Hi, I am Viraj Maheshwari!

Director at Virdhara International

Hello Friends in this blog post I am going to share my experience of optimizing technology infrastructure for Start Ups

Any business idea is vital for success of start ups and technology is the key ingredient to transform business idea into reality and help start ups to achieve their desired goals but cost and optimization of Technology Infrastructure is a major factor for achieving success

So today let me tell you some strategies and best practices which I have implemented for my Start Up clients and helped them to achieve cost and performance optimization by providing maximum ROI

a) Go for Cloud : 

Recently cloud computing has shifted paradigm from desktop computing to anywhere access and global collaboration. You can choose from various cloud service providers for office collaboration tools like Google Apps, Microsoft Office 365 etc, for software development infrastructure like Google Cloud, Microsoft Azure, Amazon AWS etc. They all reduce your dependence on physical infrastructure costs and maintenance and enable you to focus on your core business.

  • Following cloud strategies can be adopted depending on your business goals and planned technology investment

    1) Public
    • Public clouds are made available to the general public by a service provider who hosts the cloud infrastructure. Generally, public cloud providers like Amazon AWS, Microsoft and Google own and operate the infrastructure and offer access over the Internet. With this model, customers have no visibility or control over where the infrastructure is located. It is important to note that all customers on public clouds share the same infrastructure pool with limited configuration, security protections and availability variances.
    • Public Cloud customers benefit from economies of scale, because infrastructure costs are spread across all users, allowing each individual client to operate on a low-cost, “pay-as-you-go” model. Another advantage of public cloud infrastructures is that they are typically larger in scale than an in-house enterprise cloud, which provides clients with seamless, on-demand scalability. These clouds offer the greatest level of efficiency in shared resources; however, they are also more vulnerable than private clouds.
    • A public cloud is the obvious choice when:
      • Your standardized workload for applications is used by lots of people, such as e-mail.
      • You need to test and develop application code.
      • You need incremental capacity (the ability to add compute resources for peak times).
      • You’re doing collaboration projects.

    2) Private

    • Private cloud is cloud infrastructure dedicated to a particular organization. Private clouds allow businesses to host applications in the cloud, while addressing concerns regarding data security and control, which is often lacking in a public cloud environment.  It is not shared with other organizations, whether managed internally or by a third-party, and it can be hosted internally or externally.
    • There are two variations of private clouds:
    1. On-Premise Private Cloud: This type of cloud is hosted within an organization’s own facility. A businesses IT department would incur the capital and operational costs for the physical resources with this model. On-Premise Private Clouds are best used for applications that require complete control and configurability of the infrastructure and security.
    2. Externally Hosted Private Cloud:  Externally hosted private clouds are also exclusively used by one organization, but are hosted by a third party specializing in cloud infrastructure. The service provider facilitates an exclusive cloud environment with full guarantee of privacy. This format is recommended for organizations that prefer not to use a public cloud infrastructure due to the risks associated with the sharing of physical resources.

    • Undertaking a private cloud project requires a significant level and degree of engagement to virtualize the business environment, and it will require the organization to reevaluate decisions about existing resources. Private clouds are more expensive but also more secure when compared to public clouds.
    • When is a Private Cloud for you?
      • You need data sovereignty but want cloud efficiencies
      • You want consistency across services
      • You have more server capacity than your organization can use
      • Your data center must become more efficient
      • You want to provide private cloud services
    3) Hybrid
    Hybrid Clouds are a composition of two or more clouds (private, community or public) that remain unique entities but are bound together offering the advantages of multiple deployment models. In a hybrid cloud, you can leverage third party cloud providers in either a full or partial manner; increasing the flexibility of computing. Augmenting a traditional private cloud with the resources of a public cloud can be used to manage any unexpected surges in workload. 
    Hybrid cloud architecture requires both on-premise resources and off-site server based cloud infrastructure. By spreading things out over a hybrid cloud, you keep each aspect of your business in the most efficient environment possible. The downside is that you have to keep track of multiple cloud security platforms and ensure that all aspects of your business can communicate with each other.
    Here are a couple of situations where a hybrid environment is best:
      • Your company wants to use a SaaS application but is concerned about security.
      • Your company offers services that are tailored for different vertical markets. You can use a public cloud to interact with the clients but keep their data secured within a private cloud.
      • You can provide public cloud to your customers while using a private cloud for internal IT.
    4) Community
    A community cloud is a is a multi-tenant cloud service model that is shared among several or organizations and that is governed, managed and secured commonly by all the participating organizations or a third party managed service provider.
    Community clouds are a hybrid form of private clouds built and operated specifically for a targeted group. These communities have similar cloud requirements and their ultimate goal is to work together to achieve their business objectives.

    The goal of community clouds is to have participating organizations realize the benefits of a public cloud with the added level of privacy, security, and policy compliance usually associated with a private cloud. Community clouds can be either on-premise or off-premise.
    Here are a couple of situations where a community cloud environment is best:
      • Government organizations within a state that need to share resoures
      • A private HIPAA compliant cloud for a group of hospitals or clinics
      • Telco community cloud for telco DR to meet specific FCC regulations
    b) Virtualize :
    Virtualization helps you to use same resource for multiple purpose. It also gives you benefits of lower maintenance costs and management efficiency. 

    Following Virtualization strategies can be implemented

    • Server Virtualization – consolidating multiple physical servers into virtual servers that run on a single physical server.
    • Application Virtualization – an application runs on another host from where it is installed in a variety of ways. It could be done by application streaming, desktop virtualization or VDI, or a VM package (like VMware ACE creates with a player). Microsoft Softgrid is an example of Application virtualization.
    • Presentation Virtualization – This is what Citrix Met frame (and the ICA protocol) as well as Microsoft Terminal Services (and RDP) are able to create. With presentation virtualization, an application actually runs on another host and all that you see on the client is the screen from where it is run.
    • Network Virtualization – with network virtualization, the network is “carved up” and can be used for multiple purposes such as running a protocol analyzer inside an Ethernet switch. Components of a virtual network could include NICs, switches, VLANs, network storage devices, virtual network containers, and network media.
    • Storage Virtualization – with storage virtualization, the disk/data storage for your data is consolidated to and managed by a virtual storage system. The servers connected to the storage system aren’t aware of where the data really is. Storage virtualization is sometimes described as “abstracting the logical storage from the physical storage.
    c) Adopt Open Source :
    Adopt Open Source software platforms enable you to scale your applications without involving license restrictions. Ope Source helps to save costs involved in software license investment

    Here are some Open Source applications which you can use in your business :

    • Odoo (Formerly Open ERP) :Odoo is a suite of open source business apps that help you grow your business. Over two million people use Odoo to grow their sales, run their operations, organize marketing activities, boost productivity and empower their human resources.
    • Wordpress for Website : Wordpress is an Open Source web development CMS. It has various themes and plugins to make your website standout and best part is you can create website without any requirement of coding provided you take interest and expand your vision
    • Linux for computing :Today, Linux powers 98% of the world’s super computers, most of the servers powering the Internet, the majority of financial trades worldwide and tens of millions of Android mobile phones and consumer devices. In short, Linux is everywhere.
    • Xen Server for Server VirtualizationXenServer is the leading open source virtualization platform, powered by the Xen hypervisor. It is used in the world's largest clouds and enterprises
    The above list is indicative, you can find various Open Source Apps and Solutions for deploying to your business environment

    Above mentioned Tips can help Start-Ups to achieve cost and operational efficiency by leveraging Technology Infrastructure 

    Please share this article in your circles and do let me know your comments and feedback below

    Tips for Optimizing Technology Infrastructure for Start Ups

    Turn out (and on) the lights
    SmartThings, an app aimed at iOS 7, connects the rooms, lights and doors of a home to the Internet. The newest version of the app, according to TechCrunch, features an improved onboard experience and gradually introduces users to areas in which the IoT can provide assistance, such as “Home and Family,” “Lights and Appliances” and “Damage and Danger.”

    The Internet of Things Power Play
    InformationWeek offered some ways in which the IoT will affect energy management. Smart meters will revolutionize the power grid, and smart appliances will introduce usage-based pricing and the capability of homeowners to sell power back into the power grid.

    The Internet of Things and Retail
    Practical eCommerce identified five ways in which the IoT will benefit retailers. It will affect inventory management, fleet management, maintenance and warranty and real-time promotions. It will also make next-generation vending machines a reality.

    Almost endless impact.
    Libelium offers a 50-item list of how sensors affect daily life. Some highlights: monitoring of streets to identify open parking spots; monitoring structural integrity of structures; creating urban noise maps; automation of traffic congestion measurements; optimization of trash collection by receptacle monitoring; air pollution measurement; smart roads that issue warnings and forest fire detection.

    Using the Internet of Things to Track…Things
    Technology Review reports on Iotera, a company that makes tracking tags that can be used to keep an eye on an almost limitless number of objects. Examples include the ability to monitor tools at construction sites, pets, kids, and workers in dangerous locales such as oil rigs. It can work without access to commercial wireless networks or Bluetooth. The batteries can last for as long as five months.

    The Internet of Things in Business
    Business Insider’s BI Intelligence offers a report on business-to-business uses of the IoT. Examples include intelligent advertising and marketing, and smart water systems.

    On the Road with the Internet of Things
    ComputerWeekly cites fitness, energy and vehicular transportation as areas in which the IoT will have tremendous impact. But the crux of the story is that security issues associated with the flow of so much information are formidable. The key is tightly controlling the application programming interfaces (APIs) that let the sides in an IoT session exchange data.

    A true idea of how deeply the IoT will affect day-to-day living can be garnered at the World Future Society. Environmental impacts will be felt in tracking atmospheric quality, trash cans, illegal logging prevention, the status of waterways and in myriad other ways. The story describes uses in other areas as arcane as monitoring hand-washing stations, clothes dryers, pill bottles and the elderly.

    It may not revolutionize how we live, but ioBridge points out that the use of the IoT to control the color of Christmas lights around the world shows the interconnectedness of people as well as the power of the IoT. This is the third year for the CheerLights project. The story says that participants can tweet a color to @CheerLights. The command is processed by ioBridge’s ThingSpeak and distributed via the CheerLights API.

    The full potential of the IoT won’t be realized if the devices can’t freely communicate with each other. For that reason, the Linux Foundation has formed The AllSeen Alliance. The alliance will build around AllJoyn, a framework developed by Qualcomm. It allows systems to discover, connect and interact with each other seamlessly. In addition to Qualcomm, founding members are Cisco, D-Link, Haier, LG Electronics, Panasonic and Sharp, according to Computerworld.

    How the Internet of Things Will Change Our Lives!!!

    Users are a company’s biggest asset and, unfortunately, often its greatest risk. Mitigating the risk posed by users is an ongoing challenge. You can limit their access through admin rights, but you can’t always prevent them from opening corrupted emails. You can force them to routinely change their passwords, but can’t prevent them from clicking malicious links.

    Chances are good that when a new employee starts at your company, you already have a process in place to train them on the systems the company uses: everything from time entry systems to using the phones to database training. Make security training part of that onboarding process, but don’t let it stop there. During orientation, teach new employees how to check if a link might be malicious, what a corrupted file might look like, how to identify a fake patch they may be asked to download, and then what to do with that information.
    Be sure they can identify many of the most common tactics attackers use to trick users into helping them, and then give them a clear path for remediation if they suspect they’ve been sent a phishing email or are being asked to download a faulty patch. Once the initial orientation is completed, continue to contact users on a regular basis about new threats. Set up a monthly email informing users about new attack methods or current phishing techniques so that they know what to look for. Add real-world context and real-time updates.

    Many users still think of cyber threats as a Nigerian prince or long-lost Russian uncle offering to give you $10,000,000 if you’ll only share your bank account information with him. While these email chains still exist, they are often caught in spam filters and are no longer the gold standard of phishing. Keep users up to date about real threats – phony links on Facebook, seemingly hilarious YouTube videos sent by friends that turn out to be malicious, and Twitter bots informing you that you’ve absolutely got to check out this scandalous picture someone posted of you on the Internet. Keep users’ idea of cyber threats in the modern day to keep your systems more secure.

    Give users a way to react to malicious materials appropriately and then follow through when contacted about it. Users frequently treat IT as a roadblock to productivity, which can be extremely detrimental to corporate security. Don’t be that roadblock, and respond helpfully and in a timely manner when contacted about these issues.

    This is not to say that you should threaten to fire your users if they don’t follow your information security policies. Rather, many users often don’t understand the potentially devastating impact of an attack – both on their organization and on themselves. The cost of a data breach can cost the company upwards of several million dollars. Stock prices can take a hit. Stolen IP can result in lost customers and lost opportunities.
    In some industries, such as health care, where confidentiality of information is crucial and regulated, lawsuits can be the direct or indirect results of a breach. Companies may even experience money stolen directly from their accounts, affecting their ability to invest in their employees. For some, a single data breach may be enough to put them out of business.
    Ensure that users understand the potential consequences by sharing data from surveys or news articles on the impact of breaches. If a user believes that it’s a realistic possibility that a malicious link can take down the company – or eliminate the need for their position – they’ll be much less likely to click that link.

    The mandate to pay attention to security can’t just come from IT. It needs to have visible support from high-ranking company executives. Top officials need to not only be talking the talk, but also walking the walk. Users need to see that security isn’t just something for them to pay attention to – it’s a company-wide issue for each and every employee. Users are bombarded constantly with messages from different departments both inside and outside their company, but if they see that high-ranking executives such as the CEO, CFO and others are placing a high value on corporate data security, they will be more likely to prioritize the message.

    Social media is a virtual treasure trove of information for an attacker. Using information posted online by users about themselves, attackers can find out information that allows them to guess security question answers – enabling them to get past customer service representatives and reset passwords. Teach users how the things they share on social media can be used to hack them “IRL” (“in real life”). You can even set up a demonstration where you attempt to “steal” a user’s ID using their easily accessible online information. They may be shocked at how easy it is, and that may be enough to galvanize them to change their behavior.

    Passwords can be a user’s biggest weakness. After all, there are so many these days; it’s hard to keep track of them all. It’s much easier to just create one password and reuse it across sites and systems. Users know that this is bad behavior, but they do it anyway out of convenience. Further education and engagement can help – perhaps add incentives around password security to motivate better behavior. The real trick is to help employees make it easy to manage their passwords and keep them secure. Suggest tools that users can use to keep track of their passwords, while still using different ones across the many websites they use.

    Remember, users are often the weakest link in the security chain. It’s important that you are vigilantly educating your users to remedy the risk that they pose to your organization’s security. But other areas of security should not be neglected in the pursuit of user education.
    Remember, attackers are people too and they will go for the path of least resistance. If you leave your machines unpatched, they’ll go that route. If you don’t have anti-malware installed, they might go down that path. And if your users are likely to click a link from a phishing email or download a fake patch, attackers will choose that method.
    An attack is often no longer a single instantaneous event, but a long process where the attacker systematically hunts down your systems’ weakness. Don’t leave the front door wide open for them, whether that means educating your users, installing antivirus or aggressively patching machines. Make sure your defense is as in-depth and persistent as the attacks threatening it.

    How to Secure Your Company's Greatest Risk: The User