Focus on your business and let professionals manage your IT systems

• Trends
• Interview

One thing is certain: cyberattacks are here to stay, so we have no choice but to be prepared and mitigate the risk. As Aimtec’s Chief Information Officer Michal Kárník explains, it’s best to adopt a comprehensive cybersecurity strategy, define an overall plan, and stick to it. We interviewed Kárník and asked which approaches he thought could guarantee that information systems would run smoothly, ideally without requiring any action from the customer. 

Michal, you’re an IT professional and you’ve worked at an established tech company for many years now. Have you got a simple rule for avoiding cyberattacks and the loss of control, reputation, and money that come with them? What preventative measures should companies take?

There is no simple rule. You’ve got to be aware of the possible risks of such an attack and adopt a comprehensive cybersecurity strategy. ISO 27001 might serve as a good guide, as it defines the areas you need to focus on. Every measure you implement in the area reduces the risk of a successful cyberattack and the impacts it could have. IT security can be viewed as individual layers, such as physical security, network security, identity management and access control, endpoint security, and data security. If I’ve got my own hardware, I must also make sure I’ve got sufficient supplier support and can get it replaced if I need to.

You said it was important to remain aware of the possible risks of an attack. What do you believe is the best approach to this?

There is no perfect solution, so we’re always working with a certain level of risk. The aim is to mitigate risk, but this involves investments and increased operational costs. At the beginning, you’ve got to evaluate each system individually and categorise them by level of importance in terms of accessibility and impact on the company’s operations. Then we can gradually improve how they are secured or look for suitable solutions. In any case, I recommend contemplating a scenario involving a potential disruption and having a disaster recovery plan in place.

How about backups? Isn’t it enough to just back up your systems on a daily basis?

Maintaining backups and setting up a good backup method is of fundamental importance. There absolutely will come a time when the company will need the backups. Designing a good backup plan isn’t easy, and critical systems need to be identified in regard to importance and impact if they’re unavailable. Subsequently, the required RPO and RTO parameters need to be defined. The RPO (Recovery Point Objective) marks the point in the past to which data can be recovered – in other words, the maximum data loss. Meanwhile, the RTO (Recovery Time Objective) is the time in which I can restore the backup. The storage centre where I back up the data and how it is secured directly impact these objectives. 

What other advantages do cloud solutions offer besides backups?

The cloud offers numerous advantages; among the most important is infrastructure elasticity, which allows me to borrow and deploy resources (servers with computing power) whenever I need them. I don’t have to wait until someone supplies me with the hardware I need. Elasticity is associated with high application availability and backups, as we discussed earlier. Major cloud providers maintain multiple mutually independent data centres, so in the event of a hardware failure, services can be restarted even on the other side of the globe. Applications can also run at several data centres at once, significantly reducing risks due to inoperative hardware or unexpected failures. Moreover, the cloud enables a high degree of automation.

Lately, I’ve increasingly come across the term ‘SaaS’. How is this service connected with the cloud, and why should I as a customer consider using it?

As an ISV (Independent Software Vendor), we develop and operate cloud applications. In doing so, we leverage all the cloud’s advantages to ensure high availability and reliability. We then offer this to clients as Software as a Service (SaaS). When a client opts for a SaaS solution, they merely ‘consume’ the service and don’t need to deal with anything else; the supplier handles everything. Very simply put, clients only need to connect to the service from their computers.

From your point of view, as an IT supplier, is there a fundamental difference in managing a customer’s on-premises system versus in the cloud?

When we’re managing a system on on-premises infrastructure, we as the supplier can resolve and influence only about 20% of all issues that arise; the remaining 80% require collaboration with the customer. This slows down the entire process. In the cloud, we can quickly and flexibly handle 80% of problems independently, with only 20% necessitating cooperation with the customer. This makes us three times faster.

In terms of operating costs, how does running a system in-house compare to the cloud? 

Based on my experience I can say that on-prem and cloud solutions are generally the same or very similar in terms of cost. On-prem solutions often overlook the costs related to in-house staff, operations, hardware upgrades including data centres, and 24/7 system support.

The cloud partially handles all this plus the SaaS system provides added value, allowing the company to concentrate on its core business. That’s where I see its primary advantage.

Share article