Children’s Museum of Grand Rapids Golf Outing

Dewpoint participates in the Children’s Museum Golf Outing

Dewpoint is excited to play in the 3rd annual Let’s Play! Children’s Museum of Grand Rapids Golf Outing. The outing provides funding by supporting efforts to bring play to all children in the community through open-ended programs, exhibits, outreach initiatives, and community partnerships. Click here to learn more about the Children’s Museum and the great programs they offer. Contact us today for more information about how Dewpoint is Making IT Personal for you.

What is the Right Workload Strategy for my Business?

Cloud Workload Strategy

Optimal Workload Strategy

As a CIO or Infrastructure Leader, you are responsible for determining the optimal location for business workloads. With various options available, including on-premises, cloud, edge, or hybrid cloud, it is critical to recognize and overcome common pitfalls when designing a workload placement strategy. Although “cloud-first” may be your fallback, a better option may be “cloud-first, but not always.” The best workload placement is unique for your organization.

Critical Factors when Evaluating your Workload

All workloads are different, each with its own set of business requirements and benefits. Without considering the factors below when evaluating an application’s or service’s eventual placement, negative business impacts could far outweigh the benefits of any migration. Once expectations are defined and understood, the discussion of location or provider can begin. 

The evaluation criteria below that may impact a successful deployment focus on the application requirements relative to business expectations, not specific to one provider or location. 

Compliance — 

Are there regulatory or compliance issues with this service, and if so, are providers certified at a level that would satisfy audit and compliance requirements?

Data protection — 

Are there data protection, access, backup, or compliance issues with the inputs or outputs of this application, and can providers resolve these issues?

Security — 

How critical are this application’s security and access control requirements, and can they be implemented and managed to satisfy internal corporate security requirements?

Latency — 

How much impact will latency affect application acceptance and customer usage patterns when operational? Will reduced latency (or variable performance) affect customer satisfaction or your business’s reputation?

Recovery time — 

What RTOs/RPOs are required for this application, and can they be satisfied with an external provider or only via internal processes?

Service continuity — 

How important is service continuity to your success? Is the perception of 100% availability required, and if so, can providers or the providers’ solutions be structured to deliver this at a reasonable cost?

Performance — 

What is the impact of poor or variable application performance? Are tools available for remote monitoring and problem resolution?

Data location — 

Are there any issues with guaranteed data location? For example, is a location outside of the US acceptable? 

Availability — 

What are the availability goals? What impact is there on business operations if they cannot be met?  

Scalability — 

Does the workload have variable utilization patterns that make scaling up and down necessary? Can the deployment options support such scaling effectively?

Cost — 

Are there business drivers for deployment (depreciation of assets, tax benefits) for particular deployment locations? Can these cost drivers be met without detriment to the other decision criteria?

How to Develop a Workload Strategy

If you need help developing your workload strategy, contact us to assess your current IT environment to assist you in building a strategy that works for you. Our professionals can ensure your workloads are appropriately placed to meet your security, cost, and reliability goals and, most importantly, make sense for your business. 

Help Developing a Cloud Strategy Document

The difference between a Cloud Strategy and Cloud Implementation Plan

Most organizations put together a cloud implementation plan when moving to the cloud. Fewer organizations put together a cloud strategy document. A cloud strategy answers the “what” and “why” questions, while a cloud implementation plan answers the “how” questions. Even if you have already moved to the cloud, developing a cloud strategy is still essential to maximize the benefits of the cloud. 

What should my Cloud Strategy document contain?

The main topic areas should include:

Executive Summary – summary of drivers, challenges, and significant steps. This section outlines the “why” you are moving to the cloud, including expectations. If you are already in the cloud, are you getting the expected benefits? It also includes your cloud council members and roles.

Baselines – include your cloud computing baseline definitions and business baseline. For the business baseline, summarize the top-level business strategy, desired business outcomes, and business transformation initiatives, including potential benefits and risks.

Brainstorming – focus on services strategy such as when to consume, when to build, and how to secure, manage and govern hybrid environments. In addition, review the financial aspects of the cloud, including pricing, chargebacks, payment models, and evaluating Capex vs. Opex. Exploring and documenting all of these areas ensures understanding of all options. It also helps re-evaluate these areas if already in the cloud to ensure you get the most value.

Principles – determine your organization’s core strategy such as cloud-first, buy before build (using SaaS), multi-cloud environments, or hybrid cloud options. These may change over time depending upon your business goals.

Inventory – an assessment of where you are today workload by workload to determine performance characteristics. For example, if you have a typical enterprise application that is already virtualized and running efficiently in your data center, doesn’t vary much, and doesn’t have peak workloads, there may be no benefit in moving it to the cloud. 

Alignment – covers security, governance, and compliance. State your security principles, including governance (who is responsible) and industry compliance needs. Make sure your cloud provider can meet those expectations. 

Exit strategy – this may be the most critical part of the strategy. Develop your acceptable T&C’s and SLAs to compare against proposed cloud providers. Review your cloud contact to determine data ownership, backup and portability if you decide to exit. Sometimes the most challenging part about leaving your cloud provider is not terminating the contract but unraveling the technology.   

Like any other document, your cloud strategy should be regularly reviewed and updated.

How do I get started?

Dewpoint is here to help you. We have infrastructure and operations professionals available to assist you in either developing a cloud strategy, performing an independent review of your current plan, or ensuring you are getting the most value out of your cloud provider. Contact us today for answers to all of your cloud questions.

Top Five Benefits of Moving to Zero Trust

Can you afford not to move to Zero Trust?

The latest headlines from Cybercrime MagazineGlobal Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031. The fastest growing type of cybercrime is expected to attack a business, consumer, or device every 2 seconds by 2031.” Not a day goes by without a top story on another cyberattack. Thus, Zero Trust is becoming necessary to stay one step ahead of an attack or limit the damage if an attack occurs. 

What is Zero Trust?

Per Gartner, “Zero Trust is a security paradigm that explicitly identifies users and grants them just the right amount of access so that the business can operate with minimal friction while risks are reduced.” It doesn’t mean you should trust no one; instead, only grant the “right” trust, allowing the right users to access the right data at the right time under the right conditions. 

Implementing Zero Trust requires taking a step back by starting with zero access and then granting access based on role. It also implies regular reviews as employees change positions to re-examine their access. Three core elements in establishing Zero Trust include setting the right trust, assuming compromise, and using identity and context.

What are the benefits of implementing?

Five benefits your organization can realize by moving toward Zero Trust:

  • Increased resilience: Builds an environment that can sustain an error or a security issue without leading to a more severe breach causing enterprise-wide issues.
  • Enablement: Allows new and different approaches to support business outcomes without adding risk.
  • Supports regulatory compliance: Helps ensure you meet regulatory standards and may reduce your cybersecurity insurance costs.
  • Treats all threats the same: With the change to a hybrid or remote workforce, your data may not be as secure as when all your employees were in the office. Internal threats are usually harder to detect and can be more damaging than external threats.
  • Secures cloud adoption: Enables the classification of all assets on the cloud so that you can establish the proper protections and access controls.

How do I get started?

For most organizations implementing Zero Trust is not an overnight process but a journey. You can start with your current cybersecurity roadmap and implement elements to achieve Zero Trust. The National Cybersecurity Center of Excellence has several articles to help you achieve Zero Trust. In addition, Dewpoint has security professionals to help you pilot Zero Trust without sacrificing the user experience or your employee’s productivity. Reach out to us for a free cybersecurity assessment or more information on Zero Trust to ensure your organization is cyber-secure.

Is Your Cloud Secure?

Ensuring Your Cloud Data is Secure

Most companies have already moved or are in the process of moving to the cloud. Many pursue a hybrid or multi-cloud strategy to integrate multiple services, ensure scalability, and improve business continuity. Although the cloud has the potential to be more secure than traditional on-premises solutions, you won’t necessarily realize greater security from the cloud without modifying your business practices.

Cloud Security Pitfalls

The cloud has become commonplace, but cloud security continues to be a severe concern for cybersecurity professionals. Common cloud security threats include the following:

  • Misconfiguration of the cloud platform – Occurs when a cloud-related system, tool, or asset is not configured correctly, thus endangering the system and exposing it to a potential attack or data leak. A recent configuration error exposed 13 million internal records traced back to Fox News, including personally identifiable information on employees.
  • Insecure interfaces/APIs – One of the most challenging things about the cloud is that there are many possible entry points for attacks. Although the service attack area may be smaller, it’s much more fragmented. You need to consider how APIs impact the more extensive system. Intruders look for less-secure APIs to hijack data.
  • Unauthorized access – Limiting employee access on an as-required basis is critical. No one in your organization should have more access than needed to complete their job-related responsibilities. According to research from Intel, insider threats are responsible for an incredible 43% of all breaches – half intentional and half accidental.
  • Exfiltration of sensitive data – Cloud services can introduce new categories of data exfiltration, including employees, users, or administrators using features of the cloud provider suite in insecure ways. This activity presents a data exfiltration potential from any actor who can requisition or modify virtual machines, deploy code, or make requests to cloud storage or computation services. Securing and authorizing the behavior of services running in the cloud is essential to providing data security. 

Develop a Secure Cloud Strategy

There are challenges present in the policies and technologies for security and control of the cloud. In most cases, the user fails to manage the controls used to protect an organization’s data, not the cloud provider. Developing a well-designed risk management strategy aligned with the overarching cloud strategy can help your organization determine where public cloud use makes sense and actions to reduce risk exposure. Dewpoint can help you develop and implement a risk management strategy or review your current strategy and controls to ensure your cloud data is secure. Contact us today to help strengthen your controls and prevent a security breach.