Businesses are investing more than ever in the digital infrastructure necessary to stay competitive in an increasingly dynamic, fast-paced economic landscape. From server and compute resources to network architecture and cybersecurity defenses, these investments will differ from one team to the next based on industry, budget, and company goals.
Regardless of which resources you choose to implement, it’s crucial that you understand what digital infrastructure investments will be right for your needs.
The scope of this digital transformation is considerable. According to Cisco, 94% of workloads and compute instances will be processed in the cloud by 2021. This means that businesses currently looking to invest in their digital infrastructure are doing so at a moment when everything from data center organization to remote access protocols is rapidly changing.
Given this evolving IT landscape, one of the most critical decisions that businesses will make is determining whether a physical server, virtual server, or some combination of the two is best suited for your needs. While physical servers represent the tried-and-true, powerful data center deployment of the past, virtual servers offer businesses a cloud-oriented, innovative—and often managed—service for the future.
At the same time, the decision isn’t a clear-cut one. Many organizations today opt for a hybrid approach of physical and virtual machines depending on the type of information they handle, their business continuity and disaster recovery plans, and any regulatory compliance mandates they may face. While some businesses may want to invest wholly in one solution, it’s clear that the physical server vs. virtual server debate isn’t black and white.
Ultimately, you’ll need a server deployment that will best benefit your business. Figuring out what that means will take time, a careful review of your existing digital infrastructure, and an understanding of your growth goals. However, by familiarizing yourself with the ins and outs of the virtual server vs. physical server conversation— it’s possible to understand which option will be best for your business.
You can generally define a physical server as a typical computer. While they’re larger than what you might think of when imagining a desktop computer, they function in much the same way—albeit on a business-grade scale. Physical servers are powerful computers—usually stored in a data center for business-use cases—that run operating systems and applications off of their internal hardware resources. These resources include RAM, CPUs, HDDs or SSDs, network connectivity assets, and more, all of which support physical servers’ robust performance.
To run applications on a physical server, businesses need to install an operating system onto the server hardware. This enables them to run applications and programs that draw directly on the power of that physical server’s hardware. This setup means that each physical server is only capable of serving a single business, as the resources of physical servers cannot be distributed among different digital tenants.
For businesses considering whether to invest in physical servers, there are a few key advantages. First and foremost, physical servers do offer superior performance to virtual servers. Because virtual servers are, in a way, detached from the hardware they run off of—something we’ll dig into momentarily—there’s always the chance that bottlenecks will form. Teams using physical servers won’t run into the same problem because applications and programs operated from a physical server run directly from the server’s onboard hardware.
Additionally, physical servers offer teams around-the-clock access and immediate control over their computing resources. While this might not be at the top of some customers’ wish lists, it may be essential for teams with certain mission-critical business operations that need to be managed onsite. This level of access can also be a plus for companies that handle carefully regulated information over which they’d prefer to exercise direct control.
However, there are some potential drawbacks to relying on physical servers that customers should consider. For starters, physical servers can prove expensive, both in the short term and long run. On top of the initial investment necessary to purchase servers, businesses will need to invest in ongoing maintenance, updates, and eventually, replacements due to hardware failure.
Finally, physical servers do present risks when it comes to business continuity and disaster recovery. Because they’re stored on-site, physical servers are likely to suffer from any outages or damage affecting the rest of a customer’s business. This will require that IT teams either repair the server or bring in new hardware, set up an operating system, install critical applications, and painstakingly restore information from previous backups.
A virtual server is a software-based environment that emulates the processes of an actual computer. While end users won’t be able to tell the difference between a properly set-up virtual server and a physical server, they’ll actually be interacting with a virtualization of the computing resources of a physical server. The same resources that support a physical server—RAM and CPUs, for example—all have software-based counterparts assigned to any given workload operating on a virtual server.
Virtual servers are set up with something called a hypervisor, which is a type of software or operating system that creates and runs virtual machines. Once installed, the hypervisor can be used to create virtual servers with their own virtual compute resources. Examples of popular hypervisors include VMware Workstation and Microsoft VirtualPC.
When set up in this manner, virtual servers allow businesses to more effectively distribute the resources of physical hardware to ongoing workloads. This is because virtual servers, unlike physical servers, can exist alongside one another in the same physical environment. While a physical server is a single-tenant platform with dedicated resources, a hypervisor can support multiple virtual servers, allowing multiple applications to run simultaneously and share physical hardware capacity amongst themselves.
In addition to more effective distribution of server resources, virtual servers offer businesses a number of benefits that make them an increasingly popular option in the IT world. For example, virtual servers are generally easier to manage. While some companies can opt to set up virtual servers on physical servers stored onsite, many businesses decide to work with colocation vendors that manage their virtual servers for them. This means that trained data center professionals are tasked with maintenance, updates, and general upkeep, saving businesses the trouble of even powering the utilities needed to keep servers running and cooled down.
This model also makes virtual servers highly scalable. When businesses with physical servers want to add greater capacity, they need to requisition new hardware and work with IT professionals to prepare said hardware for internal use. On the other hand, companies that have invested in virtual servers—especially those managed by a third-party—can easily add capacity and scale down when necessary.
Additionally, virtual servers can be a critical component of your business continuity and disaster recovery strategy. Whether businesses operate virtual servers onsite and use cloud-storage backup, or they work with a colocation provider removed enough from primary offices to be unaffected by natural disasters, virtual servers can help teams restore normal functions with minimal downtime.
Generally speaking, a virtual machine can be a virtual server, but it can also offer additional functionalities. While virtual servers are specifically created to provide compute resources for end users accessing programs and applications—thus acting as software versions of physical servers—virtual machines can have other capabilities too.
Indeed, virtualization simply refers to the process of setting up software-based representations of typical IT assets. While servers are certainly one such asset, virtualization can also apply to virtual storage and virtual networks. These last two iterations of virtualization offer businesses similar benefits as virtual servers, including the more efficient distribution of workloads, lower operating costs, and scalability.
In this way, a virtual machine can also refer to virtual storage or virtual network capabilities. With that said, you should know that when IT professionals refer to virtual machines they tend to be referring to virtual servers set up on hypervisors. More often than not, it’s safe to assume that virtual machines and virtual servers are considered one and the same.
Ultimately, the best server deployment will depend on your industry, budget, and your goals for the business—in addition to your current digital infrastructure. Whichever server configuration you decide to invest in, it’s critical that you consider how to protect the information that those servers process. Whether businesses opt for colocated virtual servers or cloud-based backups from onsite physical servers, it’s in everyone’s best interest to be prepared for the worst.
If you’re interested in learning more about business continuity and disaster recovery with your servers, contact a Zinia IT consultant to see how you can protect crucial business information and plan ahead for disasters. We offer a streamlined approach to server backups that consolidates the information you need, saves it quickly, and restores it rapidly.
Over the past decade, the rise of bring-your-own-device (BYOD) policies has led to a proliferation of mobile devices like laptops, smartphones, and tablets being used for business purposes. These devices are referred to as endpoints, but you may not have a plan in place to deal with endpoint security. Because these mobile devices pose a particular risk to business networks, it’s more necessary now than ever for companies to make endpoint management and monitoring an essential part of network strategy.
As hardware devices that work over the TCP/IP network, endpoints come with all of the security risks of typical workstations plus their own unique vulnerabilities. Whether the endpoints are personal devices or provided by the business, they rarely meet best-practice security standards.
When employees and authorized outsiders (like partners, consultants, and clients) use such devices to connect to the network, it can open the door to the loss of sensitive data. To counter this, experts recommend a robust approach to endpoint security on business networks.
Endpoints are a major consideration in cybersecurity for today’s businesses because they tend to be poorly managed and almost always pose security risks. Endpoints are a unique challenge and companies need to implement more effective strategies to protect their data.
To put it simply, endpoint security management is an issue because laptops and other wireless devices serve as potential entry points to the network, but are typically not equipped with adequate security measures. They tend to be exposed to more risks than a regular workstation, but face lower IT standards due to their nature as mobile, temporarily connected devices.
This makes endpoints appealing to hackers as easy targets for many types of malware. If these devices have full access to the internal network, it’s all too easy for threats to spread throughout the business. In addition, because they are mobile, it’s possible that the devices—and the data they have access to—could easily fall into the wrong hands.
Ensuring endpoint security and adequate network protection includes:
Patches and updates: It can be difficult to enforce software updates across the network, let alone enforce updates on endpoints. There must be a process in place to ensure that endpoint users aren’t using insecure or out-of-date versions of applications. You can also consider whitelisting certain applications and not others.
Device policies: Policies are coded rules that allow you to specify and control how endpoints connect to the network. These policies will ideally be standard for mobile devices across the network, and endpoints must prove compliance before they are granted network access.
Access and control: Network access control is a crucial method for protecting your network and helping ensure no unauthorized devices are given access. This can mean that users must enter a username and password to gain entry. You can also restrict access to network data, control user behavior (by blocking USB use or file access, for instance), and implement specific anti-threat initiatives like antivirus software. This is especially important for managing guest devices.
Threat detection: There are a number of reasons to check endpoints for threats. Most importantly, you want to make sure threats don’t spread from these devices to your internal network. But endpoints are also rich sources of threat data you can use to improve network protection more generally.
The term endpoint detection was coined by Anton Chuvakin of Gartner, who in 2013 decided that “endpoint threat detection and response,” otherwise known as endpoint detection and response or EDR, was an appropriate name for the emerging problem of detecting suspicious activities on endpoints. Since then, EDR has become a popular concept for professionals seeking to protect networks and minimize the risk that endpoints continue to pose.
The purpose of EDR is to gain insights into the threats that could occur or have already occurred. That allows a company to take appropriate measures to prevent attacks or mitigate harm. Of course, this requires high-quality monitoring of endpoint systems and how they are used. But to effectively protect your network, simply looking for endpoint threats is not enough.
The additional capabilities you need for effective endpoint detection include:
Preventative measures: Because endpoints are so vulnerable, it isn’t advisable to simply wait until a threat occurs. With endpoints, it’s important to implement as many proactive measures as possible.
Mobile compatibility: Mobile devices spend more time offline. This means you’ll need to consider how to deal with threat detection or manage the device even when you don’t currently have direct access to the device.
Automatic protection: With the right policies in place, endpoint systems should be able to automatically neutralize many threats without intervention.
Alerting: Of course, you can’t be expected to manually scan through your entire endpoint inventory. Automatic alerts are a necessity if you hope to stay on top of potential threats for the dozens of endpoints your business may use.
Recovery and quarantine: If a threat is detected on an endpoint, your first round of defense may simply be to disconnect the device. You’ll then need to dig into the device itself and figure out what happened, but this “quarantining” allows you to minimize the extent of the threat.
Endpoint visibility means having meaningful insight into all managed devices. You are already collecting data across challenging environments like cloud platforms and virtual machines, but it’s also important to collect data from endpoints like mobile phones and laptops. By gathering and centralizing the right kind of data about individual endpoints, you can quickly answer key visibility questions that help ensure overall network security.
Essentially, endpoint monitoring is about tracking activity and risks on all the mobile devices that join your network. The term describes the ongoing, continuous process of managing a dynamic array of endpoints on a business network. For that, you need endpoint visibility and access, as well as the ability to detect (and automatically address) threats. Information can be gathered in a central database to help ensure further analysis, comparison, reporting, and alerting.
In order to effectively monitor endpoint agents, you typically need automated software. It’s difficult to manually enforce policies and security standards across even a small number of mobile devices. To truly protect your network, it’s smart to consider using endpoint management tools. Using an automated tool is an effective way to protect the network and any sensitive data from the many risks that endpoints pose.
With the right software tools for endpoint management and monitoring, protecting your network doesn’t have to be a headache.
From the perimeter/ firewalls, the internal network to the Internet, is your business protected?
South Africa has the third highest number of cybercrime victims worldwide and according to the SA Banking Risk Information Centre (SABRIC), South Africans are losing about R2.2 billion a year to cyberattacks. In a new survey from PwC, SA is ranked as the second most targeted country in the world for cyberattacks.
A cyberattack is defined as when a computer system, network or internet-enabled device or application is attacked. The goal of attackers is to expose, alter, disable, steal or gain access to, or make unauthorized use of data, devices and information-related assets.
Cyberattacks today range from installing spyware on a personal device; to malicious code known as malware that is distributed through spam email campaigns or phishing campaigns; to widespread outbreaks like the WannaCry ransomware attack of 2017. And they are increasingly becoming more sophisticated and more dangerous.
Company executives recognise that cyber security is one of the top business risks and are tightening up their security infrastructure. Individuals are becoming victims of identity theft, fraud and virus attack because they are not as vigilant as the corporate world. And the victim list is burgeoning – cyber criminals are targeting government agencies, public infrastructure and medical facilities worldwide.
In May 2017, Check Point products found more than 17 million attacks each week. The impact of these attacks could be catastrophic…they may even destroy our planet: a new report by the US Government Accountability Office found mission-critical vulnerabilities in nearly all weapon systems under development from 2012 to 2017, making them vulnerable to cyberattack. The idea often portrayed in movies, that military weapons could be “intercepted” and used against nations, does not seem so far-fetched today.
Accusations have been levelled at North Korea (for WannaCry), and Russia (for NotPetya) as the dark forces behind global ransomware attacks, while this may or may not be true, it is clear that the cyber “wars” are being battled out right here, right now and your business could be the next target. That is why Internet Service Providers (ISPs), like Zinia are bolstering their security skills and selecting best-of-breed products for their clients.
Connectedness a double-edged sword
As our world expands into the Information age, the proliferation of devices and platforms which connect to the Internet are also exactly what makes us vulnerable to attack. The sheer number of connected devices that upload data and/or communicate with machine to machine every day is astounding. Research from Business Insider predicts that more than 24 billion Internet-connected devices will be installed around the world by 2020. Our ability to share, collaborate and do business with anyone around the world, anywhere and at any time, carries with it an inherent security risk. And the more technology devices and applications that arise, the greater the risk.
Types of cyberattack threats to business
A traditional threat usually involves a direct approach which is malicious and where the website link is the active threat. For example, a user is on a website and clicks a link which takes them to another “site”. Many non-legitimate sites such as porn or torrent sites have this type of threat lurking in the shadows. Legitimate websites can also pose a threat if they are vulnerable to being “hi-jacked” drawing a user’s attention to install an app or download something for free. These adverts are usually too good to be true which makes them irresistible to most people.
On the email side, traditional threats contain embedded macros that are inserted into attachments such as word, excel or ppt files. Threats can also be embedded on an email signature, where the malicious URL link is tagged onto the image.
Attackers are now more sophisticated
The threat that companies now face are via targeted attacks. With a targeted attack the active threat is further down line. Cyber criminals know who the company is – they are visible and on their radar. What they do is assess the organization to seek out vulnerabilities in their security – from the website, email, servers, network, mobility, software, VPN and so on. They have one purpose in mind and that is to exploit information for cash such as ransoming, selling, leaking or using data for financial fraud.
These threats are known as an indirect or passive approach: they seek out vulnerabilities in your IT security first, get what they need and then attack. For example, by gaining user permissions such as admin rights, the criminals can take over your servers and bring your entire network down.
Another strategy that cyber attackers use today is known as , where attackers trick individuals into clicking a malicious link or entering their passwords and login details on a fake page. The idea behind social engineering is to get the recipient to perceive the incoming communication as legitimate so that they subconsciously accept it without question. These hackers are taking advantage of human nature and engineer the communication so that the recipient does NOT see any red flags.
A brute force attack is where the cyber criminals use trial and error to decode encrypted data and take control of an organisation’s servers. Today these attacks are mostly about stealing information, however cyber criminals are “for hire”, so they could have a more sinister agenda such as to force systems offline, do reputational damage or conduct espionage.
Distributed Denial of Service (DDoS)
DDoS attacks involve overwhelming an online service with excessive traffic from many locations and sources. The aim is to slow the website down and prevent access. These attacks often are a diversionary tactic while other types of fraud or cyber intrusion is attempted by the criminals.
Removable media / flash drives
Removable media can hold a lot of data which may be sensitive or confidential. These devices could be lost, stolen or infected with malware – all of which pose a threat to your company. The impact could be massive, whether it is reputational damage, financial penalties or legal impacts.
Unauthorised use of your company’s system privileges
A cyber security threat that is often ignored is one coming from inside your company. Your own employees, who have privileged access to key systems, are in the best position to steal sensitive information. The biggest risk is from individuals who are working with valuable data and critical system configuration files daily including; systems administrators, network engineers, database administrators, security engineers and executive-level employees. Because these individuals have high privileges they can perform malicious actions such as; stealing data which they can profit from or leak online, creating backdoors to exploit the system, or compromising your systems entirely by bringing them down.
Malware – the weapon of choice for targeted attacks
Malware is malicious code or software that is introduced into a computer, server or network with the objective of infiltrating a company secretly and doing damage. The most common threat is to target employees who may open a malicious website, PDF document or infected flash drive, by doing this the malware gains entry into an employees’ PC and then the spreads through the infrastructure. This makes the entire network open to cyber criminals: by controlling one user on the network they are able to steal data or transfer money from corporate accounts.
Sam Sam is also a type of targeted Ransomware attack, except that access is gained to a computer on the network via a weakness in remote desktop protocols. The attack happens laterally across the company network; when as many devices as possible are infiltrated, only then does the trigger on the encryption process begin.
Since 2017, there hasn’t been an attack like WannaCry and Petya/NotPetya 2017, but what industry experts like Zinia do know is that Ransomware and other tools used by these criminals will keep evolving – as vendors develop ways to anticipate and block these threats, cyber criminals have already found another way to get through. Your best defense against Ransomware is a good backup and recovery strategy to enable your company to get back online and trading as quickly as possible.
A strategy cyber attackers use known as , preys on human nature and tricks individuals into clicking a malicious link or entering their passwords and login details on a fake web page.
The idea behind social engineering is to get the recipient to perceive the incoming communication as legitimate so that they subconsciously accept it without question. These hackers are taking advantage of human nature and engineer the communication so that the recipient does NOT notice any red flags.
Vishing (Voice Phishing) is where criminals use the telephone to gain access to personal and financial information for gain. It may also be used to gather more detailed information on the target. One example is, a person will phone saying they are from Microsoft and need remote access to a user’s computer. They will make it sound like they are conducting an audit so you have to comply. Once the attackers have been given the logins by the user, they now have total access to the individual computer, which they can mine for passwords, transfer viruses, conduct a ransomware attack, or even seek vulnerabilities into the individual’s work network.
Phishing is where cyber criminals attempt to retrieve sensitive information from a person by replicating electronic communication from a trusted company such as their bank. The attacker creates a fake website that looks exactly the same as the bank and sends an email to the customer of the bank to trick them into clicking on the URL. The customer is redirected to the fake website and prompted to enter confidential information. Usually it seems legitimate for example saying that there are security concerns and the bank wants to issue a new password. The criminals then use this bank information to make purchases.
Spoofing is when attackers use someone else’s email address in an attempt to imitate/impersonate the original owner of that email address – leading to various levels of malicious goals including financial fraud.
Besides the social engineering tactics above, cyber criminals have many attack tools to carry out a targeted attack to gain access to a computer or a network.
You should always strive to have the best products in place to adequately protect your environment. As security and threat management experts, Zinia recommends:
Traffic flow is the biggest risk area for a business; Zinia recommends companies view the threat flow as a compass. Vertical traffic (north-south) is network traffic that flows into and out of the network via the router/firewall (to and from the internet). Horizontal traffic (East-West) is network traffic that flows inside a network between devices. A combination of perimeter security and endpoint security usually works hand in hand to secure the compass.
Secure the vertical – Regularly update and test the perimeter of your network, that is any device connected with the outside world such as firewalls, switches and routers. For example, intelligent firewalls placed on the network can protect your company against DDoS attacks before traffic reaches the servers. If your business has a lot of remote workers, securing the remote access protocols is critical. A business-grade firewall which will provide increased protection against hacking, malware, spyware, viruses as well as block internal users from going to risky websites. In addition, these devices have to be checked and updated; when firmware or software is out of date your business is vulnerable.
Secure the horizontal – Make sure you have multilayer security for your internal LAN or network on your premises. This includes the ability to scan network traffic all the way to the end device (known as endpoint security) as well as removable media; updating security patches for software and hardware; Wifi security; user access permissions; policies including rules for personal devices. Application security, including mobile application security, is critical and must be reviewed for any vulnerabilities as attackers exploit these weaknesses, as was seen in the global WannaCry Ransomware attack of 2016.