key-management-policy-

Understanding Key Management Policy – Part 2

In the first part of this two-part series on Key Management, we saw how an increasing number of organizations are encrypting their sensitive data to mitigate cybersecurity risks. As covered earlier, with cybercriminals getting more sophisticated, merely encrypting data is not sufficient.

With data encryption, the risk is transferred from the data to the encryption keys and to ensure optimal data protection, organizations should make sure that their encryption keys are efficiently managed and safeguarded at each stage of their lifecycle.

In this part, we will cover the various benefits of centralizing your key management and guide you on how to adopt key management for your organization.

Centralized Key Management

When it comes to securely storing the encryption keys, three pertinent questions should be addressed:

1. Where are the keys stored – in third-party applications, in the cloud (private, public or hybrid?), in a heterogeneous environment that supports multiple databases?

2. Are the keys protected with strong access management mechanisms that prevent unauthorised access?

3. Is your approach to key security compliant with the statutory mandates of the regulatory bodies?

As more and more data gets encrypted, the dependence on encryption keys increases and safeguarding all the keys (throughout their entire lifecycle) becomes challenging. The task becomes more daunting in an environment where organizations use diverse vendor systems that generate their own keys.

Further, as encryption keys undergo a lot of changes throughout their lifecycle – like creation, key versioning, distribution, rotation, storage, archival, backup, and ultimately destruction, managing the keys at each juncture of their lifecycle becomes critical.

This is where centralized key management comes handy. With the inherent ability to safely store and manage all the encryption keys centrally in a secure and efficient manner, organizations can uniformly view, control, and administer the encryption keys for all their sensitive data – whether it resides in the cloud, in storage, in databases, or virtually anywhere else.

Leading Key Management Solutions (KMSs) can seamlessly manage keys across heterogeneous encryption platforms and offer extensive support for the Key Management Interoperability Protocol (KMIP) standard, as well as for proprietary interfaces, managing a disparate set of encryption keys becomes easier.

Apart from secure storage and management, another important aspect of centralized key management is key governance. Merely storing and managing the keys is not sufficient but ensuring foolproof access management is equally important. Centralized key management enables proper key governance – even when the data and people move from department to department within the organization.

Requisites for Effective Centralized Key Management

Now that we understand why organizations should adopt centralized key management to ensure optimal data protection, let’s look at the three important requisites for centralized key management to work smoothly:

1. Key Management Server

At the heart of any good Key Management Solution is a FIPS 140-2, Level 3-certified intrusion-resistant, tamper-proof hardware server (also known as a Hardware Security Module or HSM) that plays the important role of creating, storing, retrieving, rotating, archiving and deleting the encryption keys.

This server also facilitates seamless communication with all other applications (both internal as well as external) through native encryption using the Key Management Interoperability Protocol (KMIP).

Below are three important points that organizations should consider while selecting a key management server:

(1) Adherence to Regulatory Compliances

The server must comply with federal security requirements that mandate the destruction of all the stored encryption keys upon detection of a forced entry.

(2) Role Management

The server should have in-built role management features that provide separation of duties between various user roles with handy tools to quickly assign/delete roles. As more and more data gets encrypted leading to an increasing dependence on encryption keys, role management becomes a crucial feature for any organization.

(3) Interoperability

The server should be able to coherently interoperate with other business applications by providing access to its user interface through APIs, web services and encryption connectors.

As a best practice, organizations should:

(a) Store all encryption keys (and not just the Root of Trust Master Key) in the hardware server.

(b) Ensure that the autorotation and versioning of keys take place as per a pre-defined schedule without any downtime during the key rotation process, and

(c) Ensure that the whitelisting of the IP address happens within the secure hardware server itself.

2. Key Management Policies

As seen in our previous post, a key management policy (KMP) is a pre-defined set of rules that cover the goals, responsibilities, and overall requirements for securing and managing an organization’s encryption keys.

While a key management server can centrally manage all the encryption keys and enforce set policies, it cannot create a KMP on its own. The onus of chalking out a comprehensive KMP lies with the organization’s Cybersecurity & IT Heads, like the Chief Information Security Officer (CISO), Chief Risk Officer (CRO), etc. who are responsible for ensuring the adoption of KMPs for data protection. ‘Unambiguity’ is one of the most important pillars of a good KMP that makes sure that there are no misinterpretations whatsoever while accessing the encryption keys. For example, a KMP can unequivocally state that the employees of one business unit or department cannot access the encryption keys of another unit, or that access to the keys can be granted only through the corporate LAN.

3. Key Management Processes

Key management processes are a host of diverse processes like inputs, activities, and outputs that are pivotal to centralized key management.

These processes help users in using their organization’s KMP and can be automated or implemented manually. For example, depending on the sensitivity of the data to be accessed, the Key Management Process may instruct users to either connect through a VPN or through the corporate LAN.

3. Key Management Processes

As the global leader in enterprise key management, Gemalto’s SafeNet KeySecure is widely adopted by organizations across the globe to centralize manage their encryption keys.

Available as a hardware appliance or virtual security appliance, SafeNet KeySecure is a plug-and-play, secure centralized key management platform that can be quickly deployed in physical, virtualized infrastructure and public cloud environments.

Holistically supporting data encryption and key management of a diverse set of databases like Oracle, IBM DB2, Microsoft SQL, Mongo DB, etc., SafeNet KeySecure also seamlessly supports the generation, storage and exporting of keys in a Bring-Your-Own-Key (BYOK) environment from cloud players like Microsoft Azure, Amazon Web Services, etc.

Below is a quick snapshot of the diverse integrations ecosystem that Gemalto’s SafeNet KeySecure supports:

For organizations that have already invested in HSM devices, Gemalto offers a cost-friendly Virtual Key Management Solution – SafeNet Virtual KeySecure that centralizes all cryptographic processing and provides scalable key management at remote facilities or cloud infrastructures such as VMware or AWS Marketplace.

To Sum It Up

With rising incidents of cyber attacks and data breaches, neither front line defense mechanisms suffice, nor does mere data encryption. To safeguard sensitive data, organizations should not only secure their encryption keys from unauthorized access, but also efficiently manage them centrally through a state-of-the-art, highly scalable key management solution. Learn more about Enterprise Key Management and how it can help your organization efficiently manage your encryption keys.

key-management-policy-1

Understanding Key Management Policy – Part 1

With rising incidents of data breaches, organisations across the globe are realising that merely implementing perimeter defense systems no longer suffice to thwart cyber attacks.

While front line defense mechanisms like firewalls, anti-theft, anti-spyware, etc. definitely act as a strong deterrent against cyber attacks, they are rendered useless when a hacker gains inside entry by exploiting their vulnerabilities to bypass them.

Alarmed by a spike in data breaches, many regulations like the Payment Card Industry Data Security Standard (PCI DSS), UIDAI’s Aadhaar circulars, RBI’s Gopal Krishna Committee Report and the upcoming Personal Data Protection Bill in India now urge organisations to encrypt their customers’ personal data.

This has resulted in an increasing number of organisations adopting data encryption as their last line of defense in the eventuality of a cyber attack. Unfortunately, with cybercriminals getting smarter and more sophisticated with every passing day, merely encrypting data is no longer the proverbial silver bullet to prevent data breaches.

In this two-part blog series, we will deep dive into the concept of (encryption) key management and cover the pivotal role a well-defined Key Management Policy (KMP) plays in data protection.

Let’s first begin with the basics!

Types of Encryption (Crypto) Keys

Crypto keys can be broadly categorised in two types – ‘symmetric keys’ and ‘asymmetric keys’.

In symmetric key encryption, the cryptographic algorithm uses a single (i.e. same) key for both encryption and decryption. Contrastingly, in asymmetric key encryption, the algorithm uses two different (but related) keys for encryption and decryption. These keys are known as ‘public keys’ and ‘private keys’.

While the public key is used for data encryption, the private key is used for data decryption. Since any data encrypted with the public key cannot be decrypted without using the corresponding private key, ensuring optimal security of the private keys is crucial for foolproof data protection.

Key Management

Since crypto keys pass through multiple phases during their lifetime – like generation, registration, distribution, rotation, archival, backup, revocation and destruction, securely managing these keys at each phase is very important.

Effective key management means protecting the crypto keys from loss, corruption and unauthorised access.

Challenges to Key Management

As more and more organisations generate thousands of crypto keys today for a diverse and disparate set of encryption-dependent systems spread across multiple businesses and geographical locations, key management becomes a big challenge.

To ensure that crypto keys do not fall in the wrong hands, a common practice followed by many organisations is to store these keys separately in FIPS-certified Hardware Security Modules (HSMs) that are in-built with stringent access controls and robust audit trail mechanisms.

However, with organisations using a diverse set of HSM devices like Payment HSMs for processing financial transactions, General Purpose HSMs for common cryptographic operations, etc., key management woes intensify. Further, merely storing the keys separately in HSM devices is not sufficient, as apart from secure storage, efficient management of the crypto keys at every phase of their lifecycle is very important.

Some of the other key management challenges that organisations face include using the correct methodologies to update system certificates and keys before they expire and dealing with proprietary issues when keeping a track of crypto updates on legacy systems.

Hence, cybersecurity experts recommend that organisations centralise the management of their crypto keys, consolidate their disparate HSM systems and chalk out a comprehensive KMP that provides clear guidelines for effective key management.

Key Management Policy (KMP)

While most organisations have comprehensive Information Security and Cybersecurity policies, very few have a documented Key Management Policy.

A well-defined KMP firmly establishes a set of rules that cover the goals, responsibilities, and overall requirements for securing and managing crypto keys at an organisational level.

Designed to cohesively cover each stage of a key’s lifecycle, a robust KMP should protect the key’s:

1. Confidentiality
2. Integrity
3. Availability, and
4. Source Authentication.

The KMP should also cover all the cryptographic mechanisms and protocols that can be utilised by the organisation’s key management system.

Last, but not least, a good KMP should remain consistent and must align with the organisation’s other macro-level policies. For example, if an organisation’s information security policy mandates that electronically transmitted information should be securely stored for a period of 7-10 years, the KMP should be able to easily align to such a mandate.

To Sum It Up

Data encryption is no longer sufficient to prevent data breaches and merely storing the crypto keys separately no longer guarantees foolproof protection against sophisticated cyber attacks.

The need of the hour is to safeguard the keys at each phase of their lifecycle, manage them centrally and implement a robust KMP to ensure optimal data protection.

In the next part, we will discuss how organisations can leverage Key Management Interoperability Protocol (KMIP) to manage their encryption keys and how Gemalto’s Key Management Platform can help to streamline their key management centrally.

In the meantime, familiarize yourself with our Key Management Platform, and learn how security teams can uniformly view, control, and administer cryptographic policies and keys for all their sensitive data—whether it resides in the cloud, in storage, in databases, or virtually anywhere else.

mcafee cloud workload security

McAfee Cloud Workload Security

As corporate data centers evolve, more workloads are migrated to cloud environments every day. Most organizations have a hybrid environment with a mixture of on-premises and cloud workloads, including containers, which are constantly in flux. This introduces a security challenge as cloud environments (private and public) require new approaches and tools for protection. Organizations need central visibility of all cloud workloads with complete defense against the risk of misconfiguration, malware, and data breaches.

McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it possible for a single, automated policy to effectively secure your workloads as they transition through your virtual private, public, and multicloud environments, enabling operational excellence for your cybersecurity teams.

Modern Workload Security: Use Cases

Automated discovery

Unmanaged workload instances and Docker containers create gaps in security management and can give attackers the foothold they need to infiltrate your organization. McAfee CWS discovers elastic workload instances and Docker containers across Amazon Web Services (AWS), Microsoft Azure, OpenStack, and VMware environments. It also continuously monitors for new instances. You gain a centralized and complete view across environments and eliminate operational and security blind spots that lead to risk exposure.

Gaining insights into network traffic

By utilizing native network traffic provided from the cloud workloads, McAfee CWS is able to augment and apply intelligence from McAfee® Global Threat Intelligence (McAfee® GTI) data feeds. The enriched information is able to display properties such as risk score, geo-location, and other important network information. This information can be used to create automated remediation actions to protect workloads.

Integration into deployment frameworks

McAfee CWS creates deployment scripts to allow the automatic deployment and management of the McAfee® agent to cloud workloads. These scripts allow integration into tools such as Chef, Puppet, and other DevOps frameworks for deployment of the McAfee agent to workloads running by cloud providers, such as AWS and Microsoft Azure.

Consolidate events

McAfee CWS allows organizations to use a single interface to manage numerous countermeasure technologies for both on-premises and cloud environments. This also includes integration into additional technologies, like AWS GuardDuty, McAfee® Policy Auditor, and McAfee® Network Security Platform.

  • Administrators can leverage the continuous monitoring and unauthorized behaviors identified by AWS GuardDuty, providing yet another level of threat visibility. This integration allows McAfee CWS customers to view GuardDuty events, which include network connections, port probes, and DNS requests for EC2 instances, directly within the McAfee CWS console.
  • McAfee Policy Auditor performs agent-based checks against known or user-defined configuration audits for compliance such as Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), Center for Internet Security Benchmark (CIS Benchmark), or other industry standards. McAfee CWS reports any failed audits for instant visibility into misconfiguration for workloads in the cloud.
  • McAfee Network Security Platform is another cloud security platform that performs network inspection for traffic in hybrid as well as AWS and Microsoft Azure environments. It performs deeper packet-level inspections against network traffic, and it reports any discrepancies or alerts through McAfee CWS. This provides single-pane visibility against multicloud environments for remediation.

Enforcement of network security group policies

McAfee CWS permits users and administrators to create baseline security group policies and audit the policies that are running on the workloads against these baselines. Any deviations or changes from the baseline can create an alert in the McAfee CWS console for remediation. Administrators also can manually configure native network security groups from McAfee CWS, which enables them to directly control cloud-native security group policies.

What Sets McAfee Cloud Workload Security Apart: Key Features
and Technologies

Cloud-native build support

Using McAfee CWS, customers can consolidate management of multiple public and private clouds in a single management console, including AWS EC2, Microsoft Azure Virtual Machines, OpenStack, and VMware Vcenter. McAfee CWS can import and allow customers to run in the cloud with new cloud-native build support for Amazon Elastic Container Service for Kubernetes (Amazon EKS) and Microsoft Azure Kubernetes Service (AKS).

Simple, centralized management

A single console provides consistent security policy and centralized management in multicloud environments across servers, virtual servers, and cloud workloads. Administrators can also create multiple role-based permissions in McAfee® ePolicy Orchestrator® (McAfee ePO™) software, enabling them to define user roles more specifically and appropriately.

Network visualization with microsegmentation

Cloud-native network visualization, prioritized risk alerting, and micro-segmentation capabilities deliver awareness and control to prevent lateral attack progression within virtualized environments and from external malicious sources. Single-click shutdown or quarantine capability help alleviate the potential for configuration errors and increases the efficiency of remediation.

Superior virtualization security

McAfee CWS suite protects your private cloud virtual machines from malware using McAfee® Management for Optimized Virtual Environments AntiVirus (McAfee® MOVE AntiVirus). And it does this without straining underlying resources or requiring additional operating costs. McAfee MOVE AntiVirus allows organizations to offload security to dedicated virtual machines for optimized scanning of their virtualized environment.

Users gain anti-malware protection via McAfee® Endpoint Security for Servers. This solution can intelligently schedule resource-intensive tasks, such as on-demand scanning, to avoid impact to critical business processes.

Tag and automate workload security

Assign the right policies to all workloads automatically with the ability to import AWS and Microsoft Azure tag information into McAfee ePO software and assign policies based on those tags. Existing AWS and Microsoft
Azure tags synchronize with McAfee ePO software tags so they’re automatically managed.

Auto-remediation

The user defines McAfee ePO software policies. If McAfee CWS finds a system that is not protected by the McAfee ePO software security policies, and it is found to contain a malware or virus, this system will automatically be quarantined.

Adaptive threat protection

McAfee CWS integrates comprehensive countermeasures, including machine learning, application containment, virtual machine-optimized anti-malware, whitelisting, file integrity monitoring, and micro-segmentation that protect your workloads from threats like ransomware and targeted attacks. McAfee® Advanced Threat Protection defeats sophisticated attacks that have never been encountered before
by applying machine learning techniques to convict malicious payloads based on their code attributes and behavior.

Application control

Application whitelisting prevents both known and unknown attacks by allowing only trusted applications to run while blocking any unauthorized payloads. McAfee® Application Control provides dynamic protection based on local and global threat intelligence, as well as the ability to keep systems up to date, without disabling security features.

File integrity monitoring (FIM)

McAfee® File Integrity Monitoring continuously monitors to ensure your system files and directories have not been compromised by malware, hackers, or malicious insiders. Comprehensive audit details provide information about how files on server workloads are changing and alert you to the presence of an active attack.

What Sets McAfee Cloud Workload Security Apart: Key Features
and Technologies

McAfee CWS ensures that you maintain the highest quality of security while taking advantage of the cloud. It covers multiple protection technologies, simplifies security management, and prevents cyberthreats from impacting your business—so you can focus on growing it. Below is a feature comparison of the available package options.

mcafee five ways to rethink your endpoint protection strategy

Five Ways to Rethink Your Endpoint Protection Strategy

Device security is no longer about traditional antivirus versus next-generation endpoint protection. The truth is you need a layered and integrated defense that protects your entire digital terrain and all types of devices—traditional and nontraditional. ESG Senior Principal Analyst Jon Oltsik frames it this way: “… endpoint security should no longer be defined as antivirus software. No disrespect to tried-and-true AV, but endpoint security now spans a continuum that includes advanced prevention technologies, endpoint security controls, and advanced detection/response tools.”

In today’s survival of the fitte st landscape , he re are five ways to not just survive , but thrive:

1. More tools do not make for a better defense.

Scrambling to adapt to the evolving landscape, many security teams have resorted to bolting on the latest “best-of-breed” point solutions. While each solution may bring a new capability to the table, it’s important to look at your overall ecosystem and how these different defenses work together.

There are serious shortfalls in deploying disparate, multivendor endpoint security technologies that don’t collaborate with each other. Because point solutions have limited visibility and see only what they can see, the burden of connecting the dots falls on you. Adversaries are quick to take advantage of the windows of opportunity these manual processes create, evading defenses or slipping through the cracks unnoticed.

2. It’s not about any one type of countermeasure.

As a never-ending array of “next-generation” solutions started to emerge and flood the marketplace, you were likely told more than once that antivirus isn’t enough and what you need to do is switch to next-gen. In reality, it’s not about achieving a next-generation approach or finding the best use for antivirus. It’s really about implementing a holistic device security strategy that connects and coordinates an array of defenses. This includes signature-based defense (which eliminates 50% of the attack noise—allowing algorithmic approaches to run more aggressively with less false alarms), plus exploit protection, reputations, machine learning, ongoing behavioral analytics, and roll-back remediation to reverse the effects of ransomware and other threats.

Each device type has its own security needs and capabilities. You need to be able to augment built-in device security with the right combination of advanced protection technologies. The key to being resilient is to deliver inclusive, intelligently layered countermeasures— and antivirus is a tool that has its place in with benefits and limitations just like all countermeasures do in this unified, layered approach to device security.

3. All devices are not created equal.

Today, “endpoint” has taken on a whole new meaning. The term now encompasses traditional servers, PCs, laptops mobile devices (both BYOD and corporate- issued), cloud environments, and IoT devices like printers, scanners, point-of-sale handhelds, and even wearables.

Adversaries don’t just target one type of device—they launch organized campaigns across your entire environment to establish a foothold and then move laterally. It’s important to harness the defenses built into modern devices while extending their overall posture with advanced capabilities. Some endpoints, like Internet of Things (IoT) devices, lack built-in protection and will need a full-stack defense. Ultimately, the goal is to not duplicate anything and not leave anything exposed.

4. All you need is a single management console.

If you’ve been deploying bolted-on endpoint security technologies or several new, next-generation solutions, you may be seeing that each solution typically comes with its own management console. Learning and juggling multiple consoles can overtax your already stretched- thin security team and make them less effective, as they are unable to see your entire environment and the security posture of all your devices in one place. But it doesn’t have to be this way. Practitioners can more quickly glean the insights they need to act when they can view all the policies, alerts, and raw data from a centralized, single-pane-of-glass console.

5. Mobile devices are among the most vulnerable.

Mobile devices are an easy target for attackers and provide a doorway to corporate networks. We’re seeing more app-based attacks, targeted network-based attacks, and direct device attacks that take advantage of low-level footholds. For this reason, it’s essential to include mobile devices in your security strategy and protect them as you would any other endpoint.

 

veeam-data-protection-for-sharepoint-v2-2

NEW Veeam Backup for Microsoft Office 365 v3

Get total access, control and protection of your Office 365 data

Protecting on-premises data is a no-brainer. But why do so many organizations overlook protecting cloud data?

Microsoft provides powerful services within Office 365 – but a comprehensive backup of your Office 365 data is not one of them.

Veeam® Backup for Microsoft Office 365 eliminates the risk of losing access and control over your Office 365 data including Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams – so that your data is always protected and accessible.

Total control over your Office 365 data

Microsoft Office 365 enables your enterprise to work anywhere, anytime, without the need to host your own email, files and SharePoint infrastructure. Even though Microsoft hosts the infrastructure, this doesn’t replace your responsibility of maintaining a backup of your business-critical Office 365 data.

With Office 365, it's your data — you control it — and it is your responsibility to protect it.

Veeam Backup for Microsoft Office 365 gives you the power to securely backup Office 365 and:

  • Protect your Office 365 data from accidental deletion, security threats and retention policy gaps
  • Quickly restore individual Office 365 email, files and sites with industry-leading recovery flexibility
  • Meet legal and compliance requirements with efficient eDiscovery of Office 365 items

Backup Office 365 SharePoint, email, and files to any location

A backup, in its simplest form, is making a copy of your data and storing it independently from the source. This mitigates risks and ensures peace of mind that you’ll be able to restore when needed.

  • Retrieve Office 365 Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams data from a cloud-based instance of Office 365 and uniquely backup the data as often as every five minutes in Microsoft’s native format — an archive database based on Extensible Storage Engine (ESE), also known as the Jet Blue database
  • Backup Exchange and SharePoint on-premises reducing the impact to your datacenter and allowing YOU to set the frequency and timing of your backups
  • Store backups in the location of your choice — on-premises, in a hyperscale public cloud (i.e., Microsoft Azure or Amazon Web Services) or with a local service provider
  • Protect data posted and shared with Microsoft Teams chats, files and sites, as Teams data is journaled into Exchange Online and SharePoint Online

Restore Office 365 with industry-leading recovery flexibility

Never settle for less than reliable, granular restore of Office 365 mailboxes and emails, SharePoint sites, documents, libraries and lists, as well as OneDrive for Business accounts, files and folders, in a few simple clicks.

Built-in Veeam Explorers™ for Microsoft Exchange, SharePoint and OneDrive for Business enable:

 

  • Quick search and granular recovery of individual objects — including Microsoft Teams data — residing in a protected copy of your Office 365 backup
  • Direct restore of Office 365 items through a number of industry — leading ways, giving you ultimate restore flexibility

 

Leverage powerful eDiscovery of Office 365 data

Without an easily accessible copy of your data, retrieving Office 365 email for regulatory or compliance reasons can be costly, time consuming and a major disruption to your business.

With Veeam, you can leverage the familiar, advanced search capabilities and the flexible recovery and export options to perform eDiscovery on Office 365 mailboxes, emails, files or sites— just as easily as you would with a traditional on-premises data backup.

Meet Office 365 security and compliance requirements

Security and compliance concerns are big drivers for the need to backup Office 365 email and other Office 365 data. With an Office 365 backup, you can:

 

  • Store data based on long-term retention policies for regulatory or compliance needs
  • Ensure you recover exactly what you need — no more, no less — with granular advanced search and find functionality
  • Increase security for Office 365 backup data with multi-factor authentication

 

Efficiently scale and minimize overhead

Veeam Backup for Microsoft Office 365 delivers unmatched scalability, providing a multi-repository, multi-tenant architecture, which:

 

  • Enables protection of larger Office 365 deployments with a single installation, including automated scale-out of the repository to eliminate issues with maximum file size limits
  • Empowers service providers to deliver Office 365 backup services
  • Minimizes overhead, improves recovery time and reduces costs with comprehensive automation via PowerShell and RESTful API support for all functionality, as well as self-service restore for service providers’ customers

 

Unified on-premises and Office 365 backup

Ensuring control of Office 365 email and SharePoint data requires a solution that can cover both Office 365 and any on-premises Exchange and SharePoint instances that you may have.

Veeam Backup for Microsoft Office 365 allows you to:

 

  • Protect hybrid email and SharePoint deployments
  • Migrate mailbox data between on-premises Exchange and Office 365
  • Enable creation of consistent backups of Office 365 data to streamline eDiscovery and item-level restores
  • Perform backups of unique and localized versions of Office 365, including support for Office 365 U.S. Government (DoD and non-DoD), Office 365 Germany and Office 365 China

 

veeam-data-protection-for-sharepoint-2

Veeam Data Protection for Sharepoint

Microsoft Office 365 adoption is bigger than ever. When Veeam introduced Veeam Backup for Microsoft Office 365 in November 2016, it became an immense success and Veeam has continued building on top of that. When we released version 1.5 in 2017, we added automation and scalability improvements which became a tremendous success for service providers and larger deployments. Today, Veeam is announcing v2 which takes our solution to a completely new level by adding support for Microsoft SharePoint and Microsoft OneDrive for Business. Download it right now!

Data protection for SharePoint

By adding support for SharePoint, Veeam extends its granular restore capabilities known from the Veeam Explorer for Microsoft SharePoint into Office 365. This allows you to restore individual items – documents, calendars, libraries and lists – as well as a complete SharePoint site when needed. With the new release, Veeam can also help you back up your data if you are still in the migration process and are still using Microsoft SharePoint on premises or running in a hybrid scenario.

Data protection for OneDrive for Business

The most requested feature was support for OneDrive for Business as more and more companies are using it to share files, folders and OneNote books internally. With Veeam Explorer for Microsoft OneDrive for Business, you can granularly restore any item available in your OneDrive folder (including Microsoft OneNote notebooks). You have the option to perform an in-place restore, restore to another OneDrive user or another folder in OneDrive, export files as an original or zip file, and if you get hit by a ransomware attack and your complete OneDrive folder gets encrypted Veeam can perform a full restore as well.

Enhancements

Besides the introduction of new platform support, there are also several enhancements added.

Major ease-of-use and backup flexibility improvements with a newly redesigned job wizard for easier and more flexible selection of Exchange Online, OneDrive for Business and SharePoint Online objects. Making it easier than ever to set-up, search and maintain visibility into your Office 365 data. Granularly search, scale and perform management of backup jobs for tens-of-thousands of Office 365 users!

Restore data located in Microsoft Teams! You can protect Microsoft Teams when the underlying storage of the Teams data is within SharePoint Online, Exchange Online or OneDrive for Business. While data can be protected and restored, the Teams tabs and channels cannot. After restoring the item, it can however be reattached manually.

Compare items with Veeam Explorer for Microsoft Exchange. It is now possible to perform a comparison on items with your production mailbox to see which properties are missing and only restore those without restoring the full file.

As with the 1.5 release, everything is also available for automation by either leveraging PowerShell or the Restful API which now fully supports OneDrive for Business and SharePoint.

Another enhancement is the possibility to change the GUI color as you like. This option made its way into Veeam Backup for Microsoft Office 365 after being introduced in Veeam Backup & Replication.

Starting with version 2, Veeam Backup for Microsoft Office 365 is now able to automatically check for updates, so you can rest assured you are always up to date.

And finally, the log collection wizard has been updated as it now allows you to collect logs for support in case you run into an issue, as well as configure extended logging for all components.

Source: https://www.veeam.com/blog/onedrive-sharepoint-backup.html

SketchUp-Keyboard-shorcut

Customizing Your Keyboard and Mouse

Drawing 3D models in SketchUp requires a lot of back and forth between your keyboard and mouse. As you become a more experienced SketchUp modeler, you develop a sense of what commands and tools you use most often and what you do and don’t like about the default keyboard and mouse settings.

Tip: Keyboard shortcuts are one of the most flexible ways you can tailor SketchUp to your unique modeling quirks and desires. If you’ve ever wished you could open a specific feature with a single keystroke, get ready to fall in love with the Shortcuts preferences panel. It’ll be one of the easiest relationships you’ve ever had.

Because SketchUp relies so heavily on mouse and keystroke combinations already, the mouse customizations aren’t quite as flexible as the keyboard shortcuts. However, you can change the scroll wheel zooming and the way the mouse and Line tool interact. The following sections explain all the details.

Creating keyboard shortcuts

In SketchUp, you can assign keyboard shortcuts to the commands you use most often, so that the commands are literally at your fingertips.

For the most part, you can customize the keyboard shortcuts however you like, but here are a few guidelines to help you understand what you can and can’t do as you assign shortcuts:

    • You can’t start with a number because that would conflict with the functionality of SketchUp’s Measurements box, and you can’t use a few other reserved commands.
    • You can add modifier keys, such as the Shift key.
    • You can’t use shortcuts that your operating system has reserved. If a shortcut is unavailable, SketchUp lets you know.
    • You can reassign a keyboard shortcut that already exists in SketchUp. For example, by default, the O key is the shortcut for the Orbit tool, but you can reassign the O key to the Open command if you like.

To create your own keyboard shortcuts, follow these steps:

    1. Select Window > Preferences.
    2. In the Preferences dialog box that appears, select Shortcuts in the sidebar on the left.
    3. In the Function list box, select the command to which you want assign a keyboard shortcut. If your selection already has a keyboard shortcut assigned to it, that shortcut appears in the Assigned box.

Tip: When you type all or part of a command’s name in the Filter text box, the Function list box options are filtered to only those options that include the characters you type. For example, typing mater filters the list down to three commands related to materials, as shown in the following figure.

4. In the Add Shortcut text box, type the keyboard shortcut that you want to assign to the command and click the + button. The shortcut you type moves to the Assigned box. If the shortcut you chose is already assigned to another command, SketchUp asks whether you want to reassign the shortcut to the command you selected in Step 3.

5. Repeat Steps 3 and 4 until you’ve created all your desired shortcuts. When you’re done, click OK.

Tip: If a shortcut is getting in your way, you can remove it. Simply select the command with the offending shortcut in the Function list box. Then select its shortcut in the Assigned box and click the minus sign button. The shortcut vanishes from the Assigned box — nay, from your copy of SketchUp.

If you ever want to reset all your keyboard shortcuts to the defaults, click the Reset All button on the Shortcuts preference panel. If you want to load your keyboard shortcuts onto another copy of SketchUp, find out how to export and import preferences in Customizing Your Workspace

Inverting the scroll wheel

If you use SketchUp with a scroll wheel mouse — which makes drawing in SketchUp much easier, by the way — by default, you roll the scroll wheel up to zoom in and roll down to zoom out.

On Microsoft Windows, you can flip this behavior by following these steps:

    1. Select Window > Preferences.
    2. In the sidebar on the left, select Compatibility.
    3. In the Mouse Wheel Style area, select the Invert checkbox.
    4. Click OK and take your inverted scroll wheel for a test drive.

Remapping mouse buttons

Remapping your mouse buttons refers to customizing the way the buttons work. If you’ve used your operating system preferences to flip the right and left mouse buttons because you’re left-handed, your remapped mouse should work fine in SketchUp.

However, if you’ve used a special utility to assign commands to your mouse buttons, you may experience unpredictable behavior or lose functionality in SketchUp.

Warning: Because SketchUp makes extensive use of the mouse buttons in combination with various modifier keys (Ctrl, Alt, Shift), you can easily lose functionality by remapping the mouse buttons.

Choosing mouse-clicking preferences for the Line tool

If you want to customize how the Line tool cursor responds to your clicks, you find a few options on the Drawing preferences panel. Here’s a quick look how you can customize the Line tool’s behavior:

    • Click-Drag-Release radio button: Select this option if you want the Line tool to draw a line only if you click and hold the mouse button to define the line’s start point, drag to extend the line, and release the mouse to set the line’s end point.
    • Auto Detect radio button: When this option is selected (it’s the default), you can either click-drag-release or click-move-click as necessary.
    • Click-Move-Click radio button: Force the Line tool to draw by clicking to define the line’s start point, moving the mouse to extend the line, and clicking again to establish the line’s end point.
    • Continue Line Drawing check box: When either Auto Detect or Click-Move-Click is selected, you can choose whether to select or deselect this checkbox. (It’s selected by default.) When the checkbox is selected, the Line tool treats an end point as the start of a new line, saving you the extra click required set a new start point. If that behavior isn’t your cup of tea, deselect the checkbox. Then go enjoy a cup of tea, knowing that the Line tool now works the way you always wanted.

Download SketchUp Quick Reference Cards

SketchUp 2019
LayOut 2019
mcafee-blog1

Embedded Whitelisting Meets Demand for Cost Effective, Low-Maintenance, and Secure Solutions

McAfee® Embedded Control frees Hitachi KE Systems’ customers to focus on production, not security
Hitachi KE Systems, a subsidiary of Hitachi Industrial Equipment Systems, part of the global Hitachi Group, develops and markets network systems, computers, consumer products, and industrial equipment for a wide variety of industries. Hitachi KE meets the needs of customers who seek high quality yet cost-effective, low-maintenance systems for their operational technology (OT) environments—they don’t want to have to think about security at all.

In addition to the custom tablet and touch panel terminals and other hardware and software Hitachi KE sells, the Narashino, Japan-based company, also offers a one-stop shop for its solutions—from solution construction (hardware and software development) to operation and integration to maintenance and replacement. To provide the best solutions across this wide spectrum of offerings, the company often turns to partners to augment its technology.

“To expand our Internet of Things [IoT] solutions and operational features and functionality, we enhance our own products and systems with the latest digital and network technologies,” says Takahide Kume, an engineer in the Terminal Group at Hitachi KE. “We strive to provide the technologically optimal as well as most cost-effective solution for our customers.”

Highest Customer Concern: Production

Although the risk of a zero-day attack in their OT environments has increased dramatically as IoT has become commonplace, most of Hitachi KE’s customers do not have information security personnel on staff. For them, the only thing that counts is production. Does the technology solution enable faster, higher-quality, or more cost-effective production?

“Despite many malware-related incidents in the news, many of our customers honestly don’t care as much as they should about cybersecurity,” acknowledges Kume. “We have to educate their management that lack of security, if malware strikes, could seriously hurt production and business in general. Thankfully, making that point is becoming easier and easier with malware incidents on the rise.”

“We decided that embedded whitelisting was the best solution for reduced operating cost and high security in an OT environment… We felt McAfee offered the best long-term support and the highest quality technical support.”
—Takahide Kume, Engineer, Hitachi KE Systems

Best Solution for Minimal Overhead Yet High Security

Even before its customers began to catch on to the need for secure solutions, Hitachi KE began looking for a way to build security into its systems that have Microsoft Windows, Linux, and Google Android operating systems and often multiple versions within the customer’s environment. “Because our customers often lack security personnel, security must be extremely easy and basically run itself,” explains Kume “When a system is infected in the field, the person on the front line usually can’t do anything about it.”

“We decided that embedded whitelisting was the best solution for reduced operating cost and high security in an OT environment,” adds Kume. After examining leading whitelisting solutions, Hitachi KE chose McAfee® Embedded Control software.

“We felt McAfee offered the best long-term support and the highest quality technical support along with robust security,” he continues. “With McAfee Embedded Control installed, no one has to take care of the system in the field… Industrial systems are often set and left alone for a long time—they can be overtaken by malware without anyone realizing it. For such systems, McAfee Embedded Control is the best solution.”

McAfee Embedded Control maintains the integrity of Hitachi KE systems by only allowing authorized code to run and only authorized changes to be made. It automatically creates a dynamic whitelist of the authorized code on the system on which it resides. Once the whitelist is created and enabled, the system is locked down to the “known good” baseline, thereby blocking execution of any unauthorized applications or zero-day malware attacks.

“Almost Maintenance-Free” Solution Reduces TCO

Users of Hitachi KE Systems with McAfee Embedded Control can easily configure the machines, specifying exactly which applications and actions that will be allowed to run and who has authority to make modifications in the future. The minimal impact of the McAfee software on performance also means fewer problems to troubleshoot.

“McAfee Embedded Control is an almost maintenancefree solution,” says Kume. “It is extremely easy to update when needed and doesn’t require our customers to have a security expert on staff. Minimal maintenance lowers the total cost of ownership for our customers.”

Even if security hasn’t been their top priority, Hitachi KE customers have been very pleased with the addition of McAfee Embedded Control to their solutions. “Having McAfee security built in gives our customers and end users peace of mind that they can connect our systems to the Internet,” says Kume. “McAfee has had many success stories within the Hitachi Group, and this is just one of them.”

“Having McAfee security built in gives our customers and end users peace of mind that they can connect our systems to the Internet.”
—Takahide Kume, Engineer, Hitachi KE Systems

autodesk-blog2

Creating Japanese Mountain Shrine with 3ds Max

Manuel Fuentes, architect and aspiring games artist, breaks down his process for creating his Japanese Mountain Shrine. Turn up your audio and press play, we hope you enjoy this Zen and charming scene as much as we do.

Hi, my name is Manuel and I am an architect and aspiring games environment artist from Mexico. In the beginning I started working with 3ds Max doing mostly architectural visualization. Over the years as I got more familiar with it, I’ve used it for a variety of details such as rapid prototyping of buildings, rendering realistic architectural scenes, and more recently to creating game ready environments. The scene in this article was created as my entry for the Artstation Feudal Japan Challenge in the real time environment category.

All the architectural elements, the rocks, and the small shrubs where modelled in 3ds Max. The detail sculpting of trees and rocks was done in ZBrush, and the texturing with Substance Painter/Designer. Later, the meshes where adjusted in 3ds Max for final optimization and UV adjustments before exporting to UE4 for the final rendering of the scene.

How to build the scene

The initial blockout of the scene was done using boxes with very low subdivisions to easily adjust the proportions and properly balance the scene. After this was completed, using 3ds Max’s Modifier Stack I could easily add more complexity to the models without destroying the original geometry. This allowed me to quickly adjust general proportions as the scene grew more complex by going to the first levels of the Modifier Stack, and then back to my higher levels and continue adjusting the higher poly details.

Adding in the elements

The roof and wood details around the scene were created using a basic spline with a Sweep Modifier and then some edit Poly Modifiers to create the desired final shape. Again, this non-destructive approach allowed me to duplicate an element and reuse it somewhere else in the scene. I would simply go to the lower levels of the Modifier Stack, adjusting the spline to fit the new building, and then use edit poly to modify it and rotate it into place.

I used V-Ray to render some previews of my scene during the workflow, and before exporting the elements. All the modular terrain elements where first modeled and dimensioned in 3ds Max to make sure they fit together to shape the mountain and landscape scene. They were modelled using basic boxes with edit poly modifiers in 3ds Max, and later the detail sculpt was done in ZBrush.

Character animation

Once the scene was complete the final step was to do an animation with a ghost dragon flying around the scene. This was a first for me as I had never animated a character before, but the CAT rig was very easy to understand. After applying a skin modifier to a model I imported from ZBrush, and a basic motion animation modified using curves, I changed the default walk into something that resembled a flying motion. The model and animation were ready to export as an FBX and integrated into the scene.

sendquick-blog1

7 Tips to Help Choose an SMS Service Provider

You’ve done your legwork and have now decided to leverage the powerful benefits of using SMS technology to engage with your customers more effectively. The ubiquitous SMS (text) can help companies improve their communications flow, internally as well as with customers. It is one of the most cost effective broadcasting medium with one of the highest open-read rates.

So how does an organization choose a right SMS provider? A simple google search will give you endless options. With the plethora of options in an increasingly complex market, it is a daunting task to choose the right one. There are simply too many SMS vendors in the market offering a myriad of solutions and often they all seem to fulfill your project requirements. Apart from pricing to consider in choosing the right SMS service provider, here are the other key factors to take into consideration in making the best choice for your business.

1. Cost: Pricing is a key consideration especially for SMBs or for companies who need to reach out to thousands of customers regularly. Do confirm with the SMS vendor that the quotation provided for the SMS service needed is all explicitly reflected such as setup fee, monthly hosting fee, per SMS fee etc, and there are no hidden costs.

2. SMS API for ease of Integration: Make sure your vendor’s SMS API documents are comprehensive, uncomplicated. The API should be able to easily integrate with all your company’s existing network applications including mobile apps, open source software, CRM system, social messengers and collaboration tools. TalariaX can fully support all formats like SMTP email, SNMP Traps, Syslog and HTTP Post, all IT equipment & devices. Furthermore, sendQuick (flagship mobile messaging product of TalariaX) integrates with any existing applications to send messages via SMS, email, social messengers (WhatsApp Business, Facebook Messenger, LINE, WeChat, Viber, Telegram) and collaboration tools (Microsoft Teams, Slack, Cisco WebEx).

3. Reliable Message Delivery: Cheap pricing does not necessarily account for good delivery. A reliable SMS provider should deliver messages quickly and efficiently at competitive rates. They should have direct and strong partnerships with the local and global aggregators and telecom network providers to ensure messages are delivered with minimum delay and bounce backs.

4. Support: Is there a local account manager attending to your project requirements responsibly and proactively? If so, he or she needs to listen to your project requirements and limitations, then propose you the appropriate solutions or methodology to fulfill your requirements and allow room for scalability in the future. Furthermore, he or she needs to be able to walk-through with your team the evaluation, purchasing and post-purchase processes closely. Also, do check if they provide other means of support in addition to email, such as phone, web chat, accessibility 24/7, anything that is relevant for you.

5. Global reach: The SMS vendor’s network coverage and reach are an important factor to consider. With globalisation and evolution of e-commerce, more businesses are expanding their operations outside of their home country. It is important that the SMS provider should have global connectivity and send SMS texts to different countries across multiple mobile networks. TalariaX SMS gateways have been deployed across multiple industry verticals in over 50 countries across the globe.

6. Scalability and Testing: An important item on the checklist is scalability and testing of the system. Is there a proof-of-concept or trial account during the user acceptance testing (UAT) stage to confirm whether you can send and receive messages from your chosen mobile operators or mobile phone numbers through the SMS vendor? This will ensure minimal hiccups when initiating a campaign.

7. 2-way messaging: If you are looking for interactive responses to your SMS texts, you should ask the SMS gateway provider if they provide 2-way SMS messaging. Many companies are moving towards 2-way messaging as it allows them to interact with their consumers more closely and can be used for various job functions like job dispatch, appointment reminders, promotional messaging, security alerts, notifications, etc. sendQuick can send and receive 2-way alerts from IP addressable infrastructure, third-party applications from users across the enterprise.