The post Digitisation of Lending Business appeared first on 91����.

The number of organizations deciding to pay a ransom has risen to 32% in 2021 compared to 26% in 2020 (). Even after paying for Ransomware, only 8% of them got all their data back, nearly a third, 29%, couldn’t recover more than half the encrypted data. However, on average, only 65% of the encrypted data was restored after the ransom was paid. Approximately 37% of global organizations (more than one third) said they were the victim of some form of Ransomware attack in 2021 (IDC’s “). 92% who pay don’t get their data Back (.

We all know that Confidentiality, Integrity and Availability are the 3 pillars of security. Integrity of Data is an important dimension, which means that data has not been altered in an unauthorized manner when data is “at rest, getting processed, or in transit”. Here we will be focusing only on “at rest” Data related to Ransomware. It’s evident that, while there is a high level of efforts required to prevent “Attackers from getting in” or “escalating their privileges within system” the best bet for an organization remains to “Protect their critical data from unauthorized access and destruction”.

Ransomware attacks focus on encrypting any data to which they could get write access, including the backup system. This may also happen due to poorly implemented permissions that exposed backup data stored anywhere. This makes Ransomware attack more effective because organizations can’t recover data from backup systems.

The big step towards getting data protected is to have isolated, immutable backup of data which is not accessed in general and have very strict administrative access authentication, authorization adjustments for a set of admins. There was a time when data backup on physical tapes were kept off-site to be protected from any Data center physical damage as part of BCP/DR approach. That was one of the best ways to ensure data integrity. We should leverage Cloud offerings which are equally effective to protect data from any Ransomware attack.

Now let’s discuss about immutable backup methods which will be the key ask here. Azure has introduced Blob storage options to operate like an Immutable storage and enables users to store business-critical data in a WORM (Write Once, Read Many) state for a defined time interval. While in a WORM state, data objects can be created and read, but cannot be modified or deleted for a user-specified interval. By configuring immutability policies for blob data, customers can protect their data from overwriting and deletion. Another benefit of Azure Blob storage is having a legal hold, which stores immutable data until the legal hold is explicitly cleared. When a legal hold is set, objects can be created and read, but not modified or deleted. It’s important to understand how immutability is implemented and whether it is truly WORM, even if OS administration accounts are compromised.

Those who are on AWS platform, can use AWS Backup Vault Lock to prevent (accidental or malicious action) any user from deleting their backups or making changes to their backup lifecycle settings. AWS Backup Vault Lock (S3 Glacier) improves customer’s security postures and ensures a mechanism for restore, even in a worst-case scenario like total account compromise. Another service that’s useful for data protection is the AWS object storage S3, where you can use features such as object versioning to help prevent objects from being overwritten with Ransomware-encrypted files, or Object Lock (S3), which provides a write once, read many (WORM) solutions to help prevent objects from ever being modified or overwritten. 

You can use Compliance retention mode if you never want any user, including the root user in your AWS account, to be able to delete the objects during a pre-defined retention period. You can use Legal Hold as an infinite retention period. Once applied it is not possible to delete any object until the hold is released manually (only by users with special permissions). Every backup within the retention period is an immutable backup with point-in-time restore capabilities. Also, we have S3 MFA delete-enabled bucket option which safeguard from permanent delete of an object version or change the versioning state of the bucket.

Similarly, GCP storage containers with Bucket Lock offers write-once (WORM), immutable storage to meet your compliance standards and ensure your data’s integrity while offering instantaneous access for quick restores. As part of protection, once you lock a bucket, you cannot unlock it until all objects are out of the retention period. Retention policies prevent the deletion or modification of the bucket’s objects. Applying Bucket Lock to a storage bucket in the Archive class can help you achieve WORM compliance for long-term data archival as well.

Apart from introducing immutable backup options which provide a secure storage for your data, we all know initial steps such as to keep multiple copies of data backup (keeping data off-site), use a standard practice of Multi-Factor Authentication (MFA) for administrative accounts, separation of administrative roles. We also need to enable encryption of the data and segment the workflow so that authorized systems and users have limited access to use the key material to decrypt the data. We know that network sharing protocols work well for general-purpose file sharing. However, minor mistakes in permissions can lead to data being exposed. In place of using them, we recommend using object storage APIs, for example Amazon S3 compatible APIs, virtual tape libraries, or keep storage as “local” to the backup server (do not access over a network sharing protocols).

Interesting part to understand here is, the technology which was initially introduced for a security compliance requirement to keep the golden copy of any data for later auditing or reconciliation, has taken a shift to be also used to safeguard from ransomware attacks to maintain integrity of data. Cloud storage is an economical solution because resources are readily available, is scalable, and multi-tiered.

Author:

Deepak Kumar,
Cloud Practice Head,
91����

The post Keeping your data protected from ransomware attack in the new era appeared first on 91����.

Analysts predicted that by now, . While at one side this strategy presents several obvious benefits, on other side it increases complexities that can result in unproductive resources, poor cost management, regulatory risks & security concerns. Choosing the right multi-cloud management tool can take away these headaches, without compromising business goals, by adopting efficient and outcome-based model.

Hyperscalers recognize this need and provide their native tools. While such tools are useful, many may add more costs to achieve more granular control over infra services. Not surprisingly, enterprises are looking for solutions that provide comprehensive coverage of their needs and helps in multi and hybrid cloud management & governance. They are continuously hunting for such tools to manage IT Estate from a single interface:

• Live monitoring of resources across providers and on-prem
• Manage accounts and configurations across cloud environments
• Setup quotas, thresholds, and workflow approvals
• Provide comprehensive governance controls
• Generate recommendations for cost optimization, handle overall spend and chargebacks Visibility into resource
• usage, security and compliance and recommendations

There is a great need for such tools that can cut across cloud environments. This is clear from the fact that . The solution is a reliable integrated Cloud Management Platform (CMP) with the power to ensure that the enterprise leverages the full potential of its cloud investments and delivers projected ROI.

91���� provides a fully packaged CMP that not only meets the complex requirements of managing multi and hybrid cloud but is also customized to meet specific domain and business needs. Our automated solution comprises of CloudBolt and Azure Arc which can offer:

• Simplified & Consistent management
• Cost optimization & Recommendations
• Centralized orchestration, provisioning, reporting and automation
• Simplified security audits and compliance checks
• Accelerate workload delivery through self-service IT

The outcome is reduced costs, improved resilience, flexibility, and security, with right control along with well architected deployment and accelerate multi-cloud adoption. The best part about our solution is our approach to provide simple, seamless, and easy deployment across the board

Author:

Deepak Kumar
Cloud Practice Head  

Abhishek Asija
Cloud Architect

Jay Prakash Shukla
Sr. Cloud Architect  

The post Seamless management of Multi Cloud environment appeared first on 91����.

1. The demand for reliable cloud expertise going up. This demand is for assessment and advisories from large enterprises. They have a cloud strategy in place along with the budgets but are stuck because they are unable to look at cloud implementations through the lens of risk, security and ROI.
2. The realization that the overall cost of cloud is higher than what is commonly believed. The most commonly held belief is that cloud results in cost reduction. This is true of the long-term. In the short term, the paradox of cost results from the fact that exploiting cloud requires an optimization of technology – applications, data, networks and operating models—and benefits are tied to net spends.
3. The lack of cloud talent being seen as a showstopper. Cloud skills are hard to find. The spectrum of work called for by cloud is diverse, encompassing infrastructure, migration, storage, networks, portfolio adaptability, SaaS, an understanding of cloud providers, serverless architecture, security, change management, DevOps, Artificial Intelligence, Machine Learning, automation, etc. University cloud programs are not mature, businesses do not have adequate infrastructure such as labs for in-house training programs and there is uncertainty about regulatory readiness making customers nervous about where to keep their data as we evolve into a boundaryless paradigm.

According to Gartner, just public cloud end-user spending will grow 18.4% in 2021, to total $304.9 billion, up from $257.5 billion in 2020. NASSCOM data (from Zinnov) shows that demand for cloud skills will balloon, leading to a 39% increase in open positions. These figures indicate that CIOs don’t have a choice. They have to go ahead with cloud adoption with an eye on scalability, shorter deployment cycles, the ability to innovate, access to a rich application eco system, and push-button channel integration that will provide good market responsiveness.

But here is the truth: For every $100 they currently spent on on-premise, it will cost them just $30 for managed assets on cloud. This spells major savings, allowing organizations to release large budgets for investments in innovation programs. But none of this will be possible if skilling remains a challenge. Creating the right talent is the solution.

To achieve skilling at scale, we urgently need a variety of initiatives. These can be private, public or based on private-public partnership (PPP) models. This is where programs like NASSCOM’s ‘futureskills prime’ fit in. It addresses the problem of skilling by aiming to upskill 400,000 people over 3 years across 10 emerging technologies and 10 professional skills. The program uses a public-private partnership model for business success and content that is AI-curated and hand-picked (by industry SMEs) for learning success.

However, the goal of the futureskills initiative runs deeper than upskilling—it is aimed at creating competency standards (knowledge required to perform a job, key functions that need to be undertaken and the skills required to do this effectively) called National Occupational Standards (NOS). To support NOS, a common language is being created. This will provide a clear and shared understanding when jobs and roles are discussed across academia, industry and government.

We need dozens of such skilling initiatives. Without them, organizations will be left stranded. They will not have the talent pipeline which can respond to the accelerated demand for cloud. For the moment, the priority of every organizations with the ambition of riding the cloud wave should be to create the talent that will take them into the future.

Reference:

Author:

Narasimha Moorthy
Vice President and Head of ADM Service Line
91����

The post Address skilling to beat the chief barrier to cloud adoption appeared first on 91����.