Authentication and Access Control

Threats to your data can come from external or internal sources.

  1. There are individuals who don’t have the authorisation but are driven by malicious intentions to gain access to certain information. This may refer to individuals who already belong to your organisation (but don’t have the necessary access rights) as well as those who don’t.
  2. There are individuals who have both the authorisation and, unfortunately, the malicious intentions over certain information.
  3. Finally, there are individuals who have the authorisation, no malicious intentions, but have accidentally exposed the information in question to those without the proper authority.

While curbing threats 2 and 3 would require other methods, threat #1 can be countered if the right authentication and access control systems are in place.

Here’s what we can do for you:

  • Work with your key personnel to determine who gets access to what.
  • Help you decide whether a single factor or a two-factor authentication (2FA) is appropriate for your organisation and recommend which factors are most suitable. Login methods may include but are not limited to the following:
    • biometric devices
    • Kerberos tickets
    • mobile phones
    • passwords
    • PKI certificates
    • proximity cards
    • smart cards
    • tokens
  • Install the necessary infrastructure needed for the factors chosen. For instance, if you opt to use biometrics, then biometric scanners will be installed. We’ll make sure that the authentication terminals are situated in places where achieving optimal traffic and work flow has been taken into consideration.

Other defences we’re capable of putting up include:

Check our similar posts

Operational Efficiency Initiatives

When was the last time you checked your technology spending against your IT infrastructure’s contribution to the bottom line?

Chances are, what’s happening underneath all those automated processes, expensive hardware, and fancy graphical user interfaces is not doing your bottom line any good.

If you don’t keep a watchful eye, your IT operations can easily nurture a lot of wastage and unnecessary costs. Underutilised servers, duplicate processes, poorly managed bandwidths, and too much complexity are among the common culprits.

For minor problems, we can eliminate wastage by setting up some technology enhancements, instilling best practices, and performing a few tweaks. However, if you’re not adequately trained on how to go about with it, your band-aid solutions can add more complexity to the mix.

Of course, there will always come a time when you will have to spend on new technologies to maintain the overall efficiency of your IT infrastructure. Whether you intend to purchase new hardware or software applications or build an entirely new infrastructure, the sheer cost of such undertakings warrants seeking expert advice.

Failure to do so can result in fragmented resources lacking in cohesiveness, which don’t contribute to efficiency at all.

Our solutions for improving operational efficiencies cover the entire spectrum: from planning what to buy, optimising what you’ve already bought, to making your team comfortable with them all. Please find time to view our solutions below and uncover ways to drive those profits up even as you work within your budget.

 

More Operational Review Blogs

 

Carrying out an Operational Review

 

Operational Reviews

 

Operational Efficiency Initiatives

 

Operational Review Defined

 

The Future of Cloud Backup and Recovery

We came across a post on Docurated that pulled together thirty-seven suggestions for the top cloud storage mistakes user companies make. Given that cloud storage seems to be the best backup solution for now at least, we decided to turn these ideas around to sense the direction cloud backup and recovery needs to take, if it is still to be relevant in say ten years? time.

Has Cloud Storage Largely Saturated the West?
It probably has. Outside of major corporates who make their own arrangements ? and SME?s that use free services by email providers ? the middle band of companies in Europe and America have found their service providers, although they may have never tested the recovery process, to see if it works.

The new gold rush in the cloud backup and recovery business is, or should be emerging markets in Asia, Africa, South America, and the Middle East. There, connectivity is brittler than over here. To be relevant in these fragile, more populous areas our cloud backup and recovery industry need to be more agile and nimble.

? It must provide a simpler service emerging commerce can afford, refresh its user interfaces in third world languages, have more accessible help, and be patient to explain how cloud storage works to newbies. In other words, it must source its call centre operators in the areas it serves.

? It must adapt to local connectivity standards, and stop expecting someone with ADSL broadband to keep up with cloud server networks running at up to 1GBPS compared to their 10MBPS at best. For user sourcing and retention purposes, these new cloud backup and recovery services must be the ones who adapt.

? It must facilitate disaster recovery simulations among its clients in calmer moments when things are going well. Are they backing up the right files, are they updating these, and are their brittle ADSL networks able to cope with their cloud service providers? upload and download speeds?

? It must develop lean and agile systems slim enough to accommodate a micro client starting out, but sufficiently elastic to transfer them seamlessly to big data performance. The Asian, African, South American, and Middle Eastern regions are volume driven, and individual economies of scale are still rare.

? It must not expect its users to know automatically what they need, and be honest to admit that Western solutions may be wrong-sized. Conversion funnels in the new gold rush are bound to be longer. Engagements there depend on trust, not elevator sales letters. Our competition in these countries already works this way.

? It must be honest and admit cloud storage is only part of the solution. To recruit and retain users it must step back to 1983, when Compuserve offered its customers 128k of disc space, and spent an amount of effort explaining how to filter what to put there.

Cloud Storage of Data is Only One Part of the Solution
Governance reports and stock certificates burn just as easily as do servers in a fire. We must not transfer bad habits to exciting new markets. We close this article with the thoughts of John Howie, COO of Cloud Security Alliance, as reported in the Docurated post we mentioned, and these apply across the globe, we believe.
There is no single most important thing to carry forward into the future of cloud backup and recovery. We must be mindful when moving data that this can be fragile too. We must also create layers of backup the way insurance companies re-insure, that make any one cloud backup and recovery business redundant if it happens.
We hold the trust of our customers in our hands but trust is delicate too. We must cease trying to make a pile of money quickly, and become more interested in ensuring that data transferred back and forth is synchronised. The cloud backup and recovery industry needs only one notorious mistake, to become redundant itself in the ten years we mentioned.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Can you do away with the Project Initiation Meeting?

Project initiation meetings are often skipped to fast-track projects. Once a sponsor is found, organisations go straight to project planning and execution. But based on our own experience, holding a project initiation meeting can actually eliminate many issues that may crop up in the future and hence may speed things up instead in the long run.

It is in the project initiation meeting where your project objectives and scope are clarified and all stakeholders are brought to the same page. Project sponsors and stakeholders will have to know in a nutshell what is needed from them, what the possible risks are, what different resources are required, and so on. So that, when it’s time to proceed to the next phase, everyone is already in-sync.

So what are taken up in such a meeting? Perhaps an actual example can help. Sometime in the past, we set out to work on an eCommerce website project. After conducting the project initiation meeting, these were some of the things we were able to accomplish:

  • Identified deliverables e.g. site design, interface to payment system, etc.
  • Come up with the project phases
  • Agreed what should be in and out of scope
  • Defined the acceptance test criteria
  • Identified possible risks
  • Identified the possible training and documentation work needed
  • Established whether any analysis was required, e.g. as with regards to payment interfaces
  • Formulated disaster recovery plans
  • Defined roles and responsibilities
  • Drafted timelines and due dates

Aren’t these covered in project planning? If the project is a big one, the answer is no. In a large project, project planning is a much more exhaustive activity. In a project initiation meeting, only the basic framework is defined.

Some questions may still remain unanswered after a project initiation meeting, but at least you already know what answers you need to look for. In the example we gave earlier, we left the meeting knowing that we needed:

  • a list of all necessary hardware to estimate the costs
  • to identify possible dependencies we might have with third parties
  • to identify what software had to be bought and what skills we needed to hire

When it was time to proceed to project planning, everyone involved already knew what direction we were taking. In effect, by not skipping the project initiation meeting, we were able to avoid many potential obstacles.

Ready to work with Denizon?

Contact Us Today