Data Protection – Not Always a Slam Dunk

Published on April 4, 2013 in Layered Technologies and Security. 0 Comments
Posted by

It’s March Madness time, one of my favorite times of year. Maybe it’s playing college basketball brackets with friends and co-workers that has me thinking of infrastructure strategy in basketball terms. But anyway, it occurs to me that while backup and recovery isn’t sexy, it is critical — and not always a slam dunk.

In fact, dealing with backup windows, complex file systems, data encryption and compliance issues, and planning the solution to meet recovery point and recovery time objectives — well, doing all that is anything but a layup. In fact managing this area continually can really take you out of the game and away from what drives your business.

The ideal data protection backup and recovery service is something that’s worth defining. Here are the capabilities I think every business or enterprise should look for:

  • Backup service that is quick and reliable with minimal impact to client applications
  • Rapid recovery of files and entire systems, locally or to systems in an alternate datacenter, to minimize downtime or disruption
  • Secure transfer and storage of the backup data with strong encryption
  • Above all, real confidence in the people and platform protecting your data in the event of human error, malicious attack, system failures, or natural disaster

We recently refreshed our backup and recovery platform to offer faster backups, quicker recoveries, and options for offsite storage and recovery in a secure and compliant framework. Our objective is to make backup and recovery something you don’t think much about (unless you actually don’t have backups in place).

Peace of mind is a good thing. It’s also true that backup and recovery service of this caliber is vital in many cases:

  1. When you need a scalable, usage-based model without any need to procure or manage a dedicated system, or provision excess capacity. For an expanding company it means that your system can grow as much as you need, cost-effectively.
  2. To accommodate both file and system restores so you can recover from a variety of potential issues including system error, human error, malicious attack, or outage.
  3. To accommodate clustered systems so you can back up your most complex environments with ease.
  4. When you need to be prepared for both local and off-site recovery. We help you defend all your zones: you can make a quick file recovery to the local system, recover files and systems to off-site resources, or in a rare event like Hurricane Sandy, you can recover to an alternate site.
  5. For quick cold-site recovery. Clients can replicate their backup data to another Layered Tech data center so they have the option to recover either to standby systems or to on-demand cloud resources. The Layered Tech eBusiness Cloud Data Center Service and eBusiness Data Protect Service give you a low-cost way to be disaster tolerant.
  6. When you must provide an environment that is secure and aligned to compliance requirements. In such a situation, another copy of sensitive data may not be a good idea unless you know your data is secure! Our strong data encryption, robust access controls, and change management let you ensure that your data is secure and managed for compliance.

Here’s a data protection game plan: One, backup and recovery is not sexy but it is essential. Two, when selecting your service provider you need to choose one that provides the recovery scenarios (speed of recovery, recovery location, retention, security) your business requires. Three, the best offense is a strong defense.

We have your defense covered so you can get back to playing offense and driving your business without worrying if your data is protected.

Image Credit: Creative Commons

Kevin Van Mondfrans, VP of Product ManagementAbout the Author: As Vice President of Product Management at Layered Tech, Kevin Van Mondfrans (@VANMONDFRANS | +Kevin Van Mondfrans) is responsible for driving the Layered Tech portfolio of infrastructure as a service (IaaS) and managed service offerings. With more than 20 years of experience product development and marketing, Kevin has been delivering innovative computing, storage, cloud and service offering with companies such as HP, Dell, and Savvis.

Comparing Managed Service Providers – Full Service versus Service Ready

Published on February 14, 2013 in Compliant Hosting, PCI Compliance and Security. Closed
Posted by

Managed services and compliance as a service: Service SignOne component of selling Layered Tech’s managed services is dealing with the competitive comparison issue, as prospective clients attempt to determine which service provider is the best fit for their IT management needs. The need to compare Layered Tech to our competition is understandable, but the breadth of our available capabilities makes direct comparisons difficult.

The old and overused “Apples to Oranges” comes to mind, but only partially describes the situation. Layered Tech is most often compared to “hosting” companies because we have hosting capabilities, but to say we are simply a hosting company is grossly inaccurate. Layered Tech is a managed services company with hosting capabilities. We provide an entire IT service and security capability. Most competitors, while they claim to offer a total solution are actually providing “service ready” solutions where most of the service is delivered by the client.

Maybe a metaphor using the auto repair industry can help clarify our situation as it relates to comparison shopping.  Traditional hosting providers can be equated to a self-service auto shop where space, lifts, and tools are provided.  You can rent the shop by the hour and fix up your ride.  Layered Tech on the other hand, is a full service location with not only the space, but also expert mechanics ready to maintain and repair a wide range of issues.  The difference between the examples above is stark, but not readily apparent until further research reveals the true nature of the service being offered.

There are a small handful of managed security service providers that take on the specialized tasks for regulatory compliance, yet you will find many others claiming to do so. They all use the same language to describe what they provide, but many simply provide the tools in a “service ready” environment. Since most regulatory requirements include an audit or review component, any service provider that is not doing event review along with data collection will not meet the requirements. They will advertise a fully compliant service offering by assuming the client will spend the time necessary to cover the review they have failed to provide.  Just make sure you understand the gaps and how to fill them before your regulators tell you about them.

When Layered Tech states that a service we provide can meet a requirement, we mean that the service fully meets the requirement and that is demonstrated. The challenge is educating prospective clients on the difference when being compared to providers with less-developed ideas about services.

ed-welsh-75x75About the Author: As Director of Compliance and Security services, Ed Welsh maintains and guides a dedicated team in the delivery of Layered Tech’s compliance and audit services.  Ed’s 16 years in IT security includes network and web application security experience from positions in the Financial Industry, HRBlock, Fishnet Security, and independent contracting.  He holds a CISSP certification and has been successfully implementing PCI compliant hosting solutions for the last 5 years.

Cloud/GOV 2013 Conference – Embracing Innovation

Published on February 7, 2013 in Events and FISMA Compliance. Closed
Posted by

Cloud/Gov 2013 Conference: secure cloud and private cloudLayered Tech is excited that Microsoft will be a “Special Host Sponsor” for the DelTek GovWin – Cloud/Gov 2013 Conference.  Microsoft Federal CTO Susie Adams and Layered Tech President Brad Hokamp will be panelists featuring discussion on “When is a cloud business solution right for your agency?”  Larger agencies will be discussing when a move to the cloud is right and appropriate and what are the organizational concerns around moving to the cloud. There will be at least one Microsoft customer on the panel.  Additional topics will include our co-branded product “Microsoft Dynamics for Government Cloud– Hosted by Layered Tech,” and will include a discussion on the unique security features of deploying secure private FISMA compliant clouds for Microsoft Dynamics partner solutions and the public sector.  There will also be a deep dive on Layered Tech’s longstanding relationship with Microsoft and the LT Public Sector Incubation Center that Layered Tech runs for Microsoft with over 60 ISV (Independent Software Vendor) and SI (System Integrator) partners.

This is one of several events that Microsoft is funding to support the Dynamics for Government product launch.  You won’t want to miss it!

Opportunities continue to fill the pipeline based on the creation of this co-branded product with Microsoft and Layered Tech and in due time we do hope to be announcing deals closed together!  Our first one is on the horizon…

The Deltek Cloud/Gov 2013 event is taking place on February 12th, 2013 at the Washington DC Westin. In addition to Brad Hokamp’s panel discussion, Teri Erickson who leads our Microsoft partnership will be onsite to evangelize the Dynamics for Government offering.

Teri EricksonAbout the Author:  Teri Erickson is the Senior Director of Cloud Services, Public Sector at LT Government Solutions.  Teri’s 13 years of experience in IT include the last four years at NEW WORLD APPS (a recent LT acquisition) and prior experience as a founding member and sales director at Current Analysis.

Cloudbook Tells Our Story

Published on January 31, 2013 in Cloud Computing. Closed
Posted by

Layered Tech recently partnered with Cloudbook to tell our story and we were thrilled with the results.  The CEO of Cloudbook, Vince Vasquez, tells us about his vision below.

Two years ago when the first iPad launched, we seized the opportunity to build a new application to help businesses, like Layered Tech, tell their stories. As such, our storytelling software — based on lessons learned from producing films, documentaries and books — allows the consumer to read and watch a story, chapter by chapter via their iPad, iPhone or online. These stories are packaged in what our customers simply call their “Cloudbooks.”

Storytelling is one of the best ways to learn. In addition, research indicates some of us learn better by watching, some by reading and some by listening. Being able to deliver a story in all these ways on a tablet, built for delivering stories, is indeed game changing.

But that’s not all.  In the modern world we know it’s important for some people to watch the story on the subway in New York, another on a flight to China and yet another shares the story while in a cafe in Paris.  With that in mind, we’ve engineered our application to be deployed on a worldwide basis with all of the security, performance, and availability management features you’d expect of an enterprise application.

In short, Cloudbook has blended the ancient art of storytelling with modern technology, so whether you are selling managed cloud hosting or next generation pharmaceuticals, this is the most complete way to tell your story.

Click to learn what the Layered Tech Cloudbook can do for you!

Vince_Vasquez - CloudbookAbout the Author: Vince Vasquez is the CEO of Cloudbook and brings over 25 years of experience in high tech positions at companies such as Sun, HP and Cray Research. He has held a wide range of positions, including sales, marketing, business development, software development, and IC manufacturing. Most recently, Vince created and ran Sun’s Software-as-a-Service program, and assisted with business development in Sun’s Cloud efforts, both of which focused on delivering go-to-market success for customers and partners.

Hospital Data Breaches

Published on January 23, 2013 in Security. Closed
Posted by

Earlier this month, Lisa Vaas published an article on the Naked Security web site on the Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security funded by ID Experts.  Ms. Vaas did a good job of summarizing the most significant finding in the report, that of increase of data breaches over the past three years are due mainly to a lack of secure devices and staff negligence (see graph from report below).

Data Breach Graph

I strongly suggest that you download and read this report.  The Ponemon Institute always does a good job in these areas and if you are in healthcare, chances are you will see some trends similar to what happens in your organization in the report.

The takeaways here are that breaches are expensive, and it’s not just patient data.  Just look at the numbers in the report.

In my opinion, the saddest statistic is that most of the breaches were discovered in an audit.  One of the main reasons to conduct an audit is to demonstrate that these types of conditions do not exist.  Employee discovery follows in second place.  If an employee can discover it, an employee should be able to help prevent it.

Rather than try to scare you with FUD (Fear, Uncertainty and Doubt – see my blog post of January 3, 2013) – and there are plenty of items with which to scare you, I would like to see the community come together and share the ideas and practices that help protect data.  We always work with our clients to ensure that they have an environment that is both compliant and secure but it takes everyone working together.

If you have seen a healthcare provider in the U.S. during the past six months, you probably noticed the additional type of paperwork needed and, in fact, the move away from paper.  As healthcare related information transitions towards digitization, the opportunities for a breach increase unless we all take the necessary steps.

When you decide to host the data that you manage with a provider, demand that they secure the environment, demonstrate compliance and do it all with full transparency.  Anything short of that, sells everyone short.

I will be attending HIMSS Conference in New Orleans on March 3-7 in order to help bring all of us to the right place with healthcare data.  I hope to see you there!

Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.