Thoughts from Coretelligent’s Chief Technology Officer,
Chris Messer

This month marks the one-year anniversary of when many of us transitioned to out-of-office work environments in response to the COVID-19 Pandemic challenges. What we thought to be only a few weeks- or months-long experience ultimately led to our current full-time work from home experience, and this may be the same for many other organizations worldwide. As we look back, it is important to reflect on the many lessons and (now) permanent changes that have occurred during this time.

Many organizations were forced to either embrace new vendors and technologies to enable remote work and collaboration or quickly double down and expand existing plans and deployments overnight. The shifts to remote access or cloud-first resources caught many companies mid-stride, while others were already well down their digital transformation path and had a much easier time adjusting and coping in the early stages of the Pandemic.

There have been several big winners in the vendor and tech ecosystem, including Zoom, Microsoft, and Amazon to name a few. There are also many cloud focused vendors that have further enabled improved remote collaboration and work during the Pandemic to enable companies to adjust from previous traditional office workflows.

The following are some of Coretelligent’s reflections of changes and challenges many organizations have experienced during a year like no other:

Vendor and Tech Changes

With the onset of the pandemic and shuttering of offices around the country, many organizations struggled with shifting their technology stack to accommodate a steep influx in remote work. In general, there was a larger emphasis around increased adoption and investment in cloud computing, cybersecurity solutions, and communications/collaboration tools, especially in the small- to mid-size business segment.

Technologies offering remote access capabilities, such as virtual private networks (VPNs) and virtual desktop infrastructures (VDIs), suddenly had to deal with a larger number of regular users. Items such as telephony and file sharing/collaboration software also required new strategies as workers were removed from their traditional office-based resources. Companies needed to scale their ability to keep employees collaborating, and those that were not as far along in developing their strategies and cloud adoption were left with large hurdles to clear in a short amount of time.

Vendors continued the march towards a subscription model for many services as cloud computing continues to spread. This model has allowed organizations to flex their usage up or down as their hiring and operational needs adjusted throughout the pandemic.

Zoom and Teams have become ubiquitous parts of our everyday vernacular due to the increased consolidation of communication and collaboration tools in remote environments. These platforms have both been powerful enablers, yet have bled into our socially distant personal lives as well with “Zoom cocktail hours” and virtual family gatherings becoming regular occurrences.  These tools have also enabled us to be “always available” which has also caused new work/life balance challenges for many individuals and organizations from an HR perspective.

Security Challenges

As part of the WFH shift, several new security challenges came to light. Many organizations suddenly had to deal with a user population working from a wide variety of potentially insecure locations from a mix of corporate and personal devices. Ensuring that employees could securely access services and data properly, regardless of whether they were on a corporate or personal device, became a key issue.

The biggest driver around security for remote workers is the concept of identity and access control. Physical location has become far less critical, but the validation of user identity and subsequent access and permissions that are granted to that identity are much more important than ever. This change has helped to drive the convergence of several key technologies (SDWAN, CASB, FWaaS (firewall as a service), and Zero Trust) into a unified, cloud-delivered service known as Secure Access Service Edge, or SASE. The goal of SASE is to simplify WAN/connectivity deployments, bring improved efficiency and security, and help provide the appropriate amount of bandwidth and performance on a per application basis.

Over the past year, we have also seen and experienced several security challenges related to remote operating models. The biggest challenges, among others, include addressing the security needs of remote workers, how to secure home networks, whether to permit or block employees to connect and work from personal devices, and how to secure corporate data that can be readily downloaded or copied.

Another key area of focus and debate been around vendor security and data integrity. With several high-profile vendor hacks and data breaches, companies of all sizes can be targets and victims of nation-state hackers as displayed by the recent SolarWinds and Microsoft incidents. Companies now need to decide how to balance and distribute their critical services and data across one or many vendors.  This also impacts how organizations think about their disaster recovery and business continuity planning. With key assets residing with a third-party vendor, organizations may need to reevaluate what this means for their business if the vendor suffers an outage.

WFH / Productivity

As we have seen, there has not been a dire “drop” in productivity throughout the Pandemic, and many organizations and employees have been able to adjust with little to no overall impact.

The biggest challenge moving forward is how to effectively continue to manage employees at scale remotely while avoiding tech and connectivity burnout, and managing work/life balance, despite more flexible schedules.

Employers are exploring ways to help monitor usage and productivity for employees without overstepping privacy bounds, making such efforts appear draconian, or interfering with employee morale.

Our “New Normal” and the Future

Looking further into 2021 and beyond, it is hard to envision our society returning 100 percent to the pre-Pandemic model due to these changes. The Pandemic has showcased how organizations can be more agile and remain productive with a distributed workforce and technology stack.

As we move forward, several trends will predictably continue and become even more essential as businesses continue to evolve their working model post-Pandemic:

Vendor Consolidation – As organizations look to manage their security risk, reduce their attack profile, and generally improve efficiency and budget, reducing the number of vendors and products in use will continue to be a large part of the conversation and planning in 2021 and beyond.

AI & ML – Artificial intelligence (AI) and machine learning (ML) are becoming more mainstream and are applied to help businesses solve real-world problems at a much faster pace than ever before. This is lending itself towards more automation across many industries and verticals which will also help boost productivity.

Data Management – “Big” data management tools in the cloud are going to enable companies to more rapidly store, process, and manipulate data from multiple sources to help drive more business decisions, customer response, and overall efficiency.

Cloud / SaaS – More services will continue their evolution to a full cloud/Software as a Service (SaaS) model with perpetual subscriptions becoming the norm. Traditional IT asset ownership models will continue to face downward pressure across the board. Public cloud will largely make self-hosting for small- to mid-sized businesses impractical from a cost benefit perspective.

Security – The concept of SASE and a unification of networking and security tools to help drive overall efficiency, performance, and security for users and applications, wherever they are located, will continue throughout 2021 and beyond.

We are still adapting to the unpredictable nature of the COVID-19 Pandemic, and by some time in the future, these changes and challenges may feel miniscule. Your organization must remain resilient to face any unexpected events, whether they be public health crises, natural disasters, or any other type of loss. If your organization is having trouble adjusting to remote work or is interested in investing in expert-level solutions, contact Coretelligent. We are happy to help you navigate during the remainder of the Pandemic as well as post-Pandemic. Until then, remain positive, perform a regular evaluation of your organization’s IT vendors, security posture and cloud strategy to ensure you are meeting the needs of the business, your workforce, and your customers, and above all, stay safe.

To download our infographic predicting the future of work environments post-Pandemic, fill out the short form here.

If your organization does not currently use tools that implement collaboration and content sharing, you may be missing out on imperative enhancements for business processes. Two of these tools are Egnyte and SharePoint. Both platforms have their own leading features and qualities, but as you are reviewing what is best for your organization, you may want to consider:

• How will either platform integrate with our current systems and operations?
• Which platform seems to have larger strengths for our industry?
• What will appear to be the most user-friendly for our team?

Egnyte and SharePoint are considered to be two of the most distinguished cloud and content management solutions available on the market. This blog stacks each against each other comparatively to highlight their strengths, weaknesses, and their overall benefits to your organization’s structure.

Egnyte – Trustworthy, Secure, Compliant

Egnyte is a content management and file sharing cloud platform trusted to secure files, online and offline. Your organization can access company files via access points including secure web, desktop, tablet, and mobile applications or within third-party services like Slack, Salesforce, Gmail, and Microsoft Teams. Egnyte offers a “work from anywhere on any device” approach while ensuring security and compliance are top priorities.

SharePoint – Transformative, Scalable, Collaborative

Powered by Microsoft, SharePoint is a web-based, cloud content management and collaborative platform. There are many ways within SharePoint your organization can transform business processes by communicating as a team and integrating seamlessly with other existing, operating Microsoft 365 programs. SharePoint allows your organization to create a personalized, connected Intranet where your team can share files, data, and resources.

Strengths and Weaknesses

Because SharePoint is powered by Microsoft, all other programs will easily integrate. On the other hand, even though Egnyte also can be integrated with Microsoft products, it would act as a third-party integration, which is not as seamless as integrating two products built by the same company.

With the Microsoft 365 suite, your organization may already have SharePoint even if you are not actively using the platform. If this is the case, ensure there is enough base storage for your organization’s data. Requiring additional TBs of storage can become expensive, and SharePoint’s costs are higher.

Egnyte has anomaly detection and will alert your organization about insider threat risks proactively. With automated ransomware protection, your data will remain secure and protected against incoming threats. SharePoint also has major security features like access control based on user permission levels, two-factor or multi-factor authentication, data backup, and anti-malware protection.

For more information regarding Egnyte and SharePoint for your organization, download our guide here.

The Coretelligent Recommendation

Before your organization invests in any new technology, system, or content management and collaboration platform, Coretelligent recommends comparing all features, benefits, and costs. Your organization’s security should be the first thing assessed. If you have questions about which platform may be best for your organization, Coretelligent can offer supportive advice to help your team work more efficiently. Contact us today to learn more.

With the new year off to a busy start, it is important for organizations to stay focused on management and testing of their backup and disaster recovery (BDR) solutions. Natural or manmade disasters can strike at any point, and while we continue to navigate the unexpected impact of the Covid-19 Pandemic, BDR planning can keep your business prepared for anything.

Coretelligent’s CoreBDR solution, powered by Veeam, is leveraged by many of our clients to handle a wide variety of backup challenges, including workstation backups, server backups, offsite replication, disaster recovery failover, and more.

As we look forward for 2021, there are several common customer requirements that can be solved by a robust BDR solution, including the following:

• Zero tolerance policies for downtime and data loss
• Safeguarding backup data from ransomware
• Meeting compliance and retention goals
• Recovery despite storage and staff constraints
• Protecting company data while remote
• Keeping costs within budget

We frequently hear from customers that they are focusing on these areas for their overall BDR policy for 2021 and beyond, especially with remote and WFH workflows expected to continue for a good part of this year:

• Infrastructure Protection: Customers are interested in dedicating their backup solutions to protect their existing onsite or private cloud hosted resources.
• Off-site Backup & Disaster Recovery: Another thought our customers have had is the process of replicating backup data away from their primary site(s) and creating a clear, thorough disaster recovery strategy.
• Public Cloud Protection: With more services and applications moving to Microsoft Azure, Amazon Web Service (AWS), or Google Cloud Platform (GCP), many organizations require additional levels of protection for these cloud-based resources as part of their overall business continuity and BDR planning.

With these challenges and areas of focus, Coretelligent is striving to ensure the CoreBDR service and platform is equipped to help our customers solve their challenges and achieve their BDR goals.

---

New Release: Veeam Backup & Recovery v11

On February 24, 2021, Veeam is poised to release v11 of their Backup & Replication product, and this new version brings many key enhancements and features we will be including within our CoreBDR solution offering.

Continuous Data Protection

With v11, Veeam has added a real-time replication feature, Continuous Data Protection (CDP) that enables a more rapid replication and failover workflow, with drastically reduced recovery time objective (RTO) and recovery point objective (RPO) times compared to regular Veeam backup replication jobs. This enables Coretelligent to again provide more options for customers for mission-critical workloads without relying on third party CDP solutions such as Zerto or VMware SRM.

Archive Tier (Cloud)

This new feature grants the ability to tier archived data out to public cloud storage for cheaper long-term archive storage. Offering AWS Glacier and Azure Archive storage support, this builds off existing support for AWS S3 and Azure Blob storage for primary backup storage targeting.

Security Enhancements

Veeam has introduced additional storage and repository configurations to better protect against service providers being targeted by ransomware and/or malware attacks. This ensures that customer data is always protected and available even if the primary production resources fall victim to ransomware.

Mac Support

With the v11 release, Veeam has released a dedicated backup agent for macOS. This will enable Coretelligent to offer a truly unified backup experience for all endpoints and platforms, eliminating the need for secondary backup vendors or products for Mac workstations.

These are merely a few of the highlights that the new Veeam v11 release brings to the table and that Coretelligent is excited to introduce to our customers later in 2021.

Please stay tuned for further updates as we work to upgrade to this new version and bring these new enhancements to the CoreBDR service. Read more about the v11 release here.

Coretelligent’s CoreBDR offers Managed Protection and Recovery

The Coretelligent solution CoreBDR is a fully managed, cloud-based data protection and disaster recovery solution. Your organization’s most important data will be safe and sound with our solution powered by the enterprise-level Veeam platform. CoreBDR completes fast and efficient, cloud-based backups and data encryption to protect at the source. It is essential for your small- to mid-sized business to invest in BDR solutions to be prepared for anything inevitable.

Our expert team has over a decade of experience providing solutions to financial services, life sciences, and other industries. Schedule your complimentary, initial consultation today to discuss CoreBDR and how it can impact your business operations.

On January 28, 2021, Coretelligent sponsored and attended BioNJ’s Cybersecurity Briefing. The topics of discussion included security challenges and internal and external cyber threats facing life sciences organizations. Cybercrimes are at a high across all industries, and it is an important time for organizations to invest in comprehensive solutions.

Coretelligent’s Chief Technology Officer Chris Messer said, “Today’s security landscape requires even more communication and collaboration than ever before… As recent headlines have shown us, organizations of all sizes may suffer from security blind spots, and a good proactive security posture requires continuous evaluation, education, and refinement.” Cyber risks can target organizations from a wide range of sources. According to this briefing presented by employees from the FBI and DHS, the biotechnology industry has witnessed an increase in recent cyber threats.

When it comes to cybersecurity, Messer said there is no effective “set it and forget it” solution. To remain protected, organizations must have frequent and open communication and collaboration with trustworthy vendors and partners. “In [Coretelligent’s] opinion, a comprehensive cybersecurity strategy requires strong fundamentals. As we’ve seen from current events, there are many common examples where the blocking and tackling of IT operations and cybersecurity policies has been lost or misaligned and has potentially led to some of these breaches,” said Messer.

“The role of protecting an organization frankly starts with individual employees,” Messer said. There is human risk in cybersecurity which could be behind potential cyberattacks, and it can be addressed with proper awareness training, testing, simulations, and more. The briefing highlighted the importance of learning how to prevent threats from inside sources before they are brought to the surface.

Before the discussion with other cybersecurity experts ended, the BioNJ team presented a Q&A session moderated by Messer. Questions asked referenced current events, like the Solar Winds data breach, as well as how to remain protected against potential incoming cyberattacks. For more information about the Solar Winds breach, read here. Threats can come from any direction, so experts recommended listeners to always stay in the know about cyber news. Confidential data and intellectual property should always be stored in protected, monitored locations, and encryption should be used where available. Access control policies, outreach, and an improved security posture also make a huge difference.

We were honored to attend and learn from cybersecurity experts in the biopharmaceutical sector. The Coretelligent Team attends events to expand knowledge, network with other experts in the industry, and keep up to date with new trends and discoveries.

If your life sciences organization is hoping to increase its cybersecurity posture in 2021, consider Coretelligent’s CoreArmor solution. Our cybersecurity solutions provide 24/7 intrusion detection monitoring, behavioral analysis, asset discovery and management, best-in-class phishing testing, and comprehensive cybersecurity training. Download our white paper to learn more.

As many of you may have read, this past December, there was a major hack targeting the SolarWinds Orion software suite. It was estimated that about 18,000 out of their 300,000 customers were impacted. Many of the customers targeted were U.S. government agencies and large Fortune 500 customers.

The following SolarWinds Orion versions 2019.4 HF5 and 2020.2HF1 were identified as impacted or susceptible to compromise. Newer versions of the platform were not affected and were designed to protect against major hacks like this incident. SolarWinds has strongly suggested all users update to the latest release if they have not.

We want to ensure you that Coretelligent’s data and systems were not impacted and have addressed your following concerns.

For more details about the SolarWinds Orion event, you may reference their security advisory here.

Frequently Asked Questions

To address any client concerns, below are some frequently asked questions we have prepared regarding the SolarWinds cyberattack. We strive to remain transparent when any major outage or hack happens, and our support staff is available to answer any questions you may have.

Q: How was Coretelligent impacted by this security event? Has our organization and/or our personal data experienced any risk?

A: Coretelligent was not impacted by this security event. None of our networks, systems, nor vendors were included in this event, and we have continued to monitor the situation and provide updates to our client base. Your organization and/or personal data remains safe and secure.

Q: Has Coretelligent, at any time, run a compromised version of SolarWinds Orion platform? (This includes versions 2019.4HF5 through 2020.2HF1.)

A: No, Coretelligent does not, and has never, run the SolarWinds Orion platform in our environment.

Q: Have you run a recent security audit of the platforms you utilize using public tools? Did recent audits indicate compromised data?

A: As of January 6, 2021, both the CrowdStrike CRT and the Cybersecurity and Infrastructure Security Agency (CISA) Sparrow tools have been run against the Coretelligent environment. No indicators were found with either tool.

Coretelligent also employs continuous security monitoring for all internal systems and platforms to detect any potential security or anomalous events.

Q: Are we at risk of a cyberattack or attacks from Microsoft and/or the government as part of this event?

A: Based on available information, Coretelligent does not believe there are or have been any specific active threats or risks to customer environments. Neither Coretelligent nor any customer environments were identified to be accessed or compromised as a part of this specific incident. We are continuing to monitor the situation and will communicate additional information as it is received. Microsoft has also released statements saying they have found zero indications customer data was accessed by actors responsible for the SolarWinds cyberattack.

Clients that have concerns regarding their Azure or Microsoft 365 environments can contact our security team to perform additional scans and analysis as needed. Both DHS/CISA and CrowdStrike have free tools designed to detect unusual and potentially malicious activity that could be threatening users and applications in an Azure/Microsoft 365 environment.

We will continue to provide updates as they are received, but we hope you understand Coretelligent was not impacted by the SolarWinds Orion platform cyberattack. If you have any additional questions, we are happy to address them. Our security and support teams are available to help. You can reach us here.