使用远程劳动力，端点将生成大量数据，并且更多的IP将离开您的场所。知识产权（IP），财务数据和人员数据是要保护的重要数据集。你做什么工作？Clearly, it’s an open-ended question, but I want to lean in on this topic in the context of implementing security and protecting your data for continued operations in the midst of a crisis with nearly 100% remote workforce as we adjust to a rapidly evolving new normal for managing IT environments.
Enterprise Applications in the Cloud
在Quantum，每个员工都发出便携式计算机 - 基于Windows的笔记本电脑或MacBook，具体取决于用户的需求。我们还聘请了Microsoft 365等SaaS解决方案。这为我们提供了像Microsoft团队和在线交换机的合作工具，也可以在线或安装在笔记本电脑上。此外，我们的其他企业应用程序是基于SaaS的，这意味着它们可从互联网上的任何位置访问。Example: CRM (SalesForce.com)。Leveraging the public cloud in this scenario is a good cost-effective solution that enables a remote workforce effective and efficiently.
Protection – Encryption
你肯定听说过说:“安全第一。”在迪gital era the profile of this statement has never been more important than today. It begins with a secured foundation at the server level (normally at the core). If your foundation is weak the rest of your endpoints will probably resemble the same weak structure. Do not take the shortcut, when possible leverage solutions such as:
Data encryption at rest and in transit. In transit, web data should always be sent via https. Also look at the various encryption models: Client-side, Server-side with service-managed keys, Server-side with Customer-managed keys. Also consider using a Key Vault to securely store keys.
客户端加密is performed outside of Azure. It includes:
- Data that is already encrypted when it is received by Azure.
The three server-side encryption models offer different key management characteristics, which you can choose according to your requirements:
- 客户管理密钥: Gives you control over the keys, including Bring Your Own Keys (BYOK) support, or allows you to generate new ones.
- 服务管理密钥in customer-controlled hardware：使您可以在Microsoft控件之外管理专有存储库中的密钥。此特性称为主机您自己的密钥（Hyok）。但是，配置很复杂，大多数Azure服务不支持此模型。
IDC research shows that 93% of organizations have been attacked within the past three years（来源：https://dl.acronis.com/u/rc/WP_IDC_Acronis_Cyber_Protection_EN-US_200403.pdf).It is time to tighten up the integration of data protection, disaster recovery, and data security operations within the cybersecurity strategy and think about backups as part of your cybersecurity approach. Threats from ransomware and other malware are prevalent and there are plenty more threats engineered with AI capabilities to infiltrate your datacenter. Whatever cyber-security software or backup method you choose, (Flash, SSDs, HDD, Tape) or environment (physical, virtual, multi-cloud) or, the goal is to integrate what used to be silos and build a resilient IT operation.
Availability & Resiliency
As the threat to businesses continues, a large majority of organizations have turned to VDI to rapidly deploy virtual desktop infrastructures and release a mobile workforce that can be as productive as if they were in the office. Virtual desktop infrastructure (VDI) is defined as the hosting of desktop environments on a central server. In other words, it’s like having a structured office available on-demand allowing you the ability to access virtual data and applications and you are really just shifting the compute cost from the endpoint to the data center (if on premises) or the cloud. To us, this is a very cost-effective solution that helps keep the data centralized and off endpoints which are more susceptible to data loss. One of the cool things about VDI, is break/fix becomes a lot easier because you can quickly “spin up” a new desktop for a user if their current desktop becomes corrupt. Also makes things like patch management and OS updates easier as it is all centrally managed i.e. lower administrative overhead.
方程的一个重要部分是灵活性。Whatever strategy you chose that meets your organization’s business goals or in this case, an effective and secured remote workforce for business continuity (BC), your solution should be flexible to adjust as needed to meet the demands of current and future national or global events that can affect your datacenter. This current global crisis is a good example of how quickly organization learned if the were ahead of behind the curve. Technology by itself cannot meet the need alone, it needs a strategy built upon it to mitigate risks associated with ‘crisis’ type events and or simple business continuity.
在常规上备份数据从未如此重要。和勒索制造器获取更复杂的是，我们需要调整和构建IT环境，以期望（并且耐受）攻击 - 据我们所知，有一些菌株，没有可用的解密工具，因此您必须具有恢复数据的替代方法来恢复替代方法。让我们记得犯罪分子不再使用大规模运动，而是用于远程访问 - 远程桌面协议是最常用的入口向量。
In our new normal, we hope our insight provides some guidance to building, securing and protecting your data, your remote workforce, your network and helps you build solid business continuity plans… no matter what disaster comes your way. Check out our QonQ business continuity webinar这里。