It’s the end of day 2 of Microsoft Ignite 2019 in Orlando and we’ve been back at the conference centre for an action-packed day of sessions on all things Microsoft.
The day kicked off with a session on Windows Terminal, a new UI combining PowerShell and command prompt amongst access to other shells. Windows Terminal is designed to bring a customisable UI which has always been lacking from PowerShell and command prompt but also brings tabs and pre-defined profiles. Profiles were a big talking point as they are json defined and can be distributed amongst multiple devices or users to allow a team to work from the same configuration set.
Next up was a session on cloud backup and disaster recovery which addressed common mistakes on the approach that people are taking now that workloads are in cloud and hybrid environments. One of the biggest misconceptions that has been mentioned at numerous software conferences recently is that although the data is in a cloud environment it remains your responsibility. This means if there is a loss of data at the cloud provider or a data breach via the cloud provider it is yourself and not the cloud provider that is ultimately responsible and the one that may be hit with fines from the ICO. The image below represents the responsibilities that the client keeps even in a cloud environment and is not unique to Microsoft solutions but applicable to most cloud providers.
Another common issue when it comes to backup and DR is the ever-growing complexity due to multi-cloud and hybrid environments resulting in data potentially becoming fragmented in different places rather than the traditional file share approach where all your data was held in a single silo. This means it’s more important to have a full backup and DR strategy to ensure that all your data silos are covered and protected.
Furthermore, a full backup and DR strategy will implement disaster recovery testing procedures and frequencies to ensure that when you need to recover your data it’s possible. It’s reported in a survey by Cohesity that 5% of companies don’t have a DR plan at all, 25% have never tested their DR plan and 34% experienced outages due to problems with the DR plans. These statistics also lead on to the fact that primarily we design for performing backups rather than recovery when really, it’s the recovery aspect that is the important part that we should be taking aim at instead. It’s more important that we can recover data quickly and effectively than perform backups quickly however designing for recovery often also has a direct impact on the backup effectiveness as well but the same can’t always be said the other way around.
Moving on to the final notable session for today was the discussion of zero trust and how it is the go-to approach for making systems more secure in the modern world of I.T. and cloud. Many people have not heard of zero trust until recently but the concept has been around in some form for a while originally based on de-perimterisation.
Zero trust is a mindset above anything else treating every access attempt as if it were from an untrusted network or user and seeking to verify each access attempt in real-time. This starts with an approach which assumes pervasive risk where everything is considered open to the internet and at risk until proven otherwise.
There are 3 key principles of zero trust which are to verify each access attempt explicitly, use least privileged access and to assume breach. What these mean are that each time something is accessed we should seek to verify that attempt is valid and that we should use more than one source of verify that access attempt is valid. Least privileged access then means on a successful access attempt those credentials only have access to what they need to do. Lastly assume breach is the assumption that at some point there is going to be a breach or that the attempt could be a breach and containment of that access attempt is key to prevention of wider security issues.
In summary it’s been another information packed day and lots of key points to be discussed further particularly around data ownership and responsibility. We’ll be back at the Orange County Convention Center tomorrow for day 3 of Microsoft Ignite 2019 so be sure to check back!
By Matt Parkinson on November 6th, 2019