Don’t Get Spooked! 3 Ways GLAs Take the Fright Out of the Cloud

Don’t let high costs and cybersecurity risks give you a scare! Optimization is the best way to keep haunting cloud challenges at bay. With Guidance Level Agreements (GLAs) and Monitoring Insightsyou can successfully follow the 5 key tenets of continuous improvement: 

  • Cost 
  • Security  
  • Risk
  • Performance 
  • Availability 

Don’t Let Hidden Costs Creep Up on You  

The cloud may have seemed like a harmless way to get away from traditional infrastructure and staffing costs, but are those new bills starting to send chills up your spine? 

Navigating your cloud bill shouldn’t feel like winding through a haunted house, but with such complicated billingmismatched terminology across invoices and spreadsheets mixed in with upwards of 500,000 SKUs and price combinationsa terrible surprise could jump out at any moment. For some unlucky AWS customers, that nightmare became real in September 2019 through major billing error 

Amazon invented more hours than actually exist in a month for billing purposes,” protested one customer. “Pretty much ruined my Friday night when I logged in to check!” exclaimed another.  

Even though the cloud provider fixed the accounting error in this case, there are plenty of enterprise organizations racking up outrageous bills without even realizing it. From overprovisioning to misallocation, $14.1 billion in cloud spending is expected to be wasted in 2019.  

But with GLAs, Ntirety is your guide through the billing madness and wards off waste by rightsizing your infrastructure to truly meet your organization’s needs. GLAs solve the mystery of confusing costs and even helps businesses predict usage needs over time through historical performance analysis. Ntirety takes the time to create long lasting cost-savings, instead of quick cost-cutting that puts put your company at greater risk of availability issues down the road.  

Learn how GLAs and Ntirety Cost Containment Services help maximize your IT spend » 

Don’t Be a Scaredy Cat—Reduce Risk with Better Security    

There are plenty of things to fear when it comes to cybersecurity threats: data breaches, account hijacking, malicious insiders, and nefarious use of cloud services. 

But what about the risks hiding inside your own company? Insufficient identity, credential and access management, and insecure interfaces and APIs leave your organization open to vulnerabilities. Even from the get-go, the challenges are clear62% of IT professionals surveyed in 2019 AWS Cloud Security Report stated misconfiguration of the AWS cloud platform as the single biggest vulnerability to cloud security.  

Even the good guys of data protectionHIPAA, FERPA, PCI, and GDPRcan seem spooky to internal IT teams with all their meticulous requirements and unpredictable updates. Monitoring compliance policies and procedures is the single biggest cloud compliance-related challenge, followed by audits and risk assessments of their cloud environment. 

Optimizing without cutting corners on protection is a finely tuned skill that requires expert attention, yet only 50% of organizations are satisfied with their cloud security vendor. Be sure your provider isn’t just stopping at implementation. It’s important to find a true partner that offers continuous improvement over time to make sure you’re always equipped with the maximum protection.  

At Ntirety, we ensure our clients’ security stack remains optimized with GLAs, which offer a step up from the SLA status quo. Becoming fully immersed with the ins and outs of an organization’s systems, infrastructure, and business goals, Ntirety’s cloud security experts identify the gaps in protection to recommend specific tools and processes, including those imperative to meeting compliance standards. By becoming familiar with a company’s ongoing security needs through services like Monitoring Insights, Ntirety can even forecast the security measures needed to meet upcoming compliance assessments.  

We may not have a crystal ball, but through the recommendations and support of GLAs, your business can proactively reduce risk and rest easy. 

Learn how GLAs and Ntirety Managed Security Services reduce your IT risks >> 

Don’t Fall for the SLA Spell When It Comes to Performance and Availability 

The path to becoming a fully reliable, highly available, agile enterprise is not always a clear one. In fact, it can often seem like a dark, mysterious road filled with downtime and engine problems from your provider.   

Even the biggest players in the industry can have big problems⁠—Microsoft admittedly suffered 3 major outages in 2019 that greatly impacted customers. Despite these issues, AWS is reportedly reliable 99.9987% of the time, beating out Google’s uptime score of 99.9982% and Azure’s 99.9792%. But conflicting reports show Google taking the lead in reliability with the claim that its cloud service was down for 208 minutes versus AWS 312 minutes of downtime in 2018. 

So, who can you really trust for reliable numbers about reliability?    

Unfortunately, customers can find smoke and mirrors even closer to home in their cloud provider’s SLAs. While some SLAs may go so far as to promise 100% uptime, that only means the provider will reimburse the organization when downtime occurs. It doesn’t cover any additional costs you may incur during that time, and companies with frequent outages experience up to 16x higher costs. 

While an SLA on its own may leave you in the dark, Ntirety’s GLAs are a guiding light towards truly becoming a future-ready, agile enterprise. GLAs come with a 100% application availability guarantee and the industry’s only Critical Availability of Service Guarantee, offering 2X MRR credit for any downtime. Paired with Monitoring Insights, Ntirety’s team diagnoses existing performance issues and places proactive measures to maintain high availability.  

Learn how GLAs and Monitoring Insights transforms your business into a truly reliable enterprise »

Take the Terror Out of Technology with Ntirety 

There’s no reason to get spooked by the cloud when you have the right guide. Managed cloud service providers can offer all the right tricks to get your costs, security, and availability in check today, but Ntirety’s GLAs provide insightful treats so you can continuously reduce risk, optimize costs, and create an agile enterprise.  

 Schedule a consultation to see how Ntirety’s GLAs can help your business face your cloud optimization fears.      

 

Calculating the Real Cost of Downtime for Your Business

Be prepared for the worst-case scenario 

From startling headlines that have highlighted recent data breaches to the impending doom a single storm can spell for data centers, it becomes clearer every day that business continuity and disaster recovery are critical components to every IT strategy. While getting familiar with today’s modern IT threats, risks, and possible vulnerabilities within current systems is important, understanding downtime resulting from a disaster and its long-lasting repercussions—numbers unique to each individual business—is even more vital when designing an effective business continuity plan.

In order to determine the cost of downtime and its consequences due to an unexpected disaster, IT professionals first need to break down the overall elements that can contribute to it.

Where do the costs add up?

Time is money, so the saying goes, and the monetary impact of downtime impacts more areas than just the IT team including:

  • Idle workers across departments still on the clock but cannot perform their job duties
  • Physical damage to infrastructure, equipment or the building itself
  • Lost revenue due to inoperable POS or delivery of products to market
  • Hiring additional outside resources and specialists for data recovery
  • Repair or replacement of technology components
  • Reputation damage from vendors, clients and prospects

With the different elements to consider, it is little wonder that research by Gartner reports the average cost of IT downtime as $5,600 per minute. While that statistic may seem staggering—even unbelievable to some—finding the cost of downtime for an individual organization can be easily accomplished.

How to calculate the cost of downtime?

Calculating the unique cost of downtime can be done in terms of revenue loss and productivity cost. Both can be achieved (and reassessed over time) with clear formulas, using the information specific to the company.

To calculate revenue loss, gather the following information:

  • Gross yearly revenue (GR)
  • Total annual working hours (TH)
  • Percentage impact (I)
  • Number of downtime hours (H)

With the numbers identified, use this formula:

(GR/TH) x I x H = revenue loss

 

To calculate productivity cost, gather the following information:

  • Number of employees affected (E)
  • Percentage of employees affected (A)
  • Average cost of employees per hour (C)
  • Number of downtime hours (H)

With the numbers identified, use this formula:

E x A x C x H = productivity cost

Armed with real numbers, crafting the disaster recovery and business continuity plan to adequately prepare and protect an organization can become a priority supported throughout operations.

Control costs and continuity with a trusted IT partner

While the cost of downtime can be calculated with simple formulas, constructing worst-case scenario plans to minimize the impact of such costs is anything but simple. Engaging with experts to design recovery and business continuity plans not only ensures that every detail of an organizations IT systems has been accounted for, but also saves internal IT teams the time of being distracted by “what-ifs” instead of business goals. Ntirety Disaster Recovery (DR) Services help ensure mission-critical applications are safeguarded against malicious attacks, weather-related phenomenon, and other triggers for unexpected downtime. From platform management to continuous data protection and architecture design, Ntirety DR empowers enterprise companies to provide continuous service to customers and stakeholders with confidence.

Assess Your Security Posture

Due to limited time, resources, and expertise, prepping for disasters, avoiding security threats, and meeting ever-changing compliance regulations can be a huge source of pain for enterprise organizations. Take this quick interactive questionnaire to help determine if your strategy is broken. 

CloudEXPO Silicon Valley Key Insights from CEO Emil Sayegh and CISO Chris Riley

The 23rd International CloudEXPO conference in Silicon Valley brought speakers and attendees from across the globe to engage over the latest topics and innovation surrounding up-and-coming technology for 2019, including cloud migration trends and the next iterations of machine learning for enterprise.

Hostway|HOSTING CEO Emil Sayegh and CISO Chris Riley were not only honored to have the opportunity to present on the CloudEXPO stage in Silicon Valley, but took full advantage of attending other sessions, as well as to meet with attendees on the exhibition floor. Upon reflection of the event, both leaders left with the following key takeaways to share:

CEO Emil Sayegh

Fresh off the main stage after his Silicon Valley keynote presentation, “The Great Correction: Why Are Some Enterprises Fleeing the Public Cloud?“, Sayegh came away with several major insights on this year’s conference:

  1. As Sayegh predicted for 2019, the message around the public cloud is shifting: the public Cloud has its strong benefits, but it doesn’t solve every challenge—that’s where the hybrid cloud comes in. Sayegh predictions that the future is hybrid and multi-cloud, rather than a single cloud flavor, is becoming more and more prevalent.
  2. Service is king, as infrastructure is getting more and more commoditized with the hyperscalers. The ability to offer differentiating services on top of the public cloud and other infrastructure will be the norm. As an example, greater focus is being given to DevOps within the cloud and its increasing practice to gain better alignment in enterprise businesses. Enterprises are looking for continuous insights on how to improve their cost structure, reduce their risk, and improve their agility from their partners, not just an old fashioned delivered service.
  3. Despite the trending shift, IT professionals still feel the pressure from their superiors to move to the public cloud. When protests about cost and security are not enough, use cases are becoming a common tool used to sway cloud decisions to hybrid or multi-cloud models⁠—a tactic noted in several sessions. Throughout the audience mix of enterprise, mid-market, and startups, attendees repeatedly said they look for use case examples as a confirmation that they are not alone in IT challenges and can find the solution.

CISO Chris Riley

This year was Riley’s first time both attending and presenting at CloudEXPO, and he was honored to present on the critical current demands of cloud security in his session “The Great Migration: Retreat from the Cloud Sacrificing Security?” Reflecting on his time perusing the conference, Riley shared the following takeaways:

  1. Familiar with other IT events, Riley felt that CloudEXPO was unique in the different topic tracks it offered, including A.I., machine learning, and the intricacies of compliance, including the wide range of industries affected by compliance regulations.
  2. In both the sessions and on the exhibition floor, attendees were mostly seeking practical advice to address their current challenges—an indicator to Riley that many IT professionals are seeking the right talent or partner to help navigate the growing complexity of the hybrid cloud.
  3. Since it has become clear that no one person can tackle these emerging hurdles alone, more emphasis is being put on collaboration and developing cross-sections of talent, such as the importance of aligning Development with Security and Operations teams or DevSecOps, as Riley covered in his session.
  4. Increased interest in code enablement and the human capital needed for visibility into those endeavors demonstrates an evolution from the previous “lift and shift” migration mentality. Instead, organizations are exploring long-term goals and capabilities to shape the cloud journey, effectively moving away from a one-size-fits-all approach.

Ready or Real Solutions and Staying Ahead

As CloudEXPO wrapped up, the team at Hostway|HOSTING left even more excited to bring these tools and techniques to our clients and partners across the globe. Infusing our strategies and services with the latest innovations and insights is crucial to Hostway|HOSTING’s ability to provide the cutting-edge solutions enterprise businesses deserve to stay ahead of the market. We look forward to sharing these solutions with you!

Ready to optimize and evolve your cloud environment? Get expert guidance with a consultation today!

CISO Chris Riley’s CloudEXPO Presentation: The Great Migration: Retreat from the Cloud Sacrificing Security?

On June 24th, Ntirety CISO Chris Riley was proud to present The Great Migration: Retreat from the Cloud Sacrificing Security? at the 23rd International CloudEXPO conference in Silicon Valley. With over 20 years of enterprise IT experience, Riley brought unparalleled perspectives to the CloudEXPO stage on the current state of IT security, including shared concerns, hidden risks, and the tested tactics to protect data.

Security Threats Remain Even in New Cloud Solutions

Migrating to the cloud provides numerous benefits to enterprise organizations, but do-it-yourself or one-size-fits-all approaches to cloud selection and management has created a number of concerns for internal IT teams across industries. This phenomenon has led to a shift away from the one-size-fits-all approach to more hybrid cloud options, as noted in Ntirety CEO Emil Sayegh’s keynote presentation. However, while hybrid solutions do eliminate issues relating to cost and performance, it can still leave gaps in security and compliance.

Despite the advances hybrid and multi-cloud options bring, threats can spring from a variety of both external and internal sources. Calling these threats the “Treacherous 12,” Riley shared the most critical issues that plague cloud security from a survey by Cloud Security Alliance:

  1. Data Breaches
  2. Weak Identity, Credential and Access Management
  3. Insecure Application Programming Interfaces (APIs)
  4. System and Application Vulnerabilities
  5. Account Hijacking
  6. Malicious Insiders
  7. Advanced Persistent Threats (APTs)
  8. Data Loss
  9. Insufficient Due Diligence
  10. Abuse and Nefarious Use of Cloud Services
  11. Denial of Service
  12. Shared Technology Issues

From massive data breaches, to the headaches of employees sharing passwords, these challenges exist—knowingly or unknowingly—for all organizations in the cloud. ⁠

Combatting Risks with Better Internal Tactics

Although the above list may seem daunting, Riley illustrated to CloudEXPO attendees that there is hope. Visibility, segmentation, automation—all these modern cloud security pillars are achievable through more detailed and dedicated processes, like enforcing access control, re-architecting systems, and monitoring behavioral activity.

All the elements for better security and data protection are obtainable, Riley explained, if cross-functional internal teams can work together and prove that investing in greater measures is not only worthwhile but vital for every cloud solution.

“The fact of the matter is we have to demonstrate the value, we have to enable the business, and we have do it in near real-time fashion,” said the Ntirety CISO to his audience. “Because the business isn’t going to wait for us.”

Bringing diverse members of a company’s team together for increased communication is a key component to implementing any new security strategy or process, specifically the imperative collaboration necessary between the departments of Development, Security, and Operations. Coining this as the “trifecta of success”, Riley emphasized how encouraging frequent and in-depth conversations between DevSecOps will “inherently have a strong mentality to code things right, to secure things appropriately, and to allow the business to be successful.”

Better Security from the Inside Out

The concerns are real and more relevant than ever, but so are the tactics to tackle them, Riley ensured his audience in Silicon Valley. He elucidated on the current state of IT security—the good, the bad, the ugly—and ways enterprise companies can stay ahead of the threats. For CloudEXPO attendees, understanding the practical ways Riley outlined to protect systems and data in today’s increasingly insecure world were just the kind of insights enterprise IT professionals look for: identifiable risks, actionable plans, and sustainable methods.

Ready to get your own IT security insights from trusted cloud experts? Schedule your consultation for better data protection today!

CEO Emil Sayegh’s CloudEXPO Keynote Presentation: The Great Correction: Why Are Some Enterprises Fleeing the Public Cloud?

On June 24th, Ntirety CEO Emil Sayegh was a keynote speaker at the 23rd International CloudEXPO conference in Silicon Valley. As a follow-up to his session at the New York CloudEXPO conference in Novemeber 2018, Sayegh shared expert insights in his presentation “The Great Correction: Why Are Some Enterprises Fleeing the Public Cloud?” to the large crowd of IT professionals at the Santa Clara Convention Center in the heart of Silicon Valley. Focusing on the issues enterprise organizations face in the public cloud that are driving them to explore new options, his presentation shed light on a new massive trend towards the “hybrid” cloud.

While the public cloud has many strengths such as scalability, speed, and relative ease to spin up, Sayegh explained how those benefits also come with major and often surprising challenges. The promise that migrating would solve issues with legacy systems is all too often unrealized when problems simply shift and manifest into new even bigger challenges.

To illustrate this darker side of public cloud for enterprises – such as escalating costs, security concerns, and compliance limitations — Sayegh shared these concerning stats:

  • 45% of public cloud spend is wasted, reported in Rightscale’s State of the Cloud
  • 66% of IT professionals say security is their greatest concern, when asked about adopting an enterprise cloud computing platform
  • Only 12% of global IT organizations understand how GDPR will affect their cloud services

With grave statistics such as these, it is understandable why the heightened expectations of the public cloud are, falling short on business outcomes. But exiting this solution opens the door to confusion: where to go next — private cloud, colocation, hybrid cloud, or even back to traditional infrastructures.

To help audiences understand all options, Sayegh presented a pertinent analogy to explain the pros and cons of primary cloud options. Using familiar structures like hotels, private homes, rental properties, and apartment complexes, he described how each represents an IT solution. Each building provides benefits and challenges depending on individual needs.

  • The Hotel – Perfect for those needing multiple rooms at a variety of times, without any cost of physical ownership. That’s the public cloud.
  • The Apartment/Condo Complex – You are a resident, but maintenance and upkeep are provided by the building’s super. This is managed cloud – private and public.
  • Rental Property – The entire property is yours to occupy, but you still don’t own it – That is colocation.
  • The Private Home – The owner has complete control and upkeep responsibilities. You guessed it, on premise and private, self-managed IT.

While the most appropriate option is unique for each organization, Sayegh emphasized the growing trend toward the hybrid cloud. Blending public cloud, private cloud, and dedicated or on-prem solutions, the custom hybrid cloud approach meets enterprise needs and concerns around cost issues, security risks, and compliance limitations. With mounting issues and risks surrounding the sole use of the public cloud, it is little wonder why the hybrid cloud is considered the “new normal”.

“Word to the wise here, this is where the trend is and this is where all of IT infrastructure is going to go,” Sayegh shares. “Hybrid and multi-cloud is the future because it combines the best of both worlds.”

With insights, analogies, and invaluable advice, Sayegh’s keynote drilled into the reasons for the exit from the public cloud and brought hope through the adoption of the hybrid cloud approach. A thought-leader in the industry, Ntirety’s CEO was honored to share the forward-thinking concepts and strategies that keep enterprise businesses ahead of the market.

CloudEXPO Silicon Valley Final Recap

Hosted in a national hotbed for innovation, CloudEXPO Silicon Valley brought the best and brightest from sectors of the IT world to share, learn, and connect. Exploring the rows of interactive booths and sitting in on thought-provoking sessions, the Ntirety team gathered and presented invaluable insights to conference attendees.

Diving into the deeper issues enterprise organizations face with technology, specific solutions to address these complex problems, and out-of-the-box uses for popular innovations, CloudEXPO brought a one-of-a-kind experience with unique takeaways each day.

Ntirety CEO and CISO Present Insights on Emerging Cloud Challenges

Kicking off CloudEXPO Silicon Valley, Ntirety was honored to have two of our own thought-leaders take the stage. An experienced CloudEXPO presenter, CEO Emil Sayegh broke down the surfacing flaws in the public cloud and where enterprises are looking next in his keynote presentation, “The Great Correction: Why Are Some Enterprises Fleeing the Public Cloud?” In CISO Chris Riley’s session, “The Great Migration: Retreat from the Cloud Sacrificing Security?” he shed light on the increasingly complex security challenges cloud migrations create and how companies can start reducing risk before it’s too late.

Learn more about all the key takeaways and watch CEO Emil Sayegh’s full presentation in our Day One Recap »

The Can’t-Skip Strategy Tactic for All Cloud Journeys

Living up to the name of the event, the second day of CloudEXPO featured sessions that covered specific stages of the cloud journey: consideration, migration, and continued evolution. Each session emphasized the importance of incorporating use cases and case studies into the decision-making process. All the speakers explained how fully understanding the capabilities of a product and/or learning from the experiences of other businesses in similar scenarios will set your organization up for better, smoother outcomes.

How does a use case help during each stage of the cloud journey? Find out in our Day Two Recap »

Optimization—Now and Into the Future

The final day of the 23rd CloudEXPO gave attendees plenty to think about in regards to the optimization process. From using the latest techniques to modernize your processes to exploring exciting advancements in artificial intelligence and machine learning, the day’s sessions made it clear that while challenges may be present during any stage of evolution, there are effective solutions within reach.

What entities are driving improvements across the tech industry? Get an inside look in our Day Three Recap »

Beyond CloudEXPO

It was an honor and a privilege to both attend and present at CloudEXPO, and we look forward to reconnecting with all the outstanding IT professionals we met in Silicon Valley. If you didn’t make it out to the expo, don’t worry—Ntirety will be participating and and presenting at several events, roundtables, and conferences over the upcoming weeks.

Need expert guidance to help build your cloud strategy? See how Ntirety’s newly expanded, end-to-end suite of managed cloud solutions help reduce risk, optimize IT spend, and increase business agility.

CloudEXPO Day Three – Wednesday 6/26

On the third and final day of CloudEXPO, IT thought-leaders and innovators looked ahead at optimizing existing processes during the implementation of technologies like artificial intelligence and machine learning. Listening to the perspectives and experiences of today’s presenters, audiences got to wrap up CloudEXPO Silicon Valley with fresh ideas on how to bolster their IT strategies.

Avoid False Positives in Testing by Prioritizing Risks

For all applications and IT functions, testing is crucial to ensuring that everything is working as expected. But with the advent of more agile timelines and increasing demand to deliver as quickly as possible, the quality and even accuracy of testing has suffered. CloudEXPO DevOpsSUMMIT Chair Anand Akela related this issue to the classic “I Love Lucy” chocolate scene that featured Lucy and Ethel struggling to keep up with an assembly line of chocolates. In the end, the two wind up sending out inferior products, but not without eating and hiding them when they became overwhelmed. Internal IT teams are feeling similar pressure each time they’re unable to catch up with frequent changes to code and applications. Sometimes, this chaos can even result in an increase in false positive results.

To adequately review and validate technologies, Akela explained that although frequently updating or reworking the testing process might be impossible, better accuracy and efficiency is possible when you start by identifying the acceptable amount of risk for each component or function of an application. Prioritizing which elements need the most scrutiny allows for the testing process to be divided into manual and automated testing. This segmentation helps prevent the manual testers from becoming overwhelmed by the agile approach—and avoid a repeat of a Lucy and Ethel fiasco—while also preventing automated testing from lagging behind and delivering false positives. This innovative, blended approach is known as continuous testing, and it aims to enable organizations to push new, dependable applications and technology at a competitive pace.

The Future of IT is Here, but What Needs to Improve?

Artificial intelligence, machine learning, deep learning, data science—CloudEXPO’s AI session track provided examples that brought these complex concepts to life, including technology evangelist Gordon Haff’s presentation on “the good, the bad, and the ugly” of these emerging technologies.

Haff explained that while Siri, Alexa, and Cortana might easily come to mind for AI on the consumer level and have literally been welcomed into their homes, there are still hurdles to overcome. Challenges regarding data privacy and ownership, sophistication of voice and visual recognition, and inherent bias still exist, but nothing can slow down the progress for data scientists and developers.

The drive for these IT professionals comes from many places, but enterprise organizations are clearly part of the push—Elliott Ning, Cloud Customer Advisor at Google, shared the staggering projection that the percentage of CIOs deploying AI will rise from 4% in 2018 to 85% in 2020. With the increased demand for innovation, many prestigious universities are also committing to technology evolution. Always on the forefront, M.I.T. announced in 2018 that they would build a college specifically for artificial intelligence to be opened by Fall 2019, which means the next generation of engineers, scientists, and problem-solvers are already looking for solutions to Haff’s laundry list of issues.

Reflecting on CloudEXPO Silicon Valley

Over the past three days, our team was fortunate to meet and interact with IT professionals from many different industries and with many different challenges. We were also glad to have the opportunity to share our own key insights during Ntirety CEO Emil Sayegh’s keynote presentation and CISO Chris Riley’s session on the first day of the event. Moving forward, we look forward to bringing the next great tech trends to life for organizations and partners across the globe!

Ready to optimize your cloud strategy and take your infrastructure to the next level? Contact our cloud experts today.

CloudEXPO Day Two Recap – Tuesday 6/25

On Day Two of CloudEXPO, attendees gathered at the Santa Clara Convention Center to listen and engage during breakout sessions and on the exhibition floor. Overall, Tuesday’s sessions appear to offer guidance on a basic—but crucial—IT question for enterprise organizations: How does a business know what the right decisions, methods, and processes are when it comes to technology? The answers came from each speaker’s own insights, real-world examples, and a trusted methods for any stage of an IT journey.

Start with Your Best Use Case Scenario

Many experts will tell you that the first step to evolution is assessing your options and deciding which path to take. But how do you make such a crucial decision? Today’s speakers echoed a common theme: Evolutionary leaps in IT infrastructure—especially from physical machines to serverless systems—are made to increase productivity. However, to find the best solution, simply weighing the pros and cons is not enough research to provide adequate direction for a decision.

During his session, “Should You Go ‘Serverless’? The Pros and Cons,” speaker Amitabh Srivastava emphasized the benefits of studying real-world use cases as an ideal way for companies to understand how certain solutions can work for their unique needs. To do this, you must first identify the IT requirements necessary for core business functions, then begin researching solutions that meet those needs. By adding use case evaluations to your research, you can begin to discover more out-of-box solutions for other components of your IT needs, giving you greater ROI and higher efficiency once the tools are implemented. Use cases can provide more efficient and specific ways to reach business goals from the beginning, rather than basing decisions off general pros and cons. Asked directly what his own criteria is to make technology decisions, Srivastava stressed that it still depends on finding an aligned use case for each situation.

Follow the Use Case Map for a Smoother Migration

Once you’ve decided on a path, you must continue making evaluations to ensure a successful migration. With so many options on how to move—and so many ways a move can go wrong—companies cannot afford to take a guess on what will work best. For example, in his presentation, “The Role of Fast Data in Continuous Hybrid Cloud,” Steve Wilkes pointed out that data sometimes poses a challenge during migration—a hurdle that is often overlooked by organizations. When migrating data from a critical source application that cannot be stopped, for instance, it would be difficult to move the data in batches since the data is continuously being created.

“Typically, enterprise [business] knows there’s no such thing as a weekend. Things run 24/7, so you can’t really stop these applications, especially not to move a few terabytes into the cloud,” Wilkes noted.

During his session, Wilkes shared several use cases for streaming integration, which is the process of continuously moving enterprise data with high throughput in a scalable fashion. By using streaming integration, you can process, correlate, and analyze data in a highly efficient manner that provides more value and visibility.

Migration was at the top of Wilkes’ use case list for streaming integration, but there are other practical uses for the process, as well. By studying all the use cases of a solution, you can find other ways to streamline your IT toolbox and get the most bang for your buck.

Look at the Past to Keep Pushing Ahead

Throughout the day, each presenter outlined use case examination as an effective way to select the right IT path and ensure a successful migration; however, to keep the momentum going, it’s just as important for businesses to stay ahead of the market, which is a difficult task when you consider how quickly the market evolves and expands. To stay afloat, Intel Senior Software Application Engineer Rami Radi suggests letting historical trends influence decisions and predictions. Even implementing the newer technologies still requires professionals to look at existing use cases, demos, and beta information to evaluate if it is the right fit for their business.

Up Next at CloudEXPO Silicon Valley

For the third day of CloudEXPO, the Ntirety team looks forward to attending and recapping the final day’s sessions. Check back tomorrow to hear more about machine learning, artificial intelligence, and cloud security! If you’re attending CloudEXPO, don’t forget to visit booth #510 to chat with our cloud experts and enter to win great prizes.

Not in Santa Clara this week? Be sure to catch up on highlights like Ntirety CEO Emil Sayegh’s session, “The Great Correction: Why Are Some Enterprises Fleeing the Public Cloud?

 Ready to optimize your cloud strategy and take your infrastructure to the next level? Contact our cloud experts today.

CloudEXPO Day One Recap – Monday 6/24

CloudEXPO Silicon Valley kicked off with a bang in sunny California with a roster of industry leaders, including Ntirety’s CEO Emil Sayegh and CISO Chris Riley, each sharing their insights on escalating cloud issues. Our team also heard several thought-provoking perspectives on trending topics like machine learning and artificial intelligence from other IT experts.

Better Security Begins with Better Internal Communication

Sixty-six percent of IT professionals cite security as their greatest concern when considering cloud technology, which is why Ntirety’s CISO Chris Riley empathized with attendees whose cloud migrations moved too quickly to properly address security risks. While the benefits of the cloud are immense, unaddressed risks can undo a business and are far more common than you might think, especially internal risks like access control. The numbers are startling—a recent MacAfee report found 92% of companies have had employee credentials stolen from the cloud and placed on the dark web. Even in a quick survey of the room, Riley identified that less than 12% of the session’s attendees currently implemented access control, leaving them open to risk.

To address these security concerns, you must start, unsurprisingly, within the organization. Before access is granted to each employee, it’s vital that teams communicate effectively to understand what privileges are needed for adequate collaboration—and which will open them up to a security issue. A startling evaluation presented by security expert Balaji Parimi found that with an average of more than 30,000 APIs in use—over 50% of which can affect operations—less than 1% are used on a daily basis by most team members, amplifying risks from the inside out. Roles with too much privilege are being assigned to team members far too often. By evaluating the need for access from the get-go, you can prevent internal leaks from hampering your protection.

Is Your Technology Actually Enabling Your Team?

While the public cloud has been a popular choice for companies looking to digitally transform, some organizations are now finding that their internal teams are often overwhelmed and underserved by a purely public approach, Ntirety CEO Emil Sayegh explained in his session, “The Great Correction: Why Are Some Enterprises Fleeing the Public Cloud?” The public cloud may boast better scalability, but early adopters are beginning to shift to a hybrid approach due to unpredictable costs, security risks, and compliance restrictions—all of which put a greater strain on IT teams. Relief can come through the hybrid approach, however, which allows organizations to use the public cloud when needed, but also rely on the security and predictability of a private option. This is a cloud strategy that’s gaining in popularity with trusted and experienced experts predicting that by the year 2020, 75% of organizations and enterprises in the United States will have deployed a hybrid or multi-cloud model.

“This is right around the corner,” Sayegh explained. “This is moving very, very quickly and I advise everyone in this room to be ready for this.”

What’s the Biggest Risk to Machine Learning?

No technology conference kickoff would be complete without discussion around machine learning, and CloudEXPO was no exception. Data Science Architect Jiayi Hoffman led a great discussion around the pros and cons of this complex technology, including—above all—the question of data accuracy, which is a major issue for internal teams. Hoffman explained that as easy as it could be to accept initial results, better data requires testing, training of those internal teams, transparency to bring more context, and embracing necessary transformations.

“Nobody wants a Magic Eight Ball to make a business decision,” she emphasized. To empower internal teams, companies must invest the time and effort into double-checking results to reduce anxieties and ensure accuracy.

Looking Ahead at CloudEXPO Silicon Valley

Tomorrow, we’ll be attending and recapping more sessions to help you rethink the way you approach your cloud strategy, including the pros and cons of going “serverless,” fast data in a hybrid cloud, and multi-cloud migration—just to name a few! If you’re attending CloudEXPO, be sure to visit booth #510 to chat with our cloud experts and enter to win great prizes.

Ready to optimize your cloud strategy and take your infrastructure to the next level? Contact our cloud experts today.

Keep Your Company Out of the Shocking Data Breach Headlines

Rising Statistics Show Internal Security is Not Enough to Protect Data

On Monday June 3, Quest Diagnostics, the largest blood-testing company in the world, reported that nearly 12 million patients’ personal information, including financial data, social security numbers, and medical records, was exposed through a data breach at a third-party billing collection agency. While lab results were not affected, the sheer number of patients affected makes this event the second largest healthcare data breach ever reported, following only health insurer Anthem’s 78.8 million record data breach in 2015.

The Overlooked Third-Party Risk

How could a global company like Quest’s patient data be so vulnerable? The risk did not come from within the enterprise healthcare company, but through a data breach by American Medical Collection Agency (AMCA), a third-party billing collection service vendor providing services to Quest’s healthcare revenue manager, Optum360 LLC.

External entities like AMCA are widely used across industries. A recent Deloitte poll found 70% of enterprise businesses report a moderate to high reliance on third-party services, but all the rewards come with equal risks. The same poll found that 47% of the organizations surveyed had experienced a risk incident involving the use of third-party services in the last three years.

Quest is Not Alone and That’s Not a Good Thing

Healthcare is an appealing target for hackers, and third-party services have provided the perfect backdoor access to data for several major breaches in 2019.

Just one day after Quest made their announcement, diagnostics company LabCorp reported nearly 7.7 million patients’ personal data was exposed as a result of a massive breach at the same third-party billing collection agency as Quest: AMCA. Additionally, Rush System for Health reported in March 2019 that the personal information for approximately 45,000 patients was compromised due to their third-party claims processing services vendor, and Emerson Hospital reported around the same time that 6,314 patients had portions of their protected health information exposed due to a security breach at a third-party services vendor.

Beyond healthcare, big-name companies across industries have made headlines due to compromised data, including Target, Home Depot, Applebee’s, and Saks Fifth Avenue. A 2018 study by Opus & Ponemon Institute found that 59% of companies experienced a third-party data breach that year, but a mere 16% claimed they effectively mitigated third-party risks. While it may seem obvious that outside entities can create security gaps, it appears dedicated evaluation and management of these additions can often be substandard, with only 37% of the study’s respondents indicated having enough resources to manage third-party relationships.

Cautionary tales featuring global healthcare companies, retail giants, and national restaurant chains might be enough to change those eye-opening statistics, but lawmakers are now asking impacted companies about “vendor selection and due diligence process, sub-supplier monitoring, [and] continuous vendor evaluation policies,” and pointedly asking about the recent breach headlines “how many times has Quest Diagnostics conducted a security test which evaluates both Quest Diagnostics’ systems as well as the systems of any companies it outsourced to?”

Don’t be in the News for a Breach and Don’t be a Statistic – Here’s How

First, following best practices and compliance mandates can set enterprise organizations up to better protect their data from any vulnerabilities third-party entities present, including:

  1. Regularly scheduled vulnerability assessments
  2. HIPAA-required risk assessments for healthcare organizations
  3. Dedicated security management and monitoring
  4. Disaster Recovery planning

BAAs are Necessary but Not Sufficient

Enterprise companies must always ensure that they have a solid and trustworthy partner that can deliver secure infrastructure with a comprehensive Business Associate Agreements (BAA). A BAA acts as a binding contract to create liability between the company and vendor that upholds both parties to stringent HIPAA regulations, but more can be done to truly ensure security for critical data. Ntirety provides peace of mind with industry-leading BAAs and more so with our HITRUST CSF Certified status, demonstrating that all the certified applications appropriately managing risk by meeting key regulations and industry-defined requirements. “HITRUST CSF is the gold standard,” says CEO Emil Sayegh. “In the face of mounting data breaches, companies handling sensitive data must remove all doubt by working with trusted cloud providers with deep experience in security protocols and regulatory compliance.”

Trust is Possible with the Right Third-Party Vendors

Whether starting for square one or proactively planning for a worst-case scenario, organizations can avoid a data breach disaster at the hands of a third-party vendor with diligent vetting, managing, and planning – all of which can be time-consuming and drain resources, falling back to the 37% statistic above.

Meeting HIPAA compliance and setting strong BAAs are a good start, but with the help of experienced HITRUST-certified experts, businesses can better trust their third-party associates. Like an extension of their own teams, Ntirety guides and supports with our detailed and compliance-focused assessments, steadfast monitoring, and rigorously tested recovery plans. Ntirety is ready to meet any organization’s needs, such as our client BlueSky Creative, Inc. who had “a lot of questions and need[ed] to be 100% confident in the provider”, but Vice President Stephanie Butler explains that with Ntirety “from day one, all my questions were answered, and I was given all the guidance I needed and more.”

As a tenured IT services company with over 20 years of experience, Ntirety solutions meet compliance for PCI, HITRUST, HIPAA, FERPA, and GDPR guidelines, and our BAAs strengthen the mutual commitments to safeguard customer data. Our design for data security thoroughly evaluates all third-party vendors and how they interact with all systems and platforms and continue with safeguard evaluations, so no customer ever has to worry about becoming a statistic.

Schedule a consultation with Ntirety to protect your data and keep your third-parties secure.