Category: Blog

QuoStar and AFC Bournemouth host engaging Digital Stars Workshop for Junior Cherries

Posted on by Monnique Klingbiel

This week, QuoStar and AFC Bournemouth held an engaging and interactive Digital Stars workshop at Bournemouth University for the Junior Cherries, the club’s junior membership.

The event was aimed at promoting the importance of technology, while also highlighting career opportunities in the IT industry and encouraging gender inclusion.

Insights on Technology and Safe App Usage

During the event, Austin Brannigan, Systems Manager at QuoStar, provided valuable insights on the significance of technology and safe app usage. The participants also had an interactive session playing a game called CyGamBIT, which aimed to help young people stay safe online.

The Digital Stars workshop also sought to encourage gender inclusion and promote diversity in the IT industry. According to Tech Nation, only 26% of the tech workforce in the UK comprises women.

Q&A Session with AFC Bournemouth Players

At the start of the masterclass, participants were pleasantly surprised by a Q&A session and photo opportunity with AFC Bournemouth Defender Jack Stacey and club legend Steve Fletcher. Their presence added to the excitement of the event and provided a unique opportunity for the young attendees to engage with professional footballers.

QuoStar’s CEO, Robert Rutherford, commented:

“We are proud to have partnered with AFC Bournemouth and Bournemouth University to organise this great event for the younger generation in our hometown. Our Digital Stars interactive workshop aims to strengthen our relationship with the youth in our local community, introduce them to the world of technology, and promote responsible usage. At QuoStar, we recognise that the IT industry isn’t as attractive as a career as it once was, and is still predominantly male-dominated, which is why it’s important for us to promote the opportunities for everyone whilst highlighting the advantages of pursuing a career in IT.”

Dr Jane Henriksen-Bulmer, Principal Academic in Privacy within the Department of Computing and Informatics at Bournemouth University:

“It is really important that industry, academia and schools work together to help young people learn more about IT, so it’s great to bring all sides together at this event. Studying a degree in IT will help young people build a viable sustainable career with graduates in this type of degree typically achieving a higher starting salary than many other degrees.

“We can also use these partnerships to help young people navigate the online world safely. We created CyGamBIT to encourage conversation and understanding of some of the risks they might be exposed to in the online world and what young people can do to stay safe online.”

Steve Cuss, Head of Community at AFC Bournemouth:

“We value all our partners greatly and I would like to thank QuoStar and Bournemouth University for all their help with this event and their continued support. IT plays a really important part in everyday life and the more we can educate and inform young people how best to use it, the better they will be equipped for the world of work.

“It was great for the youngsters to hear from Jack Stacey about education, how important it is to continue your studies and to always look to improve yourself. We know he’s just finished doing a degree and when you hear it from a Premier League footballer, it’s really impactful.”

At QuoStar, we are committed to promoting technology and inspiring the next generation of IT professionals. By hosting events like the ‘Digital Stars Interactive Workshop,’ we hope to encourage young people to explore the opportunities available in the IT industry and pursue careers that align with their interests and skills.

 

Six reasons for the rise, and rise, of IT outsourcing

Posted on by Monnique Klingbiel

Six reasons for the rise, and rise, of IT outsourcing

 

IT outsourcing has been rising exponentially.  

Pre-Covid, the main driver for outsourcing was cost reduction. Many small and much larger businesses used a third-party provider to keep the IT lights on under a flat cost arrangement, typically based on the number of users supported.  

Medium sized businesses often had their own internal IT teams, outsourcing small elements of their operations, from a one-off project to a specific area of security, to a third-party.  

Post pandemic, the motivations for using an external IT service provider have changed dramatically. The last year or so has seen outsourcing become essential to most organisations’ operations and wider business strategies.  

A new generation of outsourcing partners are helping deliver the enhanced service levels and top and bottom-line improvements that businesses need in a post-pandemic world. 

 

Here are six reasons why: 

 

1. Speed of change 

Most organisations are transforming at pace, to meet the needs of their clients and win market share.  The rate of change means that many IT teams cannot keep the lights on from an IT operations perspective and handle the volume of strategic and systems focused projects that are thrown their way.  

In-house IT teams are often much better focused on delivering strategic projects, while a trusted IT partner manages day to day IT operations as an extension to the team. 

 

2. Talent shortage 

The worldwide shortage of IT talent includes the UK. This has led many organisations and service providers to outsource overseas to meet demand.  

The pace and volume of change in terms of transformation projects post-pandemic, along with a lack of new IT sector talent has created a crisis. There were more than two million UK job vacancies in tech in 2021, more than any other labour area. 

 

3. Security  

Businesses face a perfect storm of rapid transformation, skills in global shortage, and a fast-growing cybersecurity risk landscape.  

IT teams within organisations are seeing pressure from all sides, which is a tough place to be. Many are leaning on their IT service providers to take responsibility for elements of cyber security, be it day to day security operations, compliance, or governance overlay.  This gives an organisation comfort that a third party is providing checks and balances and is making sure that what needs to be done from a security perspective is done. 

 

4. Too complex 

The race to the cloud and between cloud, the rise of cyber-crime and swathes of transformation projects have made IT environments complex. Arguably more complex than they were prior to the cloud boom. However, most IT departments have not had the budget, talent, or experience to keep up with the demands placed upon them.  

Partnership-focused IT service provider relationships, with the skills and experience these bring, help to augment their own.  

 

5. Enhanced value 

Many older, larger IT service providers have usually delivered flat cost savings based on labour savings. This type of flat service outsourcing, if done correctly, will realise straightforward cost-savings, especially as talent and experience wane.  However, a new generation of dynamic service providers are helping businesses to not only control costs, but also enhance their operations, deliver strategic initiatives, boost their digital transformation capabilities, introduce automation, and Lean initiatives. 

 

6. Competition 

Local, national, and international competition has amplified in most sectors. The largest value gains now are typically driven or supported by some form of digital transformation.  This had led businesses to lean on IT service providers to keep operations secure and available while the IT team focus on business and digital transformation projects. 

Whichever way this use of external and internal IT support is married, augmented teams are invaluable in the current national and international business landscape. 

 

Would you benefit from a review of your IT strategy and support?

For an assessment of your business operating maturity level contact us here

How to safeguard your cyber insurance cover – and your business

Posted on by Monnique Klingbiel

The risks of – and the potential fallout from – a cyber-attack is enough to keep any company director awake at night. 

The costs of a breach can be huge, costing UK enterprises an average of £4.09 million per breach, according to IBM’s Cost of a Data Breach study.  

These figures are not surprising when you consider lost productivity and revenue, response, forensics, recovery, communications, data breach fines, and various other costs. Even a company with 100 employees can be looking at hundreds of thousands of pounds, just to get back to where they were before an event, such as from a ransomware attack.  

Together with the significant reputational damage that can follow a data breach, the level of risk and likelihood means that most organisations have some form of cyber insurance to cover these substantial costs.  

 But as the number of cyber insurance pay outs grows, insurers are looking at ways to not pay out, or at least not for the full amount of damage. This is understandable in cases where a board has been negligent and not managed the risks, just as a motor insurer would not pay out where a driver had failed to get an MOT or put road legal tyres on their car.  

Your responsibility to control risk

All cyber insurance providers expect policy holders to take responsibility for evaluating and mitigating risks.  

Insurers expect best-practice cyber security controls to be in place, which typically includes the ‘absolute basics’ such as Cyber Essentials. This also means keeping on top of security operations year-round, not just a tidy up and certification every year or so. 

If the basics are not in place at the time of a breach, then many insurers will not pay out. On top of this, the ICO and other regulators are likely to hand out significant fines. These amounts aren’t insignificant, as the ICO alone can hand out a data breach fine of £17.5 million, or 4% of an organisation’s total annual worldwide turnover, whichever is higher. 

Cyber security basics should be viewed as seriously as other risk controls in your business, such as a fire alarm that is regularly serviced and tested. 

Common cyber security measures

For a cyber liability policy to pay out in a breach scenario you need to check the small print.  However, here are common areas that are going to have an impact on any claim: 

Patches and Updates

  • Firewall Protection – IT equipment must be protected from unauthorised access by a suitable firewall. The firewall needs security updates and other updates at least once a month, if not automatically. An insurer will almost certainly not pay out if the firewall is not up to date at the time of a loss.
  • Software updates –It’s best practice to patch and update software and it is a standard cyber insurance term to mitigate known vulnerabilities. Important updates to firmware, operating systems, and other software must usually be installed within 14 days of being released by the vendor or provider. Some insurers will insist on seven days, which can be a tough clause to manage in some environments, so keep an eye out for this.
  • Tablets, phones, and other devices – It’s important that tablets, phones, and any other devices with access to your network are updated or kept off the corporate network. Your organisation is responsible for who and what connects to its network. If your network is breached from an insecure work or personal device, then your insurance could be void. 
  • Outdated operating systems – Outdated operating systems and software that is no longer supported by the vendor in terms of security updates is going to invalidate insurance if they are breached. 

Users and Passwords

  • Change default passwords – If you have default passwords or use the password that came with an IT device when it was purchased, then your policy will be invalid. There are large databases on the internet that list all these default passwords, and these are always a go-to for hackers and automated attacks.
  • Individual ID and password –It can be common for some users to share logins and passwords to certain systems, and for conference room PCs to have shared logins. These shared credentials are unacceptable as they are a common cause of a breach. It also makes the source of a breach difficult to trace.
  • Limiting access – System users should only have access to what they need, particularly logon credentials with enhanced security rights, such as administrator rights. It’s particularly important that users don’t have administrator rights on the device they log in to as that’s an easy way for an attacker, who may be an employee, to gain control of a machine and then the wider network and systems. Organisations will need to prove that administrator accounts are controlled and that passwords are changed regularly.
  • Work laptops should be controlled – Only authorised users should be able to use work devices. This will need to be controlled via policy and login restrictions. An employee’s child downloading and installing a game with ransomware on to a work device could lead to the insurance being invalidated.

Data Backup

Cyber insurance policies will always cover the backup and protection of data. They will typically include: 

  • Two copies of backup data at different locations – It’s standard to expect two separate copies of backup data to be stored. One can be local to the IT environment, but another should be taken or backed up off-site, such as on a cloud backup platform. It’s increasingly common for insurers to ensure that backup data is air-gapped, so if someone gains access to your systems, they cannot get access to the backups. It’s common for ransomware attacks to seek and encrypt backups quickly.
  • Frequency of data backup –It’s usual to backup data daily, if not continually, in most modern IT environments. If your data is critical, then an insurer would want to know why you have not backed-up regularly. 
  • Backup checks – It’s critical that you regularly evaluate your backups to make sure everything that needs to be is backed up. It’s even more critical to ensure that your backups are working as expected. Many systems will send automatic alerts, but it’s still worth doing a manual check and restore every now and again.
  • Virus Protection –Cyber insurance terms typically state that anti-virus software should be in full and effective operation at the time of a loss. It should also be noted that many insurers are now asking that businesses have at least EDR (Endpoint Detection and Response), which is a typically more advanced antivirus solution, supported by a specialist organisation. In fact, it’s generally considered a security basic now, as antivirus was 20+ years ago.

Pre-existing problems

Cyber insurance will not pay out if you are aware of, or ought to have reasonably known about, a pre-existing issue, prior to the cyber insurance being taken out. This is particularly important if you’ve had security audits undertaken in the past but not dealt with any issues highlighted. Too often organisations know they have issues but still take out insurance as a way of mitigating spend on security controls. This is a bad idea. 

Previous breaches

If you’ve been breached before it will impact your insurance, as there could always be something waiting to deploy at a particular time, or a hole left in the environment. You must declare if you have had a breach, usually over the last three years. 

What can reduce premiums?

There are key areas that can make a real difference to your cyber insurance premiums and your security posture, such as: 

  • Multifactor authentication, particularly for remote access and administration accounts 
  • Privileged Access Management (PAM) 
  • Endpoint Detection and Response (EDR)
  • Secured, tested and encrypted backups 
  • Email filtering and web security 
  • Patch and vulnerability management 
  • Cyber incident response planning and testing 
  • Cyber security awareness testing and phishing testing 
  • Security Information and event management solutions 
  • Vendor and supply-chain risk management 

All the above are sensible security controls that should already be in place in organisations of all sizes. 

How do I know if I have the right controls in place?

If you would like a no-obligation audit, please contact us to sign up for a Cyber Maturity Assessment or Cyber Risk Assessment.

QuoStar celebrates record growth in 2022

Posted on by Monnique Klingbiel

We’re delighted to be celebrating another record year of growth at QuoStar, which includes developing the business across the UK and more than doubling our revenue.

With milestones including an impressive 40 new clients brought on board in 2022, revenue growth of 109% and 32 new people welcomed to the business, we are very pleased that the hard work and commitment of the whole QuoStar team has paid off.

In the last 12 months, we have taken more strides to expand the company across the country. In addition to our established Bournemouth and London offices, we have opened new premises in Leeds and will be announcing another location soon.

Our continued commitment to helping clients boost their business efficiencies and gain a competitive advantage was also reflected in our latest feedback survey, which showed an industry leading 99% client satisfaction for the fourth year in a row.

Other highlights of the past year included the announcement of our new partnership with AFC Bournemouth for the 2022/23 season. With many of our staff being big supporters of the Cherries, it has been a pleasure to work with the IT team at AFC Bournemouth to ensure cyber security is embedded in the club’s day-to-day operations.

Giving back to our communities is important to all of us at QuoStar, and we were happy to help raise £50,000 for regional charities close to our hearts, including Wessex Cancer Trust, AFC Bournemouth Cherries Community Fund, Dorset Mind, Lewis Manning Hospice Care, and MYTIME Young Carers.

QuoStar CEO Robert Rutherford said: “The last year is a clear example of what a committed, and talented team living genuine values and working in real partnership with colleagues and clients can deliver – for everyone. I’m genuinely excited knowing we’ve got bigger and better things coming in 2023, all revolving around delivering business outcomes to our clients, whilst also providing real opportunities for our teams to showcase their world-class capabilities. Onwards and upwards.”

2022 Record Year

Why preparing for a blackout is critical

Posted on by Monnique Klingbiel

Preparing for blackouts blog

 

Planning for power blackouts has been low priority for many businesses over the last couple of decades, because power supply has been good.

But we now know there is a good chance of at least one outage this winter, despite government and energy suppliers doing what they can to keep supplies in place.

If your business has not already prepared and communicated a blackout continuity plan, then time is of the essence. Failure to have a plan could be negligent in the event of an issue and regulatory bodies are unlikely to be impressed.

Assessing risk

You need to review your risk register and continuity planning to raise the likelihood of power outages. Part of this should include evaluating all key assets and making sure these are all logged.

This will affect your risk score and the focus needed in these areas but will help you contain the prospect of an even bigger problem in the future.

Blackout preparation

  • Check your communication plan is in good shape and agreed with your IT team.
  • Test an outage if you have not done this in the last 12 months.
  • Power down a whole office, if possible, to check on any gaps.
  • Make sure that every IT device has a warranty and support contract in place.
  • Get broader business buy-in to the business continuity plan.
  • Establish senior management responsibility for:
    • Communications
    • Any lack of spend against key security controls against defined risks
    • Understanding how the business operates in each scenario

Remote workers

The increase in remote working since the pandemic could make the loss of power at employee homes a disruptive and costly problem.

If energy supplies are diverted to major business districts and away from residential areas at set times, remote working could become difficult. This is a likelihood in a supply-issue scenario.

Ensuring that employees keep their laptops on charge may seem like an answer but is useless if their broadband router has no power. Trying to connect from mobile hot spots could also prove unworkable if everyone in that area is doing the same.

An agreed process for blackouts at employees’ homes should be in place. It’s important to have agreement on what people do in the event of an outage, such as how long to wait before finding an alternative work location.

Workplace capacity

If you have a dispersed workforce, check whether you have office space to accommodate everyone during a power outage scenario.

If space is not sufficient, options include partnering with other organisations on other grids to allocate space. It’s unlikely that your people will be able to go to a coffee shop or hotel to work as the chances are that these will be already full.

Many larger businesses have diverse power feeds from different grids. If you do not have this, you may want to look at the options and consider the cost vs impact.

For office-based IT equipment, consider having two firewalls, two routers and redundant switches. One of the biggest fears of power outages and turn-ons is losing a key element of a network, which can take a whole office down.

Protect against spikes

The big worry of power switching on and off is that this can blow electronic devices, such as switches, routers, servers, storage, and firewalls.

Devices like these should be on UPS devices, to protect against spikes and to shut down any remaining on-premises server environments that may still be in place.

It’s important to ensure that all UPS devices have current warranties and have been load tested to ensure they have enough run time to shut down equipment gracefully.

Home workers also face the possibility of power outages and turn-on spiking equipment. To mitigate against this, you should keep spare wireless routers and laptops to push out to employees at home. Although the loss of a home router is not the employer’s fault, it is still a problem if employees are unable to work.

Supply chain

Evaluate your supply chain. You need to understand how power outages may affect your partners and suppliers and in turn, your business. Check that suppliers have clear plans for dealing with power outages and ask for this in writing if possible.

You should also speak to your energy suppliers and ask for written confirmation of what could, will and will not happen if supply difficulties occur.

 

For a free review of your Business Continuity and Disaster Recovery plan, contact us.

An airtight DRaaS and VMware Cloud solution

Posted on by Monnique Klingbiel

With 39% of UK businesses identifying a cyber-attack in the last 12 months and around one in five (21%) of these reporting a sophisticated attack such as a denial of service, malware, or ransomware¹, most of us know just how essential Disaster Recovery (DR) is.

Being proactive in protecting digital data and customer assets is no luxury when you also consider these cybercrime risks in the context of increased remote working and assets that are dispersed across locations.

Cloud-based DRaaS (Disaster Recovery as a Service) is a cost-effective, fast and airtight route to this protection.

We are now VMware Cloud and DRaaS verified

QuoStar has VMware Cloud and DRaaS verification across our next generation private cloud platforms. This can help you to safeguard valuable assets quickly and effectively against the disasters that carry a real risk to your applications and infrastructure.

Tailored to your VMware environment

By designing a DRaaS solution specifically for your VMware environment, we can give you peace of mind that your data is protected, without the need for capital investment or upskilling within your IT team.

This fast, efficient and secure disaster recovery solution, which can be from on-premises to cloud as well as cloud to cloud, gives you the benefit of:

  • Automated recovery and fallback
  • An RPO (recovery point objective) as low as five minutes
  • Reduced operating costs
  • In-house IT team freed up to focus on high-value projects

Fast, non-disruptive DR testing

Backups and disaster recovery need regular validation to ensure they will work when needed. Our cloud-based DRaaS solution reduces this risk with fast, clean simulated DR testing in minutes. This regularly scheduled testing, which is required for proper DR planning and validation, does not impact on your ongoing DR activity or IT team.

Protect collection of VMs (vApps)

The enhanced grouping and protection workflows within our service help to preserve recovery priorities and network configurations for virtual apps (vApps), eliminating the need for manual scripting and shortening RTOs.

Bandwidth monitoring

Our DRaaS solution gives you visibility into what DR is adding to bandwidth, which helps to troubleshoot latency issues. It also offers capacity reporting, identifying what DR is consuming in storage on the target environment.

Remove complexity and overhead

Working in partnership with QuoStar on a DRaaS and VMware Cloud solution gives you peace of mind that core DR operational work is managed and continually updated in line with regulatory and compliance mandates. It removes complexity and overhead from your organisation.

Neil Clark, Director of Cloud Services at QuoStar: “QuoStar obtaining both VMware Certifications (Cloud and DRaaS Verified) rubber stamps our commitment to building the best-in-class Private Cloud Platforms.

“QuoStar understands that cutting corners at this level can be catastrophic and, a lot of the time, holds businesses back from moving to the right cloud solution. By using an industry leading solution like VMware, we can provide the most reliable, highly performance and cost-effective solution to our customers.

“QuoStar’s private cloud is just one part of QuoStar’s multi-cloud solution, allowing our customers to benefit from the advantages of each cloud platform.”

Contact one of our Cloud specialists to find out more about QuoStar’s DRaaS and VMware solution.

_
Statistics: ¹ Cyber Security Breaches Survey 2022

How our Fortinet SD-WAN solution delivers security at scale

Posted on by Monnique Klingbiel

If your organisation is considering SD-WAN (Software-defined Wide Area Network), then effective networking and built-in security should be integral to your decision.

In partnership with Fortinet, QuoStar is one of 15 SD-WAN specialised partners in the UK. We offer a solution that achieves safer, more cost-effective and efficient SD-WAN implementation. Here’s how:

SD-WAN explained

With dispersed workforces, new digital tools and cloud adoption at an all-time high, many organisations are turning to SD-WAN. This virtual WAN architecture brings together existing internet connectivity options, such as MPLS, Broadband, DIA and LTE, to securely connect users to applications, while simplifying the control and management of this connectivity.

SD-WAN solutions help to remove complex and expensive routing, cut down on hardware costs and remove expensive MPLS networks. They can also greatly enhance access to Software as a Service (SaaS) and other cloud-based services and help to minimise downtime.

The issue

However, many available SD-WAN networking solutions have little or no built-in security, which can lead to organisations adding a range of disparate tools to address these risks. This increases capital expenditure, raises complexity and creates potential gaps for cyberattacks.

A fully integrated, secure SD-WAN solution is the best way to ensure effective protection, operational efficiencies, and on-going readiness for evolving network demands.

QuoStar’s SD-WAN solution

Working in partnership with Fortinet, who have been recognised by Gartner as a Leader in the 2022 Gartner Magic Quadrant for SD-WAN for a third year in a row, QuoStar’s SD-WAN solution brings extra security protection and enhanced performance to the existing benefits of SD-WAN. These improvements include:

  1. Protection at all edges

Native security for both on-premises and cloud-delivered services, to provide flexible, secure access for a distributed workforce working on and off the network. Unified orchestration capabilities further provide end-to-end visibility and control of the network environment.

  1. A world-class user experience

Our solution overcomes WAN impairments at all edges using our comprehensive self-healing SD-WAN as well as AIOps and Digital Experience Monitoring (DEM). There are no network slowdowns thanks to our purpose-built security processing units, and application performance is maximised with artificial intelligence and machine learning.

  1. Reduced costs and complexity

Significantly lower operational complexity and low total cost of ownership is achieved with converged networking and security. Our unified SD-WAN solution secures remote workers and on-premises users with consistent policies.

You should investigate SD-WAN if:

  • You’re a largely distributed company experiencing network problems.
  • You’re particularly vulnerable to internet outages.
  • Your internet connectivity costs need to be revaluated.
  • You want to simplify the branch architecture.
  • You’re in the market to affordably expand your company’s network.
  • Your company needs to scale quickly and easily.
  • You would like to enable reliable user experience on any transport with rich routing and advanced WAN remediation for self-healing networks
  • SD-WAN control and management across multiple locations is providing a challenge for businesses with IT resources facing skill gaps

Obtaining a Secure SD-WAN Assessment Report will give you unmatched insight into your current security posture and network activity. Learn more about your network by registering for a free assessment here.

Free SD-WAN Assessment

Why you need an Azure Landing Zone

Posted on by Monnique Klingbiel

If your business uses Microsoft Azure, you also need a well-designed and structured Landing Zone. A Landing Zone is a key component of the Microsoft Cloud Adoption Framework, helping organisations to better manage and scale their public cloud environments.

What makes up a Landing Zone?

In terms of Microsoft Azure, a landing zone is a combination of multiple subscriptions within an Azure Environment. These subscriptions are already set up for all areas of the platform that may be required to support the environment, whether that’s Infrastructure as a service or Platform as a service.

You could view a Landing Zone as foundations, built on solid practice and design considerations, which you can build on, expand and scale as required. The design of these foundations will differ, and the basics can be laid out differently from one Landing Zone to the other, as there is not one single design for all types of infrastructure.

While Landing Zones can vary due to their modular design and business requirements, they usually cover certain design areas, as below:

alz-design-areas

Landing Zone Design Areas

No matter what type of deployment you are designing, be it enterprise, hybrid-cloud, or a simple, small POC (proof of concept) environment, each design area listed should be considered within a Landing Zone.

  • Enterprise enrolment – have we set up a tenant that will support growth and scale? How will we license it?? CSP, EA etc?
  • Identity – How are we going to control identity and access? Serious consideration should be given to how this is managed.
  • Network topology and connectivity – What will our network look like now and how will this scale and grow? What design considerations, such as segregation, do we need to consider?
  • Resource organization – How will we organise our resources to allow for growth without red tape? What are our needs around business areas, different teams, subscriptions? And how we implement this within management groups?
  • Governance disciplines – How do we stay compliant? How do we enforce security requirements? How do we ensure our data sovereignty?
  • Operations baseline – How will we manage, monitor and optimise our environment? How will we maintain visibility within our environment and ensure it operates as required?
  • Business continuity and disaster recovery (BCDR) – How will we plan and design for continuity and protect our data? Have we considered the need to replicate data or provide a method of restoration? Do our proposed methods meet the RPO and RTO objectives of our organization?
  • Deployment options – How will we deploy our Landing Zone and resources moving forward? Will this be a manual process? Will we consider Infrastructure as Code? What methodologies for deployment could we use? 

We’ve helped several customers get their landing zone to good by deploying QuoStar’s best practise landing zone framework, which implements current governance best practises, cost management protection and parameter security. This has helped them to get to a position where they have the correct foundations build upon, future proof expansion and allow adoption and implementation of a continuously evolving best practise frameworks.

As a leading Microsoft partner, contact one of our Cloud specialists today to find out more about our services.

Why MFA is no longer enough

Posted on by Monnique Klingbiel

Two step authentication

It’s time to let go of the view that multi-factor authentication (MFA) provides enough security.

Hackers have the means to steal passwords, hijack users’ sign-in sessions and bypass the authentication process entirely, even when MFA is enabled. Adversary-in-the-middle (AiTM) attacks may be nothing new, but the ability of criminals to bypass MFA is.

What’s new?

Attackers can now intercept the legitimate session cookie issued by a real website, along with the authentication token.

The sophistication of these modern AiTM attacks has been highlighted by Microsoft, who explain how AiTM phishing attacks work.

In simple terms:

  1. An attacker sends a cleverly crafted email (phishing attack) which looks legitimate
  2. An unsuspecting user clicks on this link, which takes them to the attackers’ ‘spoof’ website
  3. The attackers’ website silently and transparently forwards on the request to the real site (Office365, Google etc) for authentication
  4. The user sees the real website and enters their credentials to authenticate

The attacker can now silently intercept this data while it passes through their website

Cookie theft

Ever wondered how you can launch Edge or Chrome and navigate to your Office 365 email without being prompted for authentication? Or launch Outlook or Teams without being prompted for authentication?

This is because you have already done that once and have a safely stored session cookie which is valid for a set number of days.  This is what the attacker is after and once they have it, they have easy, instant access to your email or Teams account.

 

Build multiple layers of protection

A multi-layered approach to security is the key. Relying on a single security mechanism such as MFA is like putting all your eggs in one basket. You need to reduce the possibility of security compromise by adding more control layers.

  1. Enable MFA if you haven’t done so already. Without this, it’s like having a toy padlock on your front door.
  2. Raise awareness. This is the most effective and essential step of all. Educate users on how to spot phishing emails and when they should and shouldn’t enter their credentials.
  3. Implement advanced email filtering. Reduce the chance of attacker emails reaching users’ mailboxes by deploying Content Filtering, Sender Filtering and Safe Links. These are must-haves.
  4. Implement a Web Proxy. These may be usually considered a mechanism to stop people accessing Facebook or eBay during working hours, but when combined with Deep SSL Inspection, a Web Proxy can inspect all traffic leaving the organisation and track known suspicious or malicious content and sites.
  5. Implement EDR. Next Generation anti-virus/anti-malware technologies with an Endpoint Detection and Response (EDR) service overlay can detect threats in your networking environment and respond to them appropriately, automatically, and ideally with a human interaction when required.
  6. Implement Microsoft Conditional Access Security Defaults. Conditional Access policies allow IT admins to create conditions before events, such as authentication, can be accepted. This could include enforcing MFA when logging into any Azure integrated Cloud App, including Office 365, to block sign-ins from untrusted locations or from unknown devices.
  7. Implement Least Privilege. If an attacker manages to penetrate all these layers you can still limit the damage done. If the end user does not have local admin rights, then there’s a good chance that the attacker will not have these when they compromise that machine. Another, possibly even more important, step is admin account separation

None of these controls are particularly new. They are in essence good practice and should be implemented as a base standard in all sizes of IT estate. The majority shouldn’t even cost significantly to implement if anything.

Find out how QuoStar can help to evaluate your IT security and safeguard your enterprise from attacks with a complimentary consultation with a member of our security team.

 

Cloud adoption: Understanding and avoiding the challenges

Posted on by Robert Rutherford

Cloud adoption

 

QuoStar’s Rob Rutherford shares a few helpful hints and tips.

Certain issues can arise around cloud adoption. However the risks can be mitigated when you know what to look out for.

 

The increasing popularity of cloud services and software.

There’s been a huge move onto the cloud recently, particularly around providers such as Microsoft’s Azure and the Modern Workplace stack. Microsoft Azure has, for example, reported growth of 51% in Q4 of 2021. This is a huge leap as businesses look to the cloud to improve their hybrid working environments and security.

Many organisations already on the cloud have been transitioning into a public-private hybrid model, or between two public providers to get the right workloads onto the platform to balance performance, security, and cost.

Inter-cloud high-availability and Disaster Recovery environments are areas where we’ve also seen a lot of interest, in order to protect cloud platforms from the failure of one provider or environment. In the longer term – considering state-sponsored attacks and skirmishes will likely become more prevalent in the future – we can expect to see businesses relying more and more on those types of inter-related environments to ensure a greater level of protection.

 

Cloud adoption: the challenges and barriers.

IT used to be solely seen as a supporting element of the business. One of the main challenges to cloud adoption now lies in the fact that many organisations have built up a technical debt over the last five years. They are trying to transform their businesses rapidly to catch up with the digitalisation of their sector.

Without a true grasp on how to deliver transformation strategies, many businesses have not been undertaking business focused requirements, analysis or mapping projects into a clear roadmap. Instead, they’ve tried working things out themselves. Often this can hold organisations back as they struggle with interoperability and performance issues.

A significant challenge in the actual process of migrating to the cloud is finding a reputable and experienced partner to assist in the cloud transition journey. Unfortunately, on the one side, a lot of cloud providers simply focus on getting the deal signed, and not necessarily on delivery. On the other side, many buyers are too focused on flat costs. Buyers may end up choosing those providers who appear to be the cheapest on paper. As a consultancy, we’re then often brought in to unpick a situation that has been created by rushing through deals.

 

Balance between cost efficiency and performance.

Preparation is key to any migration. It’s essential that an organisation doesn’t simply take the word of a salesperson on how long a migration is going to take, how much it’s going to cost in the first instance, and then on an ongoing basis.

All too often migration projects need to be pulled back on track. Performance issues might need to be addressed in an environment (ideally without a price increase from a customer’s point of view). Which can be hard – if not impossible. Quite frequently the ROI stated in a cloud provider’s proposal falls away as the realities of a complex workload bloom. This is where an organisation has signed an order and gone through significant (and often horrendous) migration, only to be left with a screaming user base and/or customers. The pain they’ve incurred often means they make drastic decisions. Such as wiping out ROIs, increasing the security risk profile or getting into further contractual obligations.

Most cloud providers will give an organisation some form of free trial on a workload. The larger the workload the more complex this gets; however commercial deals can be made.

It’s critical that organisations do their due diligence and build in contractual obligations. This will help to ensure the supplier delivers the desired outcome they expect. It may even be advisable to bring in external consultants, and/or lawyers to take some accountability for the project delivery. Especially when looking at large scale migrations.

 

Avoiding performance issues during cloud migration.

It’s always a good idea to over-resource when undertaking initial migrations. A large percentage of environments take up more resource, especially in the early stages of a heavy migration.

One of the biggest areas people typically under-resource is disk speed, in terms of IOPS (Input/Output operations Per Second). Too many organisations throw memory (RAM) and processor power at an underperforming environment. While it’s the disk speed that is the bottle neck. This isn’t a new cloud-related issue. However, too many IT teams spend time chasing their tales when the speed issues are in fact related to disk IO. Often many cloud provider support teams don’t seem to understand this in the lower support tiers, so be aware.

It’s worth being careful if you are paying for disk IO and/or network ingress or egress traffic. This is often where cloud costs start to spiral away from the original quotes first agreed upon. The public cloud often appears cheaper than private platforms when you go light on these costs. It’s worth checking these beforehand. It’s important testing your environment under load or having the cloud supplier make some guarantees around costs.

 

If you’d like some advice on cloud adoption get in touch with our experts today.