GDMS has been selected by the Ministry of Home Affairs of Laos (MOHA) under a World Bank tender to host the national e-CRVS platform.
The e-CRVS is a comprehensive national civil registration platform equipped to accurately record and evaluate key life events.
Civil registration is the footing of legal identity and rights-based service delivery. A Civil Registration and Vital Statistics (CRVS) system records the details of all major life events, such as births, deaths, marriages, and divorces.
By providing relevant records and data about these life events, e-CRVS will support the effective delivery of essential services and help assess the goals of the government’s social and economic development plan.
“This is a national priority project for Lao PDR and covers important civil registration events such as birth, death, marriages, divorce, migration, and medical certifications for the 7.2 million people living across the country’s 17 provinces, plus our capital, Vientiane.”
“The HERA eCRVS system will help propel Lao PDR into the digital age, benefitting every citizen in the country.”
Madam Kommaly Vilaphanh, Director of the Ministry of Home Affairs Lao PDR
The platform is developed by WCC Group, a leading provider of advanced solutions for government identification/security agencies.
GDMS will leverage two data centers of the Government of Laos to deploy the e-CRVS platform. GDMS’ role is to provide redundant cloud infrastructure as well as value-added services such as container orchestration (Kubernetes), object storage, backup, and disaster management solutions.
https://www.global-dms.com/wp-content/uploads/2022/10/9.11_Inline_Image_1_copy.jpg13752200Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2022-10-17 10:15:222022-10-17 10:18:02GDMS selected by the Lao government for eCRVS platform hosting
Enterprises globally are resorting to multi-cloud strategy to reap the benefits of improved flexibility, scalability, and efficiency coupled with enhanced performance and increased cost-reduction.
That said, the growth of multi-cloud environments is accompanied by newer challenges, particularly those concerning privacy regulations and jurisdiction control.
Technology comes to the rescue—the Sovereign Cloud.
What is a Sovereign Cloud?
In simple terminology, Sovereign Cloud ensures that all the enterprise data remains on sovereign soil and prevents any data from being accessed by foreign entities under any circumstances. It offers a secure and trusted environment for the storage and processing of data, ensuring it never crosses borders.
The rationale behind the architecture of sovereign cloud is to deliver security and data access that complies with the stringent industry regulations and adheres to the local jurisdiction laws on privacy, security, and control.
Importance of Data Sovereignty
Of late, there’s been a growing concern across countries on data privacy and localization. Under this, nations like the European Union implemented the General Data Protection Regulation (GDPR), while others, including Australia and New Zealand, focused on enacting data localization regulations.
These facts indicate the importance of data sovereignty across industry verticals, emphasizing the inclusion of sovereign cloud in an organization’s multi-cloud strategy.
Benefits of Sovereign Cloud
The sovereign cloud offers various cloud-native advantages to enterprises while adhering to the principles of data privacy, security, sovereignty, and other regulatory mandates.
Crucial data, including metadata, is deployed on the cloud within the nation where the data was collected.
Increased security aspects ensure adherence to specific frameworks and compliance procedures.
Only certified staff with security clearance operate on the data
Drives innovation in tandem with critical data using AI and ML technologies
Reduced dependence on non-sovereign providers opens up their availability for other less critical data management tasks
Data is subjected only to the regulations of the jurisdiction where it is collected
Role of Sovereign Cloud in a multi-cloud strategy
By incorporating and integrating sovereign cloud into their multi-cloud strategy, organizations can enhance their productivity and services while enjoying various benefits.
Let’s check it out.
The platform for Innovation
With rapid digital transformation, economies across the globe, including Australia and New Zealand, are looking for opportunities to tap the potential of Sovereign Cloud. Regulatory authorities and policymakers are shifting their focus towards judiciously investing in data spaces. That said, Sovereign cloud ensures all data storage and management takes place within the purview of the data privacy, security, and compliance regulations.
Localized services
In a limited cloud adoption scenario, sovereign cloud providers can help enterprises better to meet the data storage needs while remaining compliant with privacy standards. Besides, local cloud providers contribute to the growth of local communities and, thereby, a nation at the broader level.
All data is not the same. That implies the correct data must be deployed in the right cloud in case of a multi-cloud environment. Here, the sovereign cloud plays an integral role by enabling enterprises to innovatively manage critical data in a dynamic geopolitical landscape.
Disaster Recovery Services
Users need a robust network to experience a hassle-free 24/7 availability of digital services. If a server goes down due to a cyberattack or a natural calamity, enterprises are confronted with the risk of their sovereign data, stored in a secondary location as a backup, being compromised.
However, with Disaster Recovery-as-a-Service (DRaaS) on the sovereign cloud, organizations can rest assured that all sensitive and critical data resides on a sovereign infrastructure, securing data integrity and ensuring business continuity.
Closing thoughts
In the era of digitalization, data privacy and integrity have increased significance. With enterprises migrating to multi-cloud infrastructure and countries mandating data protection, Sovereign cloud will gain more momentum soon.
About GDMS
GDMS is a Cloud Service Provider (CSP) specialized in sovereign cloud for developing markets. We currently operate in Laos and Myanmar and ambition to expand to Cambodia and Vietnam by the end of the year.
As a fully independent CSP, we leverage our wealth of experience in multi-cloud deployments and in-country multi-site facilities to address Clients’ needs for flexibility and integration with Global Hyperscaler’s.
https://www.global-dms.com/wp-content/uploads/2022/09/EMBlog-SovereignCloud-Web.jpg10161526Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2022-09-09 15:22:522022-09-09 15:22:52Sovereign Cloud – An Integral Component of Multi-cloud Strategies
Globally, 30,000 websites are hacked daily. Every 39 seconds, there is a new attack somewhere on the web.
Trust is paramount to any business transacting online.
GDMS is supporting businesses in building trust and security across Asia. We offer a wide range of security certificates such as SSL certificates (wildcard, OV, DV…), Email Signing Certificates, and Web Security Solutions.
What SSL Certificates matter
Now that browsers display “Not Secure” warnings for webpages served over HTTP, making the decision to protect your entire website with SSL/TLS certificates is a no-brainer. What’s not so obvious is which type of certificate makes the most sense.
Without guidance, choosing the right SSL certificate can be a bit overwhelming. But, it’s way too important to be left to chance. Your online reputation and success depend on making an informed decision. Online buyers get savvier by the minute, and website security solution says a lot more about you than you think. Here are the key factors to consider when deciding which SSL certificate is right for you.
How many domains and sub-domains do you need to protect?
Single SSL certificates secure one domain name or URL. When you have multiple domains and subdomains to protect, things can get a little pricey and tough to manage. That’s where Wildcard and Multi-domain certificates come in. They save you money and simplify management.
How important is identity validation?
Trust is today’s most valuable currency online—no matter what type of website you have. All SSL certificates include encryption to protect data in transit, including usernames, passwords, and credit card information. But, you need to decide what level of identity authentication, also known as validation, is enough for your visitors to feel comfortable without a doubt that you’re a legitimate organization and not some phishing site. The more premium the SSL certificate, the more in-depth the validation, the more visible the visual trust indicators, and the more confident your visitors.
What are your goals?
If your online reputation is a key factor in your success and your goal is to maximize conversions, trust is essential. Studies show 69% of online shoppers specifically look for websites that display trust symbols. display instantly recognizable visual indicators, plus are proven to increase sales.
How much risk can you afford?
SSL certificates typically come with a warranty so, in the event of a hack or data breach that results from a flaw in the certificate, you’re covered. Warranty levels vary, with some lower-end certificates—such as DV and a few OVs—covering up to $10,000 in damages and some higher-end products offering up to $1,750,000 in coverage.
General rules of thumb
If you’re running a blog or personal non-e-commerce website, a Domain Validation (DV) SSL certificate is probably sufficient. They’re fast, have no frills, and provide basic encryption with domain-only validation.
If proving your organization is legit matters, but EV is outside your budget, an Organization Validation (OV) SSL certificate might be a good fit. It provides a bit more authentication and comes with a clickable dynamic site seal, so visitors can feel more confident it’s really you on the other end. For eCommerce sites, OV should be the absolute minimum.
If you’re a national or global brand, want to maximize confidence and conversions, and clearly show customers their security is one of your top priorities, an Extended Validation (EV) SSL certificate is the way to go. The authentication process is the most extensive, so it takes a little longer, but the payoff is it comes with the green address bar—the most universally trusted symbol across the web. It’s impossible to fake so it’s the ultimate trust builder. One Tec-ED study even showed EV is proven to increase conversions.
https://www.global-dms.com/wp-content/uploads/2022/07/business-handshake-lines-and-triangles-point-connecting-network-on-vector-id958487764.jpg7321024Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2022-07-22 09:43:432022-07-22 09:43:43How to Choose the Right SSL Certificate for your Business?
A Virtual Private Server (VPS) is a cross-functional virtual operating system that resides within the host server and effectively mimics a dedicated server environment despite being on a shared physical server. The usage of VPS hosting has increased exponentially because it is less expensive than dedicated hosting and provides better security protocol, performance, affordability, accessibility, control, data protection, flexibility, growth, customization, and reliability than shared hosting.
Tips and Tricks for securing VPS structure
To avoid cybercriminals and fraudsters to attack your data files, Virtual Private Server (VPS) can be secured in the following ways:
Disable Root Logins
Cybercriminals and fraudsters try to unlock the login credentials and gain access to the server. Disabling the password from the “root” username enhances security protocol and the cyberattackers will not be able to guess your login details. Therefore, creating another username to execute root-level instructions is recommended.
Use Strong Passwords
It is easy to guess weak login credentials that contain information related to identity. Passwords containing upper case letters, special characters, and numbers can secure your account from any cyber threat. It is also recommended to not reuse the same login passwords. Bitwarden and Lastpass are online security tools that can also be used to create strong passwords.
Configuring an Internal Firewall
Configuring an internal firewall helps the user to avoid undesirable and malicious traffic to gain access to your system and also helps to defend the distributed denial of service attacks (DDoS).
Change Default SSH Port
Switching the SSH port number can avoid hackers to connect directly to the default number (22).To change the SSH port number, you will have to open up /etc/ssh/sshd_config for appropriate settings.
Prioritize the use of SFTP instead of FTP
Cybercriminals can cause a sniffing attack to gain access to your login credentials if an outdated File Transfer Protocol (FTP) is used, even while using “FTP” over “TLS” (FTPS). To avoid cyber attacks, use “FTP” over “SSH” or (SFTP).
Install an Antivirus Software
Setting up an internal firewall is the first line of defense that can deny access to any malicious activity, but it is not a foolproof security protocol. Installation of antivirus software is needed to further enhance security. ClamAV is an open-source antivirus that is most commonly used for the detection of any malicious activity.
Connect to your VPS via VPN
Most VPS are configured simply by exposing web or app services directly to the Internet. If your VPS is only accessed by end-users within your enterprise environment, you should consider implementing a LAN to LAN VPN between your IT environment and the VPS server. Then you should implement a firewall and only allow the VPN ports. Every other service should be tunneled via the VPN service.
Avoid Anonymous FTP Uploads
It is important to edit your server’s FTP framework to disable unidentified FTP uploads. Because it can cause a huge cyber threat and make the system vulnerable to security issues.
Disable IPv6
In most cases, cybercriminals send malicious traffic through IPv6 to gain access to the system. And make the user more susceptible to hacking attacks. Upgrade the settings like NETWORKING_ IPV6=no and IPV6INIT=no.
Securing Offsite Backups
A significant data loss will occur if you keep the backup system on a similar VPS. To prevent further data loss and security breaches, it is recommended to store your backups on a remote server.
Install a rootkit Scanner
Rootkit is an important component of malware that works below other security tools and permits undetected access to a server. To fix this problem, reinstall the OS (Operating System).
Use GnuPG Encryption
It is important to encrypt transmissions to your server because cybercriminals attack data files while it is in transit over a network. Encryption can be done by using passwords, certificates, and keys. For that purpose, GnuPG, an authentication system, can be used to encrypt transmissions.
Use SSL Certificates For Everything
To ensure privacy, it is helpful to use SSL certificates that create an encrypted channel between the server and the client.
Conclusion:
Unlike VPC, Virtual Private Server (VPS) are exposed to the Internet, which means that these cloud products are exposed to a lot of cybersecurity threats that need to be defended to mitigate the chances of a security breach. It is very important to know about every perspective of security threats, especially on a self-managed VPS. Most companies running their business online have basic security plans, which are not effective enough to stop penetration attacks.
Therefore, IT admins must know how to implement the best security measures such as disabling root logins, ensuring strong passwords, configuring a firewall, using SFTP instead of FTP, changing the default SSH listening port, using antivirus software, using VPN for your VPS, disabling IPv6, avoid uploading anonymous FTP, securing offsite backups, updating the system on regular basis and by using Spam filters.
GDMS Infrastructure as a Service offerings (IaaS) solutions allow our customers to control their own data infrastructure without having to physically manage it on-site. Find out more about our VPC and VPS Services.
https://www.global-dms.com/wp-content/uploads/2022/07/Picture1.jpg416624Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2022-07-13 10:11:502022-07-25 11:57:53Tips and tactics for securing a VPS Server
With the pandemic hitting South East Asia, companies had to go through a brutal transformation of their organization to accommodate employees working from remote locations sometimes with unexpected notices.
To prevent the spread of COVID-19, Governments in Myanmar and Laos have enforced lockdowns with such short notice that some companies see their business disrupted because they were not prepared to shift to work from home.
Even if the era of lockdowns seems to be a thing of the past, it could happen for employees to catch COVID-19 and need to isolate themselves. To ensure business continuity, it is crucial for every company to ensure employees can work seamlessly from home.
Customer Care and Tech Support, one of the top challenges of the pandemic
Working from home can be pretty easy for those that do not work in a customer-facing position. What is really needed is a good Internet broadband, a VPN to access the enterprise network, and shared drives.
The biggest challenge lies in departments that need to deal with customers on a daily basis. How do you ensure that inbound customer calls are routed to your customer care no matter where the team is at the moment. How do you make sure that people get the support they are entitled to when your team mostly works from home?
Some of the customer channels are easier to adapt to the new normal, such as instant messaging, emails, or chat boxes. These can easily be accessed by customer agents from home.
But a lot of customers still have the habit to pick up the phone when they bump into an issue. If the company phone number is tied to a physical line that ends in an empty office, the customer will face a very disappointing experience.
Shift your Customer Service to Voice over IP (VoIP)
What if you can dissociate the phone number from a physical location? What if a phone number can just be a virtual entry point to your customer service no matter where your agents stand?
According to Wikipedia, Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet.
Shifting to VoIP services ensure your customer call will always be picked up. How? Because a number is not tied anymore to a physical location but to an intelligent PBX -that could sit in the cloud- that will route the call to your employees no matter where they are.
By using VoIP services, your customer service can be reached from anywhere:
From the office using a traditional phone or an IP phone
From their home using their laptop with a VoIP app
On the road using their smartphone with a VoIP app
You can create policies to ensure that calls get rerouted in case the agent is not reachable. You can also create advanced IVR (Interactive voice response) to route calls to the right department.
GDMS offers VoIP services in Laos and Myanmar. We have partnered with leading telecom operators in both countries and can lease long and short numbers (also called DID or Direct Inward Dialing) to your business.
GDMS also offers Cloud PBX capabilities with advanced features such as
Auto-attendant.
Custom hold music.
Call recording.
Hold, forward, and transfer.
Three-way calling.
Simultaneous and sequential ringing.
All these features can be offered “as a service” with no investment from your end. GDMS can design, implement and operate a complete call center and VoIP solutions letting the customer focus on what matters the most: his business.
The shift to Unified Communications
Unified Communications (UC) refers to a phone system that integrates multiple communication channels within a business.
UC is the next level that helps companies consolidate their support channel into one single platform. With UC, customer service can access customer information in real-time from one interface with powerful integrations.
UC can fully integrate multiple communication channels such as Instant Messaging, Voice, SMS or Chatbox.
GDMS built strong partnerships with UC technology leaders in order to help companies in Laos and Myanmar transition their phone systems to Unified Communication.
Interested to shift your enterprise communications to Voice over IP? Contact us for a private conversation!
https://www.global-dms.com/wp-content/uploads/2022/04/asian-woman-working-call-center-with-team_8087-3586.webp418626Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2022-04-26 09:51:122022-04-26 09:52:02Shift your enterprise communications to VoIP
The public cloud, which is currently making record profits, is reaching its limits. More and more companies are considering repatriating their data as close as possible to their business center. The reasons are diverse: economic, ecological, sovereignist, or pragmatically for performance.
Yesterday, Wednesday, March 30, the French Business Club in Laos met at Metisse Restaurant. Mathieu Ploton from Global Digital Management Solutions presented how GDMS supports businesses and the Lao government in their transition to the domestic cloud.
GDMS Cloud Services Presentation for the French Business Club in Vientiane, Lao PDR
GDMS Cloud Services Presentation for the French Business Club in Vientiane, Lao PDR
Why a local cloud?
Data Privacy and Data Sovereignty
Nowadays, US and Chinese companies dominate the public cloud market. AWS, Azure, and Google Cloud represent two-thirds of the public cloud market share.
Public Cloud Provider Market Share in Q4 2021
The Clarifying Lawful Overseas Use of Data Act or CLOUD Act allows U.S. federal law enforcement to request data from U.S.-based technology companies regardless of geographical location. It means that data hosted in leading cloud companies such as AWS or Azure can by warrant be handed over to the US government. This could represent a sovereignty issue when it is related to sensitive data such as personal information.
As for Chinese companies, there are only a few cases where China compelled public cloud providers to release customer data.
Companies in Lao PDR and the government shall take this risk into consideration when selecting a location to store customer or citizen personal data. The best location will only be to host this data locally with a local company hence solely subject to the local law.
Local Cloud significantly improves user experience
There are two network parameters that impact the performance of web applications. Bandwidth and Latency. A common belief is that the former is the most impactful but it is actually not the case.
Page Load Time as Bandwidth/Latency Increase
Latency is the time for a packet to leave someone’s computer, reach the destination server and come back. When a user attempts to load a webpage, there are multiple sessions involved hence multiple back and forth between the user computer and the server.
The nearest public cloud provider from Laos is Singapore which represents a return trip of 40-50ms between the local user and the remote server. From a webpage loading perspective, it translates into 1s of load time between the time the user press enters and the time the webpage starts to load. This is quite significant, especially for users that work on business applications such as CRM or ERP which constant interaction to a remote web server.
By hosting a business application locally, the latency can be reduced from 45ms to less than 5ms. The impact on the user experience is immense and for business users, it also means a significant improvement in productivity.
Edge Computing, the future of cloud computing?
According to GlobalData, the market for edge computing in Asia Pacific (APAC) estimated to reach US$5.8bn by 2024, representing a compound annual growth rate of 21 percent over five years.
What Is Edge Computing? Edge computing is a distributed IT architecture that moves computing resources from clouds and data centers as close as possible to the originating source.
To foster the development of edge computing, it is crucial to develop in-country infrastructure. Datacenters of various sizes, fiber networks, local internet exchange. Edge computing in essence is deployed as close to the user as possible. A large data center in the city capital will not be sufficient to deploy edge computing but it is definitely a start.
Edge Computing Forecasted Value per Industry
Edge Computing enables the development of new applications: Smartgrid, Remote monitoring of assets, Predictive maintenance, In-Hospital Patient Monitoring, Traffic Management, Virtualised radio networks, and 5G, Cloud Gaming…
GDMS, an international company with a local reach
GDMS is the very first cloud service provider in Lao PDR. Our technology stack is deployed in a local data center facility in Vientiane that complies with international standards of availability and performance.
We have the ambition to deploy additional cloud availability zones in Lao PDR in the near future to enable Edge Computing Applications.
https://www.global-dms.com/wp-content/uploads/2022/03/1648694496200.jpg12001600Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2022-03-31 11:53:392022-03-31 12:07:24GDMS, a strategic player in the transition to the local cloud
Global Digital Management Solutions Laos is proud to announce that it has passed its CISA audit.
For GDMS customers and partners, information system availability is of exceptionally high importance. Passing the CISA audit demonstrates GDMS’s commitment to information system availability also to its continuous improvement of products and services.
To pass the CIA audit, GDMS went through an extensive datacenter-wide audit by CBA. The audit included demonstrating GDMS datacentre and cloud infrastructure in Laos have achieved a high level of availability and performance over the past 6 months, assessed the implications, and have implemented systemized controls to secure business continuity.
The auditor has identified zero shortcomings, which is considered an excellent result. To pass the CISA audit once again, GDMS will need to continuously improve its information system availability and performance going forward.
CISA is world-renowned as the standard of achievement for those who audit, control, monitor, and assess an organization’s information technology and business systems.
https://www.global-dms.com/wp-content/uploads/2022/01/img_e9e176da2780b429936094dfd271fb71112151-1.jpg396681Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2022-01-26 11:14:322022-02-22 17:08:23GDMS Cloud Infrastructure passed CISA audit in Laos
Choosing the right data center for your IT infrastructure is not a decision to take lightly.
The wrong choice can put your security, resiliency, availability, and services at risk. It is very important to think carefully and choose wisely your data center location so you don’t jeopardize your service availability and your business reputation.
A data center strategy is not something to take lightly and considering the effort to relocate your workload from one facility to another, it should be a long-term plan that should take into account your business growth over the years to come.
Criteria to consider when choosing a data center location
Location is one of the top criteria when choosing a datacenter facility. And it does not only mean choosing a location close to your office.
Prior to moving forward with your data center location, consider the following :
What are your data center objectives?
What do you expect from a datacenter facility? How will it help your company launch new services, reduce risk, improve availability while cutting down on costs? You need the datacenter to be a playground where you feel at ease to innovate. The facility shall not be a constraint to your growth.
For instance, if today you require 2 racks 3 KVA each, you should ask yourself what will be your requirements in 1 year, 3 years or 5 years? With hyper-converged infrastructure (HCI), high-density racks are a must and you should be able to increase the power at ease. It would be also interesting to ask the datacenter facility what the current capacity is and how fast you can extend your colocation area to additional racks.
What is your data center’s role?
One of the top things to define is whether this datacenter facility will be used for your test, UAT, prepod, or production? You also need to consider disaster recovery. If this datacenter is meant to host production, where will be the disaster recovery site? Is this datacenter the primary or secondary site?
Upon the definition of this role, you should consider carefully the datacenter connectivity to the outside world. a good datacenter facility shall be carrier-neutral and host multiple carriers.
Ideally, this datacenter shall accept and welcome third-party telecom providers selected by the customer.
For instance, if your office and branches telecom connectivity is provided by Unitel, ask yourself if the said datacenter is also connected to Unitel. Having all your sites on the same network will help reduce latency, improve performance and possibly keep the costs to the minimum.
if this datacenter facility is used for testing purposes, you also should consider site access as a very important factor. Testing means building and putting down the environment constantly. Depending on your architecture, you may need to send technicians onsite to do so. How easy is it to access the facility? How long do you need to ask in advance to grant permission? Can you access the facility at night or during the weekends?
Do you have access to a staging area or a hot desk for you to work onsite? These questions are crucial before choosing your datacenter provider.
Do you need remote hand service?
Using colocation services is not as easy as the cloud. If your server freeze or crash, you need someone onsite to reboot it. Depending on the data center location, it can take some time to reach the site and perform the manual action.
Some datacenter facilities provide smart hand service. In such a case, you simply have to open a ticket with your datacenter provider and they will send someone onsite to act.
What are your restrictions?
In today’s business world, customers expect to access services day and night at lightning speed. Can your datacenter meet this requirement? What is the average latency between the datacenter facility and your customers? Can the datacenter facility offer redundant connectivity that will protect you in case of fiber failure? Does the datacenter facility have a comprehensive service level agreement (SLA)?
What is your security or risk profile?
Does the selected location meet your compliance requirements? How is the facility secured against natural disasters?
If your company hosts customer personal data, you may also check with the country regulation if it is preferred/required to host this data in the country.
GDMS has secured data center facilities in Myanmar and Laos that comply with local regulations.
Nowadays, companies are fully aware of cybersecurity threats. IT departments are responsible to ensure that company data and customer data are never compromised. But what if someone can simply walk into your office and steal documents or files from a computer? You can have the best IT security in the world, you also need a physical security plan.
It goes the same for your datacenter facility. When choosing the right colocation area, make sure the provider has 24/7 onsite security. If you schedule a data center visit, pay attention the all the details during your admission. Is someone asking for your ID when accessing the facility? Do they know you are coming today? Do they have a record of your visit explaining why you are here and what area you are allowed to access?
It is also very important to have multi-layers of access control in the datacenter itself with role-based access. Ultimately, you need to make sure that only fully qualified and selected personnel have access to your rack.
A good security practice for datacenter is also to make sure that the provider has the policy to escort the customer to their rack and that the datacenter personnel attends the visit at all times.
GDMS is your datacenter, ICT, and cloud provider of choice for your business in Myanmar and Laos.
Contact us for a private conversation about your digital transformation projects.
https://www.global-dms.com/wp-content/uploads/2022/01/datacenter4.jpg9001600Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2022-01-12 11:21:572022-02-22 17:05:36How to choose a colocation facility?
GDMS as a VMware cloud service provider leverages network, and security platform NSX to provide secure networking services to its customers.
As companies in Myanmar and Laos increasingly turn to digital transformation via the cloud, they’re relying on partners like GDMS to help them migrate their apps and workloads to the cloud without sacrificing performance and mitigating risk.
By subscription to GDMS cloud services, you get access to the complete NSX suite giving you the possibility to centrally define, implement, and manage perimeter security gateway services, such as DNS, DHCP, and NAT. NSX allows customers to control North-South traffic quickly and easily without any hardware dependencies.
“Never Trust – Always Verify”
Security is an ongoing challenge for organizations with today’s dynamic and distributed workforce, growing BYOD, and the continued expansion into the cloud. While the cloud is often safer than a company’s own data center, it is still crucial for organizations to own and control who and what is allowed access to their applications and data – no matter where they are running.
With Zero-Trust, network security is set up to assume that you have already been compromised and any traffic, even behind the firewall, is considered “untrustworthy” until it’s proven to meet the right criteria.
Inside your network perimeter or DMZ, smaller segments of the network are protected by their 4 own tiny perimeters (called a “micro perimeter”).
This allows a security administrator to add an extra layer of security around the company’s most important data, assets, applications, and services.
To access any individual segment in a Zero-Trust architecture, users must pass strict identity and device verification procedures. A “least-privilege” model is recommended, which limits access to only needed resources.
The first step in implementing a Zero-Trust network is to secure individual parts of the network using micro-segmentation. Micro-segmentation should be adopted in addition to network perimeter security controls. When you have both perimeter controls, as well as micro-segmentation, not only is traffic inspected and controlled as it enters your network (North-South), it’s also inspected as it moves laterally (East-West) between VMs and systems.
GDMS provides critical software-defined networking firewall capabilities for both perimeter,
or edge firewalls, as well as services for micro-segmentation, also known as distributed firewalls.
By offering these services at the software layer—decoupled from hardware—they are:
VMware Edge Gateway (ESG)
The ESG gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple ESG virtual appliances in a data center.
GDMS offers a number of professional services to help you design and deploy your edge firewall. We can help with setting up least-privilege rules and other gateway configurations to support your Zero-Trust security goals.
Edge Gateways come in 4 sizes: Compact, Large, Quad-Large and X-Large.
Micro-segmentation, also known as distributed firewalling (DFW), is an approach to defining network and security policies that allow organizations to segment and control workloads based on application profiles.
Distributed Firewalling is available with our cloud offering through either a self-service portal or as a managed service.
Features:
Virtual firewalls embedded in the hypervisor
No VM can circumvent the firewall (egress and ingress packets are always processed)
Policies are attached to the VM for secure mobility
Avoids routing traffic to the edge (and back) for inspection
Enhanced context-aware protection for applications
As networks become virtualized and micro-segmentation becomes a strategic advantage for security teams, data inherently becomes segmented into buckets to allow teams greater visibility and control over information on the network. Segmentation can be used to separate day-to-day business data from sensitive or proprietary data.
From there, security and risk teams can place the proper security and access controls on sensitive data segments using micro-segmentation.
Enable network security controls
Network admins can more quickly identify and adjust privileges for certain data
types through micro-segmentation, enabling:
Users to work with network data faster and more efficiently
Increased agility and quick response to changing security needs
Easier compliance with regulations
Least-privilege enforcement
Achieve better data visibility and protection
If organizations understand where data exists, and which users are supposed to
have access to it, then:
Data and services can be better monitored
Data flows more quickly through an organization to the appropriate users
Overall data security and agility improve
Stop lateral spread of threats
Network segmentation automatically interweaves connections and services to
create micro-perimeters around specific sets of data and information. This:
Inhibits the spread of threats
Accelerates identification and response to threats
Minimizes impact of an attack
Layer 4 Protection
By default, our distributed firewalls offer protection up through layer 4 of the OSI
network stack, enabling:
Users to work with network data faster and more efficiently
Increased agility and quick response to changing security needs
Easier compliance with regulations
Least-privilege enforcement
Layer 7 Protection
Application context-aware If organizations understand where data exists, and which users are supposed to
have access to it, then:
Data and services can be better secured and monitored
Overall data security and agility improve
Professional Services
GDMS offers professional and managed services to help you design, deploy, and manage your distributed firewalls.
Assess on-premises networks, applications, and dependencies
Design and deploy stretched networks for hybrid cloud/multi-cloud environments
Define and implement firewall policies
Migrate existing workloads/applications
Transform security and networking to enable improved business agility and outcomes
Advanced Insights
GDMS offers additional advanced insights into traffic patterns to determine where you
can benefit the most from a context-aware firewall. This helps you to lower operational expenses
while focusing on these advanced capabilities where they’re needed most. This is available self-service or as a managed service.
https://www.global-dms.com/wp-content/uploads/2021/10/Capture2.png482933Mathieuhttps://www.global-dms.com/wp-content/uploads/2020/04/logo-GDMS.pngMathieu2021-10-07 11:44:132021-10-07 11:56:59Secure your cloud with GDMS Network and Security Platform
VMware vCloud Suite is an enterprise-grade cloud infrastructure and management solution that combines the industry-leading VMware vSphere compute virtualization platform and the VMware vRealize Suite multi-cloud management solution, delivering the modern infrastructure automation and operations capabilities you need to deliver traditional and modern infrastructure and apps.
VMware Cloud Foundation supports both traditional enterprise and modern apps and provides a complete set of highly secure software-defined services for compute, storage, network, security, Kubernetes and cloud management Increase enterprise agility and flexibility with consistent infrastructure and operations across private and public clouds.
Please join in to learn More about : managing a private cloud with vRealize Suite and VMware Cloud Foundations capabilities.
.png "GDMS Webinar: Essential Cloud Management Platform 22")
