What is disaster recovery?

Any type of unforeseen event that disrupts your business is a disaster. This could be caused by natural disasters, cyber-attacks or human error. Whatever the nature of the disaster, having a clear disaster recovery (DR) plan helps to restore operations to normal quickly. DR involves advance planning and it allows organizations to maintain or quickly restore mission-critical functions following a disaster.

Although both DR and BCP go hand-in-hand, they cannot be considered the same. Disaster recovery focuses on how to quickly get the organization back on its feet after disaster while business continuity deals with how to continue operations smoothly during such events. However, implementing DR plans is a critical part of Business Continuity Planning.

Cloud disaster recovery

A cloud-based disaster recovery plan makes use of a public cloud — such as AWS, Azure or Google Cloud Platform — to back up data, applications and other resources. When disaster strikes, those resources can be restored from the cloud back to their original locations – on premise (on own data centres / co-located data centres) or on cloud, where the backup was stored.

Cloud disaster recovery offers the greatest flexibility and recovery speed compared to other disaster recovery models. An important point to note is that a cloud-based DR plan can be used to back up and restore workloads that run on premise as well as those hosted in the cloud. Organizations do not have to run their production systems in the cloud in order to take advantage of a cloud-based disaster recovery.

Benefits of cloud disaster recovery

Hosting your DR in the cloud has many benefits:

Reduces physical storage needs: DR on the cloud allows you to store your data directly on the cloud, in real time. There is no need to use physical items like disks, tapes, or any other storage devices, which themselves could be compromised in the event of a disaster.
Stores mission-critical data off-site: A cloud DR plan automatically gives you the advantage of keeping your mission-critical data off-site in a remote location, away from your on premise infrastructure. In case of a natural disaster, even if your production centre is fully destroyed, your data will remain safe in a separate location.
Reduces costs: A cloud DR plan is cost-effective. You can pay-as-you-go. In other words, you need to pay for cloud DR infrastructure as and when you use it; there is no need to invest upfront in hardware or to pay for more infrastructure than you actually use at a given time.
Easy to implement and reliable: Implementing your DR site on cloud is easier than other DR models and offers high reliability, more than 99%. This makes DR on cloud a clear winner.
Scalable and efficient: It goes without saying that scaling your infrastructure up and down on cloud is easy and efficient. The entire IT infrastructure of the business can also be lean while fully ready to fight any emergency or disaster.

What about data security?

Security is always a primary concern when it comes to the cloud. Is it really safe to store sensitive personal data on the cloud? While we know that public cloud providers have stringent security protocols in place, some data might still be too sensitive to deploy directly on public clouds – like financial or medical information. Virtual desktops are useful in such cases. Virtual desktops or Desktop-as-a-Service (DaaS) is a solution that helps users get a fast, responsive desktop of their choice accessible anywhere, anytime, from any supported device.

AWS Workspaces and Windows Virtual Desktops are such DaaS services provided by AWS and Microsoft Azure respectively. Virtual Desktops help to eliminate the complexity of managing hardware inventory, OS versions and patches, therefore simplifying your desktop delivery strategy. These Virtual Desktops are deployed within a Virtual Private Network (VPN), providing each user with access to persistent, encrypted storage volumes. No data is stored on the local device but still immediately accessible in case of any eventuality.

The Cloud Kinetics approach

At Cloud Kinetics, we have worked with many clients to design their Cloud Disaster Recovery strategy. We work with key stakeholders during the initial phases to identify and agree on the approach, and follow two basic approaches for Cloud Disaster Recovery:

Approach 1:

• Identify the list of customer stakeholders who can:
  • initiate a disaster notification
  • approve the need for bringing up the DR region
  • approve the need for a DR drill
• Identify and agree on the list of applications, database and other instances that need to be launched
• from the latest snapshot available in the DR region
• Identify and agree on the configuration needed for the listed instances
• Identify and agree on the schedule for copying snapshots of all other instances from the primary region to the DR region
• Setup and perform a DR drill based on the pre-defined schedule.

Approach 2:

• Identify the list of customer stakeholders who can
  • initiate a disaster notification
  • approve the need for bringing up the DR region
  • approve the need for a DR drill
• Identify and agree on the list of applications, database and other instances that need to be running 24×7 in the DR region
• Identify and agree on the configuration needed for the listed instances
• Data replication for DB instances between the primary and DR region
• Identify and agree on the schedule for copying snapshots of all other instances from the primary region to the DR region
• Setup and perform a DR drill based on the pre-defined schedule.

As the world faces unknown threats, having a clear Disaster Recovery Plan in place has become crucial for businesses. Technology has, time and again, offered a solution for most business hurdles. Consequently, a DR plan based on the cloud makes it an ideal cloud disaster recovery solution. Cloud native platforms offer the fast recovery, flexibility, agility, scalability and functionality that an effective DR plan requires.

The post Cloud Disaster Recovery: A Crucial Part Of Your Business Continuity Planning appeared first on Cloud Kinetics.

The past few years have seen cloud adoption across enterprises increase manifold. With Global Organizations planning to choose cloud infrastructure as the top investment priority , cloud has officially become a way of life across enterprises. This adoption spans Infrastructure and Software-as-a-service models that leading software vendors such as Salesforce , Oracle & Service. This blog focuses on one methodology of leveraging the automation benefits in cloud, to ensure compliance to an Enterprise Cloud Governance model.

Great going thus far for the cloud story! However, it is time for a word of caution!

With such rapid growth comes hard-sell and hype. Enterprises need to realize the distinction between the old world and the new, and ensure they understand the impact.

With the great advantages of pay-per-use, no fixed fee, no contracts etc come the new paradigms of shared hardware, shared responsibilities and such. The burden shifts to the Enterprise , in ensuring that Governance, security and Business continuity require shared roles and responsibilities. This is a good change, offers the Enterprise more control, however it needs to be understood and implemented right.

So, how to safely harness the power of the cloud, and maximize the benefit .

The post-migration challenges

Once the initial cloud adoption drive sets in, Enterprises typically wake up to the following challenges

• Disparate proliferation and VMs and cloud assets across business solutions, departments
• Inadequate control, and management of cloud-cost owing to rapid growth
• Security and compliance oversight due to decentralized cloud deployments
• Shadow processes and footprints that evolve

These reasons, along with demand for stringent Compliance practices across Geos and Verticals, necessitate enterprises to have a thorough relook at the governance model of the cloud data centre. Thus arises the need for holistic cloud governance that sets policies and standards to controls Operations, Security and Costs.

It is thus imperative to have a well thought out and standardized cloud governance in place (ideally as a part of Initial cloud blueprint) that aims at achieving some key tenets.

Key tenets of cloud governance

• Cloud governance guided by industry-specific compliance policies and standards
• Enterprise security practices across multi-cloud deployments
• Seamless service integration and operations
• Financial cost control and proactive cost management

While enterprises need to encourage and accelerate cloud adoption , the above tenets need to be addressed and enforced in parallel.

Path towards setting up enterprise cloud governance

Gartner advocates the following steps to formalize Enterprise Cloud Governance:

It starts with setting up a core group for governance that will have right mix of stakeholders with various representations. The core group the goes on to define governance blueprint and decide Implementation plan.

At the heart of cloud governance is arriving at the Policies. All cloud platforms come with clear Global compliance certifications. They must be factored into as well and further policies need to be chartered based on geographic, industry, platform, application and user specific guidelines. The policies would driven by following concerns

• Government and Industry bodies
• Enterprise Security operations(Sec Ops)
• By Network, Infrastructure Administrators (Infra Ops)
• Developers and Deployment teams (Dev Ops)
• End users

It is the next step that makes cloud governance all the more effective. Because it is not just about defining policies but ensuring policy adherence holds the key for cloud implementations. Manual process here would be cumbersome and would lead to extreme unproductivity leading to an anti-thesis of cloud drive.

It is in this perspective, Infra-as-code deployment of cloud services as well as automated monitoring & remediation proves to be a significant solution. Cloud platforms provide complete spectrum of services that can be automated from definition to deployment and control. Hence, policies can be clearly defined with Security controls and can be automated for definitions and deployment of cloud resources. Once implemented the policies can be monitored for compliance and alerts can be triggered automatically on policy breaches. The policy breaches can also be remediated through automation. This eliminates complex manual processes or workflow systems that are needed for governance driven cloud setup.

An illustrative example of enterprise cloud governance

Let us look at an interesting case of Cloud Governance Automation to illustrate this further. A financial services provider, with a multi-cloud environment, as part of its security and compliance requirement, wants to setup automated security controls and policy remediations for its cloud deployments.

The Security controls are defined using ISO & PCI standards and as many as 200+ Security controls are defined to meet the control objectives.

The key challenge in this scenario is the need to cater to multi-cloud deployments. This requires mapping the security controls and translating the requirements for cloud platforms accordingly. While there will be cloud specific implementations, the key here is to identify common patterns that can be cloud agnostic. Why do we need this.. Enter cloud agonistic infra as code platforms such as Terraform, Cloud Custodian. These platforms can help achieve both Security control as well as remediation automation via infra as code scripts that run cross platform so that we write once and deploy across clouds.

Once the cloud agnostic model is identified, one way to approach the implementation would be by grouping the required services for automation and monitoring into clusters. The following is a sample cluster model by which cloud resources can be automated for deployment

• Cluster 0: Account and Subscription Services
• Cluster 1: Networking and Common Infrastructure services
• Cluster 2: Security Alerts, integration services
• Cluster 3: Application-specific cloud resources …and so on

This allows clusterwise management and deployment of security controls as well as helps in organized deployment of resources.

Post deployment the cloud resources would be monitored and managed via cloud management platforms like Arcus. Remediation scripts would be triggered on Policy violations that would help take the appropriate temporary as well as corrective actions.

Thus automated deployment, monitoring and remediation of cloud resources makes cloud governance a rewarding exercise by eliminating risks, compliance overlooks as well as by having a highly standardized process across the enterprise. By leveraging cross platform solutions, the automation would be easy to maintain and re-usable.

The post Enterprise Cloud Governance Via Automation appeared first on Cloud Kinetics.

The Guide is intended to assist Financial Institutions in understanding approaches to due diligence, vendor management and key controls that should be implemented on an on-going basis in Cloud outsourcing arrangements. It can also be used by Cloud Service Providers (CSPs) to better understand what is required to achieve successful Cloud outsourcing arrangements with FIs.

Cloud outsourcing classification

ABS has also provided guidance as to the definition of differing risk categories in Cloud outsourcing arrangements and what is likely to constitute material and non-material outsourcing in the context of cloud. This guidance helps FIs understand the inherent risk profile of a Cloud Outsourcing arrangement, and then ensure that appropriate controls are in place.

A broad guideline for the classification of material and non-material outsourcing is given as below. This is to be used as only a broad guideline and the final decision should be made based on the FI’s risk appetite.

Cloud Outsourcing Category

Non-Material

Non-Material Common characteristics:

• Staff data which does not include bank account or credit card data (e.g. information on name cards)
• Development and Test environments
• Services not defined as ‘critical’

Non-Material Examples:

• Application binaries, or risk management quant libraries that are being tested on masked data (i.e. performance & volume testing, regression testing, or Monte Carlo simulations)
• Information Security solutions such as Managed Security Services / Operations Centres, where information assets are encrypted and logically segregated
• Websites for accessing information that is classified as ‘public’
• Service Management applications

Material:

Material Common characteristics:

• Use of customer information, the unauthorized access or disclosure, loss or theft of which may have a material impact on the customer
• Use of staff data, including Personally Identifiable Information (PII), payroll and bank account or credit card data
• Software used for the trading of financial instruments or other transactions
• Financial Risk management systems (Market, Credit and Liquidity)
• Non-public commercially sensitive information that could influence financial markets
• Regulatory reporting or accounting data
• Outsourced business activity as defined as critical by the FI
• Systems of record, including core banking applications
• Any Cloud based implementation of a system classified as ‘MAS Critical’

Material Examples:

• Email and document storage
• Authentication services providing One Time Passwords (OTP) or 2 Factor Authentication (2FA)
• Vulnerability Scanning Services

Activities recommended as part of due diligence

ABS has further laid out recommended due diligence process and vendor management activities for Cloud outsourcing arrangements. The recommendations cover pre-engagement of the CSP as well as on-going risk assessment and oversight. Again, FIs are recommended to take a risk-based approach and understand the applicability for their specific outsourcing arrangement.

Governance

FIs are encouraged to establish a risk management and governance framework to assist in the identification and monitoring of risks during cloud adoption. Expectations should be agreed between the CSP and the FI, in particular with regard to operational contract management, SLA management, technology risk management, business continuity management and contract exit. The contractual terms and conditions governing the roles, relationships, obligations and responsibilities of all contracting parties are set out fully in written agreements.

Assessment of the Cloud Service Provider

ABS has highlighted data confidentiality, financial, operational and reputational factors including the ethical and professional standards held by the CSP and the CSP’s ability to comply with its obligation under the outsourcing arrangement as top considerations while assessing a CSP.

The scope of assessment of a CSP should minimally include the DC’s perimeter, physical and environmental security, natural disasters, and the political and economic climate of the country in which the Data Centre resides.

Contractual Considerations

When negotiating a contract with a CSP, the FI should ensure that it has the ability to contractually enforce agreed and measurable information security and operational requirements. FI is directed to ensure that outsourcing contract includes:

• responsibilities of contracting parties to address the scope of the services and the applicable baseline security policies and practices
• ensuring the CSP can protect the confidentiality and integrity of FI’s information
• provision to review and monitor the security practices and control processes of the service provider on a regular basis

FI should understand and agree with CSP on the change management process in relation to the services provided, and the impact assessment criterions in relation to the SLA in the contract. The FI should ensure that the outsourcing agreement includes an obligation for the CSP to provide notification to the FI in the event of any significant changes that may impact service availability (including controls and/or location).

As financial institutions scale up the use of Cloud services, the updated guidelines reflects industry best practices to facilitate responsible and secure adoption by setting clear expectations for both banks and service providers.

Cloud Kinetics has a proven track record of working with global banks and facilitating their cloud journeys. Contact Us for cloud outsourcing.

The post ABS Guidelines For Singapore Banks appeared first on Cloud Kinetics.

It is pertinent to note that the leading cloud providers continue to lower unit costs, and also provide cost-control tools and services. The users need to be aware of the tools at their disposal to be able to optimize, based on their unique requirements.

How can you optimize your EC2 costs?

Let us start at the very beginning. Good planning starts before deployment. If you are able to identify and segregate based on the below parameters, then the cloud model delivers value right out of the gate:

• Purpose (Development, Production etc),
• Growth Expectations ( steady, dynamic growth etc )
• Longevity ( short-term vs long-term application)

Options such as pay-as-you-go, multiple-year reserved instances, with flexible payment options, spot instances etc are some models for managing costs. However, barring businesses that are technology-driven (e-commerce for example), most enterprises opt for a steady-state model in their gradual shift to their cloud. It is important for them to find the best methods to leverage the cost.

In deployment mode, the key to cost control is to benchmark, monitor and correct. Where most customers tend to suffer is in the monitor phase. While many rely on their Managed service providers to flag large anomalies or rapid burst scenarios, even this is effective only towards the end of the month. Especially painful are cases where unintended or compromised systems generate outbound internet traffic to incur huge costs.

Resource Optimization Feature launched by AWS

AWS, one of the world’s largest IaaS providers, has recently launched a new feature called ‘EC2 Resource Optimization Recommendations’ to help customers optimize their cloud instance or EC2 costs. As the name clearly suggests, this tool generates custom Amazon EC2 resource optimization recommendations based on your past usage. This tool helps by identifying a number of optimization opportunities, estimated monthly savings, and relative savings overall. This feature is available to all AWS customers as a part of the AWS Cost Management Suite. Using these recommendations will help your team to easily identify and act on opportunities for improving cost efficiency.

Cloud Kinetics’ Arcus Cloud Management platform helps our customers and our managed services team to continuously benchmark (set thresholds), audit and flag anomalies right away, so information reaches the key persons right away. Cost auditing, soft limits, policy-violation-reports and real-time reporting are key elements in our journey towards complete optimization.

Working with Cloud Kinetics

Most enterprises have many traditional applications running on-premise. There may be reasons due to which you wish to move some of them to the cloud. However, this decision needs careful analysis of your applications and your business. Cloud Kinetics can help in optimizing your EC2 Costs and accelerate your cloud adoption by leveraging the power and flexibility of cloud to achieve meaningful business results.

The post Optimize Your EC2 Costs Using This New Tool From AWS appeared first on Cloud Kinetics.

A lot of man hours are spent investigating threats, many of which turn out to be benign but cannot be ignored. In fact, cybersecurity teams are often stretched thin while ensuring they do not miss anything.

6 cloud security threats and how to manage them

1. Data breach

Cloud data breaches cost organizations millions in terms of time and money. A data breach could mean data loss or data theft besides damaging data integrity and confidentiality. Data breaches usually occur because of inefficient management of identity and credentials of people seeking access to data; phishing, pretexting, easy access to registration systems and insecure APIs.

Organizations are aware of the challenges that data breaches could trigger and are constantly trying to find the right tools and solutions to mitigate such challenges. While data breaches have increased in recent years, experts agree that it is not cloud technology that has worsened the problem, but the less-than-perfect security practices. The lack of visibility into cloud workloads is a key cause of immature security practices. An overwhelming majority (93 per cent) of respondents worldwide said they had trouble keeping tabs on all their cloud workloads.

Best practices: Steps that can be taken to prevent data breaches include:

• Set up strict cloud usage and permission policies with multi-level authentication gateways
• Implement data access governance and reduce access to sensitive data
• Implement data discovery to enable identification and classification of business critical and sensitive data
• Enable user behaviour analytics so that any anomalous activity can be quickly spotted
• Build an efficient data remediation process so that any issue that puts sensitive data at risk can be quickly managed
• Enable centralised logging so that investigators can access all the necessary logs from anywhere.

2. Misconfigurations

The most frequently seen misconfigurations include human error at the top of the list, followed by allowing excessive permissions and data sharing, both of which can overexpose sensitive data; allowing old and unused accounts to continue; not managing security settings efficiently and disabling encryption, all of which expose data to insecure environments.

Best practices:

• Set up baseline configurations and regularly check for slippage
• Monitor and investigate any unplanned changes
• Regularly review user permissions and be willing to revoke any inappropriate or excessive access rights.

3. Insider threats

These may be intentional or accidental. The insiders include employees along with contractors, partners and suppliers who have inappropriate access to sensitive data. Threats could include abuse of privileges, compromised VPNs, routers and privileged and service accounts. Organisations that do not have enough visibility into usage and activity across cloud storage systems are especially at risk.

Best practices:

• Change access permissions as soon as there is personnel change
• Track user activities especially if there are failed attempts to access
• Monitor privileged and service accounts since they should be sparingly used
• Create a behavioural profile of every user and track usage based on that. Attempts to gain more permissions, access disabled accounts are all red flags.

4. Account hijacking

The ways to steal and hack into accounts are too many to discuss here. Privileged accounts and subscription services are especially at risk.

Best practices:

• Train employees on how to prevent account hijacking
• Insist on strong passwords and implement multi-layer verification
• Control access, monitor user behaviour and remove unused accounts
• Revoke excessive access to information
• Practise the principle of least privilege (POLP) to help increase security.

5. Denial of service attacks

Such an attack makes service delivery difficult. These attacks can originate from a single or multiple sources. During such an attack, a system is overwhelmed by such a huge number of requests that other users cannot access the system. New forms of such attacks combine AI and ML.

Best practices:

• Implement content filters
• Use a web application firewall to secure the network
• Use load balancing and easily identify traffic irregularities

6. Malware

They can infect cloud servers like any on-premise system.

Best practices:

• Practise regular data backups
• Use advanced firewalls and antivirus software tools
• Train employees on safe browsing and downloading
• Monitor activities.

Mitigate data security challenges with a comprehensive security platform

A security platform can help mitigate data security challenges by providing a comprehensive set of security capabilities, including centralized management, automated compliance, threat detection and response, data encryption, and access control, and continuous monitoring.

At Cloud Kinetics, we have developed a proprietary platform – Arcus CMP – to mitigate the challenges of cloud and data security for our clients.. With Arcus Cloud Management Platform, clients are able to get a clear and transparent view of their cloud assets. It also empowers users to deploy fully configured stacks or applications on public clouds like AWS, AZURE and GCP through a user-friendly interface without compromising visibility, governance and control.

How Cloud Kinetics enabled secure cloud adoption for a leading bank

Cloud Kinetics worked with a leading bank in Singapore for cloud adoption and to ensure adherence to governance policies and industry compliance standards including ISO. As part of this security and compliance requirement, the bank identified around 150+ security controls and required them to be implemented on Azure.

Cloud Kinetics implemented the security control and governance framework for the customer on Azure and automated the whole setup using Terraform, including the following features:

• Automated creation of Azure resources VNET, NSG Rules, Storage Account, Key Vault and RBAC through Terraform
• Setup and configured alerts (based on Secure Azure Dev Ops tool kit framework)
• Created custom RABC and automated via scripts
• Monitored and remediated events and deviations

As a solution, Cloud Kinetics set up governance policies for proactive monitoring and alerts. We also enabled the bank to set up Azure resources via automated deployments.

The highlights of the cloud adoption drive

• Complete automation of 150+ security controls as per ISO and other compliance requirements
• Separation of resources into various clusters enabling easier automation of network, server and other infra components
• Complete remediation of incidents, deviations and events for automated response
• Implementation was done using open source, cross-platform tools (like Terraform, cloud custodian) ensuring reusability and easy maintenance.

You might also like to read: 5 Best Practices for Cloud Migrations.

The post Cloud Security 101: Protecting Your Valuable Data In The Cloud appeared first on Cloud Kinetics.

The framework ensures that organizations have sufficient control over critical areas of cloud operations such as, data security, data and risk management, legal processes, cost management and much more. Ideally, all the sections should be working to meet common business goals.

Commonly built from IT practices already existing in an organization, cloud governance frameworks are sometimes framed afresh for the cloud.

Some of the governance rules include:

• Defining management roles and responsibilities
• Data management and encryption
• Ensuring compliance with industry standards
• Managing identity and access 
• Disaster recovery

Why is cloud governance important?

The cloud environment has become very complicated, especially when hybrid and multi-cloud services are being used. Cloud governance ensures that the correct framework is in place and team members can access all the cloud resources easily. It is more focused on operations, data security and cost. 

Why DevOps?

Good governance, compliance, agility and dynamism are difficult attributes to implement at the same time without compromising one or the other. To successfully maintain all of them, organizations need to adopt the DevOps approach. DevOps streamlines development to accelerate production, lowers costs of development, testing, deployment and operations, while the cloud offers scaling, automation and a standard platform to enable changes in applications. 

Governance checks need to be built into all the DevOps processes and tools. It needs to become a part of security, touching every part of the processes. Most cloud computing providers, public and private, support DevOps on their platforms. 

Adopting cloud governance and DevOps

Adopting both cloud governance and DevOps is not easy for all and traditional developers may need guidance at the beginning. Cloud Kinetics has successfully helped organizations overcome obstacles and adopt DevOps and cloud governance. Here is an example.    

Cloud Kinetics and cloud governance: A case study

Here’s how Cloud Kinetics implemented a cloud governance project for a large global financial services institution. 

We completed the complex process of cloud governance with a set of sequential activities and well-defined goals and deliverables. The sequence of phases and activities broadly included:

• Defining policies
• Arriving at security controls
• Automating infra provisioning (infra as code): ​Monitoring and setting alerts on policy enforcement
• Remediation: Manually or automated

At a solution level, the key features of the cloud governance solution that were implemented included:

• Automating the creation of cloud  resources (subnet, security groups, storage, key vault, IAM & RBAC) through Terraform
• Setting up and configuring alerts  (based on Secure DevOps tool kit framework) 
• Creating a machine-image gallery that included  approved images
• Setting up and configuring centralised log analytics
• Setting up a run book for  baseline check
• Monitoring and reporting deviations into the feedback loop
• Configuring auto-healing through cloud custodian

We were successful in implementing our goals within the planned time frame. The goals included:

• Complete automation of 150+ security controls as per ISO and other compliance requirements
• Complete infra as a code implementation that enables the organization  to set up cloud resources via automated deployments
• Separation of resources into various clusters enabling easier automation of network, server and other infra components
• Setting up of governance policies for proactive monitoring and alerts
• Complete remediation of incidents, deviations and events for automated response
• Complete implementation using open source and cross-platform tools (like Terraform, Cloud custodian) while ensuring reusability and easy maintenance.

For more updates on cloud governance, follow us on LinkedIn.

The post A DevOps Approach To Cloud Governance appeared first on Cloud Kinetics.