Category Archives: The Job

Be Prepared For An Outage

The top question among IT professionals is always this:

How prepared are we during an outage or data loss?

The typical follow up questions would be:

  • What are the root causes?
  • How do we recover?
  • How do we prevent it from happening again?
  • What is the cost of the damage?

The Ponemon Institute study (2016) showed the most common cause of outages are UPS power failure, cyber crime, and human error. If the research is conducted now (2019), cyber crime will probably be on top – as seen from today’s headlines with many banks and corporations (including manufacturing sector) hacked and data breached. The report also indicates this, as the trend jumped from 2% in 2010 to 22% in 2016!

Ponemon Institute Research Report (2016)
Root Causes of Unplanned Outages

Preparation for inevitable disasters will certainly involve more investment in cyber security training and update outdated software and hardware. It also helps to keep things simple, and not introduce unproven technology just for the sake of being trendy, or on the “bleeding edge”.

It is easier said than done. However, it’s not impossible. Management needs to be more aware that complicated business process introduce more human errors. Introducing many systems can also expose many weaknesses when IT teams tries to connect them together, to share data. Having multiple sites outside a traditional Enterprise data center also exposes data to be breached either by external hacker, or internal leak.

Prevention is certainly the priority for many concerned IT experts. Knowing the common points of failures, additional checks and balances in data recovery services and stressing security concerns for the employees are important first steps. One can’t simply wait for the storm to come. Instead, prepare for the storm and budget accordingly.

Hype Cycle 2018 For Web Applications

By Jeremykemp at English Wikipedia, CC BY-SA 3.0

Technology changes quickly. This is especially true in web development. With companies such as Google, Facebook, Amazon, or Netflix leading the way, there will always be the “next best thing” every IT professional has to pay attention to. Depending on the size and budget, not all companies can invest in the latest trend of technology. The question always asked: “What can we invest in?” As a guideline, annually Gartner publishes their infamous Hype Cycle, that charts the popularity (or decline) of technology. For those who are on the cutting edge will try to follow anything towards the “Peak of Inflated Expectations”, where the technology is hot. However, the most interesting set are the ones sliding into the “Trough of Disillusionment”. In 2018, those web applications were:

  • Point-of-Decision HTAP
  • Cloud-Native Application Architecture
  • Reactive Programming
  • Microservices
  • Mesh App and Service Architecture
  • Public Web APIs
  • Miniservices

Enterprise has already started to invest in those declining trendy ideas.  However, in order to get to full adoption, IT Professionals have to familiarize with (and embrace) the new technology. It’ll be a difficult journey, but may be worth the investment. At this point, a great deal of material will be available since the concept has been around for a few years already. This is known as the “Slope of Enlightenment”. In order to get started, here are some suggestions on which presentation to listen to:

After listening to the presentations, one can determine the trend and make decisions on where/how to go to get Enterprise environments to the next level. It’ll take more time to get to the “Plateau of Productivity” where value can be realized by streamlining their execution for the long term production use.

Enterprise sure has plenty of work to do!

Are the Russian (Hackers) Still Coming?

The headlines in the news these days are about hackers attempting to infiltrate sites, mostly from Russia or China. The targets are many American sites, both government and private. How does IT Cybersecurity folks know if they’re coming? Going through the application logs for all attempts is a start. However, the best source of knowledge is the first line of defense: the Firewall. So it’s best to have a tool like Elasticsearch to make a readable report on the firewall logs, to figure out which ports are being probed.

It’s imperative any exposed ports are being denied on the firewall side to prevent any successful hack. In a real world example, in the past 7 days, the hackers were scanning for popular vulnerable applications such as telnet, RDP (Windows Remote Desktop), Microsoft SQL, or SMTP.

Thankfully, those ports are being blocked on the firewall. Unfortunately, this does not deter them from trying again and again. Network and system admins must put in the due diligence in controlling access and patching applications. No matter the business requirements, security must take precedence and IT Professionals must have the tools to detect, analyze, and protect.