CloudInsyte - Blog
InsyteBlog
Industry musings and updates from the InsyteMafia themselves.
Subscribe to get our weekly digest!
06.11.2018
Security: Should my pen-testing company help with remediation?
To evaluate the integrity and strength of your company's infrastructures, you should schedule a penetration test (a.k.a. "pen-test"). Pen-tests, essentially, are simulated cyberattacks which expose any vulnerabilities in your company's computer systems. They alert you to cybersecurity weaknesses and potentially harmful technological deficiencies that could otherwise remain hidden.

In today's ever-changing technological landscape, pen-tests are Security 101 — a yearly "must" for all businesses. If you want, you can think of a pen-test as a necessary evil which, despite being a minor hassle, ensures that your company, partners, customers and assets are protected in both the short- and long-term.

Depending on the size and sophistication of your infrastructure, pen-tests can take anywhere from days to weeks. Lots of companies offer to perform them, but not all of them do a quality job. By asking the right questions, you can properly vet your options and choose the right vendor. (For more info on why this process matters and how to approach it, read our previous post on security below.)

Once your pen-test is complete, the vendor who performed the test will typically provide you with a laundry list of things you need to address, and the level of urgency associated with each item on the list. This is helpful.

What is not always as helpful — but is very common — is for the pen-testing company to also insist that they perform the remediation process for you. Something along the lines of, "We already know where your company's issues are; why not let us fix them?" They might even suggest the same engineer who performed the pen-test as the one to do the remediation.

We strongly advise against this. As we've stated previously, the jack-of-all-trades approach is not ideal in the cybersecurity space. You want a company who specializes in each area of cybersecurity to assist you in that specific area — better to have five companies who excel in five different things helping you with each of those things than to have one company who is OK at all five things helping you across the board.

So, when it comes to remediation, you want a company that specializes in remediation. This will give you an extra set of eyes on the results of the pen-test (in case the pen-testing company missed anything), and it will ensure that you receive the best possible results and guidance during the remediation process.

For both pen-testers and remediators, you should be sure to qualify your vendors' methodologies and their level of engineering talent — and you should always try to find companies that have experience in your vertical.
05.16.2018
The Cloud: How did it get so expensive?
If you've migrated to a Cloud-based platform such as AWS, GCP or Azure, there's a good chance you've realized that it's starting to cost you more than you initially estimated before making the switch. (If you haven't realized it yet, give it time.)

The bad news is that countless businesses like yours underestimate the costs of moving to the Cloud. The good news is that you can likely get these costs under control — all you need are the right resources.

The reasons for the disconnect between what companies think the Cloud will cost them vs. what it actually ends up costing are relatively straight-forward: The supply and demand of today's employment market causes most companies' tech departments to be compromisingly understaffed. When most businesses operate at a 70 percent headcount and are unable to attract tech-savvy employees who specialize in emerging technologies, it directly affects their ability to effectively self-manage Public Cloud infrastructure. This inevitably leads to overspending.

To rein costs in, third-party companies are the best way to go. Enlisting the help of key third-party partners enables you to optimize your Cloud deployment, complement your infrastructure and ensure that your systems are running efficiently. And although these third-party services aren't free, they easily pay for themselves by reducing your Cloud spending and streamlining your operations.

Partnering with third-party companies yields a number of significant benefits. For one thing, third-parties can handle your billing and Cloud expense management, which can be confusing and frustrating to do on your own.

Also, third-parties specialize in infrastructure optimization, like determining how much infrastructure you actually need and avoiding over-provisioning "reserved instances" which were initially assumed to reduce costs. (This is a big deal because it gives you the perfect mix of infrastructure — enough so that you don't get stuck without it, but not so much that you overspend on things you don't need.)

Lastly, third-party partners fill a critical need by augmenting your staff. If your tech department is understaffed or underqualified, you can easily bring in qualified third party help to serve as an extension of your existing team. Again, this ensures that your environment is neither too big nor too small. (And again it saves you money.)

This was a big release with some cool new features and changes in our system to help us serve you better. Read on for a few of the highlights. Get a snapshot of your budget automatically in your email. This new email report will highlight the envelopes you've overspent on, as well as the ones you've underspent on so you can make any necessary adjustments to your budget. This feature will help you.
05.07.2018
The Cloud: Is it really less expensive than my current Data Center deployment?
Choosing how to deploy your infrastructure is an extremely important decision — and, because of the emergence of Cloud-based technologies, an increasingly complex decision as well. Moving to the Cloud can be tempting, but it makes way more financial sense for some businesses than others. The №1 question is: What is best for you?

If your company is anything like most organizations these days, you're operating at a 70 percent headcount in tech. While this kind of under-staffing is completely understandable due to the current supply and demand dynamics of emerging technologies, you also need to understand the limitations understaffing places on your business.

Sure, your leadership may want you to be utilizing Cloud platforms like Amazon Web Services (AWS) tomorrow, but your people simply may not be equipped to make that a reality. Add to that the fact that most online AWS cost calculators can mislead you into thinking the Cloud is cheaper than it actually is, and it's easy to see why so many companies misjudge the internal costs of bandwidth in and out of Cloud environments.

Beyond understaffing, internal and external pressures and budget concerns also come into play — but no matter what your current environment is like, rushing to the Cloud without being properly informed is a BIG mistake — and it is terribly difficult to reverse.

The truth is, you won't really know what the full costs of migrating to the Cloud will be until you've already made the switch. Not only that, you won't be able to notice the results until at least a year after migration.

The trick is to "look before you leap" into the Cloud. The challenge is finding the right ways to do so.

For starters, it's wise to avoid the pitfalls of public cloud cost calculators. Most of these online "resources" fail to account for key infrastructure communications costs, and even if you successfully reverse-engineer your application needs and are positive how much they'll cost you in the cloud, you still will likely end up spending more than you estimate.

For this reason, our first recommendation is to add 30 percent to your estimated cost (no matter how you arrived at that number). You need that 30 percent cushion to ensure that you're covered in the likely event that the costs end up being higher than you initially figured.

The "best practice" approach, without a doubt, is to work with a third-party partner with expertise in Data Center-to-Cloud migrations. You don't need to spend a lot of money on this, either — you just need to bring someone in to make sure you're i's are dotted and your t's are crossed.

Usually, collaborating with a third-party partner pays for itself. In some cases, these partners will have access to COOP-based pricing that will lower your CAPEX and OPEX. In addition, they will ensure that you are not constantly operating over- or under-provisioned.
04.27.2018
Security: Does one size fit all?
In today's digital landscape, cybersecurity threats are more prevalent and more advanced than ever before. According to the 2017 ENISA Threat Landscape report, the past year "brought new records in cyber-attacks of all kinds, data breaches, and information loss." The complexity and sophistication of attacks continues to increase, and cyber criminals have become even better at hiding their trails.

In light of this, 2017 also set records for investments in security. But with so many security vendors out there, it can feel overwhelming identifying who you should trust to protect your company from different kinds of threats. Many organizations turn to one-size-fits-all security services — vendors who say they can protect your company from all kinds of different threats.

On paper, this sounds great. But opting for jack-of-all-trades security could prove detrimental. Sure, it might ease vendor management, but it also could leave you vulnerable if, for instance, you face a security threat outside of your chosen security provider's wheelhouse. You never want to suffer an attack of a breach because you picked the wrong partner.

To put it simply: No single vendor should ever be handling all of your company's security needs. Some of the key rules to consider: Never have the company performing your pentesting handle your remediation and make sure to change pentesting companies every 1–2 years. If you like your current pentesting company, just let them know you will rotate them back in on the next cycle and this is to protect the company's interest. They should understand and if they don't, there's a good chance they are not the right partner for you.

Instead, what you want is to work with the best-of-breed provider in each different class of security. By selecting the right security vendors in different areas of the landscape, your company can benefit from the most comprehensive protection — and if you do it correctly, managing multiple vendors doesn't have to be cumbersome, either.

To know which vendors you should work with in different security classes, it helps to have the guidance of professionals who can steer you in the right direction. A quality consultant can help you ensure compliance and maintain your customers' safety by identifying the best vendors in each area of specialization, and by managing multiple vendor relationships as though they were one.

Request your free security vendor analysis report today. Please include your company name, address and requested service type.
Follow us
It is the intended result of the complete process of presentation of textual material in order to communicate meaning.
Contact us:
(917) 722-1212
sales@cloudinsyte.com
113 Nassau St, Suite 23D
New York, NY 10038
CloudInsyte ©2018
Our Privacy Policy