Monthly Archives: April 2018

Don’t you wish you could pay only for the storage you use, the way you pay for utility services? Maybe you want more flexibility to add capacity to your storage infrastructure only when you need it? Many people are examining the benefits of storage as a service model, but why? The question may be, why not?

The adoption of Storage as a Service (STaaS) is growing rapidly, and many reasons illustrate why businesses are choosing this model. Business success and growth depend on performance, scalability and agility, while fast-growing applications demand greater storage space. Plus, organizations are trying to do more with less, demanding lower costs and greater use of cloud resources with better customer service. The way organizations have managed, scaled and purchased storage just isn’t working for them anymore, especially as storage managers struggle to meet service level agreements (SLAs) for performance and agility. Some existing storage environments prove to be challenging as organizations grapple with ways to ensure compliance with specific regulations like GDPR, HIPAA or SOC-2. Whatever the reason, it’s STaaS that’s giving organizations confidence in their storage to scale and perform as needed, while optimizing cost.

As we try to answer the “why not?” question, check out these three benefits of adopting Storage as a Service (STaaS):

1. Consumption

What do we mean by storage as a consumption model? Instead of treating storage as a capital expenditure like companies have in the past, you can use it as an operating expense, paying only for the capacity you use. With this model, storage providers are responsible for storing their clients’ data, which can be accessed on-demand using the provider’s software. Some vendors allow companies to purchase the storage capacity they use with a predictable pricing model, without having to lease storage for years in advance.

2. Scalability

As your storage needs change, you can scale up and out with STaaS. Scaling up means adding expansion units to your storage system as your data needs increase. Scaling out allows you to add more nodes to your infrastructure, resulting in increased performance and enabling your storage system to do more work in less time. Greater scalability means the ability to manage the exponential growth of data being created by the Internet of Things (IoT), videos, photos, files and apps. The flexibility to add more storage space to your system brings added value to handling your diverse workloads and ensures that your infrastructure can endure the data requirements of the future. It allows you to accommodate additional workload volume without having to modify the entire infrastructure.

3. Cloud-friendly

Cloud data platforms provide the speed, performance, and scalability required to handle the unprecedented growth of data and offer the perfect place to process data in real time to keep businesses running 24x7x365. Some clients may prefer to use a hybrid solution that simplifies management of data and apps across both cloud and on-premises environments.

Not for all shapes and sizes

Whether you want to store data on- or off-prem, STaaS is not a one-size-fits-all approach. The highly certified storage and cloud consultants at Sirius can solve for your unique needs and implement a storage solution that is specifically tailored to your organization. Our storage architects and engineers provide theoretical and practical guidance from planning to implementation to management of your data ecosystem. Sirius’ technical resources understand the capabilities of each storage manufacturer, ensuring that we meet your performance and capacity requirements with the proper solution for your budget. STaaS also doesn’t mean giving up the ability to manage the physical storage array. You can continue to manage your storage. If you’re looking for added help managing storage, Sirius Managed Services provides 24x7x365 support to augment your team to focus on your business.

If you are looking to increase the performance of your storage environment and want a solution to help you streamline your operations and manage your data, connect with a Sirius representative today or visit our Managed Services for STaaS webpage to take a free assessment to identify the best storage solution tailored to your organization.

The recent Verizon Data Breach Investigation Report concludes that stolen credentials now account for 61% of all data breaches. A zero-trust security framework is your enterprise’s best defense against bad actors and exfiltration of your most valuable data, and identity access management (IAM) is the cornerstone of that framework.

There are four primary functions of IAM:

• Identity management, the process of user account creation and deletion
• Access management, the process of assigning or de-assigning user access to specific resources
• Identity governance, the policy-based centralized orchestration of user identity management and access control
• Privileged access management, which safeguards identities with special access or capabilities beyond regular users.

These functions are interdependent and overlapping.

This blog will focus on identity management and governance—core capabilities that are instrumental in a zero-trust security approach.

Successful identity management and governance consists of four main pillars:

• Certification of user access
• Policy enforcement
• Auditing
• Reporting

What exactly is each of these pillars? Let’s break them down.

Certification of user access

With COVID and issues such as the great resignation, more and more employees were asked to take on additional roles and responsibilities until businesses could return to normal. To survive in the face of a global crisis and accommodate the new remote workforce, privileged and remote access multiplied across users, creating a perfect storm for bad actors to exploit vulnerabilities around that access. Ideally, temporary access is removed once it is no longer essential. The reality, however, is that IT personnel and managers often lose sight of who has access to what. And when they do finally get a chance to address these discrepancies, it’s a difficult mess to untangle—especially when those in IT have little insight into what resources each individual employee needs or does not need access to. The problem is further compounded when there is little to no automation to aid the process.

The certification capabilities provided by IAM governance solutions are helping to resolve access and privilege discrepancies and minimize access creep. These solutions typically handle certification of access using eight steps.

Where certification of access is central to identity governance, automation is the mechanism by which it is maintained. Solutions with an automation component eliminate the need for manual tracking and generally include full audit and reporting capabilities, alleviating IT security and leadership workloads.

Policy enforcement

Establishing extensive security policies provides clarity for your employees and direction for proper security procedures, and ensures that you are doing due diligence to protect your organization against security threats. Identity management and governance solutions help you manage and enforce these policies, especially where provisioning, certification, and segregation of duties is concerned.

• Provision policy defines which resources users are authorized to access. Most often, these policies are implemented automatically for users according to their role.
• Certification policy is the process of confirming that an individual still needs access to a specific resource to perform their job.
• Segregation of duties policy is a control that requires different user roles to complete different parts of a task, in order to reduce the risk of inappropriate actions that could lead to a loss or misappropriation of assets.

Identity management and governance solutions are critical components to solving these very serious security risks.

Auditing

In the new world of remote work, access creep is one of the largest security threats to organizations. Users are granted access to various resources at various times during their timeline of employment. Without the proper auditing tools in place, that access might be sustained unnecessarily throughout the user’s tenure. This contributes to multiple separation-of-duties violations and widens the attack surface for potential threats. Certification audits used to be for complying with regulatory requirements, but while compliance with those regulations is still required, certification of access is now much more important than simply passing your SOX, HIPAA, or other regulatory audits. To minimize vulnerability, it is critically important that users have the right access at the right time, and that access is removed after it is no longer needed.

Traditionally, audits have been performed by already overburdened IT departments, often leading to “rubber-stamping” of certifications to meet deadlines and ultimately resulting in failed audits. Today’s IAM governance solutions provide tools that automate this task to a large extent, alleviating some of the burden on IT. They also distribute access responsibility across the organization by placing accountability on users’ managers or application owners who have firsthand knowledge as to whether the user still needs access to critical applications. This function drives down cost and, more importantly, risk. An audit of access certification or attestation campaigns can be scheduled on a regular basis. Additionally, these campaigns can be run in an ad hoc manner based on major events like changing roles or locations within the organization.

Reporting

All activity that is performed by or on an existing identity is now easily accessible through out-of-the-box reporting, whether regarding current or revoked access privileges. This can help identify user accounts in directories that are not found or correlated with an identity in your identity governance and administration (IGA) tool, as well as accounts that have toxic access combinations violating your organization’s separation-of-duties policies. Beyond compliance reporting, these tools can also provide reporting on the status of assigned tasks in the IGA tool.

Solution experts alleviate the heavy lift

At Sirius, we see identity as a business process built on cutting-edge technology. Through conversations and getting to know your IT and business leadership, we work with you to build out a program that is dynamic and scalable. That includes implementation of scheduled, ad hoc, and event-triggered certifications; discovering the accesses that pose a greater threat to your organization; setting the level of automation and scrutiny accordingly, and bringing any toxic combinations of access to light.

Our goal is to help you get beyond the audits to an environment that can follow a principle of least privilege, giving you the security you need and expect for your employees, contractors, and the organization at large. Let us do the heavy lifting. Talk to your Sirius representative today about our IAM assessment.

If you’ve felt like new reports of data hacks and security breaches are becoming more common, it’s not your imagination. In fact, many organizations have begun adopting zero-trust IoT security strategies to protect their IoT data from potential breaches.

The recent influx of supply chain attacks and cyberattacks via Internet of Things (IoT) technology has even prompted the government to mandate that all government agencies meet specific zero-trust standards by the end of the fiscal year 2024.

By some estimates, as many as 300 billion connected devices will be integrated into IoT platforms and IoT applications within the next 10 years. As that number grows, IoT security concerns will intensify as well.

Anyone affected by a recent attack may be wondering, what IoT security measures can businesses in today’s climate take to keep their data safe from breaches, malware, and ransomware attacks? The answer may lie in shifting to a zero-trust security model.

What is zero trust?

Previously, the guiding architectural principle for most network security models was, “verify, then trust.” This meant that sites, apps or IoT devices would allow access to any user with the proper credentials. In some cases, this was even distilled down to “trust,” where those sites, apps or IoT devices would allow access to any user on the network.

One of the foundational principles of a zero-trust approach is that no IoT device should be granted access to any corporate network or other device until it is authenticated— or, “never trust, always verify.”

As the security threat vector expands, all devices that collect and share data—from the IoT sensor, to the edge device that processes the data, to the core or cloud that analyzes the collected data—must be secured from end to end.

A zero-trust strategy can also help guard your IT and OT environments from vulnerable, unprotected systems. Because almost any device connected to your network can create an opportunity for a cyberattack, it’s important to remember that IT leaders are now responsible for all of the devices on our network—not just the computers.

Why is zero trust necessary for IoT?

Moving into the age of mobility, smart homes, smart cities, connected cars, remote workers, and cloud-delivered applications also means that the old ‘tried and true’ security methods don’t provide the same levels of protection that they once did.

Though the “verify, then trust” security concept may have kept credentials safe previously, many security experts agree that it simply no longer works in today’s business climate. Leveraging zero-trust concepts is one of the best ways to ensure effective control across all modalities.

At the same time, applications, users and devices are moving outside of the “zone of control,” dissolving what was once the trusted enterprise perimeter. Protection is now needed where those applications, data, users and devices live.

The future of zero trust

Though many organizations are doing all they can to keep their data secure, new business initiatives and processes driven by digital transformation may actually be creating new attack surfaces and increasing risk exposure.

So, how does an organization stay a step ahead of cybercriminals without taking valuable time away from focusing on their business goals?

First, learn more about weaknesses that may exist in your current IoT security infrastructure. Then, ask your Sirius representative or contact us for more information about implementing a zero-trust security model in your organization.

O my friend — but it is too much for my strength — I sink under the weight of the splendor of these visions! A wonderful serenity has taken possession of my entire soul, like these sweet mornings of spring which I enjoy with my whole heart. I am alone, and feel the charm of existence in this spot, which was created for the bliss of souls like mine.

I am so happy, my dear friend, so absorbed in the exquisite sense of mere tranquil existence, that I neglect my talents. I should be incapable of drawing a single stroke at the present moment; and yet I feel that I never was a greater artist than now.

When, while the lovely valley teems with vapor around me, and the meridian sun strikes the upper surface of the impenetrable foliage of my trees, and but a few stray gleams steal into the inner sanctuary, I throw myself down among the tall grass by the trickling stream; and, as I lie close to the earth, a thousand unknown plants are noticed by me: when I hear the buzz of the little world among the stalks, and grow familiar with the countless indescribable forms of the insects and flies, then I feel the presence of the Almighty, who formed us in his own image, and the breath of that universal love which bears and sustains us, as it floats around us in an eternity of bliss; and then, my friend, when darkness overspreads my eyes, and heaven and earth seem to dwell in my soul and absorb its power, like the form of a beloved mistress, then I often think with longing, Oh, would I could describe these conceptions, could impress upon paper all that is living so full and warm within me.