) 
Mobile Device Security
I recently wrote an article for the WSCPA (Washington Society of of CPA’s) about Mobile Device Security. The article was not focused on the newest device flaw, or any particular fan-boy approach to the best or the worst device, but included a general approach to treating mobile devices with the same care you give towards managing laptop users.
Perhaps in the future I will re-post the entire article, but for now, here are the key points to developing a policy for mobile devices:
- Require that passwords be used. Password protection is a standard feature of mobile devices, yet few users utilize it as they find it inconvenient. This simple step is the most effective way to ensure the data on a device stays secure until it can be remote wiped.
- Turn on encryption! All the common devices have the ability to transmit data in an encrypted fashion, so make sure this is turned on with any device being used for email!
- Enable remote wipe! Ensure that your IT department gives itself access to every device so that they can remote wipe any lost or stolen device.
- Be clear on intellectual property policies! Business email and data transmitted to mobile devices is indeed intellectual property, and mobile device users must have clear policies outlining this fact, so that they understand the rights of the company to secure that data.
- Turn Bluetooth to hidden mode. Limit exposure to hackers who may discover your device if it is in default always on and discoverable mode.
- Have an acceptable use policy for applications. Applications are a big part of what owning a mobile device is becoming about… but they also can create a lot of issues, and they may present specific security risks. These applications can enable data theft, password theft, or other issues. If someone wants corporate data on their personal device, they may have to submit to some controls over what types of applications they run. If you are concerned about security, it may be important to limit the ability to load applications, or to require that applications loaded be vetted by IT first, as you can’t trust that the various places these come from (iPhone store, etc) can properly police all the applications presented to ensure that they don’t harbor malicious code or spyware.
Happy (mobile) computing!
Richard Brunke
The Catch Up Game
Normally I post about tech trends, but today I want to talk about what appears to be the beginnings of a business trend in the Puget Sound area. The fact is, the gloom seems to be lifting, and IT spend is coming back into the market at levels not seen for a while. Granted, much of this is driven by projects held off for, in some cases, several years too long, but the fact is, the economy no longer feels as much like the great black hole that may swallow businesses whole, and pragmatism is taking hold.
It is very difficult to know in real time where the bottom of an economy is, and when we are heading up or down, but at the end of the day, there are things we have to do to keep the doors open such as pay our employees, pay rent, and keep our computing infrastructure running. And more importantly, there comes a time when we realize that we don’t just want to keep the doors open, but we want to grow and thrive.
My experience is that many smaller businesses stretched their dollars by holding back on IT spend by holding off on upgrades and routine maintenance. This generally has little impact in the short term, but has an increasingly growing cost the longer you wait. As it has become increasingly evident that, while the business environment is challenging, it is still driven by the same requirements it always has, and putting off investment will hobble growth, productivity, and competitive advantage.
Due to this, project spend is on the rise, and rather rapidly. It’s the old catch up game as businesses realize that they are overdue for moving off of XP, for moving off of old versions of Microsoft Server or other core applications, and for updating hardware, upgrading networks, etc.
As all of this pent up demand hits the market, it becomes a bit of a feeding frenzy for qualified resources. As you plan for getting the help you need to catch up in IT, ask yourself a few key questions:
- Am I ready to increase my fixed costs in IT, or should this be variable project work?
- If I am ready to increase long term fixed costs, how do I do so in a way to maximize the quality of support and quantity of support I get for that spend?
- Have I kept up on technology offerings to the extent that I can make solid decisions regarding upgrades, changes, and purchases to ensure I don’t waste any money short or long term?
Make sure that you invest in IT the same as you would invest in any other aspect of your business; thoughtfully, carefully, and with foresight and after doing your homework.
This is a great time to slow down a bit and assess where you are in regards to your technology and your business needs. Slow down long enough to develop a plan for your IT spending and make sure you evaluate options. Otherwise, working from old upgrade plans may bring about wasting money on plans which are no longer appropriate from a business and technology standpoint.
It’s been great to see more energy and enthusiasm about IT spend, as it is part of a general increase in confidence in business, and often goes hand in hand with hiring. Just make sure you step back and validate your plans and realize that a small investment in planning now may save you a lot of money over the next few years, and, if in doubt, call us and ask for help!
Happy Computing!
Richard Brunke
Welcome to the new ISOutsource Website
Just a quick note to welcome everyone to the new site. We have been working for many weeks to develop a site that better reflects who we are as a company, and what we wanted to tell you, our prospective customers about us, and how we can help and support you. In many ways, you will see it is really about how you can be a happy, productive and supported computer user.
After all, at the end of the day, isn’t that the only reason you hire an IT provider?
I firmly believe that the more you know about ISOutsource, the more you will understand why we are the regions largest, and best, provider of outsourced IT services to small to medium business. We don’t sell software or hardware, or engage in any partnerships that put our ability to be objective and independant in our recommendations in jeopardy. That alone sets us apart, and that is just the beginning.
Please look around and read about our approach and how we can help you. I am proud of the site, and love the use of so many photo’s of our employees! While our approach is unchanged, and our dedication to providing the best service in the industry is unchanged, our site now reflects this in a way that will, perhaps, make these things more visible to those that don’t know us yet. Clearly, I, and the whole team, are proud of what we do, and pleased with our new site and how it reflects our values and objectives as a company!
And, as always
Happy Computing!
Richard Brunke
In: ISOutsource News
Who’s on First?
I was reading an article this morning entitled Rogue SaaS Is Alive and Kicking, IT Leaders and I found a few things very disturbing. The basic tenet of the article is that IT has become a bottle neck to line of business decision makers, who are, therefore, simply striking out on their own and making decisions to implement one-off solutions on their own.
I admit, my inner IT manager cringes at the long term implications of the addition of random computer applications being added across an organization without thought of data integration, security, and application interoperability. But, that isn’t really what I want to talk about.
No, the thing that really struck me was that IT is gaining a reputation for not being responsive, for being overly insular and not understanding the needs of the business. I can see how it happens… IT management often finds it easier to simply say ‘you don’t understand’ or ‘its not that simple’ and then moves on with their well planned approach to managing the technology bed of the company. You see, the day IT becomes ABOUT technology, it stops being about business, and we end up with this disconnect.
It is imperative that IT managers and departmental members keep one simple thing in mind -technology is a tool to enable business, nothing more. When running IT becomes about the tool, not the use of the tool and the satisfaction of the business users, it is time for a shake up. If IT departments don’t understand the business, and the users needs, they can’t design IT systems to serve these users and maximize the success of the business. IT best practices based on technical specs and industry standards may be well off the mark when it comes to what you want for your business, and how those systems support it.
As a business person, I try to never lose sight of what the role of IT is. It is critical that those systems provide the support my employees need to get their job done, and all IT plans should work backwards from business requirements. Any IT plan that does not have a direct tie to the business needs, or any plan that simply does not start with an assessment of the business and an understanding of the needs of the business managers and employees is doomed to long term failure.
Time to let go of the ‘its hard’ or ‘you don’t understand’ and embrace a business centric approach to IT. To have the right tools for the job, you must first know what that job is. Sounds simple, and yet, clearly, IT must continue to adjust and understand its role in the function of business. The days of servers and applications being the central hub around which business best practices are built are over.
So, go and spend some time talking to your IT team/provider today, and start evaluating if you truly have alignment between your business goals and your IT infrastructure. Otherwise, you may find yourself with business managers simply making decisions, and IT chasing around issues and cleaning up messes.
At the end of the day, IT is about ensuring users are happy and supported and that businesses are productive.
Happy Computing -
Richard Brunke
In: Uncategorized
Your Biggest Security Risk You Never Knew About
Sometimes you come across something and have one of those ‘really?’ moments. One would think that there are few big nasty surprises left in the world of digital security. Bad news and new leaks in the same old places sure, but surprises… no.
Well, here is a big surprise for you.
Your digital copier has a hard drive in it and keeps records of all documents scanned, copied, faxed, and emailed. Most every copier build since 2002 has a hard drive and retains this data. Think about the things you copy:
- Employee files with SS number, drivers licences etc
- Medical information
- Tax documents
- Personal letters
- Not to mention whatever body parts were copied at the last company holiday party
And when you are done with that leased copier, or you give away or sell your old owned copier, that content is available to whomever buys it. Apperantly we don’t know much about this, but identity thieves have long known of this opportunity. A recent story told of used copiers being purchased with hundreds of pages of medical information, pay stubs and payroll information, and even a list of targets for a major police drug raid.
Hippa and SoX compliance just went out the door.
There are software solutions such as InfoSweep that will completely wipe these hard drives. Alternatively, before sending off that old copier, have your service person remove the hard drive and give it to you. Pound it with a sledge hammer a few times, drill holes in it, or pound a few nails through it. Any of these will render it useless.
Perhaps most importantly, DON’T every copy private or sensitive material on a public facility copier! Any document you copy, fax, or email from one of the copy shop machines will leave behind a copy on that machines hard drive.
I am somewhat shocked that this is not commonly known, and even more shocked at the implications to compliance and data security. It is a gaping hole in the average companies data security plans, and really needs to be addressed. Talk to your copier service person, or IT staff or consultant and make sure that you have options available to destroy data on copier hard drives.
Happy (and safe) Computing!
Richard Brunke
What Do You Need to Know About Software as a Service (Saas)?
Every now and again I get questions about my companies position on SaaS, or for opinions regarding how it relates to our clients needs and how we will deliver services. I have long held that SaaS will not bring about a fundamental shift in services rendered by IT service companies, and won’t be a market dominating concept for some time.
First of all, from a services standpoint, SaaS moves software from on premise to off premise, but, it does not remove the need to administer that software and to support the users of that software. Many SaaS providers will try to capture those services by bundling them with their offering, but to be honest, that model is likely to involve a lot of off shore labor, and it is my belief that few companies will manage to deliver quality support services, and really will end up focusing on running their hosted applications and data centers. So, when folks ask how our business will be impacted by SaaS, the answer is, we will still do much of what we do today.
Beyond this, however, is the deeper question, and the more interesting side of this conversation: Is SaaS right for me?
Well, I have argued for some time, and wrote a white paper on this over two years ago, that SaaS has limited utility at this point. For very small companies with very simplistic computing needs, SaaS may provide a low cost of entry method to deliver basic applications to your employees. Very large enterprises are also seemingly fascinated with the thought of reducing hardware ownership costs and increasing flexibility by using SaaS for certain applications. However, at the end of the day, there are challenges with SaaS that limit adoption, and they are real, and significant.
And they are the same issues people were talking about when SaaS was just coming to gain visibility a few years back.
- Security
- Application Integration
- Data Migration
From a security standpoint (and more broadly a compliance standpoint), there are unresolved issues around everything from physical security of data centers to a lack of industry standards that companies can develop internal controls and security plans around. Data security is a hot button for most companies, and of course for the clients of those companies. As applications and the data they use is moved off premise and the control of physical security is lost, as is the ability to control the methods by which data is protected from a logical security standpoint, risks increase and business owners are faced with uncertainty regarding their ability to protect their intellectual property, as well as their client data.
Integration is perhaps one of the most troubling issues in my opinion. Many applications provide the most value when they integrate to other applications. When you log into your CRM, you expect it to be integrated with your Outlook Calendar. Microsoft Office software is integrated into many other applications, and many companies even have customizations that integrate with key applications to provide competitive advantage. All of these integrations become highly complex when dealing with SaaS, and expensive. When we consider that the entire purpose of our applications and data are so that we can execute our jobs effectively and efficiently, the thought of reducing our ability to integrate key applications and reduce efficiency and productivity seems pointless, and the savings associated with moving to a SaaS model may not be as robust as originally thought.
Finally comes data migration issues. This is a similar issue to application integration. If you are attempting to move to SaaS solutions for your financial applications and back office functionality (ERP) or your client and sales management software (CRM) you may find that cost and complexity of a SaaS implementation goes way up due to the complexity of migrating data. Additionally, data may be coming from data wharehouses served by multiple applications, and this adds another integration and data migration issue that is far more complex in a SaaS environment.
The pitch sounds so simple: don’t buy hardware, just pay a simple low monthly fee per user to get the applications you need delivered. It is a great idea, and it may indeed become part of the normal operating fabric of businesses in the next decade. However, there is much to be resolved before this comes true. Keep in mind also that hardware and storage manufacturers are always working to drive down costs and as those costs come down, the argument for savings by ‘renting computing space’ will be reduced.
At the end of the day, it is a balance between cost, control, and required functionality. Today, with relatively cheap storage and computing costs, coupled with unresolved issues regarding some pretty common issues around security, integration, and data migration, I’m of the mind that SaaS is not yet a viable solution for the majority of SMB’s. Perhaps if you simply recieve email and want your folks to be able to do simple spreadsheeting and simple use of word processing, then it makes sense, but even then, if these applications are delivered through the cloud, what happens when you can’t access the internet? Can any of us say we have 100% uptime with our local internet provider, or that we are confident that if there were downtime, we would be able to function and be fully productive without our key applications available? Just another thing to ponder.
Observe and educate would be my two key thoughts in regards to SaaS. There is value there, but today, there are also a lot of unanswered questions, and when it comes to our businesses and ensuring that we can run them, unanswered questions are not good.
I am optomistic that SaaS will bring value to the market as these issues are resolved, but not convinced that it will replace on premise computing in the majority of businesses any time soon.
Happy Computing!
Richard Brunke
Is Your iPhone Hackable?
Sometimes we find that new technology adoption rates can greatly exceed new technology maturation rates. In the case of the iPhone, while product is flying off the shelf, there may be some scary flaws needing resolution, and while I doubt any such issues will drive away the legions of fans, it is important to know what the risks are so you can protect your data.
The most recent security flap is, uncharacteristicly, not with the new version of Windows, but with the iPhone. Well the ’staggering’ truth may not be quite so scary as all of that, but it is an interesting and worthy story nonetheless. Basically, if you leave your iPhone lying around and someone who happens to have a laptop handy running Ubuntu “Lucid Lynx” 10.04 picks it up, they can bypass all security and see everything on your iPhone. Now, while that is sort of scary, it is a bit of a stretch to imagine hordes of potential hackers arming themselves with Linux laptops and hunting around for loose iPhones so they can see your vacation pictures.
Still, Apple needs to plug this flaw in its product. If you own one, don’t panic. If you see any questionable characters with well used laptops eyeing your iPhone while you sit at the Starbucks, don’t panic, don’t call the police, just think of it a bit like your wallet – if you leave it lying on the table, you are asking to lose the stuff in it. This is just another reminder that our mobile devices store things of value, just like our wallets, and deserve at least the same amount of care! Don’t leave them lying around, think about what you are storing on them, and for gods sake, don’t loan them to Linux OS weilding laptop owners!
Happy (mobile) computing!
Richard Brunke
Social Networking Services and the Workplace
For a long time, online social networking sites were considered taboo at work. IT departments blocked sites and management considered it a termination offense for employees to waste valuable company time perusing such sites, posting to them, etc.
Over the last several years, there has been a gradual change in attitudes as the reality that this is the new telephone and new water cooler combined. Employers have come to realize that these social media sites enable people to connect very efficiently, and are part of the framework of how people interact now, no different than hallway conversations or phone calls. Banning employees from all access to such sites is not only challenging (you control the computers, but what about that smart phone they have), but is also perhaps as lacking in sense as telling employees to not talk in the hallway, at the water cooler, or over the phone.
In many cases, not only social interaction happens on these sites, but actual business networking and communications is enabled. I am a user of Linked In as an example, and find it a handy place to track my ‘business cards’. All of my work contacts can live there, and I can let them know what I am doing, and what my business is doing. I find this very useful, and productive when I need a candidate for an open position, want to talk about ideas I have for my business, or just want to keep relationships healthy with my business network. Others use facebook or other such sites in much the same way.
With these realities sinking in, it has become more common to see employers not only look the other way, but encourage employees to contribute to company groups or accounts on such sites, which broadens the companies visibility as well as having positive impact on their search engine optimization (SEO).
But then came a new set of concerns; virus propagation and data security. We all know that viruses are the bane of modern computing civilization. And we know that viruses come from countless sources. But now we are learning that the developers of viruses are using the wide open lane into your computer known as the social networking site. Our favorite social networking site feels like home, we are off our guard and chatting with friends. We don’t think about the same precautions we take in opening emails. And we pay for it.
Perhaps worse are the uses our data is being put to. I’m not an activist, nor do I worry if someone knows that visit Amazon.com 10 times per week. But, when you consider the types of data we put into networking sites about ourselves, our habits, our homes, our families, our likes wants and needs… and then realize that these sites can collect this data and sell it aggregated or as individual details in some cases, it is a ‘whoa’ moment. After all, who would take all of their personal data and thoughts and simply put it on a billboard on the side of a busy freeway? Well, that is basically what tens of millions of people are doing.
So back to the original question/issue. What should you do as an employer? My opinion is that shutting down all such sites is foolish and will simply chase them to their portable devices, which are slower, but get the job done. In other words, keeping them off the PC at work just causes them to get their social networking done more slowly on your dime! It is a reality, and it is time to address it and set some parameters. Talk about the moose on the table! Set policies about such sites and their use that would be at the same level as policies around personal phone calls or social time at work. Help people set boundaries and hold them accountable for their productivity. If usage of certain sites is causing issues with internet throughput then discuss appropriate times to use such sites or sites which cause issues. Times are changing, and it is hopeless to stand against the current. Perhaps you may even find some benefits to such sites, and having employees use sites in a way that can also promote your business! Create a group on Linked In for your company and post articles and discussions! Link this to a facebook page for your business.
Heck, you may even want to set up a twitter account and tweet (though for the life of me I can’t post anything under 140 characters (I think my blog entries validate my desired level of verbosity).
Also remind employees (and yourself) that any data posted to social networking sites is likely to be public information. Also remind everyone to use ’safe computing’ practices and not randomly open links or download files if they don’t know what they are getting. The Internet is like a busy city – basically safe if you know the rules and behave responsibly, yet rife with potential dangers if you are unprepared or incautious.
Just watch young workers and teenagers and you will see a deep attachment to ‘being connected’ and using social media sites. This is the future, and they are the workers and buyers of the future. Isn’t that enough motivation to start the process of embracing rather than controlling social media sites and employee connectedness to them? After all, it is all about reaching out and being in touch and in contact. Isn’t that sort of a key component of doing business?
As always,
Happy Computing!
Richard Brunke
Should you Upgrade to Exchange 2010?
I know I talk a lot about these upgrade questions, but I think it is important to take a look at the real value behind an upgrade, and make a decision based on whether it makes sense for your business.
Fundamentaly, I can see two real reasons to upgrade any major system:
- There are features in the new version you want
- The new version will positively impact productivity or reduce costs
With Exchange 2010, there is a bit of each, depending on how you use it.
In terms of features, there are a few really interesting new features – my favorite being the voicemail preview function, that transcribes voicemails so you can quickly scan them in an email. I can’t think of how much time I would save with that function in addition to the times I am in a meeting and can’t listen to voicemail (I admit, I do email in meetings). There are also some handy changes coming in the Outlook Web Access, Archiving, and Compliance management that may be of interest to many types of users such as Public Companies, Doctors, and Lawyers.
As to reducing costs and improving productivity, I think that the improved I/O (input/output) capabilities are the big sell. Microsoft claims that 2010 will require 70% less disk I/O, which means a few important things. First of all, it means that in large data stores, you can use lower speed cheaper hard drives and still get excellent performance, and this can save relevant amounts of money. It also means that really huge inboxes will be much easier to manage with far fewer errors than has historically been true, and this is really relevant with lawyers for example, that often keep very large inboxes. I for one struggle with trimming my inbox all the time keep it within recommended best practices.
All in all, the world will all get to 2010 eventually. Adoption is often slow, and a rough economy does not help, but I for one see Microsoft really working to put interesting and value added features into their most recent spate of releases (Windows 7, Office 2010, and now Exchange 2010) that will help speed up adoption. For many users, the new features and potential increased productivity make this a smart move!
5 Things I’ve Been Thinking About
A lot bouncing about in the head today, and I wanted to touch briefly on a few topics that may be worthy of looking into and thinking about for all of you SMB owners/managers out there.
- Mobile enabled websites. I have heard surprisingly little talk about preparation from SMB’s to have mobile enabled web sites. Sure, Amazon has it, Ebay has it, but what about you? As more users search from a mobile device, you are going to be losing customers if they can’t display your website properly on their device of choice. I’m not going into options here, just do a web search for options… but the point is, have SMB business owners realized the criticality of mobile search and web display?
- All in one mobile devices versus specialty devices. This is a personal one for me (iPad versus Kindle) as well as a question of maximizing mobile productivity for workers. Multiple use devices do many things fairly well, making them convenient for users who want to limit the number of devices they have to haul around… but, are we losing out on productivity and the benefits of specializations. I fall into the camp of wanting my device to be really good at a few things. The important thing is to know what are your have to haves, and your nice to haves. Buy to meet the have to haves, and don’t let sexy, but unimportant bells and whistles take you off task!
- Data management. Data is being created at levels that will double itself every three years I’ve read. Amazing if you think about it. Wait, no, terrifying if you think about what it means and how we can get at that data. Traditional indexing and searching methods just won’t cut it over time. Fortunately for most of us, we don’t have to worry about worldwide data creation and storage, but we should worry about our own data proliferation and how easily we will be able to access that data and use it in the future. Have a data plan! If you don’t, or don’t know where to start, do some research and make sure that you are planning long term when thinking about database architecture and discussing data warehousing with your IT department. It just looks like a train wreck coming to me… but we have a little bit of time to correct this one.
- The costs of IT spending cut backs. What? That sentence seemed to not make sense, I know, but what I am referring to is the looming costs of hardware replacements and software upgrades that have built up due to continued putting off of IT spend due to economic fears. I know we are seeing an increase in complete failures of old servers, and maintenance costs of the same. Now is a good time to get a read out on where you are with your infrastructure – how old is it, what are the risks? Some investment now may save more dollars later, and more importantly, it may save downtime, and the one thing most companies can’t afford now is productivity loss. Just think on this – that four year old server that made IT nervous before the economy dropped out is now coming up on 6 years old. Sadly, unlike wine, IT infrastructure does not improve with age.
- What about green IT for SMB’s? There is lots of talk about green initiatives for large corporations, where green IT initiatives can convert to large dollar savings, but what about those SMB’s who simply want to do the right thing, even though they may not save those big bucks? Do a web search, and you will find surprisingly little relevant information. Despite this, there are some simple things we can all do and be thinking about to be more eco-friendly. Think about ways to reduce printing – this is a huge opportunity, as it’s not just about the paper, but about the printer, the consumables, the paper, the electricity, and the entire downstream creation and shipping process of all of these things. Find ways to reduce travel through the use of web meetings technology. There are dozens of little common sense approaches to being eco-friendly. Maybe we don’t need anyone to tell us how to save the world. We likely have many of the answers, but we have to implement them!
Well, there is my brain dump for the day. Five snippets to think about and talk about with your IT department. The world is shifting under us in so many ways, it is easy to miss things. Now I have to go and think a bit more about how some of these issues impact my business (does that website render well on a mobile device? Ugh… I don’t think so). Well, we all have things to work on!
Happy Computing!
Richard Brunke
In: Uncategorized
