News & Latest Works

Coronavirus/Covid-19 Crisis: Security For Your Suddenly WFH Team


3/22/2020 UPDATE: The Victory Consortium is working on a series of how-to videos to help businesses set up their own secure remote worker policy and VPN. So stay tuned, but in the mean time the following is a quick run down of best practices.


Best Practices: WFH Security

For over a decade prior to Coronavirus/Covid-19, Victory has been enabling remote teams for SMB and Enterprise companies. Based on our experience here are some best practices that have historically lent themselves to a successful evolution to an all remote workforce, or Work From Home (WFH) team.

It’s not an emergency until it IS…

After two employees started running a fever an entire 40+ person office is now a suddenly remote workforce. You did not ever plan on your team being entirely remote but here you are.

What’s next?

The office is a walled garden - IT controls what comes in and out at the perimeter and keeps things reasonably safe. Outside of those walls, however, it becomes more challenging. Your team members’ homes are not necessarily any more secure than a public hotspot. The following two technologies allow teams to securely connect to business networks from home, the right solution depends on they size and nature of your business.

Virtual Private Networks (VPN)

A Non-Technical Definition of VPN:

VPNs create a secure connection to external networks, like to the one at your office, across the internet. Connecting to the internet on public wifi (think coffee shop) without a VPN, means that when your computer sends and recieves messages they are unencrypted and could be intercepted, which is a security risk.

There are a lot of public VPN services out there which will protect you when on public or untrusted networks; here is a list. Configuration for your specific security needs is critical. As a baseline, make sure that your VPN includes local network isolation (often called local firewall) so that your computer is fully isolated from the local network.

“Everyone should have a VPN on every device - period.“

  • Every IT Professional Ever

But that's not the point of this article - this is about allowing your people to work on corporate systems securely. Many companies rely on whitelisted IP addresses or local networks, especially to secure legacy systems. To allow your people to log in you need a corporate VPN - which can be very expensive and complex. Victory can help you navigate OpenVPN, Algo and other solutions that not only meet your needs but also your budget. Victory can implement solutions in a short time on commodity hardware and allow your employees to log in to the office network and be in the office virtually.

Secure Remote Desktops (SRD)

First, as a light case study: Victory was recently called on to mobilize a 50+ team member Suddenly Remote Workforce mentioned at the beginning of this article. For security’s sake to date, everyone was required to work on premises because the company handles sensitive financial data. However, due to coronavirus, the state mandated they close the office immediately, leaving the company stranded without any course of action to restore productivity.

Victory was engaged to implement an already-in-a-disaster recovery & backup plan, and as always, time was literally money. Victory accomplished this by creating a Secure Virtual Office using Amazon Web Services (AWS) Workspaces. In a controlled rollout on Monday, 10% of the workforce logged into Secure Remote Desktops from home. On Tuesday, the office was closed and the remainder of the employees migrated to SRDs from home. With seamless continuity, the business didn’t skip a beat.

Secure Remote Desktops (SRD) are one of the most secure ways to address security concerns for a remote team.

There are some distinct advantages to SRDs:

  • SRDs can be managed by the same Directory service as the main office - user roles, permissions and even drive contents will transfer seamlessly
  • Connection to the SRD is a secure encrypted tunnel
  • Files on the SRD cannot be downloaded to the user’s device
  • You can connect from a Windows or Mac Laptop, iPad, iPhone, Android Phone or Tablet
  • The desktop itself is connected to one of the fastest and most durable connections possible

Note: SRDs dovetail with Victory’s Azure Active Directory offering. If you have Active Directory on premise we can migrate to the Cloud and add SRDs at the same time, and they are available in AWS or Azure cloud. With Azure AD security can be implemented down to the document.


Victory has over a decade of experience helping distributed teams stay securely connected, operational, and productive. Victory’s Remote Team / Work from Home security solutions help clients navigate and seamlessly deploy flexible and secure remote work environments. Victory’s all domestic team combines operational savvy with strategic and tactical experience to transform businesses globally.


[Announcement] Data Science Services | VICTORY

Is your data drowning you - or is it being ignored?

Companies are sitting on a tremendous amount of valuable data from many different sources, but are intimidated by the prospect of turning that data into actionable insights or innovative data-driven products.

Victory is announcing a new offering: Data Science as a Service

Our team of senior data scientists will work with you to:

  1. Understand the data you have
  2. Assess current and future business needs
  3. Begin creating a prototype pipeline of internal and external analytics products and data models that address those needs

The possibilities are endless: From marketing and sales data, to internal or external application user data, to social data, or any combination of those.

How It Works

Understanding the data you have requires only a few samples of all the different sources of data you currently store. Our team will examine each of the fields, detailing how we might merge or enhance each of those with additional data.

The team will work with you to assess your current business needs, and discover where new data models and products could help fill gaps in efficiency or even to create completely new revenue streams.

The Outcome

Our data scientists will use the latest scalable data science approaches to rapidly prototype analytics deliverables based on your data, which can take the form of reports and visualizations for customers or internal web applications that can empower your internal teams to work faster and create value for you and your customers.

The end result is clear and actionable insights that can drive value for your business starting immediately.

Learn more about our Data Science Services or contact us at data.science@victorycto.com.

Getting Started with Azure Cost Management

This information is provided by our friends at Agile IT – specialists in Cloud Migration in Azure.

Cloud software brings many advantages, but it presents the challenge of tracking and managing their usage and cost. Over time, a business finds itself using many services and applications, with multiple cost centers. There are always ways to use the cloud more efficiently, but finding the best ways to optimize is complicated.

Azure Cost Management gives businesses the tools to track and optimize their cloud spending. It shows cost and usage patterns for Azure services and third-party Marketplace applications, and it suggests ways to optimize spending. Over 70% of Azure enterprise customers use Azure Cost Management, and it can even be used with non-Microsoft cloud services.

Azure Cost Management

The product is a suite of cloud tools for centralized management of the costs of Azure applications and services. It's included automatically with the Microsoft Enterprise Agreement and pay-as-you-go plans. In fact, there's no extra charge for using it within Azure.

Key terms in Azure Cost Management are visibility and accountability. It is easier to determine how much in both the short and long run is spent. It shows where the costs are coming from within the company. The tools use the information they gather to generate recommendations for configuring the services more economically.

The suite can be used with AWS and Google Cloud Platform in addition to Azure. This feature is currently available in preview at no cost; later there will be a charge tied to the use of the cloud platform.

Azure Cost Management is similar to an earlier offering, called Cloudyn. The latter was originally called Azure Cost Management by Cloudyn, which can be confusing. Cloudyn is still offered, and it covers some cases which Azure Cost Management doesn't as yet. The long-term plan is to replace Cloudyn with the newer product.

Cost Management Tools

All the tools are available from the Azure portal. They let the operator get an overall view or focus on specific aspects of the company's cloud deployment. The information can be in the form of graphic analyses, numbers, recommendations, or alerts. Intelligent use of the tools can determine where costs should be allocated and where savings are possible.

Cost analysis

The Cost Analysis tool can show current and cumulative costs as well as making forecasts. Four built-in views are provided, based respectively on accumulated cost, daily cost, service, and resource. Customized views can use specified date ranges and group data by common properties. Big one-time costs can be amortized.

Many grouping and filtering options are available. Grouping determines how the data is broken down; filtering selects which costs the analysis includes. Use of these options lets management see which departments are spending the most and what types of services account for the greatest costs. Cost analysis views can be shared for later use.

Recommendations

Many Azure account types support recommendations in cost management. This is a feature under Cost Analysis. Recommendations identify inefficiencies or recommend purchases to save money. For example, if so many VMs are allocated that most of them almost always sit idle, a recommendation will propose shutting down or deallocating some of them. An alternative is to downgrade them to a less expensive class. Conversely, a recommendation may suggest buying reserved machine instances to reduce pay-as-you-go costs.

Following recommendations is always a judgment call, of course. If usage levels are subject to major swings, paying for VMs that are usually idle may be worth the cost.

A recommendation is based on 14 days of analysis. It will show the potential yearly savings of taking the suggested actions.

Exporting and Downloading

unnamed

Cost information often needs to go to accountants, be copied into databases, or be processed by other software. Azure Cost Management can export data in CSV or Excel format. It can create one-time reports or generate them on a regular schedule. Each run of a scheduled export creates a new file, leaving old exports untouched.

Exports can cover the past seven days' data or the month to date. They can align with invoicing periods, even if they aren't the same as calendar months.

Exported data can be brought automatically into other financial systems or made available for viewing as a spreadsheet.

Budgets

As the name implies, budgets in Azure Cost Management let managers compare expected costs with actual ones. The feature issues alerts or takes automated actions when a cost threshold is exceeded. Budget thresholds never stop services from running or throttle them; they just call attention to overruns. Not all Azure account types support budgets.

Filters can delimit the categories of data which a budget includes. The same filter types are available as with cost analysis. Further, the reset period, which determines the time window the budget analyzes, can be monthly, quarterly, or annual.

Cost thresholds are specified as a percentage of the budget. For example, if a 90% threshold is designated, alerts are issued when spending reaches 90% of the budget. A budget can have as many as five thresholds. Threshold notifications are sent to the email addresses which the budget specifies. The budget can also designate action groups, triggering automated actions when a threshold is reached.

Use With AWS

While Azure Cost Management can't be as tightly integrated with AWS as it is with Azure services, it can still provide valuable information. It can link AWS consolidated accounts.

Setting it up requires actions on both the AWS and Azure accounts. It involves setting up a cost and usage report (CUR) integration in Azure and creating a CUR in AWS. AWS delivers reports into an S3 bucket, where Azure Cost Management picks them up.

Creating a management group for all cross-cloud providers allows an overall view of all Azure and AWS costs. It's also possible to set up separate management groups for each provider.

This feature is free during the preview period. Afterward, Azure will bill 1% of the AWS monthly costs.

Learn More About Azure Cost Management

Microsoft provides rich resources for learning how to use Azure Cost Management. The best place to start is with the Microsoft documentation. It includes quickstarts, tutorials, how-to guides, resources, and reference materials. There's also a downloadable PDF which contains most of the essential information in one document.

The technical overview on YouTube is worth the half-hour it takes to watch it. There's also a playlist of informational videos, most of them under five minutes.