backup Archives - Planet IT

Posts

Securing Tomorrow: Navigating Cybersecurity in 2024 (Amidst the Rise of Generative AI)

November 27, 2023/in ai, Cloud, data, datacentre, General, IT Security, Latest Tech, Security /by James Dell

As we plunge deeper into the digital era, the evolution of technology continues to shape the landscape of cybersecurity. 2023 has been a landmark year for the uptake and integration of Artificial Intelligence into our business, lives and technologies. However, now it’s time to look at cybersecurity in 2024

2024 will mark a significant milestone. The widespread adoption of generative AI technologies propelling us into uncharted territories. Not only are we learning about how to use these technologies and leverage them to make our business more effective and our work lives that little bit easier, but at the same time we are trying to understand how this technology should be legislated, managed and secured. While these advancements bring unprecedented opportunities, they also usher in new challenges. Especially with the escalating risks posed by malicious actors utilising AI to launch smarter, more efficient cyber-attacks. In this article, we delve into the future of cybersecurity and explore crucial measures businesses should undertake to fortify their defences against AI-driven threats.

2023 has been a year of seismic change in the IT landscape. Most of this initial change has been driven in part by the wave of generative AI products that have come to the market. Starting with the introduction of ChatGPT from OpenAI and then the race to get GenAI into every business and every consumer as quickly as possible. This is not the only change that has dramatically affected the market but it is the starting point from which most of the other shifts have occurred.

Because of this, when looking at what 2024 looks like, we need to consider these rapid changes. We can’t just look at today’s landscape. We need to consider what is the risks of the following 12 months are going to look like

The Proliferation of Generative AI:

Generative AI technologies, fuelled by machine learning algorithms, have demonstrated remarkable capabilities in various domains, from content creation to problem-solving. However, with great power comes great responsibility (“Ben Parker – Spiderman (just before he dies [SPOLIERS]”), and in the realm of cybersecurity, the advent of generative AI presents a double-edged sword. While businesses and individuals can leverage GenAI to increase their productivity, remove manual tasks or understand complex situations, Cybercriminals are increasingly leveraging these technologies to automate and enhance the sophistication of their attacks.

AI-Driven Threats: A New Frontier:

The integration of generative AI in cyber attacks introduces a new level of complexity and efficiency. AI-driven threats can adapt in real-time, learning from defensive measures and continuously evolving to exploit vulnerabilities. From intelligent phishing schemes to adaptive malware, businesses now face a formidable adversary that can circumvent traditional security protocols with unprecedented agility. This enables bad actors to push RaaS (Ransomware as a Service) and enable less skilled individuals to trigger and deploy increasingly complex attacks on businesses with little to no knowledge of what the attack does or how it is written.

So how do we move forward? As a business what should you be doing to protect yourselves, your staff and your business from the wave of GenAI that isn’t hear to help you out? I have collated Five steps that I called the Business Imperatives for Cybersecurity in 2024:

Investing in AI-Powered Defence Systems:

To counter the rising tide of AI-driven threats, businesses must invest in cutting-edge, AI-powered defence systems. These systems should not only detect known patterns but also employ advanced machine learning algorithms to identify anomalous behaviour indicative of potential attacks. Your £10 a year subscription to a nearly free Antivirus or Antimalware platform is no longer enough, the companies who are not innovating in this space and failing behind and they are doing so quickly. In 2024, EDR/XDR – Endpoint Detection and Response or (X)Extended Detection and Response are now a minimum, for nearly all businesses from SME/SMB to Blue Chip a managed SoC (Security Operations Centre) or Managed Detection and Response (MDR) service is a must. The level of protection on your client devices has never been more important especially as the edge of the network dissolves and users and businesses embrace remote working.

Continuous Training and Skill Development

The human element remains crucial in the fight against cyber threats. Regular training and skill development programs are imperative to equip cybersecurity teams with the knowledge and expertise needed to combat evolving AI-driven attacks effectively.

When looking at what we do moving forward we have to start with the human aspect of protection “The Human Firewall” as I like to call it. Training your end users has and always will be the most critical line of defence a business has. Now I have said this before and I will undoubtedly say it again in one of these articles or at a keynote. If you fail to train your end users to not only use the technology in front of them or understand the risks they pose as users to the data and information security of the business you will undoubtedly risk a catastrophic failure. Users are the most risky part of your business, they move, they are forgetful and they tend to be overly sharing even when you have specifically told them not to be. What we will need to do as we step into 2024 is train end users to understand the risks of AI, what it does/doesn’t/can/cannot do with data.

Once they understand this you will need to wrap true security awareness training around this. The training will need to be broad but also deep to ensure that users do not fall into the trap of not knowing the breadth of the risks but also don’t end up receiving such high-level input they never really understand how deep that rabbit hole can go.

Zero-Trust Security Architecture

Adopting a zero-trust security architecture is paramount in the age of AI-driven threats. Rather than relying solely on perimeter defences, businesses should implement robust identity verification, continuous monitoring, and strict access controls to mitigate the risk of unauthorized access. We need to build systems, services and business with Zero Trust at the core. When my team is asked to work on a solution for a customer or migration to the cloud, this is where we begin the days of trusting the perimeter of the network to defend us are gone. We need robust Zero Trust across every system, platform and service. If you don’t have Zero Trust you have too much trust!

Collaboration and Information Sharing

Cybersecurity is a collective effort, and businesses should actively participate in information sharing and collaborative initiatives. At Planet IT, I make this a core of what we do with regular information-sharing sessions, events and webinars (including this blog!). Building a strong network of industry peers and sharing threat intelligence can enhance the collective ability to thwart sophisticated AI-driven attacks. If you don’t know where to start with this reach out to [email protected] and we will get you connected with like-minded individuals across the UK and EMEA and help you build your network of peers.

Regulatory Compliance and Ethical AI Usage

Governments and regulatory bodies are increasingly recognising the need for stringent cybersecurity measures. Or at least attempting to put something in place. We saw this at the meeting of Governments and AI companies at Bletchley Park this year, but we all know that governments and legislation work by their own schedule. By the time our governments are ready to put the pen to paper on AI, we will be too far down the road and the legislation will be outdated. We need to take the consideration of what is ethical, what we believe is right and what we can justify as businesses and individuals. Then let the Government catch up when we have all already worked this out. Businesses should ensure compliance with relevant regulations and prioritise the ethical use of AI technologies to avoid unintentional misuse that could lead to security vulnerabilities.

Beyond technological solutions, fostering a cybersecurity culture within an organisation is paramount. Employees should be educated about the potential risks associated with AI-driven threats and encouraged to adopt best practices, such as vigilant email scrutiny, regular password updates, and reporting suspicious activities promptly. This starts from the first day they join your business and should be a continued journey throughout their time with you. The days of training once worrying later are gone. We must be keeping our staff as up-to-date as we are, bringing the business with you is the hardest part of the battle with AI and Cyber Security in 2024.

As we stand on the precipice of a future dominated by generative AI, the importance of robust cybersecurity measures cannot be overstated. Businesses must proactively adapt to the evolving threat landscape by embracing advanced technologies, fostering a cybersecurity-conscious culture, and collaborating with the broader industry. By doing so, they can not only defend against the rising tide of AI-driven threats in 2024 but also pave the way for a more secure digital future. Just remember, AI is Amazing but if you fail to understand it, properly protect it or secure it then it’s a disaster waiting to happen!

If you want to talk to one of our experts about how we can help you with your security and understanding of AI then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

How to create and implement a cloud strategy

November 3, 2023/in Backup, Cloud, data, datacentre, General, IT Security, Latest Tech, Microsoft, Project Management, Security /by James Dell

Cloud-based solutions are helping organisations achieve greater agility, efficiency, and innovation, and even increasing end-user satisfaction. That said, moving to the cloud is not always just as simple as clicking a few boxes and pressing go. It can be a drawn-out or complex process. Any cloud migration strategy requires careful planning and execution to ensure a successful outcome and avoid the typical major pitfalls.

In this article, we will explain what your cloud strategy should include, why you need one, and how to create and implement one for your organisation.

We will also share some tips and best practices from our experience as a Microsoft Solutions Partner specialising in Microsoft Azure, Microsoft 365 and cloud migration specialist.

What is a cloud strategy?

A cloud strategy is a concise viewpoint on the role of cloud computing in your organisation. It defines what you want to achieve with the cloud, how you will get there, and how you will measure your progress and results.

A cloud strategy is different from a cloud implementation plan, which offers the “how” rather than the “what” and “why”. A cloud implementation plan details the specific steps, actions, and resources needed to execute your cloud strategy.

You need a cloud strategy because it helps you:

Align your cloud solutions with your business goals and user needs.
Communicate your vision and direction to your stakeholders and partners.
Identify and mitigate the potential challenges and risks of cloud adoption.
Optimise your costs and benefits of using the cloud.
Monitor and evaluate your performance and outcomes.

What if you don’t prepare for the cloud properly?

Without a clear and coherent cloud strategy, you may end up with:

A complex and expensive technology estate that does not meet your expectations or requirements.
A lack of coordination and collaboration among your teams and departments
A loss of control and visibility over your data and processes
A reduced ability to respond to changing market conditions and customer demands.

So, where do you start?

If you have to ask that question, then you probably need a helping hand.

Feel free to call one of our Cloud Specialist Architects to get the plan rolling. Call 01235 433900 or email [email protected] and ask about a Free Cloud Readiness Assessment.

Education in Focus: Biggest IT Refresh Year Ever

May 11, 2021/in Backup, Cloud, Education, IT Security, Latest Tech, Microsoft, Security /by James Dell

There comes a point in the academic year where exams ramp up, teachers, lectures and support staff are focused on getting student’s through their end of year exams and keeping the momentum up until the summer break.

Meanwhile in the cool dark of the server room, the IT Support teams across all academic settings are preparing for the calm before the storm.

This year, while we may not be seeing exams like we previously would, the IT Teams in our educational establishments are preparing for their busiest summer refreshes ever. The woes of 2020 are behind us and the shift to classroom learning returning for 2021/22, the push is on to make the infrastructure improvements that were put off during COVID.

Saying all that, budgets are likely to also be tighter than ever. So how can IT teams get the absolute most out of their IT projects?

To help we have put together 5 top tips for smashing your summer projects in 2021

Plan Early

When it comes to any form of IT project the further ahead you are planning the better chance of success you have, so start early!

Engage vendors and technology partners. Test the market and understand your options. If you are looking 6 months ahead of where you need to be, then when do you have to make the choice on the technology or the vendors you are going to use? Be armed with all the information you need so you can overcome the challenges the project throws at you.

Have a contingency plan

As you begin to plan your project, look at the what if’s…

For example, if you are replacing a server infrastructure, what happens if the new servers fail? Or before you have moved the data, if the old servers fail, do you have a backup? Have you tested it?

By implementing a rock-solid contingency plan you are positioning yourselves in such a way that you can overcome whatever challenges come your way.

Choose a partner you can trust

Remember you are not in this alone.

Whatever the chosen project you are undertaking there are partners who will help you achieve the goals of your organisation. However not all partners are equal. Not all partners have the same approach.

Find a partner who has the certifications and accreditations with the vendors you want to work with, i.e Dell Gold Partner or Microsoft Gold Partner with certified engineers. Don’t settle for “the local firm” as 9 times out of 10 they will get out of their depth very quickly. They’ll can end up making the challenges of delivering IT in education much worse.

So, pick a partner you can trust, and you know when you’re up against it, will have your back!

Only choose best of breed technology and don’t settle for last generation.

Lots of companies see education as an opportunity to move stock which the corporate world no longer wants – for example, servers which are now end of sale or software which has been pushed into its last few operational years.

You should never settle for anything other than the best in breed technology for your establishment. If budgets constrain that, reduce the scope of the project or limit the technology used. Don’t settle for old, refurbished or reconditioned equipment just to hit a financial goal. In the long term, you will pay the price when the equipment cannot be serviced and needs replacing before the business has got the full value from the solution.

Maximise gains using operations leasing

When making purchases in education, you have a great opportunity to access low cost or even free finance offerings for all of your large purchases. So, leverage these deals to extend your budget.

Limit the capex spend and get the best solution you can and prevent the project delays of stretching upgrades over 2-3 years which really need to be done today.

Using these top tips, your organisations should be able to avoid the pitfalls of so many education providers in the past and make sure you take step in the right direction when making your upgrade this summer.

Just remember you are not alone. At Planet IT we have a team of specialists who can not only support you with the decision making and selection of new equipment, but can support with the role out, implementations and upgrades to your systems.

If you want to talk to one of our educational team about how we can help you with your summer projects then please call 01235 433900 or you can email [email protected] or if you would like to speak to me directly you can reach out to me via DM or at [email protected].

Backup Webinar Recap: The Uncomfortable Truths

May 4, 2021/in Backup, Cloud, Latest Tech, Microsoft, Remote Working, Security /by Michael Davey

This week, we hosted a Live Webinar based all around the Uncomfortable Truths about your Backups.

Our resident Backup guru, Michael Davey was joined by Arcserve expert, Steve Butterfield and between them they covered

✅ Microsoft 365 data protection

✅ Immutable storage & Ransomware Protection

✅ How are you storing your data & the 3-2-1 rule

✅ Scaling your infrastructure with Backup & DR

✅ How to combat storage creep

Did you miss it? Or would you like to watch it again? Well, the good news is that we recorded it and you can check it out here:

Your Questions, Answered.

We received lots of questions throughout the webinar. Unfortunately we weren’t able to answer them all during the live session so we have compiled them all and asked Michael and Steve to answer them again.

Remember, if you you would like to find out more about backup in general or speak about your own backups specifically, get in reach out to your Planet IT account manager, call 01235 433900 or email [email protected]

Would cycled tapes not be immutable being out of the drive most of the time?

Tape and especially WORM tape were the original air-gapped / immutable storage

While out of the drive then tapes are largely immutable outside of extremes involving strong magnets, But you do have to put them in the libraries to use them which brings two issues,

1. They are available to be overwritten while in the library.

2. They require manual intervention to remove/replace.

However, definitely a big improvement over no airgap.

What is the licensing model? Is it based upon per user for 365 and per source TB for onsite storage?

Universal licensing which runs on your own hardware or VM covers all data sources including O365 and so is

licensed per TB of protected data, no limits on retention and can be any mix of Physical machines, Virtual machines and O365

Per user licensing is also available and may be of interest if you are adding it to existing Arcserve licensing.

Per user or per TB licensing is available from our cloud (SAS Offering )subject to a max of 100 users per TB for capacity based licensing )

The reason people do Full backups is because incremental backups all depend on the previous ones , isn’t that a disaster waiting to happen with incremental forever ?

Our Incrementals act and restore like Full backups, they do not depend on any other incremental backup therefore one “Broken” incremental affects neither the incremental before or after it.

What is the most common security breach you see that can also impact backups?

I think Michael answered this but a stat for you from Sophos “The state of Ransomware 2021”

37% of the 5400 respondents surveyed were hit by Ransomware in the last year

Ransomware is still the major threat

A pretty bold statement was made “Completely Ransomware Safe” Can you back this claim with something factual?

Like Unsinkable ships, Completely ransomware safe is conditional on the type of attack i.e. Nothing is completely safe if Physical access is allowed for instance , however we believe that our Ransomware capability is the strongest and most complete in the industry and we are the only backup vendor to offer a Money Back Guarantee.

For 0365 backup only do we need an onsite appliance?

You have choice, You can purchase Arcserve UDP and have it protect O365 in the following ways

An Appliance running on Prem or in hosted Colo
Software running on your own hardware, VM or in your own public or private cloud instance
Software as a service running from our Cloud based from our Datacentre in Manchester or AWS in London ( Other Geo’s are available )

While On-Prem may seem an odd choice to some for a cloud based service, do remember the 3-2-1 rule and the fact that even in the event of an Internet or Azure outage you could still access your data locally. The main thing is it is held elsewhere so we would always caution against any service backing up O365 which is hosted in Azure

4 Steps to the Perfect Backup Plan

March 31, 2020/in Backup, Cloud, IT Security, Latest Tech /by Michael Davey

Today is World Backup Day, for many it’s a day to be celebrated, but for just as many, it’s a stark reminder of the dark omen that is an uncertain backup environment or plan.

We all know the basics of backup right? The things we all want to achieve

Retention
Redundancy
Recovery

I could happily go on for far longer than any of you would care to read on each of these topics! Today however, I want to talk about the practical elements of making sure your backups and overall disaster recovery plan are the best they can be. Starting with some basic questions.

Are you backing up your whole environment?
Are you running your backups daily?
Are your backups retained for the right amount of time?
Do you take backups off-site?
Are your backup sets fully automated?
Are your backup jobs encrypted?
If you have cloud resources (Office 365, Azure, AWS) are these backed up?

In an ideal world, you would want each of the above to be a confident and resounding YES! However, this is not always the case – we often hear the ill-fated “I don’t know”.

So, what can we do to be certain on the above and confidently rest knowing our backups will be there for us should the worst occur?

Step 1 – Check the List

Firstly, I would start by checking your infrastructure or approach your IT Team to get the answers to the above questions. Understand that if the answer to any of them is no, in this first step, it’s less important to know why, just to understand the position you are currently in. Once you’ve established that, let’s move on to step 2.

Step 2 – Check the Kit

Once you have a firm understanding of your overall backup integrity, it’s time to push past the smoke and mirrors and figure out exactly what you are working with. Check your storage, check your software and make sure it isn’t letting you down. There are so many options available in today’s market, but a quick search of your products and the competition should help you understand if you need to make any changes.

Step 3 – Make your Plan

At this point, you’re either happily relishing in confidence… or you’re not.

If you’re not… bear with me, I promise, we’ve just ripped off the worst of the band-aids and from here… the only way is up. When making your plan, it’s important to work out what you need first, what you want second and then figure out the cost implications (if any) your business will need to work towards. Everyone loves a good deal (or better, a free deal!) but sometimes investment is required to ensure you have the right infrastructure for your plan. When making your plan, make sure you are referencing the list from Step 1 and work out the following:

How long do I want to keep my backups?
What is my off-site storage plan?
Do I have Cloud Resources that need to be backed up?
How efficient do I want my backups to be?
How long can I afford to be offline in the event of a disaster?
How much data can I afford to lose in the event of a disaster?

The answers to these questions will help you to understand how much storage you need, whether you need a cloud or second-site storage plan, if you need high performance equipment and your Recovery Point/Time Objectives. Know that even if the plan is loose, it’s more than you had at Step 1 and it will help you enormously when collaborating with your teams, suppliers and peers to achieve the best outcome.

Step 4 – Reach Out

At this point, we’ve gone from scratching our heads, to having a clear understanding of the potential issues, a goal to aim for and a plan to get there. Now it’s time to reach out.

Speak to your team and your suppliers and get them on board with your plan. From this point forward, you’re taking control of your backup & disaster recovery plan. You’ve worked out what you want to achieve and you’re making it happen. That, or you were happy from Step 1 – either way, grab a coffee and your favourite lockdown biscuit, you’ve earned it!

Remember, if you ever have any questions, just ask. I, or one of the team here at Planet IT, are always happy to be used as a sounding board and can offer our expertise for your specific situation.

Similarly, check out our BDRaaS page for more information

Feel free to reach out to me via LinkedIn or email me at [email protected].