorized

Seven Reasons to Move to Cloud


6 Comments

You might think that the whole hype around storing your data in the cloud will die out in 2018- especially with GDPR enforcement just around the corner. You’d be wrong.
The truth is, cloud hosting is only going to get bigger, and you’d better start getting on board! Not quite sure exactly why cloud hosting is revolutionary (and here to stay)? These are the seven reasons why you need to move your data to the cloud in 2018;

1. Flexible monthly costs.
For most organisations, an IT department- or just a room for data storage if you’re not in need of an entire department-, is one of those niggly necessities that come with running a business.. For starters, there isn’t a need to invest in a pricy mini data centre that you need to find a spare closet for (and don’t forget that you’ll need a great aircon system too- that’s an expensive closet). Installing in-house servers, data centres, additional desktop software, back-up servers…. It all adds up. Fast. But with cloud hosting, that’s an issue from days gone by. One of the biggest benefits of cloud is the reassurance of flexible monthly costs; instead of having to spend a big chunk of money on the cloud in one go, it’s easier on everyone to set up a handy monthly payment plan. So you pay for what you need, not for extra storage that won’t get filled up for a time.

2. Easy management.
Yes, easy management. Since you’re paying for a provider, all of the nightmarish installation and maintenance that comes with a roomful of tetchy technology fall onto them. You’ll never have to toss and turn all night over an IT problem, because it will all be magically fixed by morning (in theory). Regardless, with all the competition of new technologies and plenty of solutions to choose from, cloud vendors work far harder to ensure that your experience runs smoothly and that your data remains secure.

3. Flexible scalability.
Your business is fluid. We get that. One day it’s the end of the month with all of the reports to write and file away safely, the next it’s the week before Christmas and everyone is too busy chatting around the box of Roses to do much work. Maybe you’re growing as a business and need that extra bit of space? You’ll love the cloud so. Just scale up or down depending on your needs, it doesn’t matter. Cloud hosting provides the flexibility for you to access and add new features without the need to buy more hardware. What’s not to love?

4. Automatic updates.
Yep, automatic. We know that a reminder to restart your laptop for an update at 9:30am when you’ve just gotten into the office is a nuisance. Since the cloud is outsourced to a provider, any updates won’t affect you, ever. Which means that you just have to focus on what you do and let us work on the rest.

5. Affordable redundancy.
This could technically go under ‘costs’, but I can’t count to seven* and this is cool enough to have its own little paragraph. So, where does your resilience cost lie? How many back up servers do you have, and are they separated by 25 miles, nice and safe in the case of a flood or fire? All of these clever back up solutions can cost £12 million to buy, cable up and run. Which are acceptable costs for big organisations, but not so much for smaller ones. With a public cloud provider, instead of renting a big chunk of server all for yourself, you can share it with other small businesses to split the cost. Since you’re just renting a space in the cloud to store your data, unless there is a disaster it’s not actually running through to your desktop. Sharing is caring, and saving you money.

6. Disaster recovery.
Technology is finicky. Printers misbehave for fun, computers freeze for the craic, servers decide to give up on you out of the blue. You can never be quite sure about the physical box of cables sitting in front of you, and the smallest disaster could wipe all of your data in a second. Everything just gone. Which is why cloud hosting is business continuity made easy. Should disaster strike, the cloud makes it even faster to get back up and running- if you even notice it at all. The beauty of cloud is all the backup that runs seamlessly in the background. If something were to occur, provided your backup solution calls for it, your data stream would simply switch over to another bandwidth and you’d be none the wiser. That peace of mind really is priceless, isn’t it?

7. The beauty of mobile workspace.
We’re always talking about it, but it really is something. In this day and age, to be able to look out at the snow, make yourself a big mug of coffee and ring your boss to tell him that you’ll work from home today is a miracle. In fact, aside from not needing to get out of your sweatpants for the day, you may as well be in your office; you can easily access your custom applications in the cloud and crack on. And if your job needs you to be out in the field with clients, you can bring your entire desk with you in just a smartphone or tablet. That is great customer service and chances are your sales will increase. If you’re looking for a boost in productivity and revenue, then the cloud is definitely for you.

It doesn’t get more concise than that, and if you’re still not convinced of the benefits of cloud, there’s always the option of hybrid cloud. Whichever you’re thinking about, or even if you want to start your journey to cloud, Cetus Solutions is here to help transform your IT challenges into solutions.

*I can absolutely count to seven.

Speak to an expert

Directors-9619Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.

Blog, GDPR, News, Our Upcoming Events

GDPR – That ‘light at the end of the tunnel’ might just be a train coming!


1 Comment

Having been asked to blog about GDPR; I decided to avoid the standard, attention-grabbing approach of stating the size of the fine for a breach of the upcoming GDPR regulation. If you’re not already aware – check your junk mail for GDPR workshop invites; it’ll be somewhere in the header or first paragraph.

I’ll start, instead, with a question: Are you struggling to get a handle on GDPR? Welcome to the club! As organisations of all sizes stand trapped in the headlights that are ‘the May 25th GDPR deadline’; who better to turn to than the Information Commissioner’s Office (ICO) for some clarity. The ICO provide a helpful ‘What’s New’ section; so, I thought I’d take a look at February’s ‘news’. It included such helpful guidance as:
The term “right” in the provision does not mean that Article 22(1) applies only when actively invoked by the data subject. Article 22(1) establishes a general prohibition for decision-making based solely on automated processing.

And:
Article 35(3)(a) refers to evaluations including profiling and decisions that are ‘based’ on automated processing, rather than ‘solely’ automated processing. We take this to mean that Article 35(3) (a) will apply in the case of decision-making including profiling with legal or similarly significant effects that is not wholly automated, as well as solely automated decision-making defined in Article 22(1).

So that was helpful.

Seeking even greater clarity, I turned to Elizabeth Denham, the Information Commissioner; who has been doing the rounds ahead of the May ‘deadline’. Ms Denham is clearly passionate about her mission, and speaks very clearly on the importance of GDPR; however, there is a degree of ambiguity in her messaging. In various blogs and speeches this year; she has provided the following guidance (which I’ve taken the liberty of categorising based on her perceived stance):

Very Hard: “Last year we issued more than one million pounds in fines for breaches of the Data Protection Act, so it’s not a power we’re afraid to use.”

Hard: “There will be no ‘grace’ period as organisations will have already have had two years to prepare.”

Vague: “Compliance should involve an ongoing effort in which organisations have to show they are putting the key building blocks in place”.

Soft: “While there will be no grace period – you’ve had two years to prepare – I know that when 25 May dawns, there will be many organisations that are less than 100% compliant.”

Very Soft: Ms Denham has said her organisation “is not planning to take a hard line on the 25 May implementation date for compliance with the EU General Data Protection Regulation”

I hope that makes things clearer for you? No? Don’t worry – you’re not alone. Cetus has run a series of GDPR workshops over the last year and they’ve been attended by a wide range of people, with an equally wide range of opinions on GDPR. These range from “it’s a disaster about to happen” to “thought I’d pop along to see what all the fuss is about”. The funny thing is that they were all correct – it’s just a matter of how well your preparations are under way that defines the potential impact to your organisation come the 25th May.

Common amongst many of our workshop attendees was the fact that ours wasn’t the first (or even second) GDPR workshop they’d attended. However, the post-workshop feedback pretty much unanimously agreed that our approach to explaining GDPR was the most helpful they’d had; but why?

Unlike others; we described how a multi-partner approach needs to be taken. We combined deep subject knowledge from a GDPR practitioner; with a holistic security approach that looks to redefine an organisations digital boundary. At the end of the workshop we’d provided clear, practical next steps to allow the attendees to prepare for the deadline.

So, is GDPR just a legislative thing? Once again, I would like to quote Elizabeth Denham – “Only one in five people in the UK trust organisations to look after their data”. That’s a pretty miserable statistic. You might ask yourself – are you one-in-five, or are you one of the untrusted 80%? It could be more important to the future of your organisation than ‘mere’ legislation.

Speak to an expert