Month: May 2020
Webcast Replay: Providing 24/7 Visibility and Pervasive Coverage with MDR
The second tenet of Alert Logic’s Managed Detection and Response Manifesto states that any MDR solution needs to provide 24/7 visibility and cover all assets in an organization. INAP’s Jennifer Curry, SVP, Product & Technology, joined Alert Logic’s Jack Danahy, SVP and Chief Evangelist and Bloor Research’s Fran Howarth, Practice Leader, Security, for a discussion related to this vital aspect of cybersecurity.
In the recording below, the panel addresses what defines MDR, why it’s evolving as a form of protection and what you should expect from your MDR provider under the lens of monitoring visibility, transparency and 24/7 vigilance.
Curry spoke about the importance of visibility and what customers are looking for in terms of transparency in managed services. “Visibility is so critical to everything we do. [They] understand that we’re going to take care of routine tasks, managing security alerts and patching,” she said. “More and more, though, they want to know, ‘How am I going to see this? How am I going to see what you’re doing? I don’t want to lose visibility even though I may be handing over control.’”
She further highlighted the provider’s role in MDR. “Our job, as a provider and as a partner, is to discuss how a solution will cover you today and 10 years from now in your journey, in your hybridization of your environment and your digital transformation,” Curry said.
You can learn more about the other tenets of The MDR Manifesto throughout the month of May by registering for Alert Logic’s upcoming webcasts here.
Explore HorizonIQ
Bare Metal
LEARN MORE
Stay Connected
Cloud technology has become exponentially more important for organizations over time. With a myriad of applications running on different cloud models, some work needs to be done to examine whether these solutions are a best fit to meet a company’s needs effectively and efficiently.
Are you sure each application in your portfolio is using the right cloud model for your organization and end-users?
Cloud computing is primarily comprised of three “as a service” models:
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
The primary differences between IaaS, PaaS and SaaS essentially boil down to how much of the stack you manage relative to the service provider. Depending on your need for flexibility and customization, each model has its pros and cons.
For example, standard, unmanaged IaaS solutions require more monitoring and management than a fully packaged SaaS application, but offer the control and flexibility to deploy virtually any type of workload. The models you’ll choose depend largely on the functions of specific applications and needs of your IT operations.
Below, we explore these models in detail to help you identify which model is best for your organizational requirements.
Infrastructure as a Service (IaaS)
IaaS provides a robust ability to distribute a compute stack—servers, storage, networking and operating software—while permitting users to consume only what they need while offloading infrastructure management tasks to their provider, as noted in the figure above. The organization or consumer will control the software (think Virtual Machines) but not the physical infrastructure that the virtual machines run on.
Example of IaaS Solutions
IaaS models encompass a wide range of hosted infrastructure: hyperscale public cloud, Dedicated Private Cloud (DPC), Virtual Private Cloud (VPC) and bare metal. Infrastructure as a service providers you’ll run into (including the one behind the blog your reading):
- HorizonIQ Bare Metal using accessible API
- Amazon Web Services (AWS)
- Google Compute
- Azure
IaaS Limitations
As the buyer, you will always want to run a Return on Investment (ROI) formula to ensure your budget, efficiency and workload are on target. Assume that some work time will be needed to train users and administrators as features, products and compute resources change.
IaaS Exploration
Ask yourself these questions when contemplating an IaaS solution:
- Do we have the infrastructure in house to support our users/client base?
- Would we save financial and individual resources with this model?
- What are our current redundancy and compliance requirements or goals?
IaaS with a Managed Service Provider
Pairing managed services with an IaaS model offers efficiency for organizations looking for the highest security, network throughput, redundancy and cost effectiveness. Whether a company turns to managed services for monitoring, security or to optimize IT infrastructure, working with a managed service provider allows you to concentrate on mission-critical applications while the provider manages the backend infrastructure.
Managed services can also include network management, capacity planning, performance monitoring, continuous technical support and more. Be mindful that different providers offer different levels of services. For example, AWS and Azure fall on the self-managed side, while DPC and VPCs at HorizonIQ, on the other hand, are fully managed through the OS level, including monitoring.
Platform as a Service (PaaS)
PaaS is a computing platform delivered by a service provider that allows the client to develop, run and manage applications without needing to focus on infrastructure maintenance. The PaaS model is for organizations that do not want to manage or administer the essential foundation of network, hardware, storage and compute nodes, choosing instead to focus on software and application development and consumer use changes and needs.
In the PaaS model, the solution stack might be a set of components or software subsystems used to develop a fully operational product or service. For example, the service could be a web application that uses an OS, web server, database and programming language. The solution stack might also deliver an OS, database, middleware or application.
Your development team and administrators will manage the applications and usually the configuration and settings of the environment in this model, but not the operating system, update patching or hardware assessment.
The PaaS model is greatly advantageous for a large development team with members working on distinctive and isolated action items in partnership, all without an in-person presence.
Examples of PaaS Solutions
- Windows Azure VM
- Google App Engine
- Linux Apache Stratos
PaaS Limitations
The most acknowledged limitation of the PaaS model is that clients are assigned to the PaaS vendor’s hardware inventory, which may not explicitly decide the application requirements without certain fine-tuning. Be aware that vendor lock-in is commonly cited for PaaS, as well.
Another limitation is that data protection and network bandwidth are out of your organization’s immediate authority or supervision, which unfortunately could result in adverse unforeseen challenges.
PaaS Exploration
Ask yourself these questions when considering a PaaS solution:
- Do we want to focus developing our applications with efficiency and minimal supervision of the hardware assets?
- Is our application hardware and network limited to specialized hardware or CPU processors?
- Can we allow for a minor risk of abrupt but controllable matters?
Software as a Service (SaaS)
SaaS is a model to distribute software online. The users of these products interact via a web browser or program interface and have no control of the compute resources, network, storage or operating systems.
Users have no need for an IT department to install, perform quality assurance or patch the software being used, allowing them to meet their day-to-day work objectives. The software vendor handles these functions for you. The software provider hosts the application at its data center.
There are a few major characteristics that apply to most SaaS vendors:
- Updates are applied automatically and no need for action on the customer’s end
- Services are purchased via subscription
- The customer is not required to install any hardware
The SaaS model is in place for end users and consumers that have no understanding of (or need to understand) backend development or administration of the applications they use. Ultimately, they just want to open the software and use it with partial configuration, installation and time to learn.
Examples of SaaS Solutions
- Hubspot
- Dropbox
- Zoom
- O365
SaaS Limitations
There are constraints with the SaaS model, such as unforeseen interruptions for critical patching, and limited end user customization of the software. the SaaS model often requires specialized software that users may not be familiar with.
SaaS Exploration
Ask yourself these questions when considering a SaaS solution:
- Can the software run in a browser or smart device for the users with limited administration?
- Will our software be secure and stable for the users while also maintaining normal version releases?
- Will the end user environment adapt to standard system configurations such as similar operating systems, processor speeds, memory available and internet access?
- Is the software mission critical for organizations therefore not allowing any downtime?
If the answer is YES to the last question, then SaaS is perhaps not the right choice for your organization.
Moving Forward with a Best-Fit Cloud Model
Consider the tools you are currently using and what makes them run behind the scenes. Many of these solutions are cloud-based and implemented via one of the three models we have described in this article: IaaS, PaaS, and SaaS. Are the solutions you currently use modeled in a way that’s optimal for your business?
If you’re considering expanding your online personnel or cloud development, confirm you understand the differences and ask the right questions. Our teams at HorizonIQ are always here to help address your needs with efficient, cost effective, and honest guidance. Our goal is to ensure you find the best-fit cloud model for your company’s needs.