Cohesive Blog

See the full article on Phoenix NAP: Business Data Security Tips: 40+ Experts Reveal Their Best Advice

Self-evaluate to keep pace with both risk and compliance

Your business is small, but risks are enterprise-size.

Top cybersecurity threats to small businesses (SMBs) are very similar to the risks all enterprises face. The stakes are much higher for SMBs because they often lack the resources to fight back and prevent data loss. Large firms have teams of data security experts and can afford extensive audits. SMBs can be more vulnerable to security risks and struggle to quickly react to vulnerabilities.

Ponemon 2016 CODB SMB data breach

Data breachs affecting SMBs – from the Ponemon CODB

Keep pace with both risks and compliance by self-evaluating

Frequently self-evaluating the company’s cybersecurity practices is the best way to detect and prevent cybersecurity threats. SMBs can use the NIST Cybersecurity Framework (it’s free!) as a blueprint to evaluate current security policies and remodel data protection policies to focus on preventing vulnerabilities and to set goals to improve and maintain security.

Traditional standards and protections all attempt to do the same things: protect sensitive data. The NIST Cybersecurity Framework is unique because the Framework combines the best practices of other security standards to focus on outcomes, rather than avoiding liability. SMBs should self-evaluate cybersecurity at least once a year, with participation from all business unit leaders and all of the IT team.

NIST Cybersecurity Framework

Read more: Why All Enterprises Should Adopt the NIST Cybersecurity Framework

Don’t become a victim of your own success – growth.

As SMBs grow and add employees and partners, they must share access to vital business data and systems. For example, a small company can rely on a single IT person to manage access to data, a server, and the company network. As the SMB grows and adds employees and offices, a “single point of failure” becomes a risk for the company. Security for data and networks should grow with the business, with precautions built into business goals.

Watch: Dwight Koop’s CircleCityCon talk on the NIST Cybersecurity Framework

Margaret Valtierra, Senior Marketing Specialist, Cohesive Networks

Margaret Valtierra is Senior Marketing Specialist at Cohesive Networks. She is responsible for growing business through digital and written content, public relations, and community events.

See the full article on Phoenix NAP: Business Data Security Tips: 40+ Experts Reveal Their Best Advice

Posted by:

- - - -

Once there was a little girl named Goldilocks who used cloud computing.

Starting out she launched a C5.18xlarge instance but at over $3.00 per hour, she realized it would cost more per month than the rent of her little cottage in the woods.

See the full article featured on Information Security Buzz

Next she tried a t2.nano, but try as she might, 500 meg of memory was not for the Photoshop work she wanted to do on her photo library, comprised of montages of her friends the three bears.

Then Goldilocks fired up an m4.medium, it did the trick, with multiple cores, and enough memory to run here retail site.

That is pretty much the story. When you get started in the cloud, you often don’t know how much CPU, how much memory, how much net bandwidth – and the “M”s feel “JUST RIGHT”.

Once you get experienced then the banquet of instance-type offering start to make sense as you optimize your workloads.

Why use an M family instance in AWS?

cloud workload-botmetric

Image source: Botmetric 2017 survey

In Amazon AWS EC2 is the most used AWS service. According to a Botmetric report, 46% of EC2 usage is with the M family and M4 is the most popular for production instances.  So why do AWS users keep coming back to M family instances?

Behavior – traditional environment you were locked into a specific hardware configuration. Many organizations treat cloud similarly despite the simple and cost effective elasticity of cloud to profile and load test different instance sizes. People start with the general purpose M family, set it and forget it.

Unknown Requirements – selecting instance types that match the application needs is an obvious advantage to using a cloud like AWS with may instance family and size choices. This of course means the DevOps or OpsDev group deploying the cloud application knows their application components’ resource requirements enough to make decisions on specific instance types.

Reserved Instances – the fewer instance types and sizes included in a reserved instance contract, the easier it is for cost allocation. Buy a bunch of cheap M family instances and use them.

Cost Efficiency – R and M family instance sizes rank at the top of the chart when looking at both Compute Efficiency (Compute ECU / $-hr) and Memory Efficiency (Memory GB / $-hr)

Known Resources – T family instances would be more popular if not for the known of when the compute credits run out. AWS addressed this with the “unlimited” option. Expect T family to become more popular as more users become aware.

Evaluation of Alternatives – M family instance sizes map most closely to the generic instance/VM sizes of other clouds. When making a purchase decision the M family is the easiest to use when seeking out alternatives for price/performance comparisons.

Access to Extras – M4 instance sizes allow for optional Enhanced Networking and EBS-optimized.

This post was a team effort, written by Patrick Kerpan and Ryan Koop. Our favorite AWS instance type is t2 large with the t2 unlimited option. According to Botmetric, 83% of the non production workloads run on T family. 

Posted by:

- - - -

The AWS Well-Architected Framework

At Amazon, they recommend following the AWS Well-Architected Framework to align plans, architecture, and their cloud best practices. It’s worth reviewing the framework for your own AWS-based projects for an in-depth look.

AWS' well-architected framework's 4 pillars

AWS’ well-architected framework’s 4 pillars

Since Cohesive Networks mainly focuses on networking and security, we’ll highlight parts from AWS’ Framework and other network and security best practices.

The AWS Well-Architected Framework is based around 4 “pillars”:

  1. Security – The ability to protect information systems and assets while delivering business value through risk assessments and mitigation strategies.
  2. Reliability – The ability to recover from infrastructure or service failures, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
  3. Performance Efficiency -The efficient use of computing resources to meet system requirements, and maintaining that efficiency as demand changes and technologies evolve.
  4. Cost Optimization – The ability to avoid or eliminate unneeded cost or suboptimal resources.

At Cohesive Networks, we have a process called “coalescence,” where we encourage customers to match ideal architectures to the realities of public cloud environments. Cloud users should both account for their current architecture and build with an end architecture in mind.

This way as the realities of cloud creep into the build-out you can be prepared for them. Follow security best practices from the beginning and always architect networks for recovery and connectivity.

Network planning and security highlights from the Well-Architected Framework:

  • Limit access to networks and servers to the “least privilege” rule
  • Capture and analyst network traffic logs
  • Use AWS services to encrypt data at rest, and add on security features to encrypt data in transit
  • Plan your cloud/ AWS resources to interact with any existing network topology on-prem
  • Build networks for high availability, failover, and disaster recovery
  • Test systems and network services for resiliency
  • When building a network solution, consider location to reduce distance
  • Take advantage of regions, placement groups, and edge locations to improve performance

Fitting it together: Mixing in VNS3 for application layer security 

Security, customization and control were the 3 big reasons we created the overlay networking and VNS3. As Cohesive began to put its own computing systems into the cloud, we were uncomfortable with the loss of control of our network infrastructure.

VNS3 can help you literally extend enterprise firewall and security rules into the cloud to enclose, isolate, and control all cloud networks. VNS3 offers enhanced network services on top of the cloud platform network. Our customers use VNS3 to enhance VLAN peering, full encryption of data in motion, application layer firewalls, and cross-region peering.

In particular, VNS3:turret can secure applications in micro-perimeters to eliminate east-west vulnerability. These Application Security Controllers are deployed as an encrypted, clustered software-only virtual instances that secure mission critical business systems in public or private cloud. VNS3:turret provides the most comprehensive application security model available today.

VNS3 turret in a network security role

VNS3 turret in action

Posted by:

- - - -

Blog Resources