Clients      Employees

August 25, 2015

No Comments

ICG-minimize-downtime

How SMBs Can Minimize the Risk of Downtime

Even the smallest of small-to-midsize businesses (SMBs) have finally let go of their old-fashioned paper filing systems, and now store most of their data electronically. Many have become more advanced, using sophisticated applications and leveraging data in new ways to support business strategy. Of course, advanced use of technology and data requires more advanced data protection.

 

Even if you have implemented a data backup solution, you’ll lose a certain amount of data because of an outage, whether it’s caused by equipment failure, a major weather event, or a downed utility pole outside of your office. How much data can you afford to lose? How fast can your data be restored? What kind of impact will an outage have on your business?

 

By establishing recovery point objectives (RPOs) and recovery time objectives (RTOs), organizations provide concrete answers to these questions. The RPO is the maximum age of a file that needs to be restored in order to resume business operations. In other words, RPO tells you how much data loss will be tolerated. For example, if a certain type of data is backed up every night at 10 pm and that system crashes tomorrow at 1 pm, any data changed between 10 pm and 1 pm will be lost.

 

The RTO is the maximum period of time that an application, service or network can be unavailable after a failure occurs. Basically, the RTO tells you how much downtime and lost revenue your organization can tolerate. Of course, the impact of downtime isn’t just financial. A prolonged outage can affect the confidence of customers, business partners and vendors.

 

RPOs and RTOs help you determine how frequently backups should occur, what kind of backup infrastructure you need, and what your disaster recovery strategy should be. Generally speaking, as RPOs and RTOs become shorter, the risks associated with downtime and data loss are reduced.

 

There are several technologies organizations can use to meet the increased demand for faster RPOs and RTOs:

 

  • A snapshot is a group of markers that point to stored data, creating a virtual copy of that data as it existed at a particular point in time. Unlike backups, snapshots can be performed while systems are online. They also provide faster data restore times.
  • Recovery-in-place, or instant recovery, redirects the user workload to a backup server so data can be restored immediately on a backup virtual machine. When the data is recovered, the workload is shifted back to the original virtual machine.
  • Replication is typically required when recovery-in-place doesn’t restore data quickly enough. This technique updates a secondary image on a separate storage platform, which is booted when a failure occurs so critical applications can be recovered almost instantly.
  • Copy data management reduces storage consumption by saving just the primary data and a single backup. Additional virtual copies can be created on an as-needed basis using a snapshot mechanism without changing the primary or backup copy.

 

Without an advanced data protection infrastructure and strategy, downtime can potentially cripple an SMB. Let the experts at ICG help you better understand these issues and technologies so you can implement a solution that minimizes the risk of downtime.

August 19, 2015

No Comments

ICG-windows-XP-and-POS-Systems

Why Windows XP Is Putting POS Systems at Risk

In our previous post, we discussed the pending deadline for switching to Europay, MasterCard and Visa (EMV) payment cards. Although switching to EMV cards is voluntary, merchants who process fraudulent purchases with non-EMV card readers after October 1, 2015, will be liable. The cards themselves will provide additional security at the point of sale (POS), but organizations will need to update their POS systems to minimize the risk of fraud.

 

In the midst of all of these changes, the 2015 Mid-year Point-of-Sale (POS) Security Health Assessment from Bit9 + Carbon Black revealed that more than half of organizations are using POS systems with unsupported Windows XP operating systems. 94 percent of organizations use antivirus software, but 26 percent believe antivirus is not enough. Also, one in four companies that increased their security budgets continued to invest in antivirus protection. While antivirus is an essential part of security, these statistics indicate an overreliance on tools that are incapable of detecting or stopping advanced threats.

 

Most Windows XP embedded operating systems, including some used on POS devices and ATMs, are still being supported until early next year, but that shouldn’t give merchants peace of mind. POS systems generally are weakly supported by IT. Most are using outdated platforms that are rarely if ever patched and maintained. Many use default configurations and passwords, making them easy targets for hackers. In addition to inadequate defenses, POS malware attacks continue to increase in number because POS systems provide a gateway to a number of systems within the corporate network.

 

New forms of malware have been designed specifically to attack popular POS systems, scrape credit card data, steal passwords, and upload data to remote servers. Some of these threats are capable of downloading updates on their own to add features and eliminate bugs. Although Windows XP users are easy targets, newer versions of Windows are also at risk, and hackers are always looking for new ways to infect POS systems.

 

Just as hackers understand the opportunity created by outdated POS systems, merchants need to understand the risks, be more proactive and follow security best practices. Around-the-clock network monitoring enables organizations to track network activity in real time, monitor remote access software and detect suspicious behavior. Two-factor user authentication, as well as updated firewalls and antivirus software, will help to prevent unauthorized access to the POS. Of course, all systems must be regularly patched and maintained in order to be effective.

 

Organizations that continue to use Windows XP on their POS systems are knowingly increasing the risk of a security breach. In the very near future, all XP support will be cut off. Those who don’t start planning now will be left scrambling for an effective replacement. This is bad for business and bad for your customers. Let ICG evaluate the state of your POS systems and implement the updates you need to keep criminals at bay and protect your data.

August 12, 2015

No Comments

ICG-EMV-cards

What You Need to Know about the Switch to EMV Payment Cards

The time-honored tradition of swiping a credit or debit card is being replaced by the “chip and dip” as the U.S. prepares to shift from magnetic strip payment cards to Europay, MasterCard and Visa (EMV) cards. EMV cards with small computer chips are “dipped” into payment terminals and removed when the transaction is complete. The deadline to switch to EMV cards is October 1, 2015. Although the transition began years ago, there has been a greater sense of urgency to speed up the process due to the rash of high profile security breaches.

 

EMV cards use transaction authentication technology to protect consumers against fraud. Traditional cards store data in magnetic strips. This data can be stolen, copied and used to make purchases or sold to the highest bidder. However, the computer chip in an EMV card creates a one-time, random code for each transaction. If someone stole the code and tried to make another purchase, the card would be denied. While most security mechanisms focus on preventing unauthorized access, EMV cards focus on making sure criminals have nothing of value to steal.

 

Although October 1 is less than two months away, a report from Javelin Strategy and Research estimates that up to three-quarters of merchants won’t make the deadline. When the study was conducted, most small merchants hadn’t even heard of EMV. That is expected to change as consumer awareness increases and credit card companies begin to apply pressure on merchants to make the switch. However, most merchants will not be ready by October 1, and the consequences could prove costly.

 

Beginning in October, if someone tries to make a fraudulent purchase with an EMV card, and that purchase goes through because the merchant doesn’t have an EMV card reader that’s capable of denying the card, the merchant will be liable. Technically, switching to EMV cards isn’t mandatory, but the liability shift is being used as a strong incentive. Also, the absence of EMV card readers could be viewed as a red flag to consumers who are well aware of widespread payment card security issues.

 

Merchants need to prepare by replacing traditional magnetic strip readers with EMV readers. Prices for EMV readers typically range from $30-$300, depending on the level of functionality you want. Your point-of-sale system may need to be upgrade, and employees will need to be trained to follow a new process for accepting card payments.

 

Despite the fraud protection delivered by EMV cards, merchants still need focus on staying compliant with Payment Card Industry (PCI) standards. EMV won’t protect a network infrastructure that uses unsupported Windows XP operating systems and outdated antimalware, fails to isolate cardholder data from the rest of the network, and allows unauthorized users to remotely access these systems. Employees who fail to follow best practices also put their employers and customers at risk. While EMV adds an important layer of authentication at the point of sale, PCI compliance on the actual point-of-sale devices and across the back end of the network is essential to protecting cardholder data throughout the transaction process.

 

Experts are predicting that attackers will ratchet up their efforts prior to the October deadline and look to exploit other vulnerabilities during the transition to EMV. For example, EMV cards offer no additional protection for online transactions. Let ICG help you manage this change, keep your network secure and PCI compliant, and minimize the risk of fraud.

August 6, 2015

No Comments

IPC-Cloud-Business-Continuity

Why Hyper-Convergence Makes Good Business Sense for SMBs

Small-to-midsize businesses (SMBs) are struggling with the complexity, cost and time commitment of building and managing IT infrastructure, according to the 2015 State of SMB IT Infrastructure Survey from ActualTech Media. Scaling server and storage infrastructure is a challenge for more than a third of respondents, while nearly a quarter have difficulty with complexity, troubleshooting and keeping technology up to date. Many SMBs have understaffed IT departments, with the majority of respondents claiming to have an IT staff of seven or fewer.

 

The study also shows that SMBs have made strides with virtualization, although a large percentage of workloads have yet to be virtualized. In fact, only 50 percent of respondents have virtualized at least half of their servers. Researchers suggest this is the case because it’s not easy to virtualize all workloads, and many organizations remain hesitant to virtualize mission-critical applications.

 

A key conclusion drawn from the study is that hyper-converged infrastructure would help to alleviate many of these challenges. Traditionally, an IT team or an outside party would design and build data center infrastructure from the ground up, often using hardware and software from multiple vendors. This process tends to be expensive and slow. Hyper-converged infrastructure tightly integrates various data center components – compute, networking, storage and virtualization resources – into one pre-configured, pre-tested solution. Hyper-converged infrastructure also adds functionality such as de-duplication, compression, backup, snapshots, disaster recovery and WAN optimization.

 

Essentially, hyper-convergence provides organizations with an IT infrastructure in a box, which directly addresses the complexity challenges commonly faced by SMBs. This approach reduces the risk of compatibility issues and technical glitches, simplifies deployment, and accelerates time to value. All resources are pooled, which minimizes the risk of downtime, and the entire environment is centrally managed and maintained through a single interface. This allows time-strapped IT personnel to devote more time to strategic, revenue-producing initiatives.

 

Branch offices typically face the same challenges as SMBs, thanks to limited IT staff and resources. A single, integrated hyper-converged infrastructure streamlines deployment and management of technology at multiple locations. This is much simpler and less expensive than trying to build and manage a more conventional infrastructure. Hyper-converged infrastructure also requires less space, cabling and power, which drives down total cost of ownership. Because of hyper-converged infrastructure’s modular architecture, scaling is as simple as plugging in new appliance modules.

 

Hyper-converged solutions are not inexpensive, and so far there are a limited number of options available that are designed for SMBs. However, when you add up the cost of purchasing the same functionality as individual products, coupled with increasing complexity of the traditional IT environment, hyper-converged solutions may prove to be an attractive alternative.

 

The business benefits of hyper-converged infrastructure are just as valuable and relevant to SMBs and branch locations as they are to large enterprises. Companies looking to simplify the IT environment, virtualize more workloads, scale their IT infrastructure and operate more efficiently would be well served to research hyper-converged solutions.

August 5, 2015

No Comments

ICG-flash-storage

Does Your Business Need Flash Storage?

More than 50 years ago, IBM shipped the first hard-disk drive (HDD) — a one-ton behemoth the size of two refrigerators that contained 50 pizza-size spinning storage disks. Its storage capacity was a whopping 5MB.

 

Data storage has come a long way as scientists have gradually added more and more information on HDDs that continue to become smaller, faster and less expensive. However, today’s HDDs have the same drawbacks as their ancestors — spinning disks that limit read/write response times, weaken durability, and require costly power and cooling.

 

Enter the flash-based solid-state drive (SSD), a data storage unit with small chips and no moving parts. Although this technology was first introduced in the late 1980s, it has really taken off during the past five years.

 

Price points for flash storage have dropped dramatically and are expected to fall even further. As a result, many enterprises have adopted hybrid storage solutions that include a combination of SSDs, which typically store data that is most frequently used, and HDDs, which house data that simply needs to be stored. All-flash arrays are also increasingly popular.

 

Consider three key advantages of flash storage:

 

  • By using flash memory instead of spinning disks, data access times are virtually instantaneous — 250 times faster than HDDs.

 

  • From a durability standpoint, HDDs can be ruined — and data lost — because of a simple scratch on the disk caused by vibrations. SSDs, with flash memory and no moving parts, have been tested to withstand a 10-foot drop.

 

  • Because HDDs spin all the time, they use significant amounts of energy. Enterprises must also make significant investments in the installation, maintenance and monitoring of cooling systems that reduce hot temperatures caused by spinning disks in HDDs. Power and cooling costs are drastically reduced by flash storage.

 

All of these factors – superior performance, greater durability and significantly lower energy consumption – have reduced the total cost of ownership for flash storage. Although SSDs are still more expensive than HDDs, they offer a cost-effective solution for organizations that require better performance for virtual, cloud and big data applications.

 

You should seriously consider flash storage if:

 

  • Critical business applications are performing poorly and hampering productivity.

 

  • You plan to launch new business initiatives and processes that may not be properly supported by your existing storage technology.

 

  • Your data center has outgrown its existing physical space and power capacity. These requirements can be decreased by more than 75 percent with flash storage.

 

  • You’re considering a virtual data center.

 

With operational savings and lower pricing that reduce total cost of ownership, flash-based SSDs have emerged to provide a viable alternative — or a valuable partner — to HDDs. As the storage needs of your business grow and evolve, let ICG help you evaluate the wide range of flash storage solutions that are now available.