General Tech

Rubrik -  - 3 Steps to Constructing a Security-First IT Strategy

3 Steps to Constructing a Security-First IT Strategy

How CIOs and other IT leaders can successfully guide their teams into a security-first IT strategy and earn stakeholder buy-in. Cybersecurity threats are not just becoming increasingly frequent and sophisticated– they remain a top financial concern for businesses, regardless of region or industry.  It is now on the shoulders of IT leaders to navigate the technical security landscape and build agile teams that can dynamically respond to new threats. In addition, because of the financial implications of downtime and breaches, these leaders must also be able to abstract the business value of security in order to influence company-wide priorities.   I sat down with Ron Sinopoli, CIO of McHugh Construction, to discuss how CIOs and other IT leaders can effectively drive and advocate for a security-first posture within their organizations. Sinopoli has been the CIO of McHugh for the past year, and he has already led the company through an entire upheaval of its IT strategy in order to uplevel security measures as a strategic priority for the business.   Here’s an inside look at the three major stages Sinopoli led his organization through when shifting to a security-first posture. Stage 1. The Security Event Post-Mortem: Conducting an Honest Analysis  “After all,…
Rubrik -  - Exploring Passive Survivability: Bracing for a Security Attack

Exploring Passive Survivability: Bracing for a Security Attack

Security attacks continue to be on the rise as threats like ransomware grow more mature and complex.  Although preventing ransomware attacks may seem near impossible, there are tools and infrastructure best practices that make recovering from a cyberattack less painful. In a recent article with Infosecurity Magazine, Robert Rhame, Director of EMEA Product Marketing at Rubrik, explores the passive survivability model and how this framework can enable your team to bounce back from a successful attack. Let’s take a quick look at this model and how, according to Rhame, it can prepare your team.  A version of the below excerpted article originally appeared in Infosecurity Magazine. Design Your Infrastructure Like a Ship When it comes to preparing for a threat that you can’t stop, your infrastructure must be designed in such a way that an attack, although damaging to your business, does not cause all of your operations to sink. Like a modern battleship, your infrastructure should be created with an inherent resiliency built into it. This resiliency is different than traditional network segmentation and should be thought of as failure compartmentalization. The prevalence of the cloud, mobile, SaaS, and IoT devices means that organizations must no longer be focused…
Rubrik -  - How We Use CloudOn & CloudOut to Protect Developer Environments

How We Use CloudOn & CloudOut to Protect Developer Environments

For many organizations, drawing up an effective Business Continuity Plan (BCP) and Disaster Recovery (DR) plan is imperative to ensuring business operations don’t stop during an unplanned outage, security threat, or attack. Most strategies focus on recovering mission-critical data and systems such as financial, customer, and ERP applications. In addition, many organizations, including those whose main business is developing software, often consider revenue-impacting systems and data as mission-critical, while software development is an afterthought.  Just like any other tech company, Rubrik is susceptible to unpredictable outages or disasters that can affect its on-premises or cloud infrastructure. That’s why we have a broader definition of mission-critical data and systems that includes our development work environments. We make recovering them a key part of our DR plan so we can continue to develop software in any scenario.  In order to achieve this, we use two powerful features of Rubrik Cloud Data Management: CloudOut: Archives backed up data to object storage platforms such as Amazon S3, Google Cloud Storage, and Azure Blob Storage for quick access and retrieval. CloudOut as a standalone feature might sound like elastic storage on cloud for quick and easy access, but when coupled with CloudOn, it becomes an…
Rubrik -  - The Day the Data Center Stood Still: A Tabletop DR Workshop

The Day the Data Center Stood Still: A Tabletop DR Workshop

When it comes to being ready for the real thing, regular DR testing is crucial to preparing a team for all the moving parts involved when some random day goes really wrong. The trouble is, it’s not always possible to scrape together the time and resources needed to test as often as you should. In many organizations, the first time a crisis team gets together is for the big one.   This blog series shows how you can use tabletop workshops to do some hypothetical training and strengthen your disaster recovery and response strategy. In my first post, I discussed the importance and preparation of a tabletop exercise. This post will help walk through the setup and execution of the exercise. Let’s get started! Tips for Running Your Tabletop Workshop Each workshop has one facilitator to guide the exercise and 5-10 participants in the core and extended crisis team to roleplay the scenario. Note that participants will not necessarily be playing their actual role at the company, but working collectively as a group to address the disaster. Group Discussions One of the main goals of a tabletop workshop is to encourage group discussions that identify holes in your current DR strategy…
Rubrik -  - The Myth of Boring Backup

The Myth of Boring Backup

Am I crazy for thinking backup is exciting? Prior to joining Rubrik, I was a Gartner analyst for 20+ years and spent the majority of my time there covering primary storage and backup and recovery. As a storage analyst, I saw the consistently high client inquiry volumes on backup and recovery and decided to switch my coverage to this area. Some of my colleagues shook their heads and couldn’t understand why I wanted to cover a technology area that was so “boring.” To me, backup is not boring; it’s the biggest pain point in the entire data center infrastructure! It has often become a huge burden that slows down an organization’s quest for agility. As I studied the market and technologies, I realized that the pain was caused by too little innovation. All the major enterprise backup solutions only had incremental improvements in the past 20 years and couldn’t meet the new backup and recovery performance requirements. As a result of relentless data growth, backup windows have become longer and longer, while recovery is too slow to meet the requirement of new digital initiatives and changing expectations. Today, backup has become one of the most exciting fields because it’s experiencing…
Rubrik -  - Building PowerShell ChatOps Integrations with PoshBot

Building PowerShell ChatOps Integrations with PoshBot

Chat tools may have started out for simple communication, but many organizations are now leveraging chat to streamline their operations. This is known as ChatOps (or Chat Operations and Chat Automation), which aims to automate tasks, execute workflows, and retrieve the results directly in chat. In this post, we’ll look at the benefits of ChatOps and how to get started using Rubrik and PoshBot in combination with Slack. Advantages of ChatOps Before we dive into the technical specifics, let’s first answer the question: Why use ChatOps to automate anything? There are several reasons for using ChatOps, but one of the biggest reasons is that in most organizations, we are already using a form of chat interaction to communicate with teammates. Leveraging a familiar interface to automate tasks makes it much easier to expose scripts and workflows to non-technical users who would otherwise not have access. Another advantage is that the learning curve of using ChatOps is quite low. If a bot is added to an existing chat channel, everyone in the channel can see how a command is executed, which reduces both the learning curve and context switching. Instead of asking for help, a user with sufficient privileges is able…
Rubrik -  - 6 Pitfalls of Native MongoDB Backup (And How to Overcome Them)

6 Pitfalls of Native MongoDB Backup (And How to Overcome Them)

Every enterprise and Fortune 500 organization is undergoing critical modernization efforts, such as digital transformation, customer experience, and cloud-native deployments. With high application availability as a critical requirement for modern applications (IoT, AI/ML, eCommerce, analytics), many enterprises are turning to distributed NoSQL databases. MongoDB continues to be the database of choice for application teams needing to tackle high-volumes of unstructured data, cloud-native and hybrid cloud deployments, agile application development, and cost-effective scalability. Although the cloud-readiness of NoSQL databases like MongoDB enables enterprises to power their cloud applications, no database should enter into production until a reliable, enterprise-grade backup and recovery strategy is in place. While native backup tools like mongodump and OpsManger exist, they are often an inadequate solution for enterprise-grade data NoSQL management. Below are the top 6 Pitfalls of native MongoDB backup and how enterprises can avoid them with Rubrik Datos IO. 1. LEGACY MEDIA SERVER BASED ARCHITECTURES LIMIT SCALABILITY The native MongoDB backup management solution relies on a legacy media server architecture to process and manage backup and restore operations. These legacy architectures centralize the control of the backup process and move/store the backed-up data through a single server, resulting in siloed performance and scalability. While using…
Rubrik -  - Understanding RPO and RTO

Understanding RPO and RTO

As enterprises utilize more and more business-critical digital services, information technology infrastructure and applications have become key strategic imperatives. Downtime and data loss translate to a huge business and financial impact that  must be minimized with an effective data protection strategy. When planning for a data protection strategy or a disaster recovery plan (DRP), there are several criteria to consider in order to align with the business impact of various applications and workloads. A Business Impact Analysis (BIA) can help assess and weigh the impact and consequences, both financial and non-financial, of an interruption in business operations. These findings can help organizations determine their availability Service Level Agreements (SLA), or the level of service expected by the customer from the entity that provides the service. Most often, multiple SLAs are defined to match the various levels of criticality that were determined during the BIA. For example, the following SLAs are commonly utilized: 99%, or two 9s, corresponds to 3 days 15 hours and 36 minutes of downtime per year. 99.9%, or three 9s, corresponds to 8 hours 45 minutes and 36 seconds of downtime per year. 99.99%, or four 9s, corresponds to 52 minutes and 34 seconds of downtime per…
Rubrik -  - Tips for Migrating Your App to the Cloud

Tips for Migrating Your App to the Cloud

In this age of falling cloud computing costs and hybrid cloud infrastructures, many businesses are trying to find a path to migrate their apps to the cloud. There are a myriad of reasons why app migration is top of mind: Potential cost savings Disaster recovery uses App refactoring or modernization Access to burstable resources Integration with SaaS platforms or new cloud-based tools (e.g. Amazon RDS, Azure App Services, and Google Cloud Spanner) In this blog post, I will explore some of the concepts and requirements needed to migrate an app from an on-premises data center to another location. This secondary location is typically a cloud provider, but many of the concepts apply when moving to a DR site, or even a developer’s laptop. In our example, we’ll use one of the most ubiquitous three-tier apps available: WordPress. The diagram below describes the components of our app. Understand Your App Let’s be honest—apps can be complex. If you’ve amassed technical debt in regard to documenting your apps or have little understanding of how they connect with other apps or business processes, you will have some homework to do. You’ll need to document and fully comprehend all aspects of your app, including:…