张贴了With a remote workforce, endpoints will generate a lot of data and more IP will be leaving your premises. Intellectual Property (IP), Financial Data, and Personnel Data are important data sets to be secured. What do you do? Clearly, it’s an open-ended question, but I want to lean in on this topic in the context of implementing security and protecting your data for continued operations in the midst of a crisis with nearly 100% remote workforce as we adjust to a rapidly evolving new normal for managing IT environments.
Maybe your IT organization is like Quantum’s in that you had a head start and prepared to weather this storm because you had previously established a business strategy that allowed your employees to work remotely as part of your normal business operations. If you did not have a head start, it’s understandable and you are now in a reactive mode. Nobody was ready for such a crisis nonetheless, preparedness is key. To deploy a remote workforce that is cost-effective, secure, reliable, and resilient, it takes time to develop and rollout as you prioritize hardware or software requirements within your infrastructure. Here are a few key insights from our own Quantum IT.
云中的企业应用程序
At Quantum, every employee is issued a portable computer – either a Windows-based laptop or a MacBook, depending on the needs of the user. We also employ SaaS solutions like Microsoft 365. This provides us collaboration tools like Microsoft Teams and Exchange Online as well as business productivity tools either online or installed on the laptop. In addition, other of our Enterprise applications are SaaS based, meaning they are accessible from anywhere over the internet.示例:crm(salesforce.com)。在这种情况下利用公共云是一个很好的经济高效解决方案,使远程劳动力有效和有效地实现。
保护 - 加密
你已经听过说:“安全第一。”在数字时代,这一陈述的个人资料从未比今天更重要。它以服务器级别的安全基础(通常在核心)开始。如果您的基础疲软,则剩下的终点将类似于相同的弱结构。当可能的杠杆解决方案,如:
数据加密在休息和运输中。在运输过程中,应始终通过HTTPS发送Web数据。还要查看各种加密模型:客户端,服务器端与服务管理密钥,服务器端与客户管理密钥。还要考虑使用钥匙库来安全地存储键。
Client-side encryption
客户端加密在Azure之外执行。这包括:
- Data encrypted by an application that is running in the customer’s datacenter or by a service application.
- 当Azure接收时已经加密的数据。
With client-side encryption, cloud service providers do not have access to the encryption keys and cannot decrypt this data. You maintain complete control of the keys.
服务器端加密
三个服务器端加密模型提供不同的密钥管理特性,您可以根据您的要求选择:
- Service-managed keys: Provides a combination of control and convenience with low overhead.
- Customer-managed keys:让您控制键,包括带上自己的键(Byok)支持,或允许您生成新的键。
- 客户控制硬件中的服务管理密钥: Enables you to manage keys in your proprietary repository, outside of Microsoft control. This characteristic is called Host Your Own Key (HYOK). However, configuration is complex, and most Azure services do not support this model.
网络安全
IDC研究表明,93%的组织在过去三年内受到攻击(source:https://dl.acronis.com/u/rc/wp_idc_acronis_cyber_protection_en-us_200403.pdf.)。是时候收紧数据保护,灾难恢复和数据安全操作在网络安全策略中的集成了,并将备份视为网络安全方法的一部分。来自赎金软件和其他恶意软件的威胁是普遍的,并且有充足的威胁使用AI功能来渗透您的数据中心。无论您选择哪种网络安全软件或备份方法,(Flash,SSD,HDD,磁带)或环境(物理,虚拟,多云)或,目标是将曾经是孤岛的内容集成并构建弹性IT操作。
可用性和弹性
因为企业的全球影响力,系统nd application need to be ready and available 24/7. Backup applications need to be efficient and predictable across multiple platforms. Any threat such as natural, man-made or cyber is disruptive to an IT environment; a resilient system is key to recover quickly and efficiently to withstand unforeseen events and ensure data is secure and available at any moment in time. Employ a backup method that enables the replication to a DR site or cloud provider by employing on-prem, cloud or a hybrid approach to backup. Our current global situation has reset many priorities and all these topics are now top of mind.
VDI.
随着对企业的威胁继续,大多数组织都转向VDI以迅速部署虚拟桌面基础架构,并释放一个可以像在办公室那样富有成效的移动劳动力。虚拟桌面基础架构(VDI)被定义为中央服务器上的桌面环境的托管。换句话说,它就像具有可点面的结构化办公室,允许您访问虚拟数据和应用程序的能力,并且您实际上只是将计算成本从端点转换为数据中心(如果在房屋上)或云。对于我们来说,这是一个非常具有成本效益的解决方案,有助于保持数据集中和关闭端点,这些解决方案更容易受到数据丢失。关于VDI的一个很酷的事情,是休息/修复变得更容易,因为如果他们当前的桌面损坏,您可以快速“旋转”新桌面。还使修补程序管理和操作系统更新等内容更容易,因为它是集中管理的。较低的管理开销。
灵活性
An important part of the equation is flexibility. Whatever strategy you chose that meets your organization’s business goals or in this case, an effective and secured remote workforce for business continuity (BC), your solution should be flexible to adjust as needed to meet the demands of current and future national or global events that can affect your datacenter. This current global crisis is a good example of how quickly organization learned if the were ahead of behind the curve. Technology by itself cannot meet the need alone, it needs a strategy built upon it to mitigate risks associated with ‘crisis’ type events and or simple business continuity.
Data Protection
It has never been more important to back up data on the regular. WithRansomwaregetting more sophisticated, we need to adapt and build IT environments to expect (and withstand) an attack – there are some strains out there that as far as we know, there are no decryption tools available so you must have alternative methods to recover your data. Let’s remember that criminals are no longer using mass campaigns, instead they are going for remote access – remote desktop protocol was the most used entry vector.
在我们新的正常情况下,我们希望我们的洞察力为建立,保护和保护数据,远程劳动力,网络并帮助您构建实心业务连续性计划的一些指导...无论灾难如何,您都是您的方式。查看我们的QONQ业务连续性网络研讨会here。