10 月 2023 - Version 2

October 2023: What’s New

“What’s New?” is a series of blog posts covering recent changes to Comet in more detail. This article covers the latest changes in Comet Voyager over October 2023.

There were four Comet software releases during October, all in the 23.9.x Voyager release series.

VMware support

Comet 23.9.7 adds support for backing up VMware virtual machines.

This has been a long-standing request on our Feature Voting page. After running a successful beta program over the last few months, we’re very happy to be able to deliver this feature to partners in our Voyager track.

Comet’s new VMware Protected Item type allows you to easily connect to your ESXi or vCenter server. You can pick individual VMs for backup across all datacenters, or choose “All VMs” to ensure all VMs are backed up with targeted exclusions.

The feature supports Changed Block Tracking. After completing an initial backup job, any future backup jobs will coordinate with the VMware host server to identify which ranges of the disk have changed since the previous backup job. These changed ranges from the VMware server are adapted into content-defined boundaries for Comet’s deduplicating chunking engine. This results in an extremely efficient, incremental-forever backup.

As this is a new Protected Item type, it must be configured to run from an installed device that will perform the compression and encryption workload. Installing Comet Backup on a VM within the VMware server itself is recommended for reduced end-to-end latency. In this first released version in Comet 23.9.7, this feature requires the device to be running Windows x86_64.

We are excited to bring this new Protected Item type to our entire Comet Community, so look out for our upcoming quarterly software release at the end of this month. We’d love your feedback and are here to help if you need any assistance getting started, reach out via our support ticket system.

Comet Storage powered by Wasabi

It’s official – Comet Storage is a new cloud storage offering from Comet, in partnership with Wasabi. We offer Wasabi’s same great S3-compatible service, at no additional cost above their public pricing. The feature is fully integrated and managed from within your account.cometbackup.com account, giving you unified billing and reporting across both cloud storage and your backup software licenses.

Comet Backup will continue to support a wide range of cloud storage providers. However, the new all-in-one Comet Storage offering is both highly convenient and excellent value. If you are interested in migrating to Comet Storage from an existing Wasabi account or from another cloud provider, please contact us for migration assistance.

Comet Storage also supports S3 Object Lock, allowing the backed-up data to be marked as immutable. This is a complete defense against ransomware attacking the backup storage location itself, giving you a fixed number of days to identify and mitigate the issue. In the latest version of Comet, we’ve also made Object Lock easier to use for all supported Object Lock-compatible providers, by simplifying the configuration options for both Storage Vaults and Storage Templates.

For more information, please see the documentation, or check out our latest YouTube video:

New account.cometbackup.com user interface design

The next time you log in to the account.cometbackup.com system, you’ll see a brand new user interface.

Every element on the page has been given a fresh coat of paint – from buttons to popups, from paying your bill to raising a support ticket. We’ve also grouped some pages together in a more logical way, so you’ll find it simpler to make your way around the site.

Inspired by the similar change to the Comet Server web interface earlier this year, the new design has moved the main navigation bar from the top to the left-hand side. This change brings our branding more closely in line across these two interfaces. On devices with smaller screens, such as laptops and tablets, you can click the small arrow button to collapse the navigation bar and regain horizontal screen real estate.

Virtual disk restore

Comet supports backing up physical Disk Images, Hyper-V virtual machines, and VMware virtual machines. All of these different Protected Item types result in virtual disk files. Comet supports granular restore for all three types, allowing you to browse through partitions and supported filesystems, to restore individual files from within a full disk backup.

In the latest versions of Comet, we’ve significantly improved the speed of granular restores from Disk Image backups. Some particular use-cases seeing a large improvement are granular restores involving a large number of directories, or a large quantity of small files. We’re committed to continuing to improve Comet’s performance and this work has identified more opportunities for improvement across all three types, so watch this space!

We’ve also added a feature to restore Disk Image backup jobs as VMware vSphere-compatible virtual disks.

Both Disk Image and our new VMware Protected Item type generate virtual *.vmdk files inside Comet’s deduplicated Storage Vault. However, the subformat of the files does differ slightly. Until now, users who are using Comet to perform a physical-to-virtual (P2V) migration from a physical disk to a VMware virtual machine have been required to perform an extra file format conversion after the restore, requiring extra time and temporary disk space. With the new option in Comet to restore the disk in VMware vSphere-compatible file format, the conversion takes place dynamically as part of the restore job, simplifying the process and helping meet your recovery time objective (RTO).

Audit logging

Earlier this year, we added Audit Logging support to the self-hosted Comet Server product, to help our partners meet their compliance obligations. Since then, we’ve expanded the list of audit properties, and added a helpful option to configure this feature directly from the Comet Server web interface from the Settings page on the “License & Access” tab.

The new controls should make it much more accessible to configure Audit Logging support for your Comet Server.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Comet
We are a team of dedicated professionals committed to developing reliable and secure backup solutions for MSP’s, Businesses and IT professionals. With over 10 years of experience in the industry, we understand the importance of having a reliable backup solution in place to protect your valuable data. That’s why we’ve developed a comprehensive suite of backup solutions that are easy to use, scalable and highly secure.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

Comet 2023

How to Secure Your Rocky Linux Server

Securing your Rocky Linux server is of paramount importance in today’s digital landscape, where cyber threats and attacks are becoming increasingly sophisticated.

Whether you are running a blog or hosting critical business applications, ensuring the security of your server is essential to protect sensitive data, maintain privacy, and prevent unauthorized access.

Servers often store valuable information that could be detrimental if compromised, including personal information, financial records, or confidential business data. A security breach can lead to data theft, identity theft, financial losses, and reputational damage for both individuals and organizations.

Securing Rocky Linux is also essential for ensuring the smooth and uninterrupted functioning of critical applications and services. A compromised server may experience downtime, leading to disruptions in services, loss of productivity, and customer dissatisfaction. By implementing robust security measures, server administrators can decrease the risk of downtime and maintain a reliable and secure environment for their users.

Next, a compromised server can be utilized for malicious purposes for further attacks, such as distributed denial-of-service (DDoS) attacks or spreading malware to other connected systems and acting as bot machines centrally managed by bad actors. By securing Rocky Linux, administrators not only protect their own infrastructure but also contribute to overall internet safety by preventing the server from being exploited in cybercriminal activities.

In this tutorial, we will walk you through the best practices and essential security steps to secure your Rocky Linux server.

We must note that the steps covered here are not exhaustive, and you should always stay updated with the latest security recommendations and patches to maintain a robust security posture.

Step 1: Log in to your Rocky Linux server via SSH

For this step, you need to make sure that you have a terminal or SSH (Secure Shell) client installed on your local machine. If you’re using Linux or macOS, you can use the built-in terminal application. For Windows users, you will most likely use the PuTTY SSH client.

Open the terminal and type the following command replacing username and server_ip_address with your own.

ssh username@server_ip_address

After you enter your password you will be logged into to your server.

Step 2: Update the server packages and set automatic security updates

It is very important to keep your server up to date, especially since there are often security updates that minimize the risk of breach or potential system crash.

We have the option to manually update packages in Rocky Linux and that allows you to carefully review and test updates before applying them to your system, ensuring compatibility and stability. Also, it is always a good idea to update your system manually when you boot a new server that you will use.

In order to check available updates on your system, you can run the following command:

sudo dnf check-update

You will get a similar output:

If you are on a new system, you can proceed with updating all listed packages by running the following command:

sudo dnf update

Press y and hit Enter to continue.

This process will download all the necessary packages from the designated repositories, upgrade to new versions, remove old packages, and perform cleanup for the package cache.

If you have a system where you already have various packages installed, specific versions that could potentially have issues if upgraded to the latest version, or that may conflict with your other packages, the better solution is to perform the minimal upgrade by running the following command:

sudo dnf upgrade-minimal

You can use this command only if you want to perform updates for packages that have essential bug fixes and various security patches, without the risk of breaking changes.

Next, we can enable automatic updates and use the special package designed to automate the installation of security patches and other crucial upgrades for your Rocky Linux server.

To set up the automatic update process, we need to install the dnf-automatic package which is not available by default on your Rocky Linux server.

This command requires higher permissions so make sure you execute it with your sudo or root user:

sudo dnf install dnf-automatic

Once the installation is complete, we need to edit the config file related to it:

sudo vi /etc/dnf/automatic.conf

In your configuration file under /etc/dnf/automatic.conf, find the line that starts with upgrade_type, and press the i key in order to enter the edit mode in your Vi editor and replace the value from default to security.

Since it is recommended to modify the default behavior to only include security upgrades, this will ensure automatic updates will not introduce breaking changes for your packages.

In order to write the changes and exit the file using Vi, press Shift and : then type wq and press Enter.

Finally, we need to make sure that dnf-automatic service is enabled by default the next time we start or reboot our system.

We can do that by running the following command:

sudo systemctl enable dnf-automatic-install.timer

The dnf-automatic-install.timer is a systemd timer unit that runs our dnf-automatic-install service. By default, it is scheduled to activate every day at 6 a.m., with a randomized delay of up to one hour.

Step 3: Add sudo users

When you boot the system for the first time, by default the root user has full control and unrestricted access to all system resources. Running daily tasks with the root user is not ideal as there is a high probability that any mistake or malicious command executed by the root user can have drastic consequences for your system. In order to minimize these risks, the concept of sudo users was introduced which gives more granular control over access potential actions that a user can run on Linux servers.

You can start by adding a new user to your Rocky Linux server:

adduser jumpcloud

Next, we will run the command so we can create a strong password for our newly created user:

passwd jumpcloud

After that, you can make sure that your user exists and has its own group if you run the id command:

id jumpcloud

You can see a similar output:

The next step consists of elevating the permissions of our jumpcloud user so it can execute sudo commands.

sudo usermod -aG wheel jumpcloud

In this case, the user “jumpcloud” will be added to the “wheel” group, providing it administrative privileges on the system.

If you’d like more details on creating sudo users and managing sudo access on Rocky Linux, check out the following tutorial: How to Create Sudo Users for Rocky Linux.

Step 4: Secure SSH

SSH (Secure Shell) provides remote access to your server and is often targeted by attackers. To enhance SSH security we can implement certain security measures.

First, we can change the default port for our SSH server by changing the config file related to it.

We advise you to create a backup of your configuration file if it gets corrupted, so you can run the following command:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Next, we will edit the configuration file.

sudo vi /etc/ssh/sshd_config

SSH typically operates on the well-known port 22, making it a prime target for attackers, mainly due to the rise of highly automated attacks in recent times. To enhance security, consider changing the default SSH port. This simple step adds an extra layer of obscurity, making it harder for attackers to find and target your SSH service. By choosing an unused port between 1024 and 65535, you can significantly reduce the number of automated attacks directed at your server.

Alternatively, you could opt to set up a hardened jump box, also known as a jump host. Additional hardening and security can be layered onto the jump box instead of directly opening up ports on your server to the web.

In our case we will use port 2222, so you can scroll down and find Port 22 line:

Press i for edit, uncomment that line, and instead of 22, replace with 2222.

Press Escape and type :wq to write the changes and exit the file.

Just above the port number configuration, note that changing the SSH port requires updating the SELinux configuration. SELinux, which originates from Red Hat, is enabled by default on Rocky Linux. Its main purpose is to restrict actions that Linux processes and users can perform on the system, as that will minimize the impact of security breaches or unauthorized access. SELinux follows the principle of least privilege, granting processes and users only the essential permissions required for their intended tasks.

However, it is worth noting that the semanage command might not be readily available on Rocky Linux. To verify the necessary dependencies, we can run a check:

yum provides /usr/sbin/semanage

From here we can see that we need to install additional Python libraries, and we can do so by running the following command:

sudo yum install policycoreutils-python-utils

Type y, and hit Enter which will install the package.

Next, you can use this command which tells SELinux that the SSH service is now running on the new port 2222.

sudo semanage port -a -t ssh_port_t -p tcp 2222

Now, we need to add an exception to our firewall so we don’t get a connection refused error.

Rocky Linux uses firewalld, so we can add the rule:

sudo firewall-cmd –zone=public –add-port=2222/tcp –permanent

Next, we should reload the firewall so it starts using the new rule we added:

firewall-cmd –reload

Now, let’s give our SSH server a restart to implement the updated configuration and initiate SSH logging via port 2222. It’s time to apply the changes and get started with enhanced security.

sudo systemctl restart sshd

Now you can try and log in to your Rocky Linux server by adding the -p option and adding our new port number.

ssh -p 2222 username@server_ip_address

We can use SSH key authorization in order to secure our server further. We will also disable logging with the password in our SSH configuration.

By following this method, the possibility of brute force attacks on passwords is completely eradicated, guaranteeing that only users that possess the matching private keys gain access to the system.

In case you don’t already have an SSH key pair on your local machine, you can create one.

To start, open a terminal on your local machine and enter the following command:

ssh-keygen -t rsa

This command will ask you to select a location to save the keys and set an optional passphrase for added security. The passphrase is also recommended.

Once you have generated your SSH key pair, you need to copy the public key to your Rocky Linux server. You can use the ssh-copy-id command to do this.

In our case we will run the following command:

ssh-copy-id -p 2222 -i ~/.ssh/jumpcloud_rockylinux.pub jumpcloud@194.195.240.58

You will get a similar output:

Next, this command will prompt you to enter your user password on the remote server. Once you provide the password, the public key will be copied to the ~/.ssh/authorized_keys file on the server.

Before we can log into the server, we need to change the permissions to our key file and assign them permissions with the value 400.

We can do so by running the following command in our local terminal:

chmod 400 ~/.ssh/jumpcloud_rockylinux

Next, we will connect with our server:

ssh -i ~/.ssh/jumpcloud_rockylinux -p 2222 jumpcloud@194.195.240.58

This command will load the private key through the specified path on the local machine and also use the custom port that we set.

You should be able to log in without entering a password because the server is now configured to use SSH keys for authentication.

We can disable password logging and use only SSH keys by editing the configuration file again:

sudo vi /etc/ssh/sshd_config

We need to uncomment the part related to the PubkeyAuthentication and set it to yes:

Next, we need to change the PasswordAuthentication to no:

We can also disable SSH logging with the root username:

This will also enhance the security of your SSH, but keep in mind that you need to have at least one sudo user already so you don’t get locked out or become unable to perform higher privilege tasks.

Save the file, and then restart the SSH service so it loads the new configuration.

sudo systemctl restart sshd

With key-based authentication now enforced, the need to enter a password during login should be eliminated. This security enhancement ensures that only users with the appropriate SSH keys can access the server.

Step 5: Install and configure Fail2Ban

Fail2Ban is a very useful tool for protecting your Rocky Linux server from brute force attacks and unauthorized access attempts. By monitoring log files and automatically banning suspicious IP addresses, Fail2Ban adds an extra layer of security to your system.

Fail2Ban is not included in the default software repositories of Rocky Linux. Nevertheless, you can easily access it through the Enhanced Packages for Enterprise Linux (EPEL) repository, a source for third-party packages on Red Hat and Rocky Linux. If you haven’t yet added the EPEL repository to your system’s package sources, you can easily incorporate the repository using dnf, similar to installing any other package.

sudo dnf install epel-release -y

After this step, we need to install the Fail2Ban service. We can do so by running the following command:

sudo dnf install fail2ban

This will install various dependencies also related to modules that work together with SELinux, Sendmail, or the firewalld service.

Next, we can create a new file called “jail.local” where we will store our custom configuration:

sudo vi /etc/fail2ban/jail.local

Here we can build our custom config where we will override default values:

[DEFAULT]
# here you can overwrite some defaults:
[sshd]
enabled = true
port = ssh,2222
filter = sshd
bantime = 30m
findtime = 5m
maxretry = 3

We will change the default values from the original jail.conf file.

The bantime parameter defines the duration that an IP address will be banned after multiple failed login attempts. By default, it is set to 10 minutes. We can adjust this value to 30 minutes.

bantime = 30m

The findtime parameter specifies the time window during which repeated failed login attempts will be counted. The default value is 10 minutes. Setting findtime to more than 10 minutes (600 seconds) can be beneficial in scenarios where you want to be less sensitive to temporary spikes in failed login attempts. For instance, if you have legitimate users who sometimes mistype their passwords, a longer findtime allows them more time to reattempt without getting banned.

On the other hand, setting findtime to less than 10 minutes can make Fail2Ban more responsive to potential attacks. If there’s a rapid and sustained increase in failed login attempts within a short time, a shorter findtime can trigger the ban sooner, reducing the attack surface and blocking the malicious attempts more promptly.

In our case, we will reduce the time to five minutes.

findtime = 5m

The maxretry parameter defines the number of consecutive failed login attempts allowed before banning an IP address. By default, it is set to 5. We can adjust it so that it is limited to three attempts.

maxretry = 3

After editing and saving the configuration file, we can enable the service so that it starts every time we boot the system:

sudo systemctl enable fail2ban

We can start the service by running the following command:

sudo systemctl start fail2ban

While we are logged in to our SSH session, we can use another terminal and try to log in with some non-existent username and without an SSH key:

ssh -p 2222 jumpcloud3@194.195.240.58

After three bad attempts, our IP address will be banned temporarily for further login attempts:

For the last attempt, we get the “Connection refused” error, which is clearly the ban action of our service that honors our configuration parameters.

By default, the log file related to the Fail2Ban service is stored in /var/log/fail2ban.log and we can check the latest Fail2Ban events:

sudo tail /var/log/fail2ban.log

We can see logged events about our IP address and the exact timestamp when the Fail2Ban service banned our IP address from further attempts.

The ban applies to subsequent connection attempts from that IP address. For test purposes, if you are still logged into the server from your initial SSH session, it will not be affected by the ban. However, if you log out and try to establish a new SSH connection, the new connection attempt might be blocked by the ban.

Conclusion

In this tutorial we covered multiple ways to enhance the security of your Rocky Linux server, from patch management to user privilege and access management, to securing SSH and event logging. You should also learn how to enable full-disk encryption as well.

If you’re an IT admin or MSP provider managing multiple Linux instances, putting these best practices into place can quickly become an overly time-consuming, manual process. That’s where a truly unified endpoint management solution like JumpCloud can help.

With JumpCloud’s open directory platform in place, you can apply key security configurations and policies to various groups of users and devices all at once, regardless of whether your fleet consists of Linux, macOS, Windows, iOS, or Android systems.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About JumpCloud
At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.

2023 JumpCloud

Top 10 remote work destinations 2023: Global Remote Work Index insights unveiled

As the digital revolution continues to reshape the professional landscape, remote work has become more than just a trend—it’s a new reality.

With the boundaries of the traditional office blurring, the world has truly become a playground for the modern nomad. In 2023, new havens for remote workers are coming into the spotlight, offering a blend of connectivity, comfort, and cultural richness.

Explore this year’s Top 10 remote work destinations, places where productivity meets adventure. Whether you’re a seasoned remote veteran or just starting your digital journey, these destinations promise to inspire and amaze you.

Key takeaways about GRWI

The Global Remote Work Index (GRWI) is a comprehensive ranking system that evaluates countries’ suitability and attractiveness for remote work. First, it was launched in 2022 by NordLayer, a secure remote network access solution provider.

This evaluation takes into account various factors across multiple dimensions. The index serves as a tool for remote workers, businesses, and policymakers seeking to understand the best global environments for remote work.

In 2023, NordLayer assessed 108 countries, up from 66 the previous year.
GRWI evaluates countries on four core dimensions: cyber safety, economic conditions, digital and physical infrastructure, and social safety.
The ranking was derived by examining countries through these four main dimensions. Each of them encompasses specific attributes (or sub-dimensions) that collectively measure the appeal of remote work:
- Cyber safety: includes infrastructure, response ability, and legal provisions
- Economic safety: factors in tourism appeal, English fluency, living costs, and healthcare quality
- Digital and physical infrastructure: assess internet quality, cost, e-infrastructure, e-governance, and tangible infrastructure
- Social safety: evaluates personal rights, inclusivity, and general safety

No. 10: Slovakia

A cyber safe haven in the remote work landscape

Slovakia shines brightly in the Global Remote Work Index, securing the 10th spot, making it a top choice for digital nomads and remote work enthusiasts.

Slovakia’s unparalleled performance in cyber safety, where it proudly claims the global lead. Slovakia isn’t just about virtual security, though. Its tourism appeal, sitting at a respectable 13th position, combined with a decent English proficiency ranking, makes it an enticing blend of work and leisure for global professionals.

However, every silver lining has a cloud, and Slovakia is no exception. While it excels in cyber achievements, the country’s digital and physical infrastructure needs attention, with rankings not reaching the Top 40.

Economically, the higher cost of living, ranking 54th, could make some remote workers think twice. Additionally, its healthcare system, positioned at 41st, leaves room for improvement. Internet quality and the e-government framework also trail behind, ranking 43rd and 58th, respectively, pointing towards the need for growth.

In summary, Slovakia’s remote work landscape is a blend of exceptional cyber fortitude and irresistible tourism allure, counterbalanced for improvement in digital infrastructure and living costs. While the country already offers a compelling proposition for remote work, it stands on the brink of realizing an even greater potential with focused enhancements. For remote work enthusiasts, Slovakia delivers both charm and a cyber-safe travel destination.

No. 9: Ireland

A mosaic of tradition, tech, and talent

Securing the 9th spot on the GRWI, Ireland offers a unique blend of historical depth and digital expertise, presenting remote workers with a vibrant experience.

Ireland’s exceptional English proficiency stands out, providing seamless communication for global remote workers. Coupled with its 8th rank in tourism attractiveness, the Emerald Isle is both a workspace and a cultural delight.

Economically, while the charm of its culture and language is clear, the high cost of living (88th) might give some pause. The healthcare system at 40th could benefit from enhancements.

Digitally, Ireland showcases considerable strength, particularly in legal measures for cyber safety, ranked 2nd. Its quick response capacity (8th) underscores this commitment. However, a 32nd rank in digital infrastructure points to areas of growth. The broader digital and infrastructure landscape has its highs, like physical infrastructure (14th), and areas needing attention, such as internet quality (39th).

Socially, Ireland’s 2nd rank in inclusiveness highlights its progressive stance, but areas like general safety (53rd) and personal rights (23rd) indicate room for improvement.

Overall, Ireland’s scenic beauty and tech orientation make it a promising hub for remote workers. Despite certain challenges, its potential and allure for the remote workforce remain strong.

No. 8: Lithuania

A cyber sanctuary in the heart of Europe

Lithuania, ranking 8th on the GRWI, seamlessly blends its history with digital proficiency. Its most notable accomplishment is in cyber safety, ranking 3rd globally, anchored by an exceptional cyber safety infrastructure (4th), quick response capacity (2nd), and unmatched legal measures (1st). This makes Lithuania a cyber-secure haven for remote workers.

On the economic safety front, its strong tourism appeal (10th) contrasts with challenges like the cost of living (62nd) and healthcare (58th). Yet, better than average English proficiency (21st) promises ease of communication for global professionals.

In digital and physical infrastructure (28th), Lithuania shows promise, particularly in internet affordability (20th) and e-infrastructure (24th), though areas like internet quality (32nd) need attention.

Socially, Lithuania ranks 23rd, emphasizing inclusiveness (22nd) but suggesting growth in personal rights (35th) and safety (28th).

Lithuania shines as a cyber sanctuary, merging tradition with innovation. Its GRWI rank indicates that it invites remote workers to join its forward-thinking journey.

No. 7: Estonia

Pioneering digital excellence in the remote work domain

Often praised for its digital advancements, Estonia appears high on the Global Remote Work Index.

Estonia cements its status as a sought-after remote work hub by making waves in the global context, ranking relatively high for its digital and physical infrastructure (26th) and holding 19th position in social safety. The country’s formidable strengths lie in its top-tier infrastructure (3rd), response capacity (1st), exceptional e-government systems (6th), and robust e-infrastructure (16th). Also, its impressive safety rank (13th) provides peace of mind for remote workers seeking a secure working environment.

However, no country is without its set of challenges. Estonia’s Achilles’ heel is its economic safety, lagging at the 40th spot. The country’s internet quality, ranked 45th, and a relatively high cost of living (71st) coupled with pricier internet services (32nd) might come as significant concerns.

Yet, Estonia’s commendable healthcare system, ranking 30th, and outstanding scores in personal rights, inclusiveness, English proficiency, and physical infrastructure provide enough allure to overshadow its weak points.

Estonia’s deep dive into digital transformation is evident through its e-Estonia Programme, a blueprint for evolving digital services and strengthening cyber resilience.

The country’s commitment to cyber preparedness, demonstrated by the 2018-2022 e-Estonia Cyber Security Programme, showcases its foresight and diligence. For remote work enthusiasts seeking a blend of digital innovation and societal harmony, Estonia is an intriguing prospect with a promise of continuous growth.

No. 6: Portugal

A rising star in the remote work universe

Portugal’s beautiful scenery and rich history are not its only attractions anymore, as it proudly secures the 6th spot on the GRWI.

Known for its pleasant weather and vibrant culture, Portugal now boasts an impressive cyber safety ranking at 18th. This achievement is largely due to its respectable response capacity, which stands out in the 4th position. Moreover, its cybersecurity legislation, ranked 8th, emphasizes the nation’s commitment to creating a safe digital workspace, although some areas still need enhancement.

When it comes to economic safety, Portugal ranks 8th, although prospective remote workers might need to budget wisely because of its somewhat elevated cost of living, sitting at 56th.

The tapestry of digital and physical infrastructure tells a mixed story; a respectable overall rank of 23rd is somewhat tainted by a lackluster e-infrastructure position (43rd). Yet, Portugal compensates with an impressive social safety rank, marking its place in the 7th position.

Portugal’s remote work landscape is a blend of sterling strengths and opportunities for growth. Its comprehensive legal framework addressing various cybersecurity aspects is noteworthy.

As Portugal continues to enhance its remote work ecosystem, it beckons digital nomads and professionals to experience a blend of traditional charm and modern connectivity.

No. 5: Sweden

A Nordic beacon for remote workers

Positioned comfortably at 5th on the GRWI, Sweden seeps a progressive charm, especially for remote workers.

Cyber safety in Sweden is notably robust (21st), and the country’s 4th place in response capacity shows a commitment to keeping digital workspaces secure. A closer gaze at the ranking reveals improvements in cybersecurity infrastructure (19th), an area Sweden has already begun to address with the inauguration of the National Cyber Security Center in 2021.

In terms of economic safety, Sweden boasts an impressive 7th rank. Yet, the cost of living stands as a hurdle at 79th, reminding remote workers of the premium associated with the Swedish lifestyle.

The narrative is brighter in digital and physical infrastructure, with Sweden securing its 9th-place. Yet, recent public events cast a shadow on the country’s otherwise luminous social safety score of 15th, plummeting the overall safety metric to 64th.

Sweden’s remote work landscape offers commendable strengths threaded with areas yearning for refinement. The country’s intricate cybersecurity laws, standing tall at 9th, manifest its holistic approach to safeguarding digital realms.

As Sweden keeps adapting and refining its strategies, it paints a compelling picture of a nation ready for a brighter remote work future, where tradition and innovation coexist.

No. 4: Spain

A sun-kissed jewel in the remote work crown

Nestled comfortably at the fourth position in the GRWI, Spain elegantly waltzes into the limelight this year. It’s not just for its enviable “warm and sunny” nature but for many other reasons that make it a remote work haven.

As the lone Southern European gem in the Top 5, Spain doesn’t merely rest on the laurels of its Mediterranean charm. Instead, its impressive rankings across key GRWI categories — be it cyber safety (11th), economic safety (9th), digital and physical infrastructure (13th), or social safety (16th) — show that it’s a harmonious blend of work and leisure.

Spain’s prowess in cybersecurity shines notably, with its laws coming in an impressive second spot, just behind Germany. Also, the country’s well-entrenched cybersecurity infrastructure (4th) is a testament to its digital fortitude. However, a nuanced look reveals a slight chink in the armor: while Spain’s cybersecurity infrastructure thrives, its response capacity at 11th suggests the private digital sector’s appeal might be stretching the public sector’s cybersecurity manpower thin.

Yet, while Spain has many advantages for prospective remote workers, those with a strong preference for English might find Spain’s proficiency in the language somewhat lacking. For those keen on honing their English skills without compromising on the remote work experience (or burning a hole in their pockets), destinations like Poland and Croatia might be good options.

Still, Spain’s magnetic mix of culture, cybersecurity, and beautiful coasts remains irresistible for many.

No. 3: Germany

The stalwart of Europe’s remote work landscape

Germany, synonymous with economic vigor and technological knowledge, proudly holds the third spot in the GRWI.

While it may have surrendered last year’s crown, its robust performance across various GRWI categories is undeniable. Excelling in cyber safety (4th)—with its legislation leading globally—and economic safety (6th), especially in healthcare (7th), Germany remains a beacon for remote professionals worldwide.

Its credentials don’t end there: a promising 13th rank in social safety and an impressive digital and physical infrastructure ranking, sweetened by the cherry on top—Germany’s unrivaled internet affordability (1st).

Diving deeper into the cybersecurity field, Germany shines particularly bright. Driven by its ground-breaking legislation, the German IT Security Act 2.0 of 2021, the country has fortified its digital borders like no other. This legislation, empowering the Federal Office of Information Security with enhanced capacities, touches on key aspects of cybersecurity—from Detection and Defense to Business Security and mobile network safeguards. Consequently, the nation’s cyberspace emerges as one of the safest and most vigilantly monitored.

However, staying in Germany might present a linguistic curveball for the newcomers. While Germans demonstrate decent fluency in English (11th), navigating the intricacies of legal and employment terrains might require a grasp of the German language.

The Netherlands and Ireland present enticing alternatives for those prioritizing English proficiency without compromising the GRWI standing. Conveniently accessible from Germany, these countries blend excellent English fluency with a high GRWI rank, making them excellent considerations for remote work fans.

No. 2: the Netherlands

A sterling blend of culture and connectivity

Glistening in the silver spot of the GRWI, the Netherlands is a harmonious blend of socio-cultural richness and top-notch infrastructure.

As the second-ranked country in the GRWI, the country basks in outstanding rankings, especially on the social safety front (2nd). This reflects the deep-rooted values of personal rights (3rd) and the inclusive ethos of the Dutch culture (6th). Pair this with its strong digital and physical infrastructure (8th), and you have a country that seamlessly weaves tradition with technology.

However, even as economic safety (11th) and cyber safety (17th) maintain a relatively decent standing, there’s a spot where the Netherlands seems to trip a bit: healthcare.

The Dutch healthcare system, ranked 16th, isn’t at the very top. For those looking for top-notch healthcare in their remote work destinations, choose Scandinavian countries like Sweden, Norway, and Denmark, which lead the way globally.

When it comes to the nuances of cyber safety, it’s crucial to put the Netherlands’ 17th rank in perspective. The Dutch National Cyber Security Centre (NCSC) is a tough fortification. Notably, it has earned a 3rd rank in cybercrime response capacity.

As a powerhouse of economic and digital life, the country faces quite a few cyber challenges. The cybersecurity infrastructure (11th) and legislation (9th) might have little catching up to do, but one cannot overlook the expansive challenges the country navigates as a digital frontrunner.

No. 1: Denmark

A balance of modernity and social cohesion

Glistening at the pinnacle of the GRWI, Denmark showcases progress and people-focused values.

Denmark is a top pick for remote work due to its strong digital and physical infrastructure (ranked 4th) and good social safety (ranked 6th). But as you wander the Danish streets or browse through their super-efficient e-governance portals, it’s not just the beautiful surroundings or the streamlined digital processes that captivate; it’s the ethos of social inclusiveness (6th) that sets the tone.

Yet, downfalls for remote workers in Denmark manifest as the high cost of living (94th) and the slightly pricier internet service (42nd). But the balance seems to tip in Denmark’s favor, thanks to its exceptional performance in internet quality (7th), e-infrastructure (7th), e-government (5th), and the crowning jewel—its healthcare system (3rd).

Going deeper into cyber safety, Denmark’s 13th position suggests there’s still room for growth to reach the top. While the absence of a singular, consolidated cybersecurity law might raise questions, Denmark compensates by weaving cybersecurity into many other legislations, creating a robust, though somewhat dispersed, framework. Despite these legal efforts, enhancing cybersecurity infrastructure and ramping up response capacity is still challenging.

The launch of the 2022 National Cyber and Information Security Strategy marks a new dawn. Designed to bolster cyber resilience, streamline management, foster public-private collaborations, and increase Denmark’s participation in the global cybersecurity dialogue, this strategy promises to pave the way for an even brighter, more secure digital future for the country.

Never stop exploring

The landscape of remote work continues to shift, and 2023’s top destinations highlighted by GRWI offer a fascinating blend of tradition, innovation, and unique opportunities for remote workers worldwide.

Each country in the list has its distinct advantages and areas for improvement, giving you diverse choices for digital nomads and remote professionals. As you chart your future work destinations, the GRWI is an invaluable guide, offering detailed insights and data-driven rankings. Interested in a deeper dive? Explore the Global Remote Work Index tool, where you can compare different countries and find the one suitable for your next remote work destination.

Here’s to new adventures and successful remote work experiences.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security 2023 NordLayer

Minimize the Cost and Downtime of Disaster With Scale Computing’s Business Continuity/Disaster Recovery Planning Service

INDIANAPOLIS – October 24, 2023 – Scale Computing, a market leader in edge computing, virtualization, and hyperconverged solutions, today announced its Business Continuity/Disaster Recovery (BCDR) Planning Service, designed to help organizations establish a comprehensive, regulated plan for responding to unforeseen downtime. The service provides Scale Computing customers and partners with the tools, guidance, and resources to create a playbook for data backup and recovery, enabling businesses to endure a disaster scenario with minimal loss.

Scale Computing also recently announced that it is a finalist for the Business Continuity/Disaster Recovery Project of the Year in the 2023 SDC Awards for its work with Austrian managed service provider GiGaNet and its long-time partner the Zillertaler Gletscherbahn group. Voting for the SDC Awards is open at sdcawards.com/vote until November 10th, 2023.

Data breaches are one of the biggest and most costly contributors to downtime for businesses. In 2023, the average cost of a data breach globally reached an all-time high of $4.45 million, a 15.3% increase from 2020. Simultaneously, the average length of business disruption following a ransomware attack in the United States reached 24 days last year, up 60% from just two years prior — a significant increase when downtime costs exceed $300,000 per hour for over 90% of mid-sized and large enterprises. For more than half of those businesses, the hourly outage costs range from $1 million to over $5 million. Recovery from an outage adds additional expense from which many enterprises are unable to bounce back.

“Disaster can strike at any time, and every organization needs a consistently regulated playbook for how the business will respond — from action plans to recovery plans for bringing online the mission-critical servers businesses depend on,” said Jeff Ready, CEO and co-founder, Scale Computing. “Knowing what systems need to be protected, planning for the ability to recover them, and having a full action plan for recovery should be at the forefront of every IT department’s agenda, at the beginning of any infrastructure addition. With Scale Computing Platform, the plan for disaster recovery starts before equipment is even put into production, so IT leaders have a plan in place from day one that they can enact to ensure their business stays up and running, with minimal loss, should disaster strike. Our Business Continuity/Disaster Recovery Planning Service enables businesses to proactively classify systems based on their importance and implement a robust action plan, ensuring that our customers’ and partners’ critical systems are protected, validated, tested, and ready for recovery at any time.”

Whether a minor data loss or a business-wide shutdown, having a well-defined business continuity strategy is crucial to minimize financial impact, ensure continuous employee productivity, meet compliance and regulatory requirements, decrease liability obligations, reduce downtime, and minimize the risk of negative exposure. Scale Computing’s BCDR Planning Service includes planning, deployment, documentation creation, and disaster recovery testing, covering every aspect to keep businesses prepared and resilient. The service is offered to Scale Computing Platform customers, which brings simplicity, high availability, and scalability together to replace existing infrastructure for running virtual machines with an easy-to-manage, fully integrated platform that allows organizations to run applications regardless of hardware requirements.

For more information on how Scale Computing can help with your business continuity and disaster recovery planning, please visit https://www.scalecomputing.com….

About Scale Computing
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Using patented HyperCore™ technology, Scale Computing Platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime, even when local IT resources and staff are scarce. Edge Computing is the fastest-growing area of IT infrastructure, and industry analysts have named Scale Computing an outperformer and leader in the space, including being named the #1 edge computing vendor by CRN. Scale Computing’s products are sold by thousands of value-added resellers, integrators, and service providers worldwide. When ease-of-use, high availability, and TCO matter, Scale Computing Platform is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate, G2, and TrustRadius.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

Scale Computing Scale Computing News 2023

On the new era of work: a talk with Julia Hobsbawm, the author of ‘The Nowhere Office’

Step into a world where the traditional office is a relic of the past, and remote work has become the norm. The symphony of clinking coffee mugs and buzzing photocopiers has given way to the quiet hum of Zoom calls and the occasional barking dog in the background. It’s a world where the boundaries between work and life blur, and the office, once a physical space, now has transformed into a digital nowhere.

In this brave new world of work, Julia Hobsbawm stands out as a sage of the modern workplace. Her book, ‘The Nowhere Office,’ offers valuable insights on navigating this new way of working for leaders and employees.

‘The Nowhere Office’, a term coined by Julia Hobsbawm, reflects a shift in the modern workplace. It shows that today’s workforce can adapt and be productive without traditional office constraints. It promotes flexibility and efficiency while still valuing physical spaces for collaboration and growth.

Julia Hobsbawm is a British award-winning writer, speaker, consultant, Bloomberg commentator, and columnist about the future of work. The author of the acclaimed book ‘The Nowhere Office,’ she was also the founder of the US-led Workforce Institute and now co-hosts the popular podcast ‘The Nowhere Office.’

To mark the launch of NordLayer’s Global Remote Work Index 2023 tool for exploring the best countries for remote work, join us in a conversation with Julia Hobsbawm as we explore the heart of ‘The Nowhere Office.’ Here, the future of work unfolds, and the old rules don’t apply anymore.

At a glance: insights from this interview

Remote work & productivity: remote work balances between isolation and collaboration. For some, it’s a choice for creativity; for others, it’s essential due to necessities like child care.
Evolving workplace dynamics & trends: daily office routines feel outdated. The rise of ‘The Nowhere Office’ and hybrid models highlight changing dynamics.
Technology & future of work: technology’s efficiency and scale are unparalleled. However, issues like privacy breaches and trust erosion can surface without ethical checks.
Leadership in a changing landscape: modern leaders should prioritize active listening. Decisions based only on shareholder demands or peer practices can become misaligned with ground realities.

Work engagement & well-being

NordLayer: How does remote work contribute to enhancing productivity and well-being? Can you also address the misconceptions surrounding well-being in the workplace?

Julia Hobsbawm: The topic of remote work is multifaceted, especially when discussing its impact on social connections and well-being. Critics of ‘the Nowhere Office‘ concept often highlight social isolation and loneliness, arguing for the advantages of full-time in-office engagement.

Remote work isn’t merely a case of isolation versus collaboration. Some individuals seek quiet, creative spaces away from office disturbances. Others have obligations like child care, which make remote work not just preferable but essential. Flexibility, or what I prefer to term as ‘movement flexibility,’ is more apt than ‘hybrid’ in describing this paradigm.

Well-being at work goes beyond the simplistic binaries. It encompasses what I label ‘social health’: how we connect with colleagues, build communities, and foster supportive systems. Physical and mental health rooted in nutrition, sleep, and other factors also play vital roles.

A pressing issue, often sidelined in discussions on workplace well-being, is the toxicity of certain environments. A toxic workplace is characterized by poor leadership, office politics, unmanageable deadlines, and inefficient systems.

Addressing these issues is vital instead of merely branding well-being initiatives as solutions without understanding their depth. In my view, the pandemic has highlighted people’s profound commitment to their work.

Around the globe, pride in one’s job isn’t restricted to specific roles or hierarchies. From Japan’s broad societal work ethic to individual aspirations, there’s a universal yearning to perform excellently. ‘The Nowhere Office’ is a call for change, seeking to cultivate environments that nurture pride, passion, and exceptional performance.

Evolving workplace dynamics & trends

NordLayer: In your Bloomberg column, trends like “quiet quitting,” “great resignation,” and “career cushioning” emerge. Could you provide more insight into these concepts in the context of evolving workplace dynamics?

Julia Hobsbawm: Historically, and research backs this, companies founded before the year 2000 often have leadership resistant to new workplace methodologies. There’s a discernible pattern where such organizations, predominantly led by men from a certain age bracket, resist adapting to these shifts.

Tools like Zoom showcased during the pandemic that profound connections can be made remotely. It’s a testament to human adaptability that we can feel connected, even intimately, through digital mediums. Even professionals in psychotherapy have found virtual communication to be surprisingly effective.

The key lies in discerning when physical presence enhances productivity and when it doesn’t. Take multinational companies, for instance. Their diverse geographical operations don’t necessarily dilute company culture. There’s a need to dispense with traditional benchmarks when determining the necessity of physical presence in offices.

However, it’s essential to remember the power of in-person interactions. Just as diplomats highlight the importance of “smelling the room,” and gatherings ranging from global conferences to cultural festivities emphasize the value of personal interaction, businesses should recognize the essence of shared experiences.

The rigid expectation of daily office presence for the sake of visibility, water cooler conversations, or prolonged meetings seems outdated. The increasing acceptance ‘The Nowhere Office’ concept, with a trend toward hybrid models, underscores the shifting dynamics.

The widespread adoption of schedules where employees come in three days a week suggests that these ideas are gaining traction. I’m hopeful about this progressive change and the direction in which we’re headed.

Technology & future of work

NordLayer: In a nutshell, how do you see technology shaping the future of work in terms of opportunities and challenges?

Julia Hobsbawm: I think we’re moving generally into a hyper-surveillance culture. From the automation introduced by Henry Ford’s assembly line to today’s AI-driven applications, technological innovation is part and parcel of our evolution. However, the conundrum arises not from the technology itself but from its human applications and interpretations.

We’re at a pivotal point in history where technology offers unprecedented efficiency, convenience, and scale opportunities. Yet, without ethical guidelines, it can be misused, leading to issues such as breaches of privacy and the degradation of trust in professional relationships.

The challenge is striking a balance between embracing these advancements and respecting the human elements of work – autonomy, trust, and dignity.

We must recognize that while technology can provide tools to enhance our capabilities, the bonus lies in employing these tools ethically and humanely. It’s not about resisting technological change but channeling it in a manner that respects and uplifts human dignity and well-being. Our choices, priorities, and values in this tech-driven era are the true challenge.

Leadership in a changing landscape

NordLayer: Finally, what qualities must leaders develop in the changing work landscape, and how should leadership evolve in remote and hybrid environments?

Julia Hobsbawm: At the heart of the evolving work landscape, leaders need to embrace the role of an active listener. Making decisions based purely on shareholders’ demands, the practices of other companies, or unrealistic timelines can lead to strategies that are detached from the realities on the ground.

A discerning leader listens, synthesizes the information, and communicates horizontally and vertically within the organization. For instance, if feedback suggests a strategy will take longer due to post-pandemic employee lifestyle shifts, a leader acknowledges this and adjusts accordingly.

We are navigating a transitional period. While the past may have seemed more structured – everyone commuting and adhering to routine schedules – the current landscape is fluid. This transition has amplified our emotional intelligence as workers.

For leaders, it’s about fostering an environment of mutual learning and understanding among these varying generational viewpoints. While it’s undeniable that we’re in challenging and complex times, I remain cautiously optimistic. The path might be bumpy, but with adaptive leadership, better days lie ahead.

Thank you.

From zero to hero

If you have an office-based, hybrid, or even a 100% remote team – any way of working – have you considered making it more secure and fully enabled to achieve its real potential? Reach out to the NordLayer team and discover an easy and effective secure network access solution for your company.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.