Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


    0 0

    Flashpoint CEO Josh Lefkowitz gives The VAR Guy a primer on the Deep & Dark Web, and tells us how MSSPs can guard against its specific hazards.

    Threat intel is like a puzzle. You need to assemble the puzzle and get to the full image as quickly as possible. One of the main challenges many MSSPs face in leveraging intel is that even with a rich data set, event data, Indicators of Compromise (IoCs) and extensive reports, they are still missing crucial puzzle pieces that clarify the image. And even if all of the puzzle pieces are on the table, not all teams are equipped to orient and assemble them quickly. At the same time, criminals are working with the full picture and mixing up the pieces to make it hard on the good guys.

    Josh Lefkowitz, CEO of business risk intelligence firm Flashpoint, says the piece that historically has been missing or misunderstood is the Deep & Dark Web.  It’s essentially the "crucible" where assets -- PII, data, malware -- are combined, weaponized and augmented for greatest effect, the chicken to standard intelligence’s egg, so to speak.  What partners need, says Lefkowitz, is the ability to take foundational intelligence and infuse it with targeted criminal context and tendencies. By overlaying this view onto the current one, and providing them with active tools to guide an investigation, it not only clarifies the context and urgency of real risk as it pertains to accumulated intelligence, but advances the ability to be proactive and even predictive in better controlling security planning and response.

    Which is all well and good, but what, exactly, is the Deep & Dark Web, and why are the threats it poses so unique? We sat down with Lefkowitz to find out.

    What’s going on in cybersecurity (both on the attack and defend sides) that is changing the game?

    Threat actors continue to demonstrate their ability to adapt their tactics to circumvent new countermeasures. When it comes to malware, for example, we’ve seen cybercriminals in the Deep & Dark Web actively developing new strains designed to bypass common anti-fraud controls and exploit unpatched vulnerabilities. We’ve also seen that as organizations implement more stringent and comprehensive defenses, some threat actors are turning to schemes that are less-sophisticated yet still very effective.

    Business email compromise (BEC) is a good example of this. By leveraging socially-engineered emails to convince employees to transfer funds to an adversary’s account, BEC has become the costliest type of cybercrime. These scams are so lucrative largely because BEC emails typically do not contain malware, which means they often bypass organizations’ network security solutions and land in employees’ inboxes. BEC is also one of many threats causing more organizations to expand the scope of their security strategies beyond traditional approaches based in indicators of compromise (IoCs) and toward risk-focused programs rooted in actionable, contextual intelligence.

    Indeed, risk-focused programs are also gaining traction across all sectors in response to adversaries’ shifting capabilities and targeting strategies. While cybercriminals have traditionally been known to target individuals, many of today’s adversaries are recognizing the organizations that employ or are frequented by these individuals tend to be more lucrative targets. In many cases, adversaries have gained access to an organization’s systems and/or information by exploiting its employees, contractors, or third-party vendors. We’ve observed such scenarios give rise to more complex and multifaceted threats such as extortion, insider threats, intellectual property (IP) theft, supply chain vulnerabilities, and even large-scale cyber attacks, among others.

    Another shift we’ve noticed is a growing overlap between the cyber and physical threat landscapes. Just as we saw with the WannaCry ransomware attack that locked hospitals out of their systems and consequently prevented patients from receiving care, threats originating in the cyber domain can and sometimes do have serious physical ramifications. The good news is that as more organization come to realize this harsh reality, many have begun to integrate intelligence in a manner that not only bolsters cybersecurity but also physical security and all other business functions across the enterprise.   

    Why aren’t IT professionals and channel partners, able to build a better defense?

    Defending against the full spectrum of cyber and physical risks facing today’s organizations requires actionable, contextual intelligence. However, such intelligence can be difficult to come by -- especially given the confusion and opacity surrounding the market for intelligence offerings. As I mentioned, many organizations have traditionally relied on IoCs to inform their security strategies. While IoCs can and do play an integral role in helping cybersecurity teams detect threats, such an approach should really be just the beginning. Keep in mind that even though countless threats exist, they’re not all relevant to all organizations. Sometimes organizations are so focused on detecting cyber threats that they lose sight of which threats -- cyber or physical -- are actually relevant.

    It’s also important to emphasize that IoCs focus exclusively on detecting threats -- not addressing overall risk. After all, risk is a function of three factors: threat, likelihood, and potential impact. The likelihood and potential impact of a particular threat can vary by organization. Relying on a solution that fails to provide proper context into these factors can lead to threats and vulnerabilities falling through the cracks.

    What should partners who service SMBs be learning about these high profile attacks on larger enterprises?

    It’s crucial for organizations to recognize that while high-profile cyber-attacks can and obviously do happen, there are plenty of lower-profile yet still damaging threats that need to be addressed. As I mentioned, BEC -- though unsophisticated and far less newsworthy than say, ransomware -- has yielded billions of dollars in damages in recent years. Organizations are far more likely to encounter BEC scams and other types of lower-tier cybercrime than face a large-scale ransomware attack.

    But regardless of size or vertical, organizations with the most effective defenses tend to be those that A) promote a culture of security awareness and ensure all employees practice stringent OPSEC and InfoSec; B) proactively seek visibility into relevant cyber and physical threats via actionable, contextual intelligence -- primarily that which is gleaned from high-value sources in the Deep & Dark Web; and C) integrate such intelligence in a manner that serves not just cybersecurity teams but all business functions. Doing so decreases “risk blind spots” and ultimately equips organizations with a decision advantage over threats and adversaries.  

    Now that we have a broad idea of the landscape, let’s talk the deep & dark web. What is it exactly? What goes on there? Why has it been “missing or misunderstood” in the cybersecurity conversation?

    It’s important to distinguish between the Deep Web and the Dark Web because while they do share many characteristics, they aren’t one and the same.

    The Deep Web refers to the broad swath of the Internet that traditional search engines cannot access. In addition to housing vast amounts of mundane -- and often benign -- data, the Deep Web is also home to password-protected forums, chat services like Internet Relay Chat (IRC), file sharing and P2P technologies such as BitTorrent, and the entirety of the Dark Web.

    The Dark Web is a subcomponent of the Deep Web that is only accessible to users who have installed specialized browsing software, such as Tor or I2P. Many forums, websites, and marketplaces on the Dark Web offer highly-anonymized environments for those seeking to conduct malicious activities and purchase illicit goods and services.

    Together, the Deep & Dark Web (DDW) remains the key source for invaluable data and intelligence pertaining to a wide range of cyber and physical threats, fraudulent activities, and malicious actors. While more organizations are recognizing the critical need to incorporate intelligence derived from these online regions into their security and risk strategies, some might be tempted either to obtain such intelligence themselves by using their own in-house teams and capabilities, or, to engage with companies that don’t have the linguistic and cultural understanding of the DDW.

    What are the risks associated with the deep & dark web?

    A wide range of cyber and physical adversaries all use the DDW to varying degrees. In this sense, the DDW in and of itself doesn’t pose a risk; it’s the actors whose malicious schemes are developed within it that do. These risks are often multifaceted and range from nearly every type of cybercrime to more complex risks pertaining to, for example, physical security, fraud, insider threats, M&A due diligence, and third-party vendor risk, and supply chain integrity, among many others.

    However, organizations seeking to access and glean intelligence from the DDW without the proper tools and expertise do face increased security risks. Many communities within the DDW are difficult-to-access and, above all else, built on trust. If a less-experienced analyst, for example, practices poor OPSEC and accidentally exposes their identity within one of these communities, the analyst and their organization could be subject to everything from retaliatory doxing and swatting to destructive cyber-attacks or even physical threats.                                                

    Flashpoint’s mission, and what gaps does it fill in the current security market?

    At Flashpoint, we strive to deliver Business Risk Intelligence (BRI) to empower business units and functions across organizations with a decision advantage over potential threats and adversaries. Our sophisticated technology and human-powered analysis enable enterprises and public sector organizations globally to bolster cybersecurity, confront fraud, detect insider threats, enhance physical security, assess M&A opportunities, and address vendor risk and supply chain integrity.

    We launched our Flashpoint Intelligence Platform because no other product offered what we, as intelligence analysts, really needed: persistent, scaled, targeted visibility into the Deep & Dark Web. By fusing our analysts’ subject matter expertise with our engineers’ sophisticated automatic tooling, our platform delivers actionable, contextual insights that enable organization across all sectors to gain a decision advantage over adversaries and mitigate a broad spectrum of cyber and physical risks.

    We designed our API to make both Flashpoint Intelligence Platform and BRI more customizable and accessible within an organization’s own technologies. API v4 facilitates the integration of our Finished Intelligence, Deep & Dark Web data, Risk Intelligence Observables (RIOs) datasets. Comprising high-fidelity technical indicators with additional context, RIOs equip organizations with deeper insights into activities extending beyond traditional IoC-centric datasets.

    Our API v4 also provides immediate benefit to our Strategic Partner Network by enabling them to create custom integrations for their platforms and enrich analysis for their customers. Our Global Channel Program allows our reseller and distribution partners to extend the benefits of BRI to more organizations worldwide. By delivering high visibility into threats, Flashpoint’s datasets and API v4 enable our partners to empower their users -- experienced and entry-level alike -- with the context they need to make better decisions about risks posed by cybercrime, fraud, and other physical and cyber threats relevant to them.

    There are so many vendors out there touting their solutions as the be all and end all in cybersecurity. Why should people trust what Flashpoint is saying?

    We have been mapping uncharted regions of the Internet for over a decade. Our multilingual intelligence analysts’ expertise and intimate familiarity with the Deep & Dark Web affords exclusive access to these impenetrable communities. They also use the same tools and datasets as our esteemed customer base, which currently represents leading organizations across 20 different verticals and a distinguished network of over 50 partners globally.

    We’re also pioneers of Business Risk Intelligence (BRI) and have successfully helped our customers and partners leverage BRI to address an unmatched variety of diverse and complex use cases pertaining to cybersecurity, fraud, insider threats, physical security, M&A due diligence, vendor risk, and supply chain integrity, among many others.


    0 0

    Born in the cloud partners challenge vendors to think differently about how they provide services and pave this road toward the future channel.

    As the digital transformation brings new ways of provisioning IT, it’s also changing the way much of the industry expands its business. It’s not always quick enough or cost-effective to build new technologies companies wish to cash in on, and many organizations turn to another method of expansion: acquisition. Such was the case earlier this month when Intermedia purchased AnyMeeting.

    Intermedia has weathered some big changes since its start as a web hosting business in 1995. Shortly after opening its doors, it seized an opportunity to move into hosted exchanges—the first company to do so, according to Michael Gold, Intermedia’s CEO. In 2011, it was acquired by Oak Hill Capital, which had big plans to move Intermedia into the cloud and develop a platform product it could wrap services around.

    Over the next few years, Intermedia expanded into adjacent markets such as security, backup, VoIP and unified communications, where it was leveraging Skype to add features such as screen-sharing and video conferencing. But customizing Skype to fit its offerings was becoming cost prohibitive. Enter AnyMeeting.

    As Jay McBain, analyst at Forrester, said in his keynote at Channel Partners Evolution this week, the traditional channel is aging out. Many partners are searching for an exit strategy, and some are finding it in the hot and heavy acquisition activity happening today. If your offering is specific, creative and timely, it’s easy to see a future in which you may become the next AnyMeeting.

    The channel’s evolution has more or less mirrored Intermedia’s, said Gold when we sat down with him at CPE this week. Traditional VARs made money reselling hardware and software implementation services. MSPs became the hot new business model as partners began to move toward monthly subscriptions to support on-premise equipment.

    But this latest disruptor is different. With the cloud, the software resides somewhere else, so the role of the traditional partner—VAR, MSP or what have you—has to evolve to accommodate that shift. It isn’t just about selling services or tweaking revenue streams. This is an entirely different economy, Gold says, with an entirely different administrative and support relationship. The partner’s role has to change.

    “In this new territory, in order to make money, we advise partners to differentiate and add value. Just reselling brand name cloud software isn’t good enough. The margins are just too small. Of course they’re still their customers’ ‘trusted advisors,’ and that role can and should continue in the era of the cloud. But almost everything else needs to change.”

    It’s a different mindset and approach to doing business. Migration to the cloud requires ongoing support, but it offers partners an opportunity to integrate multiple products and services in order to create a truly unique solution. Ideally, says Gold, it would have the partner’s brand name on it.

    “Look, the cloud isn’t new anymore,” added Eric Martorano, Intermedia’s CRO. “I ran U.S. channels for Microsoft, and I remember launching the business productivity online suite and introducing the world to ‘cloud’ eight years ago. We’re at a point now where there are companies that successfully made the transition to cloud and are now working to add value on top of solutions.”

    There are lots of partners who haven’t, and Gold and Martorano say the investment in both time and money doesn’t make sense to business owners are “sun-setting” their businesses. But other partners are looking at growth strategies and creative partnerships to offer value to customers in a way that still brings profit.

    The new, born in the cloud partners are a bit more progressive, says Martorano. They think outside the box and challenge vendors to think differently about how they provide services and pave this road toward the future channel.

    “We’re investing a lot in teaching partners how to transform their businesses to monetize the opportunity in front of them versus just reselling. You won’t make money just reselling software, and that’s not good for us or our partners.”

    To that end, Intermedia recently rethought their channel program to better equip partners to create unique solutions. The company identified core IT products and created a suite that includes things like email, voice, phone, UCaaS, backup, security, file syncing and sharing. Martorano says there are about 25 applications in all, and partners take what makes sense for their customers to create their own packages specific to their business. Then they offer to do the bulk of the heavy lifting when it comes to sales and digital marketing that traditional partners may not be familiar with.

    It’s this sales engineering, education and enablement that the executives say their partners are clamoring for the most, but in many cases, there’s work to be done to “dispel myths” before a partner even gets to that stage, such as the astronomical costs some partners think come with moving PBX to the cloud.

    “We’re out front and center to help educate and talk to partners, showing them the pathway to profitability. We’re out on the front lines creating packages to educate partners in the business side of things: from project services and reselling to managed services and recurring revenue. Only then do we start talking go to market strategies.”

    “Our pitch deck has a slide we’ve been using for seven years of a crazy, stressed out guy pulling out his hair. We actually call him ‘the VAR guy,’” Gold admits with a laugh. “He’s so stressed because he knows the world is now moving to cloud across 20 categories, and he has to figure out solutions, develop expertise and integrate it all together. It’s a lot for any size business, let alone a small VAR.”

    Intermedia’s pitch is that it’s a provider that can bring all of them together pre-integrated into one UI that works across everything. Let’s hope it makes the VAR guy a little less stressed out. 


    0 0


    The discussion dealt with recent news and U.S. government actions regarding the Russian-owned company’s anti-virus software.

    (Bloomberg) -- The House Science Committee received a classified briefing Tuesday related to Kaspersky Lab Inc., according to a person familiar with the matter who spoke about the Moscow-based security firm believed to have links to Russian intelligence.

    The discussion dealt with recent news and U.S. government actions regarding the Russian-owned company’s anti-virus software.

    The person wouldn’t discuss details from the meeting or identify the briefers, citing the classified nature of the session. Several lawmakers also declined to comment.

    Earlier this month, the government banned federal agencies from using Kaspersky Lab software. In doing so, the Department of Homeland Security cited concerns about ties between certain Kaspersky officials and Russian intelligence and other government agencies, and potential compromises to U.S. national security.

    On Sept. 14, the committee sent a letter to Eugene Kaspersky, the company’s chief executive officer, asking him to appear at a hearing on Sept. 27. At the time, the committee said it wanted to conduct oversight of the cybersecurity posture of the U.S. government and examine how much it relied on Kasperky products. But the hearing was postponed and hasn’t been rescheduled.

    The committee also sent a letter back in July to federal agencies requesting information on computers, systems and data that may be accessible to Kaspersky Lab from each agency.

    Kaspersky has denied “inappropriate ties with any government” and criticized the U.S. decision as “based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies.”


    0 0


    IT pros will quickly grasp the significance of the new Microsoft 365 uber-bundles, but it was with some surprise that I found myself preoccupied with something else entirely: The Microsoft 365 announcement roughly coincided with the quieter rollout of a bundle of new business applications in preview for Office 365 subscribers.

    Each year at its worldwide partner conference, Microsoft invariably announces something big. In this, the first year of the rebranded event now called Inspire, CEO Satya Nadella shared the company’s vision for Microsoft 365. In broad strokes, Microsoft 365 is the best of Office 365, plus Windows 10 and advanced mobility + security. The Business Premium and E3 bundles are mainstays of the Office 365 lineup, comprising nearly one-third all the Office 365 licenses we’ve delivered. By combining these popular, value-packed plans with the latest Windows OS and their enterprise mobile device and security suite, Microsoft looks to deliver a “complete, intelligent solution…” aimed directly at firms with limited in-house IT resources and fewer than 500 users.

    IT pros will quickly grasp the significance of the new Microsoft 365 uber-bundles: with productivity, collaboration, OS, security and device management in a single SKU, an end-to-end, evergreen toolkit for business users has come to the cloud. I’ve been looking for an opportunity to help small and mid-market customers standardize around a subscription-based approach to the must-haves on their IT shopping list since the first time I heard a customer say, “I just want to move everything to the cloud.” It would seem the wait may be over.

    It was with some surprise that I found myself preoccupied with something else entirely as I scrambled to learn about the Microsoft 365 initiative post-Inspire. Turns out that the Microsoft 365 announcement roughly coincided with the quieter rollout of a bundle of new business applications in preview for Office 365 subscribers. Supported by the considerable business intelligence plumbing built into Azure and Office 365, these new apps dramatically expand the reach of the Microsoft 365 solution set. Microsoft Connections, Listings and Invoicing are joining Teams, Bookings, Planner and Customer Manager to produce the most complete one-stop source for small business applications I’ve ever seen.

    Take Invoicing, for example. Microsoft describes Invoicing as “a new way to create professional invoices and get paid fast.” It works with PayPal, so you can accept credit and debit cards online. A QuickBooks connector lets you sync customer and catalogue data, as well as transfer invoicing information to your accountant. Microsoft Invoicing is accessed via browser, and through mobile apps for iOS and Android. Invoicing gets at a fundamental need most small businesses have, and addresses it in tightly integrated fashion without additional licensing costs. Combined with Microsoft Bookings (also included in Microsoft 365), you’ve got a commerce package, powered by AI, that handles service businesses’ appointment-setting and billing requirements.

    For managed service providers and their clients, the opportunities these new business apps present are significant. Microsoft is bringing the apps together in the new Office 365 Business Center, a web interface that enables centralized administration and at-a-glance awareness. The Business Center’s activity feed makes it easy to stay updated on what’s happening within each app, and provides suggestions and alerts that can further improve business operations. It also serves as a hub for information and access to other applications coming to the platform, such as MileIQ, which uses automatic drive detection and mileage logging to simplify the tracking, reporting and classification of over-the-road business travel.

    Unlocking the substantial value and impressive capabilities of Microsoft 365 and the Business Center won’t happen on its own for most customers. An informed, trusted advisor will be key to making these new tools real for small businesses, and MSPs who create enablement practices around them will be rewarded with substantially higher licensing revenue. Professional service packages that get customers rolling with end-user training and ongoing administrative support will add to the revenue and margin upside of Microsoft 365 for providers. Clients who embrace Microsoft 365 may find they can focus more on purpose and less on process in their daily operations.

    Scott Paul is AppRiver Senior Director, Microsoft Alliance.

    Guest blogs such as this one are published monthly and are part of Talkin' Cloud's annual platinum sponsorship.


    0 0


    The story of Juniper Networks’ QFX switches offers a glimpse into potentially profound changes buffeting the relationships between IT hardware vendors and the big cloud providers who have become some of their most important customers.

    A decline in data center hardware spending by major cloud providers could be more than a temporary blip for major networkers like Juniper Networks.

    That’s the view of some analysts and company insiders, who suggest that years-long strategic plans by cloud providers have culminated in in-house production of networking tools they once purchased from the likes of Juniper, Cisco and other networkers.

    Last week, Juniper Networks announced its third quarter revenue would be lower than anticipated, hampered by a slowdown in sales of equipment to cloud providers.

    The story of Juniper Networks’ QFX switches offers a glimpse into potentially profound changes buffeting the relationships between IT hardware vendors and big cloud players who have become some of their most important customers.

    “AWS is backing off on buying Juniper for their own reasons,” said one former employee with deep knowledge of the business relationship between Juniper and AWS. “They were buying a special build of the Juniper QFX switch to do an L3 IP Clos, which is their data center fabric architecture.”

    The former employee – who now works at another channel vendor – spoke to MSPmentor on condition of anonymity because he wasn’t sanctioned to discuss the deal.

    “Amazon now builds their own switch,” he explained. “They featured it in a keynote at (AWS re:Invent 2016) last November, which I attended.”

    View the full keynote:

    Juniper Networks did not immediately respond to an email seeking comment about the revenue shortfall and, in fairness, the company is constrained in what it could say publicly in such close proximity to its official Q3 earnings call on Sept. 24.

    The Juniper Networks earnings warning came after two consecutive quarters during which the company’s revenue was buoyed substantially by strong cloud-related sales.

    But even then, there were concerns about what might happen should some secular shift take hold in the sector.

    Cloud is Juniper’s second largest business, and four of its 10 largest customers in Q2 were cloud providers, prompting the company to cite the concentration as a revenue risk.

    In a recent report by ZDNet, Cowen & Co. analyst Paul Silverstein said that Amazon was Juniper’s biggest cloud customer and the likely culprit behind the cut in spending, given the size of the revenue miss.  

    That article also cited another analyst who argued that other Juniper cloud customers, including Google, Facebook and Apple, have spent big during the past 18 months building out their own networks in an effort to bypass Internet carriers.

    "Our recent industry surveys reflect material slowdown (and potential digestion) of IP backbone build out with a couple of these cloud operators this quarter," William Blair analyst Dimitry Netis is quoted as saying.

    In Amazon’s case, the cloud provider saw an opportunity to create its own switches that are better suited to its specific needs, according to the employee who worked on the QFX deal.  

    “The QFX does 40 gigs with four wavelengths and four optical connectors,” he said. “The Amazon switches do 25 gigs with one wave length and one optical connector.”

    “So, two of them outperform the Juniper QFX but are cheaper because they use less connections. The connectors are expensive. The wavelengths are expensive.”

    The new design has only the features that AWS requires.

    “It has an ASIC (application-specific integrated circuit) that is built for Amazon,” the source said. “Extra features just cause problems and lead to delays in development and testing.”

    If other major cloud providers do indeed follow suit, the implications could be substantial in the near term for major IT hardware vendors.

    As Silverstein, the Cowen & Co. analyst is quoted as saying with respect to the Juniper Networks slowdown: “We suspect that the issue is not purely ‘transitory.’”


    0 0

    he unsecured AWS S3 buckets revealed “significant internal Accenture data, including cloud platform credentials and configurations.”

    Accenture left four Amazon Web Services (AWS) S3 buckets open and downloadable to the public, containing software for its Accenture Cloud Platform enterprise cloud offering and other sensitive internal data, security researchers said today.

    The unsecured AWS S3 buckets were discovered by UpGuard security researcher Chris Vickery on Sept. 17, 2017, and revealed “significant internal Accenture data, including cloud platform credentials and configurations.” Credentials for Accenture’s Google and Azure accounts also appeared to be stored in one of the buckets, which could have far-reaching consequences in the hands of a malicious actor.

    The servers were secured the next day after UpGuard Director of Cyber Risk Research Vickery notified Accenture.

    The company, which provides consulting and professional services, is not the first to have had unsecured AWS S3 buckets discovered by UpGuard. Earlier this year, Vickery notified Verizon, and election data firm Deep Root Analytics about AWS S3 buckets open to the public, exposing tens of millions of customer and voter records, respectively.

    In a blog post on Tuesday, Vickery said that this exposure could have been prevented with a simple password requirement added to each bucket. His recommendation comes as a new survey by OneLogin finds that IT pros are failing to enforce password policies.

    Accenture’s AWS S3 buckets contained internal access keys and credentials for use by the Identity API, plaintext passwords for decrypting files, private signing keys, databases including credentials for Accenture clients, and more.

    “Taken together, the significance of these exposed buckets is hard to overstate. In the hands of competent threat actors, these cloud servers, accessible to anyone stumbling across their URLs, could have exposed both Accenture and its thousands of top-flight corporate customers to malicious attacks that could have done an untold amount of financial damage,” Vickery said in a blog post. “It is possible a malicious actor could have used the exposed keys to impersonate Accenture, dwelling silently within the company’s IT environment to gather more information. The specter of password reuse attacks also looms large, across multiple platforms, websites, and potentially hundreds of clients.”

    More than half of organizations using cloud storage services like AWS S3 have inadvertently exposed one or more services to the public, recent research by cloud security company RedLock says.


    0 0


    In today’s dynamic digital environment, there is no greater imperative than developing an agility and innovation mindset.

    In today’s dynamic digital environment, there is no greater imperative than developing an agility and innovation mindset. Organizations must be in a position to turn on a dime—at any time—to meet internal and external customer demand. They must be able to iterate constantly, repeatedly setting and raising the bar in order to stay ahead of the competition. 

    However, as partners know all too well, all of this is much easier said than done.

    One of the biggest hurdles to business agility and innovation is customers’ legacy data center hardware and software. These systems often exist in silos; therefore, it is difficult to analyze data across systems. This results in information that is, at best, outdated and, at worst, plain wrong. Many companies are also challenged by slow provisioning, complex processes and outdated development systems. And, with shrinking or static budgets, organizations are hard-pressed to scale legacy systems, which means they can’t efficiently meet demand for growth (if they can meet it at all).

    So, how can you help your customers achieve business agility and flexibility?

    First, help them modernize the data center. This does not mean replacing every piece of equipment, but it does mean helping your customers consider that compute, storage, network and security services are just table stakes today. Technology such as software-defined systems—including IT automation, modernized infrastructure and the ability to run modern apps-- can provide the kind of edge your customers need in an increasingly competitive environment.

    The cloud can also provide this kind of edge, and service providers need to work with customers to determine what can and should be in the cloud, and what kind of clouds make sense. For example, public clouds such as AWS, Google and Azure can help drive agility costs down, but the public cloud does not make sense for all workloads. For organizations in highly regulated industries, for example, some workloads may need to be on private or hybrid clouds (and some may not be appropriate for the cloud at all.) Service providers must also help customers implement a common platform and common tools for managing and aligning cloud services.

    Another hurdle to agility and flexibility can be corporate cultures that may run counter to the current business climate. The days of IT and business working in their own separate vacuums are gone. Indeed, companies that hang on to that model run the risk of faltering. 

    Think about BYOD. While some organizations deign to allow people to use their own devices for specific corporate tasks (but not for others), truly agile and flexible organizations have moved beyond thinking about mobile as a separate entity whose usage must be tightly controlled. Rather, these organizations think in terms of a digital workspace, driven by the cloud and mobile, which enables employees and customers to use the devices of their choice to access the applications and data they need.

    Ultimately, “agile” and “flexible” are really just other ways of describing digital transformation. In today’s hyper-competitive and fast-moving environment, helping your customers achieve digital transformation will result in your mutual success.

    This guest blog is part of a Channel Futures sponsorship.


    0 0


    The range of possible threats to your clients' IT systems and data is wide and growing. Hackers, human error, hardware failure and natural disasters are among the reasons why businesses need a powerful data protection strategy.

    The range of possible threats to your clients' IT systems and data is wide and growing. Hackers, human error, hardware failure and natural disasters are among the reasons why businesses need a powerful data protection strategy. But finding and implementing the right data protection solution when  resources are limited can be a challenge. And many small and midsize businesses lack the IT staff needed to manage a backup system that requires additional onsite infrastructure. 

    Carbonite Cloud Backup Powered by EVault is a secure and easy-to-use cloud backup solution that doesn’t require onsite hardware. With flexible deployment options, support for physical and virtual environments, and geographic redundancy built in, Carbonite Cloud Backup provides users with peace of mind because all of their business data is securely backed up offsite. Carbonite Cloud Backup also supports a wide range of platforms, including legacy systems, so there's no need to juggle multiple backup solutions. 

    Easy to deploy, manage and monitor

    Using a centralized, web-based management platform, users can easily configure and monitor backups from anywhere. Image backup with bare metal and granular restore lets you restore files, folders or entire servers simply by logging into the online portal and choosing a recovery point and a target.

    End-to-end security, compliance support

    Data is protected automatically at all times with AES 256-bit private key encryption and by Transport Layer Security (TLS) during transmission. Carbonite Cloud Backup also supports regulatory compliance including SOC 2, HIPAA, FERPA and GLBA.

    Advanced backup capabilities

    After the initial backup is complete, Carbonite Cloud Backup begins performing “forever incremental” backups. This ensures fast backups because we are saving only incremental changes to the data. Dynamic bandwidth throttling enables your clients to limit bandwidth to maintain network speeds during peak hours. And Carbonite Cloud Backup automatically splits backup jobs across multiple CPUs, freeing source-system processing power for other tasks.

    Benefits:

    ·      Support for more than 200 operating systems, platforms and applications means you don’t have to manage multiple backup solutions.

    ·      Flexible deployment models link branch offices and data centers to headquarters and the cloud.

    ·      Save data up to seven years with flexible retention options.

    ·      Centralized, web-based dashboard lets you manage, monitor and recover data from anywhere in the world.

    ·      Advanced compression and deduplication minimize network stress.

    ·      Award-winning customer support is available 24x7.

    Supported platforms include:

    ·      Linux

    ·      Windows

    ·      VMware

    ·      Hyper-V

    ·      IBM AIX

    ·      Solaris

    ·      HP-UX

    ·      IBM iSeries

    ·      Microsoft SQL, Exchange and SharePoint

    ·      Oracle

    How it works

    Begin by logging into our web-based management portal and downloading our agent software. Install agents on each server that needs protection. Once installed, the agents automatically connect to our management portal, where you or your clients can create, customize and monitor backup jobs. To restore data, use our intuitive interface to navigate to the correct recovery point, then click.

    As part of our commitment to risk management, controls such as authentication, monitoring, auditing and encryption are built into the design, implementation and day-to-day management of our operating environment. These measures are designed to avoid corruption or loss of data, prevent unknown or unauthorized access to systems and information, and above all, protect the business data entrusted to us. 

    Not a Carbonite Partner?

    Carbonite Partners have access to backup, disaster recovery, high availability and migration solutions to protect the full spectrum of customer environments. Giving your customers a range of solutions enriches revenue opportunities and ensures you support 100% of their environment while still working with a single data protection vendor. 

    Learn more about partnering with Carbonite and become a Carbonite Partner today.

    Jon Whitlock is vice president of channel sales and marketing at Carbonite, a provider of cloud and hybrid data protection solutions for small-to-midsize businesses.

    This guest blog is part of a Channel Futures sponsorship. 

     


    0 0


    Companies are working to transform themselves digitally, and there is perhaps no more important driver than the cloud. However, as more and more companies are discovering, there’s no single path when it comes to moving to the cloud. Rather, an effective digital transformation strategy integrates private, hybrid and, perhaps most importantly, public clouds.

     

    Companies are working to transform themselves digitally, and there is perhaps no more important driver than the cloud. However, as more and more companies are discovering, there’s no single path when it comes to moving to the cloud. Rather, an effective digital transformation strategy integrates private, hybrid and, perhaps most importantly, public clouds.

     In a recent survey of its customers, VMware found that 67 percent foresee an ideal “end state” in which they rely on multiple clouds. And while many companies have dipped their toes into SaaS and private cloud waters, increasing development, data analysis, security and general market demands are driving the need for companies to extend their IT environments to public clouds.

     With all this said, integrating public clouds is not for the faint of heart. The key challenges are:

    · Reducing inefficiencies from managing multiple cloud silos: While companies most certainly can benefit from using a combination of private, public and hybrid

    clouds, this can also result in complex, siloed environments that lack common management tools and security.

    · Transitioning existing workloads to the public cloud: Companies know that they will gain flexibility, agility and cost savings from the public cloud, but it can be challenging to migrate legacy applications that are running on-premises in order to realize a return on investment.

    · Developing and deploying cloud-native applications: Businesses need a unified infrastructure that supports both legacy and modern applications based on containers and micro-services to help move new applications and services to production faster.

    VMware solutions provide customers the ability to leverage multiple cloud environments while reducing cost and complexity. The VMware Cloud Foundation offers a dynamic software-defined infrastructure to run enterprise applications in both private and public environments.

     VMware supports business agility, resilience, scale, and choice by extending datacenters to the public cloud with solutions such as VMware Cloud™ on Amazon Web Services (AWS). In addition, the global network of VMware Cloud Provider™ partners, including IBM Cloud, delivers public cloud services based on trusted VMware technology and are designed to interoperate with customers’ on-premises VMware deployments.

    VMware and its partners are working with organizations of all sizes and across industries to improve operations and customer experiences by extending infrastructure to the public cloud. For example, VMware’s work with a company in the hospitality industry resulted in enhanced guest services with a modernized data center, faster time to market for new services, and a scalable, cost-effective strategy for supporting growth while empowering employees with the latest digital capabilities.

    VMware also helped the organization overcome a common concern about the public cloud: security. Utilizing VMware NSX, the company has been able to simplify network management and enable higher levels of security by leveraging micro-segmentation. 

    Of course, any organization’s success in modernizing IT architecture, while balancing security with flexibility, requires a deep knowledge of what is—and isn’t—happening on legacy systems. Enter VMware’s Virtual Network Assessment (VNA), which helps partners provide their customers with a holistic view of the traffic in their data center across the virtual and physical domains. Click here to learn more about the VNA.

    Extending infrastructure to the cloud is not an easy journey, but it’s certainly worth the ride.

    This guest blog is part of a Channel Futures sponsorship.


    0 0

    Tuesday, 12/5/17 at 2pm ET

    Tuesday, 12/5/17 at 2pm ET

    Who are the 100 most successful cloud services providers this year? Find out as Channel Futures presents the 2017 Talkin’ Cloud 100 on Dec. 5.

    Hear from our editors about the companies who made the coveted top spots, and what sets them apart in the competitive cloud market. Learn how the top performers embrace emerging technologies, like artificial intelligence and FinTech, and which professional services pay off. 

    The webcast will explore: 

    • Most popular public cloud services
    • Fast-growing verticals served by top CSPs
    • Key cloud trends in 2018 and beyond

    Join us as we unveil the most competitive cloud services companies of 2017.

     

     

    Speakers:

    Content director, Nicole Henderson

    Senior content director, Channel Futures, T.C. Doyle

    And a special guest…