Month: September 2021

Does my business need in-house servers, or should I migrate to the cloud?

When it comes to where you should keep your business apps and company data, you may use in-house servers, or you may migrate some or all of your apps and data to the cloud instead. Which one would be best for your small business? The answer is: it depends on what your business needs.

Check your business requirements

To arrive at something more definite, let’s take a look at which business requirements each option fulfills best — and where they may come up short.

In-house server

  • Allows you to set up your IT system the way you need it to be
    If you have particular system requirements, a cloud service provider (CSP) might not be able to accommodate you. Owning your own infrastructure grants you total control over it.
  • Grants greater data privacy
    By keeping critical data in an on-premises (on-prem) facility, you get to safeguard it more closely. When it comes to who may access your information, you don’t need to worry about CSPs and their clients. Because of this, firms in industries with strict data regulations deem in-house servers to be a good fit for their needs.
  • Data access is not reliant on internet connectivity
    If your business is located in an area with few to no internet service providers, then in-house servers are your only viable option.
  • Requires considerable investment in machines, software licenses, and network infrastructure
    You’ll also have to factor in power consumption costs, maintenance and repair costs, and the risk of obsolescence, among other concerns.
  • Requires physical space and in-house IT support
    Your data capacity is dependent on the availability of physical space for server racks and closets on site. You may have to rent additional space to set up server rooms, and install the necessary devices for climate control, access, and security monitoring. Additionally, you’ll need to employ full-time IT staff to take care of your machines.
  • Data is vulnerable to disasters such as fires and flash floods
    Whatever emergency situation befalls your office will likely affect the servers you keep there. You’ll need to set up a process for taking backups off site to prevent complete data loss during an adverse event.

Cloud services

  • Guarantees high levels of uptime
    Web-based businesses have less risk of downtime due to 24/7 monitoring and other CSP protocols.
  • Provides greater scalability
    Unlike on-prem solutions that have capacity constraints due to limited office space, the cloud lets clients increase or decrease the amount of IT resources they use as needed.
  • Data backups are less vulnerable to disasters
    Natural calamities and man-made disasters that affect your office are likely not to reach off-site data backups. Additionally, CSPs can help facilitate business continuity and disaster recovery efforts to minimize downtime.
  • Uptime guarantees and other added-value cloud services increase costs
    Firms that don’t need high levels of uptime may end up overpaying for cloud services.
  • Greater risk of overspending
    Cloud resource management mistakes, such as provisioning too many resources when these are not yet needed, can easily lead to overspending on the cloud. Fortunately, managed IT services providers like [company_short] can help you handle your cloud.
  • Cloud service is reliant on internet connectivity
    If you or your CSP lose internet access, then you’ll lose access to your data. However, this risk can be mitigated by having backup internet service providers.

Check what other businesses are doing

Another way to guide your decision-making is by looking at which option other companies are going for. Retail and B2B transaction data provider NPD noted that from January to May 2021, more companies invested in the cloud than in on-premises solutions. NPD determined this by tracking companies’ software purchases: year-over-year growth for B2B software for the cloud was 12%, whereas growth for on-prem was 6%. In 2020, Deloitte observed that while companies will continue to opt for a hybrid cloud model — i.e., one in which a company uses a mix of public and private clouds and also retains some on-prem capabilities — migration to the cloud is accelerating.

This is happening partly because businesses are learning from their past mistakes and are becoming better cloud users. Here are five things that they’re doing when migrating and adopting the cloud:

1. Shifting from public to private clouds

Private clouds may be more expensive than public ones, but data is safer and workloads run faster there. And when seeking technical support, private cloud clients don’t have to wait in line as long as public cloud tenants do.

2. Prioritizing security when developing cloud-based business apps

Oftentimes, moving to the cloud necessitates the creation of bespoke cloud-based apps to replace on-prem software. Initially, in their rush to migrate, developers prioritized functionality and patched vulnerabilities only after releasing their apps. This made for clunky security workarounds that failed to significantly reduce the risk of data breaches.

However, what used to be an afterthought in app development is now becoming a primary consideration. More and more developers are baking in security measures, such as access management and encryption in transit and at rest, from the very beginning of the development process.

3. Refraining from dumping data onto the cloud

In the early days of the cloud, it may have been cheap to store data there. Over time, however, retrieving the data back to on-prem servers has proved to be time-consuming and expensive. Now, companies are reserving cloud data storage for safety measures such as backups.

4. Using storage devices to transfer data to the cloud

The information superhighway is no longer sufficient to facilitate the backing up of vast volumes of data produced by enterprises to the cloud. This is why companies are now using migration appliances such as Google’s Transfer Appliance. The cloud service provider ships the appliance to where the data is. Once the data is saved on the appliance, the data owner then ships the device right back to the CSP, which will upload the data to the cloud.

5. Migrating workloads to the cloud, not non-backup data

Many regulations and privacy laws now limit where companies can store data. This, plus security concerns like man-in-the-middle attacks, makes storing data on premises the easier and less complicated choice.

However, since apps don’t need to be co-located with data, apps can reside in the cloud so that they can leverage its vast processing power.

Our IT experts at NetWize can help you design the IT infrastructure that fits your business best. Leave us a message or call us at 801-747-3200 today to learn more.

What is a security operations center, and does your business need one?

This has been said before, but it bears repeating: IT is a tool that bolsters the capabilities of an organization. Take a chatbot as an example. Unlike a human agent who can only respond to clients one at a time, a chatbot can take on hundreds of clients simultaneously. Additionally, it doesn’t need to take breaks, doesn’t get mentally fatigued, and doesn’t need benefits.

Indeed, IT increases productivity, but the converse is also true: productivity crashes when your IT systems become dysfunctional due to malware and other cyberattacks. Not only that, but sensitive data, such as customer information and proprietary company intellectual property, can be stolen. In short, you need to protect your IT systems if you want your Salt Lake City business to survive and thrive. One effective solution is to have your own security operations center or SOC.

What is a security operations center?

A SOC is an in-house facility that contains a comprehensive set of IT security resources that include the following:

  • Information security (infosec) team
    Comprising security engineers, analysts, and managers, this team is responsible for continuously monitoring the company’s IT infrastructure for threats, analyzing systems for vulnerabilities, and preventing and responding to cybersecurity incidents. The infosec team is responsible for reporting everything from potential threat discoveries to actual hacking campaigns. If and when cybersecurity incidents do occur, the team is also responsible for providing technical support to affected parties, be they your staff, business partners, or customers.
  • Security information and event management (SIEM) solution
    This contains tools that enable the infosec team to establish and implement security rules.
  • Intrusion detection systems (IDS)
    These are signature-based tools that inspect network traffic for malicious payloads, helping your security team spot cyberattacks in the early stages. The shorter the time between threat detection and the security breach, the less downtime and damage your organization will suffer if ever the assault is actually launched.
  • Vulnerability assessment tools
    The infosec team uses these to detect security holes that an attacker may exploit to infiltrate your IT systems. In addition to helping your team find gaps to close, these tools also help determine if your organization is compliant with data regulations and certification requirements.
  • User and entity behavior analytics (UEBA)
    UEBA utilizes behavior modeling to create baselines that make aberrant actions (such as sudden data exfiltration being done by a staff member or a device like a router) more noticeable. This makes such actions easier to flag as potential security threats.
  • Digital forensics tools
    These enable the infosec team to gather digital evidence that can be used in insurance claims and legal proceedings.
  • Cryptanalysis programs
    These are used to break cryptographic systems employed in malware such as ransomware so that such malicious software are nullified.
  • Malware reverse engineering tools
    These allow infosec engineers to analyze what a malware program does, discover the systems it impacts, and determine ways to thwart it.

It’s important to note that a SOC is not responsible for coming up with security strategies, developing security architecture, or installing security measures. As its name denotes, the SOC is the one that operates the company’s existing cybersecurity framework.

Why have a SOC? Isn’t having firewalls and antivirus software enough?

While having firewalls and antivirus software is important, these are not enough to defend against the most sophisticated cyberthreats. Furthermore, most cybercriminals take advantage of IT systems’ greatest vulnerability: human users. Cybersecurity tools on their own can’t match the ingenuity of human threat actors who prey upon human weaknesses, which is why such actors must be matched with human cybersecurity operatives.

Most cybercriminals take advantage of IT systems’ greatest vulnerability: human users. Cybersecurity tools on their own can’t match the ingenuity of human threat actors who prey upon human weaknesses.

Additionally, there’s so much threat intelligence coming from external sources like threat briefs, signature updates, news feeds, vulnerability alerts, and incident reports. You need a dedicated team that will keep up with ever-evolving cyberthreats.

A SOC is resource-intensive and requires significant investments to build and maintain. Fortunately, you don’t need to have a SOC in-house — instead, you can leverage Netwize’s outsourced SOC services. We’ve already built the SOC for you, so just send us a message or call us at 801-747-3200 today to learn more.

© 2020 NetWize, Inc | Privacy Policy