Tehama as a (suprisingly good) desktop DR service

Simon Bramfitt

It’s not everyday you start the day writing about disaster recovery technology only to see one play out around you before the the day is out. That’s what happened on Friday when a pair of tornadoes touch down in Pythian’s home city of Ottawa leaving many homes destroyed and hundreds of thousands without power.

Even though Pythian’s head office was one of the many businesses that lost power, so far the business impact has been minimal. As a globally distributed organization with all of our key systems hosted in the cloud, Pythian is largely insulated for localized events of this nature. Our ability to support our customers remain unaffected, and while the office was closed on Monday, we didn’t need to declare a disaster.

South of the border, even though the 2018 tornado season is over, there’s worse to come. There are still a couple more months of extreme fire risk in California and its neighboring states before the rains hopefully come. While on the East Coast, the first major hurricane of the year Florence, has left severe flooding in its wake, no doubt with more to come. For US IT professionals, hurricane season is a seasonal reminder to review our DR plans and perhaps pause to consider alternative approaches. It was this pause for reflection that highlighted an unexpected opportunity —  Tehama isn't just an innovative platform for securely contracting with the contingent workforce, it's also the only DaaS platform available anywhere that actively assists you before, during, and after a disaster. If you know Tehama, DaaS, or DR and think that’s a bit of a leap, bare with me, it will all make sense.

Yesterday’s Disaster Recovery Models ...

Up until about four years ago there were few options for providing DR services for end-user computing. For many businesses, the desktop DR strategy was to transition to employee-owned devices, connected to core business systems over residential wifi networks. While this approach may be pragmatic, simple to implement, and low cost, it presents significant security concerns - insecure devices, on insecure networks, are insecure.  Something better was needed. At that time the hot EUC technology was VDI, however as a DR solution VDI only made sense if you were already using it as part of your overall desktop strategy. DaaS on the other hand offered all the benefits of VDI while bypassing both the upfront capital investment and the hard work of implementing and maintaining the underlying platform. Needless to say, that's where a lot of the smart money has ended up. But that was four years ago; times change, and there’s a problem with DaaS, and more critically with DaaS for DR that is increasingly difficult to ignore.

… Offer No Defense Against Today’s Threats

When looked at through the prism of today’s threat matrix, using DaaS for DR falls short. Conventional security models that operate on the assumption that everything on the inside of an organization’s network can be trusted, are being challenged by increasingly sophisticated attacks and insider threats. Most DaaS implementations while physically hosted in the cloud logically reside inside the enterprise network perimeter and are firmly bound to perimeter-based security models.

Solutions built to conform to yesterday’s security architecture are no defense to today’s threats. It’s time to move on, and an increasing number of businesses are looking to a Zero Trust security architecture to secure sensitive data and improve their ability to defend against today’s cyber threats.

Systems Myopia

The biggest flaw in any DR plan is that it tends to focus on systems; planning for hardware and network services, defining RTOs and RPOs, testing backing and recovery processes.  But hurricanes and other disasters don’t just impact systems, they impact people. Uprooted from their homes, they worry about loved ones, they worry if they will have a home to return to. People become tired and frustrated dealing with the disruption to their daily lives. Mistakes get made even at the best of times, distracted employees working in difficult circumstances inevitably make more mistakes. While a Zero Trust architecture can protect you from hackers and malware, it can’t protect you from human error. Tehama goes further, Tehama protects businesses when they are at their weakest - during times of disaster.

Tehama is not DaaS

Tehama is a secure service delivery platform, designed to enable enterprises to rapidly engage the contingent workforce while protecting both customer and service provider from the consequences of today’s sophisticated attacks and insider threats. Tehama takes the Zero Trust as it’s starting point, a minimum acceptable approach to security and builds from there. Tehama uses DaaS as part of its overarching security model, but you get a lot more besides.

With a Zero Trust security architecture as its first line of defense,Tehama ensures employees can access only those systems they are authorized to. But it doesn’t stop there; Tehama’s secure secrets vault protects your organization's most valuable resources, its privileged credentials using Hashicorp’s highly respected open-source Vault software. DaaS desktops are secured with obfuscated IDs and ephemeral passwords and access to Tehama itself requires multi-factor authentication. We think Tehama is secure, and we hope you agree.


Photo by American Public Power Association on Unsplash

More Posts

Subscribe Here!