FAQ • TMC (TallyMarks Consulting)

Cloud

What is a Cloud server?

Cloud servers are available through a cloud computing platform over the Internet. This service is provided by Cloud Service Providers who enable the renting of virtual servers and follows an Infrastructure as a Service (IaaS) model. The virtual servers can be accessed remotely and provides the same abilities of an on-premise server. The size and number of servers available helps in storing and processing large volumes of information. It also enables the automated services on demand through a Cloud API (Application Programming Interface). Cloud servers can be rented on monthly or pay-as-you-go options.

What are the benefits of using the Cloud?

Moving to the Cloud has several advantages besides being cost efficient. It is extremely reliable due to the number of servers that ensure continuous availability and helps against failures with quick uptime along with strong disaster recovery readiness. Customers needs vary for resource usage as well as during peak and off-peak business requirements. The Cloud offers scalability as well as flexibility for resource management and usage. Security is strengthened within a Hosted Cloud as Cloud Service Providers have the infrastructure as well as skills to tackle the advanced security requirements in today’s IT environment, and also supporting compliance needs. It also provisions for mobility with inter-connected devices and helps employees work while on the move.

How to choose a Cloud Services Provider?

It is important to choose a Cloud Service Provider that meets with the business objectives while moving to the Cloud. Clients need to evaluate the choices available and focus on a few key points when contracting their services. Data and information is paramount and therefore the security provided must play a significant role. Strong Service Level Agreements must be created to ensure that the terms and conditions are followed and provides guidelines for task and responsibilities for both parties. Another important factor is the support that is provided and should preferably be a 24X7 service offering.

How to choose a Cloud Services Provider?

Cyber Security and Cyber Defense Center

What is Cyber Security?

Information and data are vital to the functioning of any organization. However, they are also the most susceptible to cyber attacks for various reasons. Cyber security focuses on protecting the networks, software and the system from accidents and attackers who are now becoming more persistent and innovative in the approach. What is involved is a combination of technology, processes and controls that develop cyber security practices that help build on data confidentiality and ensures the continuous availability of information to conduct business. It is therefore critical for organizations to have a strong security foundation with focused strategies to protect against and mitigate cyber attacks.

Why is it important to have Cyber Security?

Cyber security is not the sole requirement of businesses and governments, it is also important for individuals who are now constantly living in a connected world through their computers, mobile phones and tablets. With huge global losses due to cyber crimes, it needs to be positioned as a critical requirement with adequate financial and technical support to ensure the assessment of security capabilities and business continuity as well as to strengthen company reputation. One must understand that security is not just the responsibility of and IT security team alone, but it is a collective effort of the whole organization and network of people using the system.

What is a Cyber Security attack?

The deliberate use of tactics to attack computers, networks, mobile devices, etc. via another computer are classified as cyber attacks. Cyber attackers use malicious codes to compromise the data and are carried out for various reasons including, data theft and extortion by using malware or malicious software, phishing to gain passwords or even DDoS which is a distributed denial of service by flooding a system with data which cripples the network or devices thereby stopping access. However, there is a whole new sector that focuses on cyber security which helps to prevent and protect organizations with hardware and software and can be further simplified by having the option of outsourcing the cyber security needs through a Managed Security Services Provider.

What is a Security Operations Center?

A Security Operations Centre (SOC) is a 24/7/365 facility of hardware, software and a dedicated IT security team that uses tools to enable prevention, detection, analysis and response to cybersecurity threats and incidents in real time. The primary function is to be aware of the events that are taking place within the systems and networks. Essentially it lays the groundwork for balancing network availability along with security. It processes the flow of information between these two functions. In today’s world, there are increasing amounts of regulations and compliance that organizations need to fulfill which SOCs address as well as assess.

In-house VS Outsource SOC

Building an in-house Security Operations Centre (SOC) is a time consuming and costly effort. The scale of requirements by some organizations drives many large as well as small organizations to opt for effective outsourcing of their Security Operations Centre needs. While there can be large numbers of security alerts, only specialists that are also expensive to hire, can provide the right investigations especially in cases where alerts can go unseen. Also, the pace at which technology is advancing also plays a very important part in working with an outsourced SOC as they tackle the high cost, maintenance and upgrades as well as 24/7 coverage of an organizations Security assets.

Data Center

What is a Data Center?

A data center is an isolated and secure operations room, with an independent power supply, precision air flow and cooling, high bandwidth connectivity, physical racks for stacking compute resources including servers and storage, and an operations control room. Of importance is the level of investment put into making the equipment reliable and available and the extent of redundancy across all the support equipment. A commercial data center typically houses both its own compute resources and the compute resources of its various customers and partners.

What does a Data Center consist of?

The components of any data center are decided on the rigorousness of the what-if scenarios it is meant to cover, as well as the scope of its operations. Scalability to grow and modularity to add equipment are key aspects around the build-up of any data center. Floor spaces for wiring, floor design, server racks, power equipment, stand-by power supply, air circulation, cooling, network connectivity, access security, perimeter security, fire safety, sprinklers geographical location, are all determined by the commercial model that the data center is expected to fulfill within the period of investment. Another key element is the criteria of availability, redundancy or robustness that the data center is expected to meet.

What is a T3 Data Center?

The Uptime Institute has created a Tier 1 to 4 classification system of data centers to demonstrate their ability to meet certain standards of operational reliability, also known as uptime. Tier 1, is the entry level classification of a data center. Each subsequent Tier adds additional redundancy requirements to the previous one, reaching Tier-4, the highest level of a fault tolerant data center. A Tier-1 data center requires space for IT systems, uninterruptible power supply, continuously working cooling equipment, and a power generator. A Tier-2 data center requires redundancy added to power and cooling systems, ensuring that some level of maintenance can take place without disrupting system operations. A Tier-3 data center has completely redundant power and cooling systems to ensure that all operations of the data center can be scheduled for maintenance without disrupting the IT operations.

What are the benefits of hosting with a local Data Center provider?

Working with an In-country Data Centre service provider gives the advantages of having a common base of legislation and compliance requirement, applicable to both sides, at the same time. Both parties would be able to abide by the same rules and regulations as a normal practice without having to make any special adjustments for each other. Access to the In-country service provider, within the same country, would benefit through lower latency times and faster access.

Disaster Recovery and Business Continuity

What is RTO and RPO?

RTO or Recovery Time Objective is the duration of time within which a business process must be restored, after the initiation of a disruption. This duration of time applies to the overall business process and not the various resources that support the business process. RPO or Recovery Point Objective is the maximum amount of time that data can be lost between multiple backup and recovery systems. In other words, multiple data systems may not be able to synchronize with each other within the RPO period of time but must have 100% data integrity outside the RPO time duration.

What should be included in a Disaster Recovery plan?

A Disaster Recovery Plan (DRP) is a tabulated, organized and methodical approach with detailed instructions and preconceived responses to mediate accidental and unexpected disruptions. It is a comprehensive plan that includes anticipatory precautions, refined and scenario based reactions, reserve resources and redundancies so that the impact of a disaster can be contained and the enterprise can sustain essential operations as well as resume critical functions rapidly and with something approaching relative ease.

What is a Disaster Recovery site? What is a hot site and cold site?

A site that is geographically removed from the parent site and has a basic framework to take over and run IT operations including network connectivity, power, cooling, physical security, and basic IT systems, can be categorized as Disaster Recovery site. Based on the level of IT preparedness, such Disaster Recovery sites can be classified as hot, warm and cold sites. Hot sites are real-time replications of their parent sites, while cold sites need to be activated and prepared to reach operational status. A warm site is a compromise between the hot and cold. These sites have established hardware and connectivity, although on a smaller scale than the original production site or even a hot site.

What are the benefits of hosting with a local Data Center provider?

Why do you need a Disaster Recovery plan?

Today, organizations need to plan for the possibility of unplanned but significant business interruptions caused by natural calamities or man made disasters. Linked to this is their ability to recover and keep business operations running as usual. With every business becoming increasingly a technology business, ensuring that IT systems can match the availability requirements of global business operations, is now becoming critical.

What is system uptime and downtime?

Uptime is the duration of time that a system has been working and available in a reliable operating manner. It is an indication of the stability and reliability of the operating system, and compute infrastructure. Downtime is the duration of time that a system is not available because it has suffered an unplanned outage or has been shut down as planned maintenance. System uptime and downtime are the inverse of each other. A system that has a high uptime will have a low downtime and the other way as well.

What are Business Continuity seats?

What happens if one, or all of a company’s office locations become inaccessible? Or if travel to an office location is inaccessible? Are key employees prepared to work from home at short notice? Relocating people and operations is a very important aspect for a business to get up and running again after a disruption. Third party Business Continuity seats offer a great solution. They provide ready to move in office space at a secure location. This gives companies a place for their employees to work, even during a disaster.

Managed Security

What is Managed Security?

Cyber security is definitely one of the most critical requirements especially at a time when threat incidence is increasing rapidly. The hardware, software and skills requirements to control security are extremely expensive and specialized. The function of outsourcing of these needs is known as Managed Security. This can be delivered either at the customer premise or they can avail of remote managed security services. Dedicated managed service partners help in providing the immediate as well as long term customer needs with on-going threat detection, monitoring and maintaining the health of the information and data. Additionally, Managed Security Providers have a methodical approach to future planning of security needs.

What does a Managed Security Services Provider do?

The current cyber security ecosystem has seen a spike in the use of Managed Security Service Providers (MSSPs). They offer options for customers to choose from specialized security services or tackle the complete security management services. MSSPs undertake round the clock threat monitoring and intrusion detection, emergency incident response, and they have the best in class processes and procedures for data protection. They also conduct security audits and offer regulatory compliance and thereby protect and manage the information system security. MSSP services are provided on a 24/7/365 basis and help in maintaining a high security posture.

What are common security risks?

Some of the most basic risks involved in the opportunity for cyber attackers to penetrate and cause damage include the absence of employee education in the security risks that come with computer viruses which can be opened unintentionally or by following best security practices. This can cause serious problems and cripple daily operations. The failure to update software and ensure ongoing security patches is yet another cause for concern. Relying on a single security procedure and not layering security can cause damage across any part of the IT ecosystem. And not gaining visibility into the data provides little or no help in analyzing the system which can provide early detection as well as incident response capabilities.

What is a SIEM?

Security Information and Event Management (SIEM) is a method that combines Security Information Management (SIM) along with Security Event Management (SEM). At its core, this system is a process of collecting information from across the networks, devices, servers, then analyzes and reports on data information. It simultaneously also provides real time threat monitoring and incident response. Any movement away from the standard behavior immediately calls for remediate actions to control and stop any intrusions.

What is Real Time Threat Monitoring?

The complexity, severity and frequency at which company data is prone to security attacks has only been increasing. To remain protected, organizations have to invest in the time-consuming process which also requires very specialized skills to manage the network security. Real Time Threat Monitoring provides the ability to monitor and manage data with visual insight in the application, web logs, etc. When done in tandem with SIEM, it provides proactive early detection and warnings.

Managed Services

What are Managed Services?

Managed Services in the IT ecosystem typically entails the remote or onsite services that Managed Service Providers render to tackle an organizations’ IT infrastructure needs. This outsourced model is now gaining traction and witnessing an upward trend within the enterprise, small and medium as well as government sectors.

The increasing use of Cloud services now broadens the Managed Services portfolio which can be broken up into several compartments including Monitoring, Managed Hosting Solutions, Managed Security, Managed Disaster Recovery, Storage & Back-up, Server & Application Management, etc. While they can be outsourced individually, they can also be clubbed together to address various customer pain points.

What is a Managed Services Provider?

Technology is moving at a fast pace with advancements also taking place at an equal level. Many organizations are not equipped internally, both from a skill-set as well as up-to-date hardware and software requirements. This is paving the way for most companies to contract some of the IT needs to a dedicated Managed Services Provider to look into the day to day aspects of their IT infrastructure on a 24/7 basis.

Mostly contracted in a ‘pay-as-you-go’ OPEX model and tight Service Level Agreements (SLAs), it tackles the predictable costs and helps organizations reap the benefits of cost reduction in terms of human capacity as well as technology investments. The expertise, adherence to compliance requirements, best-in-class technology, minimized downtime provided to Managed Service customers offers higher efficiencies to accomplish improved business processes and enables future business growth.

What is the purpose of a Service Level Agreement?

Based on objectives that need to be attained, Service Level Agreements (SLAs) are signed between two parties and clearly identifies and specifies the level of service that is receivable by a customer from the IT service provider/IT vendor. What is important is that an SLA sets an overall framework that helps measure the level of services provided to the customer and is critical for the working relationship. A key part of An SLA includes details of the duties and responsibilities of the signing parties while also putting in place remedial measures in case of non-performance by either party.

Private Cloud

What is Private Cloud?

A Private Cloud is a computing environment which is available to a single organization in a virtualized manner. This can be either implemented internally or can be hosted externally by a Cloud Services Provider. What is important is that the user has complete control and has the advantage of higher security. This model also provides the flexibility of customizing the environment to build a Virtual Data Centre to suit individual customers’ needs. Businesses can have fluctuating demand for Cloud services and the Private Cloud helps in adapting the resources to meet the demand at a very high speed.

What is Hybrid Cloud model?

Many businesses such as Media, Finance, Healthcare, etc., have large computing requirements, and more importantly have the need to protect sensitive data. In such cases there is a stream in Cloud Computing known as Hybrid Cloud wherein a combination of a Private Cloud either on premise or provided by a third party and Public Cloud Services are utilized. While each of these Cloud services operates independently, they are connected in an encrypted manner which allows the flow of data and applications. Conventionally sensitive data is stored on a protected Private Cloud while the applications that run this data are within the Public Cloud.

What are the benefits of Private Cloud?

The control that Private Cloud provides across application management as well as costs have a significant impact on business performance. One of the most important advantage is that security is primary and assured on-premise or when outsourced to a managed services provider. With individual needs and demand variations, it strengthens flexibility and customization to suit on-going as well as future growth initiatives. Given that this model is more likely to be used by business sectors that have to comply with regulations, these organizations using the Private Cloud can be in total control of the situation to ensure compliance within the Corporate Governance Framework.

What is a Hosted Private Cloud?

Managing Private Cloud internally can be a complex process and taxing on the IT teams as well as budgets. Organizations then turn to Managed Cloud Service Providers to host their Private Cloud. What it entails is a single non-shared tenancy while using the service providers data centres and resources. Hosted Private Cloud Providers are in a position to offer a range of services including managing, maintaining and monitoring options. Most providers are equipped with advanced technology that helps to improve business performance and are capable of rapid deployment while also allowing the flexibility of a pay-as-you-go model.