Making Administration of Compliance Easy

October 30, 2015 Stewart Parkin

Compliance has been made frightening to most organizations through multiple regulatory mandates. It is now a difficult and tedious task to organize a product for SOX and PCI or HIPAA compliance. The manual workaround, auditing failures as well as intimidating pressure of disciplinary action under various acts makes gradual compliance unreasonable and undesirable. Therefore, enterprises are longing for easy compliance that are highly automated, tightly integrated, extensive, scalable and reliable solutions. Cloud computing services that incorporate superior capabilities, at the same time allow you to be in control of proliferating information and compliance requirements are now in high demand.

Automated cloud service that enable data collection, benchmark mapping, change of tracking, and report are designed to make auditing simple and easy, for both inside or outside the enterprise. For legal compliance, upbeat and proactive controls are created. In addition, they allow numerous compliance management and bring easy, centralized structure that permit definition of policy, as well as computerized compliance auditing process across platforms and environments. There is also provision of extensive library policies that set rules tackling some problems associated with compliance, which is built into some of the computing solutions in the cloud. This can be beneficial for automatically defining and scanning results on the dashboard that share similarity with the specific legal mandates. The outcome is that simplified compliance and permits viewing of data at a glance.

Majority cloud backup and storage systems come with uninterrupted features that burn out users that are unauthorized and tracks user’s activities. Changes to files, directories, registry keys, and provision of visible and immediate checkmating so as to avoid incident that may result in data compromise are kept by file integrity monitory software. The read and write protection and reconciliation maps in cloud backup systems, which follow changes to the original system, safeguarding sufficient security. For that reason, there is a reduction in management complexities while security is vastly made stronger.

Below are the functions of computing services in the cloud which you need to know:

– Help to centralize data management for the purpose of policy inspection, strategy, and reporting;
– Provide uninterrupted change management and integrity of configuration;
– Permit integration of software to prevent hosting intrusion, management against vulnerability, and control of application.

Users of cloud computing can be made aware of the incessant compliance expectations with uninterrupted visibility. With the help of cloud computing, labour intensive mistakes, errors of disconnected compliance products can be avoided. In addition, there is absolute reduction in the cost of compliance, as well as dramatic reduction in the complexity of operation with the help of cloud compliance. In fact, there are more to the benefits associated with cloud computing than what we have discussed above.

Asigra, the Best Cloud Backup Software, Powers BTL

October 28, 2015 Kris Price

In case you have not heard about Asigra, a disk to disk (D2D) data backup and vaulting solution, this article will introduce you. Asigra solution has been designed to address lots of serious compliance needs and provide data protection that is cost-effective. Its effortless software manages data life cycles, as well as allows a speedy recovery of data. Organizations may need to change their remote site backup or recovery procedures that based on legacy tape with high-tech and innovative backup systems that focus mainly on security of data in flight and at rest. Among the things that make Asigra software exceptional cloud backup solution include: hard coded security, agentless solution, and WAN optimization techniques.

The unique selling proposition (USP) for Asigra is its FIPS 140 certified cryptographic model. For refined security, Asigra encrypts data on the fly and stores it in the vaults in an encrypted format. Since Asigra’s launch in 1986, data stored under its software have never had any breach. In addition, there are no open firewall ports in Asigra and that is why is has never been hacked. Among the strengths of Asigra include: user authentication, encryption, role based access, secure offsite storage, as well as the granular level reports.

Asigra handles security and data privacy with second to none technology and provides protection for the major concerns of laws like: Data Protection Act, Sarbanes-Oxley Act, and HIPAA. Asigra makes sure that data is captured properly and accurately. It ensures that data is processed lawfully and access is limited to only authorized personnel in the organization. There is also definition of data process that does not go against the rights of the data owner. In order to ensure that all stipulations and provisions are adhered to, this disk to disk data vaulting solution enables data protection officers to speedily and simply answer to queries of data owners and establish periodic checks.

It important for you to know that Asigra Televaulting solution flawlessly protects and combines local, remote or branch office data to meet the terms on all the aforementioned legal mandates. In order to make it easy for organizations to comply with the regulatory acts that have long-term retention periods, such as the OSHA*, Asigra offers secure long-term data retention. For legal discovery and compliance, Asigra allows a much faster data access and recovery. Really, Asigra’s data lifecycle management technology makes sure that data that need to be destroyed is dealt with swiftly using proper controls of primary data preservation policies.

Asigra architecture has been recognized by industry experts as a leading cloud backup and storage solution with many industry-firsts in the areas of computerization, efficiency and security. This helps to reduce boring backup jobs and puts onsite and offsite data capture in place easily, migrate data from local servers to cloud based servers, and formation of backup strategies that are compliant. Asigra also provides the user with absolute control over backed up data, and also accommodates changes in strategies.

We, at Backup Technology Limited (BTL), are proud to be a 3D Hybrid Partner of Asigra since 2010. Please visit Asigra’s website for more information – www.asigra.com.

* http://goo.gl/wBJLbU

Facts about Suitable Cloud Strategies

October 26, 2015 Rob Mackle

There is confusion on the murmur and blare surrounding cloud computing these days. CIOs and cloud strategists in an organization may find it very difficult to separate the wheat from the chaff, at the same time, adopt the right cloud strategy for their organization. For that reason, this article is dedicated to providing you with few guidelines which can be beneficial while defining the required and suitable cloud strategies for your organization.

It is a must for cloud strategists to describe cloud service value in their environment, and explain the needs for their business into viable strategies. This means, strategists need to do thorough analysis of the prevailing IT environment, build road map, and create desirable service level chart for incremental progress to the cloud. The strategists must also create recommendations about key performance indicators (KPIs) as well as layer data lifecycle management around these services using with regard to privacy, compliance, and security.

Obviously, it is advised to avoid designing cloud strategy focusing only on technology. The needs of the business and the business it self should be the focus while designing the cloud strategy. To be encouraged to build cloud strategy with business needs in focus, strategists need to ask the following questions:

– In which way will moving to the cloud benefit the business?
– Does a positive trade-off ever exist between cloud computing options and local storage options?

Honestly, the answers they will get from the two questions above will serve as a succor in maintaining an approach that is level headed to the strategy at the same time building a strong foundation for evolution that will last for long period of time both toward the cloud options and cloud like options that they plan to mature within a given year. For the cloud strategists planning suitable strategy for an organization, there must be a good understanding of the kind of strategy available in the cloud, and making use of that knowledge to find out and utilize the appropriate kind of cloud technology for the benefit of the enterprise. The three main categories of cloud services, which you need to know, include:

– Platform as a service (PaaS) which is responsible for provision of platforms for programming as well as building blocks or tools for APIs that help in creating application and services that are based in the cloud.
– Infrastructure as a service (IaaS) is the ability for managing, owing or even controlling the essential infrastructure. In order to scale up available IT hardware resources within an organization, infrastructure may be rented.
– Software as a service (SaaS) exposes applications as a service that is running in the cloud infrastructure.

In order to create a cloud strategy that is personalized to the business needs of organization, there may be a need for cloud-strategists to combine one or more of the options available services.

It is important for cloud strategists to go beyond mere theoretical definitions of the the cloud, and focus their attention on making use of convincing analysis so as to deduce a clearer fit between economic and risk profiles, which exist in variety of business situations and make cloud offerings — including cloud storage and cloud backup — to stand out as among the technology strategies of the organization.

Effective Business Case for Tiered Cloud Storage

October 21, 2015 Callum Huddlestone

One of the most appreciable parts of the cloud economics discussion is the profiling of real money versus assumed risk. Supporters of cloud computing will have problems when it comes to making business case for the cloud if they are not aware of the amount of real money they will be able to save for their enterprise by taking their business to the cloud (in other words, need to know the real ROI before making a decision).

Best guess is that cloud computing is less expensive. Indeed, the guess is true as cloud computing is less expensive when you compare it with the other computing systems. However, the problem is always how one will be able to explain that cloud computing is cheaper. The cost of a data center is categorized into two, which are direct and indirect cost, as well as the issues associated with floor space, power, and IT operation, storage, scalability, network and other issues. Before deciding on the cost of cloud computing, you will need to determine the above mentioned data center issues in financial terms. Looking at the other side of the coin, it is obvious to know that cloud-computing services are priced per GB per month, using only bandwidth usage as the only associated cost, without considering (at least for the user) any of the data center mentioned above.

In order to build a case for saving of real money in the cloud, appropriate cloud based data storage usage should be defined. In addition, it is important to note that some data are suitable for storage in the cloud while others are not. In order to make effective business case for tiered cloud storage in monetary terms, the following questions must be answered:

What are the performances needed for storage of certain category of data?
In terms of platform construction, deployment, application, time required for completion and compute rates, what are the needed performance requirement?
In creating and deploying application in each platform, what are monetary cost and the specific resource requirements?
It is possible to use cloud computing platforms along side with local offsite systems so as to enhance effectiveness of cost?

The compliance for security is automatic in the cloud, and legal discovery is known to be made easy. Therefore, one should not look down the real money savings just by avoiding legal actions and improved compliance to legal mandates. With all these being said, it is vital to make clear that infrastructures and cloud services need to be monitored constantly. Though cloud services can be helpful in up-front cost of enterprises through dispersal of the expenditures over the period which may be months and even years, it is important for CIOs to be watchful so as to avoid creeping in pricing services known as “pay as you go”. The company will find it difficult to reduce the costs, as well as maintain their storage in the cloud at low and economical rate if they do not remove unwanted data to create space on their device.

Training the Trainers in Preparing for Disaster Situations

October 19, 2015 Damien Garvey

Honestly, it is not easy to plan for recovery of system against disaster. Those planning for disaster recovery need to imagine every unforeseen event that may possibly happen. Also, planners need to train the trainers to teach others on the resourceful and successful way of handling catastrophic circumstances, including in drills, as in simulated disasters. This is to equip them with required knowledge that will make them qualified to handle the situation when an actual disaster occurs in the enterprise.

Indeed, for easy control and effective preparation against disaster, trainers must be selected carefully. In addition, the criteria for selection of trainers should include their knowledge of disaster management system. So, selecting team that are open to learning and love to try new things is very important. Selection of proactive individuals that are able to adjust their plans to suit the prevalent unexpected situation is also very important. Flexibility in action is also needed for the trainers, as that will be important to make new plans that will flexibly fit conditions and situations that are not expected during live implementations that may not originate from the main plan.

Certainly, selection of trainers should be strictly from with in the leaders of the organization. This is to make sure they have the ability to control and enforce discipline in their team members. Trainers also need to assign authority to other team members and make sure that the delegated people have the freedom to respond within the framework during an emergency. All these are to ensure adequate preparation against any form of disaster that may occur in the organization.

Therefore, involvement is important in training of trainers. You must only select the people that have been involved in the planning process, and have perhaps actively contributed to identifying the possible potential risks and disastrous conditions. The trainers must have good knowledge of the effect, as well as the consequences of disasters, and must be prepared to put into practice all required and possible preventive actions to avert further effects that may be triggered as a result of fear or lack of knowledge. Further, trainers are to be those that handle more difficult and larger part of the problem and at the same time assign activities and tasks to others, who are integral part of the management team for disaster.

Disaster training on its own should be conducted repetitively in a simulated situations so as to harmonize the plans and teach the trainers on how to identify gaps in their pans, resolving problems as well as harmonizing issues that may come up following implementation. The trainers should be allowed to bring out problems which were not originally taken into consideration at the planning-phase. Apparently, the trainers should accept the plan and be ready to truly and to the best of their capacity apply the plan when disaster strikes.

The truth of the matter is that training the trainers can not be done without adequate preparation. It is not only a long drawn process, but also an iterated process. When there is change in business environment, there is always emergence of new disasters, requiring the trainers to be trained with full energy and dynamism. One of the main parts of your disaster recovery needs to be training your trainers, as it is your protection against any form of disasters that your organization may be faced with.

What is Post-Process De-Duplication?

October 16, 2015 Stewart Parkin

There are two ways in which target de-dupes can be performed, and they are either as post process de-duplication or inline de-duplication.

The de-duplication that occurs between the source and the destination or target is what is what is termed Inline de-duplication. On the other hand, Post process de-duplication is best defined as the situation whereby data is de-duplicated at programmed time frames when it has already been transmitted by the source, but prior to it getting to the storage device. The channelling of the data can either be through hardware or software based on the case involved. Both the hardware and the software remain in sync with the storage disk. There is also the evaluation of data against the ones already in the storage disk for easy identification and removal of duplicated data, irrespective of the target de-duplication being used.

The enterprise that has proprietary software installed in their system will benefit enormously from the post process de-duplication. But, there is not always a need for modification or redesigning of the source software at the organisation end in order to meet the needs of de-duplication hardware or software. There is no need to be concerned about compatibility issues, as the source system can easily push the data into transmission. There is no need for installation of de-duplication hardware or software at every terminal node in order to permit transmission of data. With the central location of the de-duplication software or hardware, data from all the nodes are automatically channelled via the de-dupe device located on the network.

Lastly, for more effective use of enterprise computing system, the CPU powers can be released when de-duplication load are removed from the client central process unit (CPU). This is where the post-process de-duplication is better than the pre process de-duplication. There is no doubt about the fact that the target de-dupe is quicker when compared with source de-duplication. The data is said to be pushed into the network, making the de-dupe process to operate at the storage end so as to match data quicker and remove duplicates with ease.

With lots of advantages of source process de-duplication, it is not without its flaws. The post process de-duplication is known to be bandwidth intensive. For that reason, if there is an exponential increase in the amount of data in an enterprise, the target de-duplication will not be the best option. Before scheduled post process de-duplication is started, although it might involve additional expenses, large arrays of storage disk will need to be used to create space for storage of transmitted data. This additional cost is among the flaws associated with post process de-duplication.

The need to redesign the proprietary software to accommodate demands of the de-duplication devices and process, installation of de-duplication hardware at all the connecting nodes, and others will contribute to be more cost effective than the use of technologies that are based on target de-duplication. If the cloud service provider partnering with the enterprise determines charges fees based on the bandwidth usage, source de-duplication may further be attractive.

Therefore, companies must determine the particular kind of de-duplication process that will work best for them. Some of the things enterprises need to consider before selecting any of the de-duplication process include: Volume of data, availability of bandwidth, cost of bandwidth, and lots of other important factors. In fact, the exercise involved in determining the best fit for an enterprise is not an easy one.