What is the Right Workload Strategy for my Business?

Cloud Workload Strategy

Optimal Workload Strategy

As a CIO or Infrastructure Leader, you are responsible for determining the optimal location for business workloads. With various options available, including on-premises, cloud, edge, or hybrid cloud, it is critical to recognize and overcome common pitfalls when designing a workload placement strategy. Although “cloud-first” may be your fallback, a better option may be “cloud-first, but not always.” The best workload placement is unique for your organization.

Critical Factors when Evaluating your Workload

All workloads are different, each with its own set of business requirements and benefits. Without considering the factors below when evaluating an application’s or service’s eventual placement, negative business impacts could far outweigh the benefits of any migration. Once expectations are defined and understood, the discussion of location or provider can begin. 

The evaluation criteria below that may impact a successful deployment focus on the application requirements relative to business expectations, not specific to one provider or location. 

Compliance — 

Are there regulatory or compliance issues with this service, and if so, are providers certified at a level that would satisfy audit and compliance requirements?

Data protection — 

Are there data protection, access, backup, or compliance issues with the inputs or outputs of this application, and can providers resolve these issues?

Security — 

How critical are this application’s security and access control requirements, and can they be implemented and managed to satisfy internal corporate security requirements?

Latency — 

How much impact will latency affect application acceptance and customer usage patterns when operational? Will reduced latency (or variable performance) affect customer satisfaction or your business’s reputation?

Recovery time — 

What RTOs/RPOs are required for this application, and can they be satisfied with an external provider or only via internal processes?

Service continuity — 

How important is service continuity to your success? Is the perception of 100% availability required, and if so, can providers or the providers’ solutions be structured to deliver this at a reasonable cost?

Performance — 

What is the impact of poor or variable application performance? Are tools available for remote monitoring and problem resolution?

Data location — 

Are there any issues with guaranteed data location? For example, is a location outside of the US acceptable? 

Availability — 

What are the availability goals? What impact is there on business operations if they cannot be met?  

Scalability — 

Does the workload have variable utilization patterns that make scaling up and down necessary? Can the deployment options support such scaling effectively?

Cost — 

Are there business drivers for deployment (depreciation of assets, tax benefits) for particular deployment locations? Can these cost drivers be met without detriment to the other decision criteria?

How to Develop a Workload Strategy

If you need help developing your workload strategy, contact us to assess your current IT environment to assist you in building a strategy that works for you. Our professionals can ensure your workloads are appropriately placed to meet your security, cost, and reliability goals and, most importantly, make sense for your business. 

Top Five Benefits of Moving to Zero Trust

Can you afford not to move to Zero Trust?

The latest headlines from Cybercrime MagazineGlobal Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031. The fastest growing type of cybercrime is expected to attack a business, consumer, or device every 2 seconds by 2031.” Not a day goes by without a top story on another cyberattack. Thus, Zero Trust is becoming necessary to stay one step ahead of an attack or limit the damage if an attack occurs. 

What is Zero Trust?

Per Gartner, “Zero Trust is a security paradigm that explicitly identifies users and grants them just the right amount of access so that the business can operate with minimal friction while risks are reduced.” It doesn’t mean you should trust no one; instead, only grant the “right” trust, allowing the right users to access the right data at the right time under the right conditions. 

Implementing Zero Trust requires taking a step back by starting with zero access and then granting access based on role. It also implies regular reviews as employees change positions to re-examine their access. Three core elements in establishing Zero Trust include setting the right trust, assuming compromise, and using identity and context.

What are the benefits of implementing?

Five benefits your organization can realize by moving toward Zero Trust:

  • Increased resilience: Builds an environment that can sustain an error or a security issue without leading to a more severe breach causing enterprise-wide issues.
  • Enablement: Allows new and different approaches to support business outcomes without adding risk.
  • Supports regulatory compliance: Helps ensure you meet regulatory standards and may reduce your cybersecurity insurance costs.
  • Treats all threats the same: With the change to a hybrid or remote workforce, your data may not be as secure as when all your employees were in the office. Internal threats are usually harder to detect and can be more damaging than external threats.
  • Secures cloud adoption: Enables the classification of all assets on the cloud so that you can establish the proper protections and access controls.

How do I get started?

For most organizations implementing Zero Trust is not an overnight process but a journey. You can start with your current cybersecurity roadmap and implement elements to achieve Zero Trust. The National Cybersecurity Center of Excellence has several articles to help you achieve Zero Trust. In addition, Dewpoint has security professionals to help you pilot Zero Trust without sacrificing the user experience or your employee’s productivity. Reach out to us for a free cybersecurity assessment or more information on Zero Trust to ensure your organization is cyber-secure.

Why it’s a Good Time for Mid-size Enterprises to Perform an IT Evaluation

IT Assessment

Prioritizing Your Competing Needs

Ransomware attacks, the ‘great resignation,’ managing technical debt, and reducing risk are critical issues facing today’s mid-size enterprises (MSE). As a leader, you are expected to have the solutions to all of these issues. Maybe it’s time to perform an overall assessment of your organization and IT practices. An evaluation can help you focus on implementing recommendations that have a high-value impact and solve some of today’s problems. An ‘outsider’ view of your enterprise makes sure everyone understands the current state of your organization (based on data) and ways to improve.  

Key Focus Areas

An IT evaluation can cover all aspects of your IT organization or focus on a specific area or a combination of areas, such as:

Governance

Reviews your structure, processes, and communication. If you currently do not have a governance model in place, we have recommendations on implementing one and the benefits.

Cybersecurity

Customized to your enterprise’s framework or general review of your enterprise’s overall cybersecurity policies and processes to reduce risk and increase resilience and privacy. As a CMMC Registered Provider Organization, Dewpoint can help you prepare for your CMMC certified assessment. We also have CMMC Registered Practitioners. If CMMC does not apply to your enterprise, we can use the NIST cybersecurity framework to compare your controls against the industry standards.

Applications

Determines which applications to retire, upgrade, re-train, or maintain to increase business satisfaction and cost savings. 

Infrastructure

A snapshot of your infrastructure, including your network, asset management, storage, servers, disaster recovery, hosting, and overall operations.  

Personnel

Examines if you have the right staff with the right skills. Organizations often have outgrown their talent, or the current talent needs additional training to keep abreast of technology changes.  

If the IT evaluation focuses on a specific area, the others are typically examined at a high level since they may impact the area reviewed.  

Getting the Most out of Your Assessment

Choosing a vendor with a proven methodology and subject matter experts (SMEs) is the first step in ensuring you get the most out of the evaluation. Most importantly, will the assessment help you improve your organization resulting in achieving your goals? Using a defined, proven methodology will reduce the assessment time, quickly identify critical areas, lessen the impact to your team for input and guarantee clear and open communication with you throughout the process. 

Our assessments start with listening to you. We map the current state of operations to identify gaps to reach your future state. Our professionals bring expertise and certifications in cybersecurity, applications, infrastructure, network, and organizational change management and project management for a comprehensive view. Furthermore, we developed defined questionnaires to facilitate data gathering and analysis. 

In all of our assessments, the final step is providing a comprehensive, prioritized finding and recommending report. In addition, Dewpoint provides a report review with your key stakeholders to answer any questions on our findings and further clarify the recommendations.

What Happens After the Assessment?

As an IT leader, you have a critical role in spearheading the changes based on your enterprise’s goals and objectives, available budget, and overall priorities. The evaluation report provides prioritized recommendations, including approximate cost and time to implement. If you need help with implementation, Dewpoint has the experts available on a fixed-price project or a time and material basis to work with your team. Contact us today to discuss how we can help you on your road to improvement.

Helping Credit Unions Improve Processes Through Automation

Using RPA to achieve optimization at your credit union

Where can you find a solution that automates your processes while lowering costs, gaining efficiencies, and reducing errors? How about a solution that improves the member experience?

Robotic Process Automation (RPA) provides these benefits and more. It can transform how your organization works, allowing your employees to focus on high-value activities, resulting in more satisfied employees and members.

The first step in implementing RPA is evaluating your current processes to find “good” candidates for RPA. We suggest starting with small, measurable successful projects to scale and optimize for other Credit union processes.

Is RPA Right for this Process?

When determining if RPA is a good solution, ask yourself the following questions:

Volume

Does the process occur frequently enough to justify implementing RPA? Processes that do not happen regularly provide little return on investment and usually have unexpected changes that break the automation. Another benefit besides cost savings may be increasing revenue (think processing loan applications faster) and avoiding risk.

Scope

How many steps are in the process? Ideally, there should be no more than 15. Evaluate the individual processes, not a combination of processes. Defining the scope helps you be tactical in your RPA planning.

Complexity

How complex is this process on a scale of 1 to 10? Does the process include multiple business rules? A good test is counting the “if-else” blocks. If more than seven, the process may be too complex for RPA. Additionally, the conditional statements must be expressed in a format that the automation process can resolve. Either all scenarios are mapped out, or a “catch-all” must be in place.

Stability/Predictability

Is the process stable or liable to change? Review the history of changes to the process, in addition to any planned changes, to identify whether it is stable. RPA of a good process will, in turn, requires less maintenance and fewer changes. Specific questions include:

  • Will you perform the task the same way today, tomorrow, or a month from now?
  • Are there any significant upcoming changes?
  • Does the process involve subjective decision-making?

Processes in general and for Credit unions that benefit from RPA include back-office reporting, employee on boarding and off-boarding, document and records management, and customer relationship management. Specific to Credit unions, loan underwriting, debit card fraud processing, and ACH stop payment processing are perfect candidates for RPA.

Types of Robotic Process Automation (RPA) Bots

RPA Bots can be attended or unattended. Attended RPA works in conjunction with the user, incorporating automation into specific directed tasks. It is well suited to tasks requiring human-to-system interaction in real-time. For Credit unions, attended bots can be helpful to accomplish part of a task quickly. For example, suppose customer support employees need to switch between multiple programs and screens to retrieve information while talking on the phone with members. In that case, employees can use attended RPA to retrieve data from any number of applications. It allows the employee to quickly provide information to the member and focus on answering member questions.

Unattended RPA is just that…no user input or attention is needed. Once the bot is set up to execute, human intervention is only required if a change is needed. The bot begins work on its own.

How do I get my RPA program started at my credit union?

This is where Dewpoint and our partner, Endurium, can assist. We have the professionals and experience to analyze your current processes and develop a list of processes that are good candidates for RPA. If you are still not sure about the benefits of RPA, check out our last blog, “ Five Reasons Credit Unions Should Consider RPA,”  or click here to talk to one of our experts.

Five Reasons Credit Unions Should Consider RPA

Harvest the Power of RPA

Like all organizations, Credit Unions face challenges to stay competitive, including attracting and retaining staff, changing demographics, and consumers wanting more personal interactions. Remaining competitive in today’s market requires you to invest in intelligent technological solutions. This is where Robotic Process Automation (RPA) comes in. It can optimize your operations while delivering a high-quality member experience.

Top Five Benefits of Implementing RPA

Below are a few of the benefits your credit union can realize:

  • Improves consistency – performs identical processes and tasks, eliminating output variations
  • Boosts productivity – free up staff for higher-value tasks
  • Increases reliability – no need to worry about your staff vacations, sick days, or finding a replacement if they leave; services are provided 365 days a year
  • Provides an audit trail – fully maintained logs which are essential for compliance
  • Offers scalability – instant ramp up or down to match demand peaks and lows

 

Processes Well Suited for RPA

The best tasks to be optimized by implementing RPA include those with the following characteristics:

  • Time-sensitive
  • Labor-intensive or high-volume
  • Repetitive
  • Rule-based
  • Highly structured
  • Prone to human error

The ultimate goal in implementing RPA is to improve your member experience. Some examples of where RPA can help include member onboarding, streamlining the loan application process, and resolving customer inquiries. In addition, closing inactive credit and debit cards and processing escheated accounts, ensuring zero errors, is an added benefit for maintaining regulatory compliance.

How to Get Started

Many organizations find the idea of implementing RPA a daunting task and don’t know where to start. Dewpoint developed a process to guide you through a successful implementation. It starts with understanding which processes benefit the most from RPA – those mind-numbing, simple (but high-value) repetitive tasks your staff dreads doing. The next step is reviewing the current process. Moving a “bad” process to RPA still results in a “bad” process. Implementing process improvements while moving to RPA allows you to achieve the most value.

Dewpoint and our team of experts can help you on your RPA journey. We begin by working with you to understand your current state operations and identify opportunities to improve the member experience. Contact us to learn more about driving value to your members with RPA.

Are Your Remote Workers Fully Protected from Ransomware?

Hackers Continue to Target Remote Networks

Entering our third year of COVID continues to change the workforce dynamic. Many companies planning to return to the office are invoking a hybrid model. Some workers come into the office part-time, and others continue to work remotely indefinitely. Remote work has made it easier for bad actors to exploit unsecured networks. From The Guardian, “The transition that we’re seeing to working from home has contributed dramatically to the rise in successful ransomware attacks,” said Israel Barak, the Chief Information Security Officer at the security firm Cybereason. “There are a lot more open doors to access networks now that employees are working remotely.” Furthermore, Per Gartner, “2021 saw the highest average breach cost in 17 years, and 10% of breaches involved ransomware – doubling last year’s frequency”. As your workers continue to work remotely or in a hybrid model of remote and on-site, cybersecurity protection is more critical than ever.

Additional IT Challenges in Supporting the Remote Workforce

Unreliable Connectivity

In addition to cybersecurity, unreliable connectivity is another issue facing remote workers. Poor or inconsistent internet connection negatively impacts employee productivity. How often are employees in a remote meeting and one or more drop during the session due to a poor connection? It not only affects the employee’s productivity but the whole team.

Increased IoT Devices

According to recent research, the number of IoT devices will reach 83 billion by 2024, up from 35 billion in 2020. The rising number of IoT and BYO devices connected to corporate networks adds significant weight to the IT teams’ workloads.

We Have the Solution You Need

Combining expertise in security and connectivity, Fortinet and Linksys have partnered to deliver a new enterprise networking solution called HomeWRK for business. HomeWRK enables organizations to improve productivity, optimize user experience, and maintain enterprise-grade security for employees working from home. HomeWRK is a new remote worker solution providing secure network connectivity with simplicity, quality, and affordability. Benefits include:

  • Out-of-box secure network enterprise solution covering both corporate and home networks
  • Seamless roaming, so there is no need to switch from one network to the other
  • No competing networks, integrated system to meet both corporate and personal needs
  • Easy setup and management providing your employees with simple plug and connect hardware and your ability to monitor activities for easy diagnosis and fast troubleshooting
  • Prioritization of bandwidth for corporate applications improving employee productivity and collaboration
  • Scaleability to add more users as your business grows

Interested in HomeWRK?

To find out more about HomeWRK and how it can help protect your business, contact the experts at Dewpoint. We are a Fortinet partner who can walk you through the benefits and costs and determine if HomeWRK is right for your business.

How Moving Toward Zero-Trust Can Help State & Local Government

Cybersecurity Attacks Targeting Government Entities

Cyber-attacks on government entities are increasing at a rapid pace. Cybercriminals consider municipalities low-hanging fruit due to the highly sensitive data kept on their systems (voter records, tax information, and social security numbers) and the publicity they can gain from shutting down a governmental system. A recent report titled “The Economic Impact of Cyber Attacks on Municipalities” from KnowB4 found:

  • The average cybersecurity breach costs states between $665,000 and $40.53 million, with a median cost varying from $60,000 to as high as $1.87 million.
  • The average ransom amount demanded by cybercriminals from 2013 to 2020 was $835,758.33.
  • 60% of states either have “voluntary” or no cybersecurity training programs at all.
  • 2% of attacks in state government are targeted toward cities and local schools.

Improving Your Security Posture

As part of improving your security posture, implementing zero-trust can boost your cybersecurity efficacy by 144%, according to one report. Zero-trust is a simple concept at its core – any network traffic (regardless of internal or external) is considered untrustworthy until it’s been verified and users have been authenticated. Although the zero-trust approach primarily focuses on data and service protection, it should be expanded to include your enterprise assets (devices, infrastructure components, applications, virtual and cloud components) and other systems requesting information.

Seven Key Tenants of Zero-Trust

Key tenants include:

Data sources

All data sources and computer services are considered resources

Communication

All communications are secured regardless of network location

Access

Individual enterprise access to resources is granted on a per-session basis

Dynamic policy

A dynamic policy determines access to resources

Monitor and measure

The enterprise monitors and measures the integrity and security posture of all owned and associated assets

Authentication and authorization

All resource authentication and authorization are dynamic and strictly enforced before access is allowed

Information collection

The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture.

How to Move Towards Zero-Trust

Municipalities and state governments can start by evaluating their current security processes and procedures. To help Michigan municipalities improve their overall security posture, the State of Michigan, through the Michigan Cyber Partners, issued a competitive Request for Proposal to pre-qualify vendors to provide an independent cyber security assessment. This service offers a streamlined and cost-effective approach to help you move towards zero-trust. Dewpoint security consultants are available to discuss all of your cybersecurity needs. We work as your cybersecurity partner to protect your entity so you can focus on serving your constituents.

Implementing Zero-Trust for Midsize Enterprises

Increasing your Security Posture

Taking steps to implement zero-trust can help your enterprise reduce the likely hood of a cyberattack and the loss of data and business due to the attack.  According to Gallagher’s 2021 Cyber Insurance Market Conditions Report, the average business interruption costs associated with a ransomware attack total $228,000, while the average ransom was $81,000. It means that, on average, business interruption costs were 2.8 times the ransom itself. Furthermore, in 2021, it took business an average of 287 days (almost an entire year!) to identify and contain the data breach.

Zero-Trust Environment Key Principles

In shaping your zero-trust environment, keep in mind the following fundamental principles:

  • Assume compromise — even on “internal” networks.
  • Use context and identity (“contextual identity”) as the foundation for access decisions.
  • Location is not a critical trust determination, but it may be one attribute. Studies have shown remote work increases the likelihood of a security breach.
  • Encrypt data at rest and in motion.
  • Monitor everything and use the monitoring to identify anomalies.

Five Basic Steps for Achieving a Zero-Trust Architecture

Although the idea of implementing zero-trust can be viewed as daunting and expensive, zero-trust uses existing network architecture. There are no specific products to achieve zero-trust; instead, products should be compatible with a zero-trust architecture and environment. A zero-trust architecture can be simple to deploy and maintain using the five-step methodology outlined by Forrester back in 2010.

  • Identify the protected surface, including sensitive data and applications. Forrester recommends a simple three-class model using public, internal, and confidential categories. Data requiring protection can then be segmented into the micro perimeter linked together to yield a broader zero-trust network.
  • Map the transaction flows of all sensitive data to learn how data moves between people, applications, and external connections to business partners and customers. Then dependencies on network and system objects can be exposed and protected. This exercise can yield data flow optimizations to improve overall performance and security
  • Define a Zero-Trust architecture for each micro perimeter based on how the data and transactions flow throughout the enterprise (and external partners). You can achieve this with software-defined networks (SDNs) and security protocols using physical or virtual NGFWs.
  • Create a Zero-Trust policy once the network design is done. Many organizations utilize the Kipling Method, which addresses the who, what, when, where, why, and how of your policies and network. It enables a granular layer seven enforcement policy so only known and authorized applications or users can access the protected surface. Assume all personal devices, whether company-owned or BYOD, are unsafe. A component of this step is the implementation of a granular identity and access management system that covers people, devices, and application processes.
  • Automate, monitor, and maintain to determine where any anomalous traffic flows by monitoring surrounding activity. Figure out where the abnormal activity occurs and watch all the surrounding actions. Automate the inspection and analysis of log traffic, so data can flow without impacting operations.

Help with Zero-Trust

Starting with an IT security assessment of your environment can help implement zero-trust. An assessment can pinpoint the areas needed for improvement and a roadmap to improve your overall security posture. Our security experts review not just IT security but your overall infrastructure to help you achieve zero-trust within your budget and time constraints. Contact us for a free initial consultation.

Zero Trust for Midsize Enterprises

The new buzzword in security – Zero Trust

Zero trust isn’t something you can buy or implement: it’s a mindset and a strategy throughout your enterprise. If you wonder if your enterprise needs to implement Zero trust, the simple answer is YES! You can’t afford not to implement. Per IBM Security based on 2021 analysis, “The average total cost of a data breach increased by nearly 10% year over year, the largest single-year cost increase in the last seven years.” In addition, “Remote working and digital transformation due to the COVID-19 pandemic increased the average total cost of a data breach.”

What is Zero Trust?

Zero trust simply means “never trust, always verify.” It is a mindset in defining key security objectives that extends beyond networking and can be applied across multiple aspects of enterprise systems. It is not solely purchased as a product or set of products. Zero trust replaces implicit trust with continuously assessed, explicitly calculated adaptive trust. It employs strategies to keep security up-to-date and adapt as changes happen and when new threats are detected to ensure your organization can continue to innovate while staying secure and compliant.

Business Value of Implementing Zero Trust

Benefits of implementing zero trust include:

  • Improves security posture

    Forming a guiding principle for security architectures improves your overall security posture and increases cyber-resiliency. Zero trust architectures reduce the risk of malware infections and minimize the potential spread of an attack.

  • Reduces security risk from a hybrid workforce

    Enacting Zero trust principles can securely enable the “anywhere, anytime, any device” hybrid workforce. Since your workforce may be dispersed and remote, zero trust does not depend on any particular location. Assets and users can reside anywhere – on-premises, in one or more clouds, whether in employee homes or as IoT devices.

  • Increase cloud security

    Adopting Zero trust principles enable more secure use of cloud computing via identity-based adaptive controls.

  • Dramatic results with small steps

    Partial zero trust deployments still result in significant security improvements. Most midsize enterprises do not have the budget or time to implement zero-trust completely. Developing a roadmap with the ultimate goal of zero trust allows you to move toward a more secure environment over time.

Help with Zero Trust

Dewpoint security experts are here to help you learn more about implementing Zero trust or increasing your overall security posture. Reach out to us today to better prepare for the next cyber-attack.

Is your Midsize Enterprise Getting the most out of Your Cloud?

Achieving Benefits from the Cloud

As a midsize enterprise, you have unique needs in selecting a cloud vendor and achieving your cloud goals. Most cloud vendors tout benefits such as enabling you to modernize your infrastructure, achieving costs savings, providing scalability, reducing technical debt, and keeping abreast of the latest technologies. Unfortunately, without proper planning and continued monitoring, you may not achieve the promised benefits.

Five steps to achieve Cloud goals

Following the five steps below can help you achieve your cloud goals:

  • Plan

    Develop a cloud strategy to set expectations upfront, creating a baseline to measure against actual consumption. Develop and run this process before deploying applications, projects, and workloads in the public cloud.

  • Track

    Implement a regular cadence to track and maintain visibility into cloud spending. Hold stakeholders accountable to analyze expenditures, explain variances and identify any anomalies.

  • Reduce

    Based on the visibility gained from the spending metrics, review the option to reduce monthly spending. For example, can legacy applications be optimized to reduce costs? Many midsize businesses moved to the cloud using a “lift and shift” approach, simply moving the applications without optimization. In addition, look at discounts offered for long-term commitments.

  • Optimize

    Optimizing cloud spending goes beyond tactical cost reduction techniques. Cloud services can often deliver more-favorable ROIs than traditional services. Look at using multiple cloud services to store data. Each storage service may be provided with different tiers at different prices depending upon the level of availability, functionality, and retrieval latency.

  • Evolve

    Continue to update your cloud strategy as your business and technical requirements change. Make stakeholders accountable to report, reduce and optimize spending, including projects created by individuals in your organization. Review Key Performance Indicators for similar enterprises to compare your spending against industry averages.

If you need assistance in reducing your cloud costs or reviewing your cloud strategy, we are here to help. Contact one of our pros today who understands the midsize enterprise market.