A recent article by Web Hosting Industry Review (http://www.whir.com) reports that security and compliance top the list of concerns for U.S. healthcare providers looking to adopt cloud computing platforms.
Click here to read “HIPAA Compliance and Security Top Cloud Adoption Concerns for U.S. Healthcare Providers”
There are many telling statistics in the article. First, a whopping 80 percent of healthcare organizations are already using the cloud in some aspect as part of their operations model. Of those who have not yet adopted cloud, two-thirds aim to move applications and resources to cloud systems in the future.
It’s clear the benefits of cloud platforms have become apparent to healthcare providers. What remains elusive is an assurance and confidence that such systems will meet the high levels of regulatory compliance the healthcare industry faces.
At Xand, we specialize in designing customized cloud systems from the ground up. Our xCloud platform provides highly-secure Private and Hybrid cloud solutions. Our xCloud clients are some of the top healthcare providers in the country, including the largest health insurer in Rhode Island and several hospitals, universities, and other providers. When it comes to vital information such as patient data, a commodity approach does not fit the bill. Security and compliance with unique regulations such as HIPAA require a customized approach and concierge services.
Watch our Webinar “Secure Your Cloud from Cyber Attacks”
If you’re a healthcare provider looking for more flexibility and security for your mission-critical applications and resources, contact us today. At Xand, we know that one size does not fit all, especially in healthcare.
By Christian Lappin, Xand Sales Engineer
Posted July 17, 2014
Cloud, cloud, cloud. It’s in the news everywhere.
Here at Xand, we deal in deploying practical cloud solutions that meet the needs of businesses, hospitals, universities and financial firms. Talk about mission-critical infrastructure—our clients simply can’t be mired in bureaucracy or placed in rigid frameworks and be successful in meeting their goals. Increasingly the solution to mission-critical infrastructure lies in the Hybrid Cloud, a blend of cloud platforms and services custom tailored to meet specific performance, security, and regulatory benchmarks.
If you’re a CTO or Director of IT looking to transition your infrastructure to a more elastic and scalable model, chances are you’ve bumped into Hybrid Cloud in the marketplace. You’ve scouted the benefits (reduction in capital expenditures, higher degrees of flexibility) but questions may still remain. Here’s a guide to what I see as the top five criteria when putting together your Hybrid Cloud solution plan:
Security always needs to be at the top of the list. When it comes to protecting the data of your customers, users and internal workforce, Cloud is not the problem, it’s the solution.
A few years ago, security was the boogeyman in the Cloud world. As more businesses and technology decision makers began to see the compelling benefits of cloud platforms, security solutions have quickly adapted. Using technology like VPN, NAT, DDoS Mitigation and Attack Detection, cloud systems provisioned with security in mind offer robust data protection for you and your end users. Furthermore, Cloud platforms can be customized to meet industry specific regulations and compliance, including PCI DSS, HIPAA, GLBA, SOX and more.
Security can’t be an afterthought or a last minute add-on. Be sure to address your unique security concerns at the onset of designing your Hybrid Cloud. It will save numerous headaches (and possibly a few jobs!) down the road.
2. High Availability
What good is your nimble, fast and scalable cloud if you can’t access it? No good at all. Availability goes hand-and-hand with security as a chief concern when standing up your Hybrid Cloud.
When migrating core production applications and resources to a new Cloud environment, it’s vitally important that underlying infrastructure is up to the task of supporting these mission-critical systems. Be sure to ask fully investigate power, cooling, and other key operational components to make sure your Cloud is backed by the redundancies you need to stay in business.
Server rooms in the basement likely won’t cut it as a logistical home for your cloud. Seek colocation partners and verify they hold SSAE-16/SOCII certifications and are located safely away from floodplains and urban threat zones. Also consider the capital investment required to back your cloud with in-house generators, power feeds and distribution systems, let alone the staff needed to maintain such equipment. Do you have the available resources to be in the infrastructure business?
If the answer is no, seek a colocation partner with expertise in hosting private and hybrid cloud architecture. Ask to see their generators, their power systems, and other key components.
Massive Public Cloud vendors such as Amazon and Microsoft offer a lot of seemingly quick solutions to complex problems. However, there is a “lock-in” factor to be aware of. With critical systems on the line, it’s important to make sure all options are available at all times. There’s nothing worse in technology than the dreaded vendor lock down, and it’s no different with Hybrid Cloud.
The key word is Hybrid. The ability to mix and match platforms and services to deliver a solution that works efficiently is what Hybrid Cloud adoption is all about. By signing with rigid providers with one-size-fits-all approaches, the benefits of the Hybrid Cloud greatly diminish. Make sure your Hybrid Cloud is created in such a way that it can be put to work for you dynamically, today and tomorrow.
4. Carrier Neutrality
Yes, the network still matters. Data circuits form the connective highways that bring users and the Hybrid Cloud together. Clear access paths and multiple points of entry will significantly improve access and end-user experience when utilizing the applications and resources hosted on your Hybrid Cloud. All roads lead to the Cloud, and the network is the roadway.
Housing your cloud infrastructure in a carrier neutral environment ensures that you’ll have plenty of roads open to reach your vital systems. Carrier neutral facilities also provide exponentially more options for cross-connecting hosted infrastructure with multi-site offices, branch locations, and even other data centers.
5. Managed Services
So you’ve followed items 1 – 4 and have architected a Hybrid Cloud system that meets your security needs, is housed in a highly-available environment, provides flexible technology options, and is able to connect to multiple high-speed networks. What’s missing? A Managed Services plan.
Often overlooked, services are a key element in making sure your Hybrid Cloud is running at optimal performance. If a blade chasis fails at 3 a.m., who has your back? Do you have staff on-call 24x7? If a disk burns out, can you be available to replace it in an acceptable amount of time? If hackers are trying to breach your security and grab data, are you monitoring and checking logs?
Make the Cloud Work for You
Hybrid Cloud provides incredible benefits for those responsible for managing enterprise IT systems. By addressing the key concerns of security, availability, flexibility, carrier neutrality, and managed services requirements, you can be sure to set your Hybrid Cloud on the rails of success.
As always, if you have any questions about Hybrid Cloud solutions, please contact the Xand team. We’re happy to help demystify any concerns around making cloud computing work for your organization.
As Big Data Gets Bigger, the Complexity of Managing Even ‘Simple’ IaaS Platforms Grows
By Denoid Tucker, Xand Senior Vice President of Technology
Posted July 8, 2014
As I meet with executives and technology decision makers across the country, I’ve found a growing trend rising among them. Many have been sold on large cloud platforms such as Amazon Web Services (AWS) as a one-size-fits-all panacea for their entire infrastructure backbone. What most didn’t anticipate and are now facing are the complexities and limits apparent in such platforms.
AWS is fantastic at what it does. Want to spin up a server? Mission accomplished with a few clicks of a mouse. However, as one moves beyond the tactical to strategic infrastructure design and implementation, managing AWS can become just as complex and time consuming as managing in-house hardware and data center equipment. Whether physical or virtual, the question remains the same—do you have the available resources to dedicate solely to managing infrastructure? If you’re a busy service provider or application developer, chances are the answer is a resounding “no.”
Whether with AWS, an in-house private cloud, or a hybrid combination of platforms, the reality is that modern IT infrastructure still requires management, oversight and investment. The online portals and slick presentations wrapped around platforms like AWS make it seem like managing cloud infrastructure is as easy as logging into Gmail. Anyone who has dealt with being responsible for data security, application performance and resource uptime knows that dealing with truly mission-critical infrastructure is a much more demanding challenge. As Big Data balloons the footprint of infrastructure, the challenge of strong infrastructure management follows suit.
It’s also important to note that AWS and large public clouds quite often are not flexible enough to accommodate an organization’s total infrastructure footprint. For example, say Company X has 10 racks of servers and storage in colocation. Using AWS, they’re able to virtualize 80% of the infrastructure. However, Company X also has a couple stacks of IBM gear running a legacy application that cannot simply or easily be recreated in AWS. What happens with that critical infrastructure component? There’s likely someone on staff who “owns” the management of it. Will that person now also be tasked with making sure the legacy system works seamlessly with the new (and untested) AWS platform? What happens when AWS updates APIs or rolls out a new update? Will it still play nicely with the legacy app? Who is going to keep the entire infrastructure working in concert? How secure is the connection between the two? The questions go on and on.
This is where a truly flexible and responsive Managed Services Provider comes into play. There’s a new market taking shape calling for holistic, comprehensive cloud management. Saying “we’re with Amazon” no longer means all IaaS concerns are magically solved or so wonderfully automated that resources are not needed to manage it. On the contrary, as the Big Data push puts increased pressure on IaaS systems and the risk of security breaches lingers overhead, having a trusted partner to bringing all elements of the cloud together is needed more than ever.
Cloud computing has opened up a new world of flexible, software-defined solutions for IT infrastructure. The goal now is not to harness the benefits of virtualization, but to control and manage it efficiently. Infrastructure should power your business, not the other way around.
By Yatish Mishra, Xand President and CEO
Posted July 1, 2014
Change is inevitable, and nowhere is that more apparent than in the Infrastructure as a Service (IaaS) industry. The advent of virtualized solutions, cloud computing platforms and new efficiencies in converged data center systems are ushering in a new era for the world of IT infrastructure. Old models of huge CapEx spends for stacks of equipment and rigid operational frameworks are falling by the wayside. What’s taking their place is a blend of hybrid solutions and highly-nuanced managed services.
What do these changes mean? Well, for CIOs, CTOs and fellow CEOs I speak with, it means a dizzying array of new options and opportunities to reassess their organization’s infrastructure and strategically chart a course for the future. For CFOs it means a reduction of CapEx costs, but also increased OpEx investments. For nearly everyone I meet with, the seismic change in the infrastructure industry translates into increased performance, higher availability and more flexibility when tackling mission-critical IT systems.
The challenge lies in coordinating these fantastic new technologies to work together in concert. That’s where truly robust managed services come into play, helping business leaders make their technology infrastructure work for them and not the other way around. Ready or not, the service-driven future is here.
Key Drivers Changing the IaaS Market
- Big Data – Big Data represents the explosive growth in humanity’s digital footprint. When I started in this industry 25 years ago, we measured “large data sets” in megabytes. Today, we deal in gigabytes and terabytes, with a future of exabytes – billions of gigabytes -- and beyond rapidly approaching. Every mobile phone, tablet, laptop, remote PC and smart appliance is contributing to this massive growth. What this means for infrastructure is that data sets are no longer manageable at an ad-hoc, hands-on level. Businesses need proven storage solutions that scale.
- Cloud – Cloud computing allow CIOs, CTOs, and CFOs to move away from costly models that rely on large CapEx investments in dedicated hardware and leverage the converged power of hosted resources. Cloud platforms offer more flexibility, higher levels of performance, and a far more efficient use of available resources than we’ve ever seen before. There’s been a lot of hype surrounding Cloud in recent years, but the reality is any business leader who ignores its possibilities will be losing out on many key advantages and runs the risk of being left behind.
- Managed Services – The key element tying all these new technologies together is Managed Services. It’s no longer enough for IaaS providers like Xand to simply sell space or a cursory level of services. The market is clamoring for comprehensive, concierge-like services that can deliver full solutions to the challenges of security, availability, scalability and performance.
The shift from commodity data center space and hands-off infrastructure providers to consultative managed services partners is happening extremely fast. At Xand, we’re witnessing this change firsthand. Our company has grown tremendously over the last several years, and while we’re extremely proud of our data center facilities and traditional colocation expertise, the largest component of our growth by far is coming from demand for services.
Managed Services are no longer secondary add-ons or nice options to have, but rather an indispensable piece in solving the complex IT infrastructure challenges faced by businesses. Increasingly and rapidly, our customers require a hybrid blend of cloud, colocation, multi-regional production and managed services to meet their regulatory mandates and accomplish mission-critical IT infrastructure goals.
I’ve led technology companies for over 25 years. In that time, change has been the only reliable constant. Those who seize the future and willingly adopt new approaches to meet their goals always fare better than those who stubbornly cling to old models. It’s that spirit of innovation that fuels what we’re doing at Xand as we work to embrace the service-driven future. Change is here, and we’re excited to see what’s next.
By Christian Lappin, Xand Sales Engineer
Posted June 23, 2014
This is an exciting time for infrastructure technology solutions. With the advent of Cloud computing and the enormous benefits of virtualization, IT decision makers have better options than ever before for solving complex infrastructure challenges. However, many are confused by the options or unaware of how virtualization and Cloud platforms can work together. Let’s take a look at some of the options.
First, it’s important to understand that there are multiple iterations of Cloud computing that serve different purposes.
- SaaS – Software as a Service. In a word, SaaS means applications. This includes CRM, Email, virtual desktop, communication tools, games, and other hosted software.
- PaaS – Platform as a Service. Execution runtime, databases, web servers, development tools, and more.
- IaaS – Infrastructure as a Service. Virtual machines, servers, storage, load balancers, network, security appliances, firewalls, and more.
Knowing what you’re aiming to accomplish with Cloud computing resources before scoping out your project is hugely important. Keep in mind that you will likely require a hybrid blend of SaaS, PaaS, and IaaS solutions to meet all of your IT objectives. This is often a major challenge in that large providers will force you to shoehorn your requirement into a single point solution, when what you really need is flexibility and a customized plan that integrates all solutions to meet your specific needs.
Building a Solution with the Cloud
Another important item to be aware of is that not all virtualization infrastructure offers a full suite of services, such as Disaster Recovery functions or the ability for integrated solutions within the direct offering. While Cloud computing platforms offer flexibility and a range of options, there is not “one size fits all” solution for each objective. Fully leveraging the power of the Cloud and virtualization requires combining the pieces into a cohesive architecture, with each component working in concert.
Let’s use a Disaster Recovery / Business Continuity plan as an example. First, let’s divide the project needs into logical layers:
Virtual Layer – The Cloud you will utilize to accomplish the compute, storage, and networking needs of your hosted applications and resources. This may be done via the Public Cloud (Amazon), a Multi-Tenant Cloud through a service provider or your own Private Cloud.
Physical Layer – This layer addresses where your company’s Cloud will physically reside—an Internal Data Center or an External Data Center (Colocation). It’s important to address the scale on physical architecture needed not just today, but also into the future. Can you host in-house or do you require a colocation partner?
Recovery Layer – The Virtual and Physical layers will backup and restore your systems, but where will you recover to? The Recovery Layer identifies the Hot Site (for Restoration / Replication), Resource Subscription demands and workstation requirements for your staff.
Here’s where the Cloud and virtualization come together. Using virtual Disaster Recovery frameworks, such a VMware virtual machines utilizing Site Recovery Manager (SRM), you’re already ahead of the game by having access to a proven, flexible and responsive virtualized environment. Now it’s time to extend that ROI through to your infrastructure. With Infrastructure as a Service options on the table, you can address the costs of building your own cloud vs. buying space in a provider’s cloud, eliminating large capital spends. You can also address resiliency questions—can you build a highly-resilient data center in-house to host your Cloud, or is the better option to go to an outside provider? Multi-site capabilities also enter the picture. With the right colocation partner, your data can live distributed across multiple physical locations, giving you that much more added resiliency.
Love Your Cloud!
Using the tools of virtualization and Cloud computing, today’s IT decision makers are now in a position to not only solve some very complex challenges surrounding mission-critical applications, resources and infrastructure, but also love the solutions you create. Virtualization platforms and Cloud computing allow you to not just adopt the Cloud, but to love it. We’re finally at a point where true integration of infrastructure, applications and platforms are allowing CIOs, CTOs, and Directors of IT to focus on their strengths and seamlessly deliver services to their user bases. With Cloud and Virtualization, it’s a love story for the ages.
By Chris Moren, Xand Client Services Manager
Posted June 12 2014
So, the contracts have been signed and now it’s time to plan the move to a new data center environment. While moving is never easy, here are a few things that through years of experience working with clients I've learned should be considered as indispensable parts of your moving project plan:
- Labeling and Documentation. I cannot stress how important it is for you to label and document everything. And I mean EVERYTHING. Labeling and documentation should be done before any equipment is disconnected and removed from the existing space. Every cable should have a label on it at each end with a “FROM / TO”. This way when re-racking and restoring your environment, you’ll know where every connection belongs on every device
- External Network Connections / VPN Links at the New Data Center. It is imperative that you thoroughly test end to end connectivity on all your new external circuits (to include any internet VPN tunnels) providing connectivity from the new data center to the outside world before you make the move. That testing should be done well in advance and built into your relocation project plan. If for whatever reason the telecommunications providers have not confirmed your circuits are turned up, and you haven’t tested them, your move should be rescheduled. You MUST make sure you can communicate with the rest of the world before you make the move. I’ve seen clients who didn’t, and their move suffered as a result.
- Movers. How much equipment are you moving? Are you planning on moving it yourself? Have you chosen a reputable moving company? By reputable I mean a company that specializes in the relocation of sensitive IT equipment. While hiring a moving company isn’t cheap, consider that they are insured for any damage to your equipment that may result as part of the relocation. “Things happen”. If you put your equipment in a privately owned vehicle to transport it from the old to new location, does your insurance cover any loss that may incur as a result of an accident? Does the vehicle owner’s insurance cover that cost? Chances are, the answer is “NO”. A reputable IT relocation company will come in, tag, label, un-rack, pack, move and re-rack and re-cable your equipment. It’s one less thing you need to worry about, and, if by chance something happens along the way, you’ll have the peace of mind that they are insured and will take care of it. Xand has several relationships with outside moving companies. I am happy to connect you with them at any time.
- Hardware Support. Have you notified your hardware vendors that your equipment is moving? You’ll also need to check with them as several of them will only continue the support contracts if they’re moved by them (or a mover of their choice). At a minimum, every hardware support vendor needs to be notified in advance of the move so they can provide you with instructions on re-certifying their warranty and support coverage when the equipment reaches its new destination
- We’re here to help. The Client Services team here at Xand is here to help make the transition as easy as possible for our new customers. Regardless of your provider, you should expect the same. Don’t hesitate to reach out to a Client Services representative at any time with questions or concerns. If your provider doesn't deliver assistance when moving it, it may be a bad sign for dealing with issues down the road. As we all know, IT is a constantly evolving space and having partners who stand with you is crucial for successful infrastructure management.
Serving as an Xand Client Services Manager for over a decade, Chris Moren has nearly 30 years of experience managing and administering projects of all sizes, from supervising administrative office operations aboard a US Navy Frigate to managing the deployment of a 9,000 sq. ft. data center. Chris is based in Pennsylvania's Lehigh Valley.
Thinking about relocating your IT infrastructure to a new colocation facility? Click below to schedule a tour of one of Xand's six data centers. We're happy to show you around and help find the right fit for your business.
It was a busy week for Team Xand as we attended events across the East Coast, including the SIM Greater Hartford CIO Forum and the Virtualization Technology User Group (VTUG) Spring Ahead expo in New Hampshire. We met hundreds of IT decision makers from companies of all sizes, and here's what we heard.
Disaster Recovery at the forefront
Over a year after Hurricane Sandy, Disaster Recovery is still a hot topic in the IT decision maker community with no signs of cooling down. Those charged with the responsibility of maintaining uptime for mission-critical applications and resources are increasingly seeking fully-managed Disaster Recovery solutions that are testable and actually work. The story we are hearing is that for too long organizations have gotten by with a binder on a shelf serving as their recovery plan. Today, with the surge in data usage, cloud platforms and a distributed workforce, system downtime in the event of a disaster is no longer tolerable.
The CIOs and Directors of IT we spoke with are looking for the following:
- Comprehensive disaster recovery plans
- Fully managed options
- Greater levels of geographic diversity
- Multi-site cloud capabilities
- Testable runbooks
- Flexible resources
Security solutions still paramount
In addition to DR, security solutions remain a chief concern of IT managers. With data breaches and Distributed Denial of Service (DDoS) attacks increasing in frequency and verocity, comprehensive security solutions remain elusive for many.
Top security concerns from the business leaders we talked to:
- Data protection - Keeping increasing amounts of user data safe and secure.
- Compliance - Ensuring infrastructure meets industry regulation requirements.
- DDoS - Increase in web-based tools and resources has led many to seek comprehensive protection against DDoS and other web service impacting attacks.
- BYOD / BYOC - Fighting the rising tide of unmanaged personal devices and personal cloud usage in the workplace.
- Security partners - CIOs and other decision makers are searching for true partners to aid in solving complex infrastructure security issues.
Additionally, the future of desktop imaging deploying (Desktops-as-a-Service) was another frequent topic of discussion heard from several parties.
What IT infrastructure challenges is your organization facing? Let us know in the comments section below.
Happy Earth Day!
Now that spring is finally breaking in North America, we hope you get a chance to enjoy the environment today. Here at Xand, the communities we operate in mean a lot to us. Providing the high-availability cloud and data center infrastructure needed by hospitals, universities, and businesses to carry out their missions can consume a lot of power. That's why we're proud of our Green Data Center Initiative, a program designed to maximize electrical efficiency across all six of our facilities:
Read Xand's Grean Data Center Initiative
Xand is committed to designing our data centers to be as eco-friendly as possible. Incorporating newer, more efficient data center technologies, we are an industry leader in eco-friendly cooling and power optimization.
With better control of ambient humidity, lighting, cooling, and other power draws, Xand engineers work daily to make our data centers as efficient as possible. Simple tactics like deploying blanking panels in empty server racks and optimizing heat flow yield great eco-conscious results. At Xand, you might say every day is Earth Day.
If you're interested in touring one of our green data centers, please click the link below. We'd love to show you around and discuss how our operational efficiency can help benefit your organization.
By Paul Mazzucco, Xand Chief Security Officer
Posted April 9 2014
You’ve likely seen or heard about it in the news: a critical vulnerability in the OpenSSL cryptographic library has been exposed. This vulnerability, known as the "Heartbleed Bug," allows anyone on the Internet to read the memory of systems protected by vulnerable versions of the OpenSSL software.
This issue should be considered extremely critical due to its impact, long exposure, ease of exploitation, the absence of application logs indicating an exploit attempt, and the widespread availability of exploit code.
The flaw resides in the OpenSSL implementation of the TLS/DTLS (Transport Layer Security) protocols' heartbeat extension (RFC6520) due to a missing bounds check. This vulnerability reveals 64KB of memory per request to a connected client or server. An attacker can keep reconnecting or can keep requesting an arbitrary number of 64KB chunks of memory content during an active TLS connection until they have achieved their objectives.
Vulnerable: OpenSSL versions 1.0.1 through 1.0.1f (inclusive) and version 1.0.2-beta
Not vulnerable: Branches 1.0.0 and 0.9.8
This vulnerability is resolved in OpenSSL version 1.0.1g. According to the OpenSSL advisory, version 1.0.2 will be fixed via 1.0.2-beta2. The CTU research team recommends upgrading immediately.
Products that use OpenSSL libraries, such as SSL termination devices, load balancers, secure web gateways, web application firewalls, and other embedded devices, may also be vulnerable. Coordination of vulnerability status and mitigation steps should be taken.
After patching the vulnerability, revoke any primary key material (e.g., X.509 certificates and private keys) used by a vulnerable TLS service, and issue and distribute new keys.
In addition, consider potential compromise of secondary key material, such as usernames and passwords exchanged with a vulnerable TLS endpoint. Reset secondary key material such as passwords and encryption keys, and invalidate and reset any exposed session keys and session cookies.
OpenSSL Security Advisory
Heartbleed Bug Vulnerability
Ubuntu Security Network (USN)
Red Hat Common Vulnerabilities and Exposures (CVE)
Xand Customer Support:
As always, the Xand Operations Center is available 24x7 to provide up-to-date status information or additional details, should you have any questions regarding this issue.
Xand staff attended the SecureWorld Boston Expo this week, joining companies such as Cisco, IBM, Radware, and McAfee. Visitors to our booth came with two specific areas of interest.
First: Security-as-a-Service (SaaS). IT decision makers are increasingly seeking outsourcing partners to assist in maintaining secure systems both in data centers and in the cloud.
It was interesting to hear the need for SaaS coming from hardware and software platform vendors, as well as security service consulting and staffing firms. The demand for reliable SaaS partners appears to be strong across the industry.
The second area of interest was cloud security. As cloud adoption by businesses and enterprise organizations continues to grow at a rapid pace, many security professionals have questions about access, compliance, and control. Multi-factor authentication techniques and VPN security were hot items on the lists of many of the pros we talked to.
Clearly security now dominates every IT-related conversation; and in a world of interconnected systems and growing compliance mandates, it’s clear that maintaining high levels of security is no longer a one person job.
What trends are you seeing in IT security? Does your organization utilize SaaS? Do you have dedicated security staff or do you use outsourcing partners? Let us know in the comments section below, we’d love to know you thoughts.