banner-why-daymark.jpg

Information Technology Navigator

Tips, Advice & Insights from Technology Pros

Azure FinOps Workshop: Fundamentals to Manage Cloud Costs

In today’s cloud-driven world, controlling cloud costs without sacrificing performance is a key challenge. Microsoft Azure FinOps (Financial Operations) is a framework that brings a strategic approach to managing cloud expenditures, transforming it from a guessing game into a structured process. For businesses utilizing Azure, learning FinOps fundamentals can unlock new cost-saving opportunities and enhance collaboration across finance, IT, and business teams.

Daymark Solutions’ comprehensive Azure FinOps workshop offers hands-on labs, expert-led discussions, and interactive exercises designed to teach critical cost management skills. Participants dive into rightsizing Azure resources, managing orphaned resources, and leveraging Azure’s unique cost-saving options like Azure Hybrid Benefit, Reserved Instances, and Azure Savings Plans. Each session balances theory with practical exercises to build a solid foundation for financial governance within Azure environments.

Read More
Tue, Nov 12, 2024
Share:   

CMMC 2.13 is Here - Explore the 2025 Timeline

On October 15, 2024, the final rule for the Cybersecurity Maturity Model Certification (CMMC) program was officially published. This rule, codified as 32 CFR, becomes effective on December 16, 2024. The CMMC journey began in 2019 with DFARS Case 2019-D041, and after four years of development, the rule is now finalized. Let’s take a look at the history of the CMMC timeline, what's to come, and how organizations can prepare for what is next.

CMMC Rulemaking Timeline

The rulemaking process illustrated in the graphic below shows a high-level workflow from the Government Accountability Office (GAO).

Figure 1: GAO Federal Rulemaking

Read More
Tue, Nov 05, 2024
Share:   

Design Your Disaster Recovery Strategy with Microsoft Azure

Imagine a sudden system failure that disrupts your entire operation—how quickly can your business bounce back? With data as one of your most valuable assets, having a robust Disaster Recovery (DR) plan is critical to minimizing downtime and financial loss. However, as technology and cyber threats evolve, many DR strategies fall short of current best practices.
 
Our Azure Disaster Recovery Workshop is designed to teach your team the essentials of modern DR planning on Microsoft Azure. This hands-on workshop starts with foundational concepts like Recovery Time Objective (RTO) and Recovery Point Objective (RPO), guiding you on how to prioritize workloads based on business needs. Workshop highlights include:
Read More
Thu, Oct 31, 2024
Share:   

Modernize Identities with Microsoft Entra ID

One of the most common cyberattack vectors is compromised credentials. Malicious actors with access to AI technologies have increased the sophistication and effectiveness of their attacks. The rise in phishing attacks and malicious actors gaining access to AI technologies has resulted in sharp increases in credential theft. In addition to credential theft, token theft or hijacking is also on the rise. Staying one step ahead of the bad guys is a constant battle for organizations of every size.

Why is This Critical Now? The Deadline is Looming.

In March 2023, Microsoft announced the deprecation of managing authentication methods in the legacy multifactor authentication and self-service password reset (SSPR) policies. Beginning September 30, 2025, authentication methods can't be managed in these legacy MFA and SSPR policies.

Enter Microsoft Entra ID!

Entra ID (formerly Azure Active Directory) is a cloud identity and access management solution that safeguards your identities and network access. It allows organizations to adopt a Zero Trust security approach by verifying identities, validating access conditions, checking permissions, encrypting communication channels, and monitoring for breaches.

Getting Started with Entra ID

Read More
Tue, Sep 03, 2024
Share:   

Portworx: A Kubernetes Gold Standard

Pure Storage Portworx has established itself as the gold standard for cloud-native Kubernetes data storage, offering scalable persistent storage, multi-cloud data mobility and zero RPO data protection and disaster recovery. At Daymark, we have been impressed with Portworx and view it as being in a class of its own when compared to other suppliers of storage for Kubernetes-orchestrated container apps. Once you transition from development to production with Kubernetes, persistent storage and enterprise data services become critical components of your Kubernetes environment.

A recent report by research house GigaOm concurs, recognizing Portworx as an “Outperformer” — the only product with that designation in the report. The GigaOm Radar for Kubernetes Data Storage Report reviewed nine vendors in the Kubernetes data storage space, down from twenty-two vendors in 2021.

Read More
Wed, Jul 24, 2024
Share:   

Navigating FedRAMP Compliance and Cloud Complexity for the Defense Industrial Base

Companies performing work in the Defense Industrial Base (DIB) often contemplate whether they should use a cloud service provider for their business, then wonder which version of the cloud service they should consider. The rules and regulations passed down to the DIB from the Federal Government are quite confusing when it comes to trying to figure out what their requirements are. In this article, we will try to clear some of that up!

Read More
Mon, Jul 15, 2024
Share:   

What Government Subcontractors Should Know About DFARS Flowdowns

Protecting sensitive and classified information when working for the Federal Government requires constant vigilance. When the government issues a contract, it must specify to the performing contractor when covered defense information (CDI) or controlled unclassified information (CDI) will be generated under the contract. Many prime contractors “flowdown” every FAR and DFARS clause to subcontractors and vendors without considering if that subcontractor or vendor will be processing, storing, or transmitting CDI. Anticipating where CDI may reside once awarded a contract can be a challenge. Here is guidance on ways CDI can flowdown to subcontractors and the defense industrial base (DIB), and steps those organizations should take before signing an agreement.

An Introduction to DFARS

Read More
Thu, Apr 25, 2024
Share:   

Why DMARC is So Important

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders to improve and monitor the domain’s protection from fraudulent email.

DMARC is designed to fit into an organization’s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the “non-aligned” messages. Because cyber security continues to be a top priority for businesses, DMARC adoption is on the rise for several good reasons.

Top 3 Reasons to Implement DMARC

Read More
Mon, Apr 08, 2024
Share:   

How Much Will CMMC 2.0 Compliance Really Cost?

Many companies are currently evaluating how they might fund initiatives necessary to move their businesses towards compliance with the Cybersecurity Maturity Model Certification (CMMC). There are a few ways to fund these initiatives, but many key items have the potential to impact the amount of funding needed to prepare your organization for certification. So, where do you start to appropriately scope the project, and how do you know how much it will actually cost?

Whether your company plans to meet the CMMC objectives or to stop doing business with the Federal Government, keep in mind that cybersecurity is an important part of maintaining your business health and ensuring resiliency in the future. When businesses suffer a cyberattack and cannot afford the cost to recover, they often go bankrupt. In addition to the new federal regulations being pushed out by the Defense Federal Acquisition Regulations (DFARS), many states have laws requiring levels of protection for different types of information. Other federal governments have also enacted cybersecurity protection measures for their citizens (such as GDPR). Not doing so can also leave you open to lawsuits in the event of a breach or incident.

5 Phases for Cybersecurity Compliance

Read More
Tue, Mar 12, 2024
Share:   

Copilot for Microsoft 365…Are You Ready?

Over the past few months, Microsoft has slowly rolled out Copilot for Microsoft 365 through their many channels, making it available to all customers. As I mentioned in my last blog, "Copilot for Microsoft 365 – What You Need to Know," there are still some prerequisites for purchasing, including a minimum term of 1 year, however, the minimum purchase quantity of 300, which was a limiting factor for most, has been eliminated. This major shift by Microsoft resulted in a sharp increase in activity with most organizations being very interested in the promise of the significant productivity gains touted by Microsoft.

However, those same organizations tend to fall into one of two camps:

  • First are those that are fast-tracking a pilot or internal testing.
  • Second are those that are concerned about data privacy and protection and will not allow Copilot, or any other AI, to be used in their organization.
Read More
Wed, Feb 28, 2024
Share: