Archive for the ‘Advertising’ Category

Top 10 Security Risks Found by Your Auditor

February 21st, 2013
Posted by: admin

GUEST BLOG

By Sarah Morris
KirkpatrickPrice

At KirkpatrickPrice, we strive to provide the proper assurance and resources to help our clients maintain security within their organization.  Recently, we held a client webinar focused on the “Top Ten Security Risks” that your auditor finds during your auditing process.  Below is a summary of the most common risks that we find.

1.      No Formal Policies and Procedures

Formal guidelines of policies and procedures help provide your employees with clarity of what’s expected of them.  They define the accountability for each employee and also establish necessary training. Information security policies are mandated by the FTC Safeguards Rule, PCI Data Security Standards, and the HIPAA Security Rule. This means they are mandatory.

2.      Misconfigurations

Standards need to be applied consistently. Organizations should utilize benchmark configuration standards from a recognized entity such as: Center for Internet Security (CIS), International Organization for Standardization (ISO), SysAdmin Audit Network Security (SANS) Institute, and the National Institute of Standards Technology (NIST).

3.      No Formal Risk Assessment

Assessment should cover assets that are critical to your enterprise to continue business operations for the following: hardware, software, human resources, and processes (automated or manual). Some important things to consider when thinking about risk assessment are the threats to your assets as well as the likelihood of vulnerability being compromised. Threats can be both internal (employees or third party contractors or partners) as well as external (natural events or social engineering). Developing a proper risk assessment can help to mitigate potential risks that you face.

4.      Undefined Incident Response

It is always important to have clear instructions on reporting procedures when determining incident response. It is suggested to build a culture within your work environment that encourages reporting of all incidents the moment they present themselves.

5.      Lack of Disaster Planning

Disaster planning is important in a situation where written plans were available for others to follow in the event that key personnel are not available. A business impact analysis can help quantify what level of redundancy is required for disaster planning. Proactive arrangements should be made to care for the staff and to communicate with third parties. Walkthroughs and training scenarios can benefit organizations so employees are properly prepared in the event of a disaster.

6.      Lack of Testing

The concept of testing applies to all areas of your security. If your security is not tested, there is no way to determine whether or not vulnerabilities are present.

7.      Insecure Code

Developing secure coding is something we find lots of companies struggling with. To develop secure coding, training must be implemented as well as specific development standards and quality assurance.

8.      Lack of Monitoring/Audit Trails

Log Harvesting, parsing, and alerting methods must be determined to efficiently deal with massive event logs. The responsibility for review must be formally assigned as part of daily operations.  Audit trails should be stored in such a way that system administrators cannot modify without alerting someone with and oversight role.

9.      Data Leakage

Some things we often forget are where the data is located and how long should it be retained? How is encryption implemented and verified? How is access to data granted and audited?  These things are all very important, and if not corrected, can keep you from complying with federal and industry standards and regulations.

10.  Lack of Training

A lack of training can prove to be a striking blow to the security of your organization. Employers should recognize the importance of properly training all employees on safety and security best practices. Standards and guidelines should be clearly set and determined in each organization. Several training opportunities are offered through KirkpatrickPrice to properly train you and your company on the basics of security awareness, awareness for managers, awareness for IT professionals, and awareness for credit card handling.

Determining your individual risks is the first step toward the mitigation process.  Maximum security of your sensitive information is KirkpatrickPrice’s number one priority.

If you’re ready to get started with your assurance process, you’ve come to the right place. We’re ready to help. Let’s work together.

Sarah Morris is a technical writer for KirkpatrickPrice, a provider of world-class audit services. Visit www.kirkpatrickprice.com.

 

TAGS:

CATEGORIES:

No Comments »

Disasters Happen. Is Your Business Ready?

February 14th, 2013
Posted by: admin

 

By Laurie Head
AIS Network Vice President

Preparing for an emergency is a key factor to business continuity after a disaster. Wherever the threat comes from – whether it’s physical, virtual, network failure or cybercrime-related – it’s important that your business is equipped to deal with the problem.

In fact, the U.S. Department of Labor estimates that over 40 percent of businesses never reopen following a disaster.  And, when we consider these potential consequences, it’s important that you have a disaster preparedness plan ready.

We consulted Cindy Bates, Microsoft US SMB Vice President, for some tips.  As you create your business continuity plan, she recommends that you keep in mind the following:

Communication strategy.  Make a plan about how you will communicate any disaster and its impact on your internal and external audiences.  Remember that 40 percent of businesses will never reopen following a disaster.

Financial management. Ensure that you can still access your company accounts, pay bills on time and make the payroll.

Data backup.  Keep your company information safe by backing up assets and storing a copy offsite on a regular basis.

Cloud-based software. Move software to cloud-based versions of the programs that you use today.  This acts as a great alternative to data backup and enables your employees to have access to email, important documents, contacts and calendars – anytime and from virtually anywhere.

Technology updates.  Maintain vigilance when it comes to keeping your technology updated with security patches to safeguard your network against the latest threats.

Your digital assets are extremely important to business continuity in the aftermath of a disaster.  Do you need help protecting them?  Contact us for a free assessment.

TAGS:

CATEGORIES:

No Comments »

Why Email Archiving?

August 3rd, 2012
Posted by: admin

 

By Laurie Head
AIS Network Vice President

Why email archiving?  Well, from the knowledge management perspective, valuable information is contained within our everyday email conversations, and yet that vast knowledge repository is typically not documented or stored using any formal means or framework.  Email archiving solves this problem, especially if it is designed with simple yet robust search capabilities.

email archiving

Email archiving addresses legal readiness and regulatory compliance needs, among other business requirements.

However, information archiving also addresses several key business requirements, particularly for enterprises.  To start, consider:

  • legal discovery readiness
  • regulatory compliance
  • email storage optimization

Being prepared for legal discovery and regulatory events means knowing where data is stored and being able to collect, search, and retrieve that data in a short period of time.

Organizations must also be able to establish and enforce policies, which reflect specific regulatory and geographic market requirements that align with internal information governance strategies. When managed improperly, exposure to legal and compliance risks can be significant and challenge an organization’s ability to defend its processes. This can lead to costly fines, guilty verdicts and damaged reputations.

Also, keep in mind that because regulations mandate that data must remain in its original state (native format), robust search capabilities are needed.  An archive provides a centralized, searchable repository that provides end users with access to historical information.  We believe that this access should be simple and intuitive, with a familiar user experience that fits existing work habits and enables greater productivity.

Finally, an information archive should address all of these requirements while also supporting the dual IT objectives of centralizing email storage and reducing the cost and management complexities of exploding data volumes — both within managed systems as well as in the wild.

AISN has recently introduced a new cloud-based offering for enterprise email archiving — one that has a variety of attractive features, especially if you need to meet high compliance standards.  AISN’s next generation email archiving, Proofpoint Enterprise Archive™, offers a proven email archiving solution architected explicitly for the cloud.  It features ultra-rapid parallel email search capabilities for discovery, DoubleBlind Encryption™ as the industry’s only email archiving solution to secure against hacking or legal challenges, and unlimited storage with straightforward flat-fee pricing.

Read more about our new email archiving solution on our site’s email archiving page; it’s also briefly highlighted in our disaster recovery section.  Because we price email archiving on a case-by-case basis, you won’t find a pricing guide, so please be sure to contact us for a free quote.

TAGS:

CATEGORIES:

2 Comments »

Slow SharePoint Server? If your SharePoint Loads Slowly, This May Be Why.

July 9th, 2012
Posted by: admin

 

By Terry Engelstad
MCP, MCSE, CCNA, MCDBA, MCTS, MCITP
AIS Network Operations Manager

Is your SharePoint Server running slow?

Recently, a client emailed to say that he was noticing large slowdowns in connecting to their SharePoint server at AISN.  It seems to be happening nightly and intermittently throughout the day, he said.  Specifically, his issues were:

  1. SharePoint content loads slowly
  2. Uploading/ downloading from SharePoint is impossible (speeds come to a crawl at less than 5KBps)
  3. Remoting in to the SharePoint server is very slow

He asked what could be causing a slow SharePoint Server and SharePoint SQL Server.  Here’s the problem in his case.

The servers, in general, are starving for memory.  The hypervisor on which they reside (XYZ1) has only 74 MB of free memory.  Microsoft recommends not dropping below 2 GB of free memory on a hypervisor.

See the image below for XYZ1 (real names changed to protect client).

Slow SharePoint

As I explained to our client, the server “SharePoint” has 0 free memory and is warning that it needs more.  It looks like the vast majority of the memory on SharePoint is being consumed by w3wp.exe – IIS Application Pools. This would certainly contribute to slow web page rendering.  And with 0 free memory, anybody who remotes into it will take more memory away from the Application Pools, thereby making it slower.

In our client’s case, the server “SharePointSQL” is grossly overtaxed.  I count 68 databases defined and live.  This is way, way too much for a SQL Server with only 8 GB of memory.  The Microsoft recommendation is 8 GB of memory for a lightly used SharePoint Foundation Farm and 16 GB for a lightly used SharePoint Server Farm.

This level of memory, combined with the number of databases, will create very small page caching (perhaps not even caching at all).  This will seriously degrade the speed of uploading documents.

As you may or may not know, SharePoint stores all documents as Binary Large Objects (BLOBs).  In order to properly convert, for example, a Word document to a BLOB, it must cache the entire uploaded document somewhere before it can go through the conversion to a BLOB. So again, small or non-existent cache, means real slow upload and download times, among other slownesses.

In this case, adding more memory is the solution to a slow SharePoint Server.   However, a SharePoint private cloud would be an ideal approach – one that allows for the flexibility and scalability this client needs to accommodate growth smoothly.

TAGS:

CATEGORIES:

3 Comments »

AISN’s Redundant Power and Connectivity Protect Customers From Power Outages in Aftermath of Massive DC Storm

June 30th, 2012
Posted by: admin

By Jay Atkinson
AIS Network CEO

data center reliability

Unplanned outages are costly. Redundant power and connectivity are critical values that managed hosting providers offer.

Can the AIS Network data center reliably maintain data availability when a massive storm hits?  Yes!

Last night, the Washington, DC, metropolitan area suffered a massive, highly destructive storm replete with high winds, thunder, lightning and heavy rains.  This afternoon, more than 1.3 million households and businesses across the area are still without power.  In fact, power company officials are predicting a “multi-day outage.”  All this bad news comes in the middle of a heat wave when weather forecasters are calling for dangerous heat levels and still more storms.  We sympathize with those who are still without power and who have suffered property loss.

Last night’s storm, which crippled many businesses with a primary utility power outage, underscores why it’s tremendously advantageous to host your mission critical data in an SSAE 16 Type II-compliant data center.  Outages are costly.  Customers don’t really care if there was a storm, an earthquake, a rolling blackout or some other issue responsible for an outage.  They  simply expect perfect availability of and connectivity to their data, and that is understandable.

Reliable, redundant power and redundant IP connectivity are two of the most important safeguards that a managed hosting provider can offer its customers, especially when a natural disaster strikes.  Yet, what many hosting providers offer falls short of that.  AIS Network’s Tier III data center in Virginia came through with flying colors and kept our customers’ data up and running.  No hiccups, just solid availability.

Choosing to move your mission critical applications and data from an on-premise hosted environment to a fully managed hosted environment within a secure data center definitely makes good economic sense but it’s also a decision that provides for more reliable protection against power and Internet connection outages.  That’s a critical value proposition.

Managed hosting support systems must be predictably available, and system availability is only as predictable as the availability of power to those systems.  When you host your data in AISN’s data center, you are choosing to add a level of built-in redundancy for failover protection during common and extreme conditions.  AISN facilities are designed for redundancy and high availability of power to our clients’ critical server systems, and high density Internet connections.  Clearly, to build this sort of environment for your data on-premise would be cost-prohibitive.

Some data centers promise redundant/ backup systems, but nonetheless, it’s still very important for a prospective customer to confirm precisely what that promise entails.  In some cases, a physical inspection may be necessary or advisable.  If you’d like to learn more about AISN’s data centers or take a technical tour, please contact us.

TAGS:

CATEGORIES:

5 Comments »

Choosing a Hosting Provider: 20 Questions to Ask Yourself

May 26th, 2012
Posted by: admin

By Laurie Head
AIS Network Vice President

Choose a provider based on its ability to provide a cost-effective architecture and high-quality customer experience for your envisioned use case.

—Gartner, Inc., “Magic Quadrant for Web Hosting and Hosted Cloud System Infrastructure Services”

So, you’ve decided to outsource your hosting.  How do you choose a provider?  It’s a bit tricky, so think carefully.

Your IT is mission-critical and that’s why selecting the right hosting provider is crucial to your business’ success.  There are a number of key considerations to keep in mind when you are evaluating a hosting provider as a potential IT partner for your organization.

Peace of Mind

Okay, this photo may be a little over the top, but you get the point. Price isn't everything. Confidence and peace of mind is. Choose the right hosting provider, and you'll rest easy.

Keep in mind that the relationship you have with the IT provider you invest in and work with will be an intimate one, so it’s important that you’re comfortable will their ability to deliver “mission-critical confidence” on multiple levels.

Ask yourself:

  1. How long has the company been in business?  Will it be around in five years?
  2. Is the company profitable and financially sound?
  3. What is the company’s reputation for customer service and which experts will be on your business account team?
  4. Are they actively listening to you and working with you to understand your specific requirements?
  5. Do they provide unlimited 24x7x365 support or is it fee-based?
  6. Have they gone through the SSAE 16 audit and are they certified?
  7. What is the quality of the company’s data center? Its infrastructure? Its networking?
  8. What type of security will they provide and are they capable of installing patches quickly when faced with a security threat?
  9. What type of hardware will be used to host your business?
  10. Do they actually deliver everything that they guarantee (uptime, reliability, etc.)?
  11. Do they offer a range of hosting services that will meet all your needs?
  12. What are their capabilities for developing a disaster recovery program?
  13. Do they support the compliance standards that are important to your business?
  14. Are they actively investing in upgrading and growing their infrastructure?
  15. Are they actively investing in new product offerings and services?
  16. What monitoring portal do they offer their customers?
  17. What are their backup and reporting policies?
  18. Are they helping you to understand fully the costs, including any “fine print” items?
  19. Are they committed to helping you grow your business and your brand?
  20. Will you be able to sleep at night with 100% confidence that your IT infrastructure is in good hands?

If you are not asking the right questions, you will not get the specific information you need to make an informed decision about your hosting solution. Once you’re confident that you have greater knowledge about the hosting provider, you can move to the next phase, which includes getting a quote that you understand and checking the company’s references.

In the end, is “price” what counts?  No, your hosting provider selection should be not solely based upon the pricing quote but rather based upon a unique combination of features and services offered at a price that’s right for your business.

Remember, this is a mission-critical decision that you need to feel good about, and the hosting provider you choose should make you feel 100% confident.

Need help defining your technical criteria for hosting?  Having a tough time writing an RFP?  Let us know.  We’ll be glad to lend a hand.

TAGS:

CATEGORIES:

No Comments »

Boosting PR Agency Productivity: Cutting-Edge IT Tools and Cloud Hosting

October 21st, 2011
Posted by: admin

By Laurie Head
AIS Network Vice President, Marketing Communications

I’m hooked on the idea of boosting PR, marketing and advertising agency productivity through unified communications, collaboration platforms and cloud computing.  As a former PR executive specializing in tech PR for a large, global agency and later a DC-based boutique firm, I can see clearly how each of these cutting-edge technologies will provide a tremendous shot in the arm to the public relations, marketing and advertising industries.  In fact, I talked about it in my multi-media presentation, “Unlocking the Business Value of New Technologies,” at the Public Relations Society of America’s 2011 International Conference in Orlando this week.

In this new economy, if you cannot collaborate, you’re toast.  Gone is the super-competitive mentality of the 1990s.  As they adapt to changing markets, clients and employees, PR agencies are finding that they need to evolve from competitive to collaborative cultures.   But to do that, they need to think critically about the IT that they use and how to migrate their company toward more collaborative technologies.

Preferences for communicating change over time and that’s highly evident in this very cool video from Accenture (“Cloud Computing Here and Now – Our Youngest Experts Explain the Cloud”), which I used in introducing my topic at the PRSA 2011 International Conference.  The point is that regardless of whether they’re in the B2B or B2C space, companies that want to compete for customers as well as the newest, best talent must figure out how to get with the times and equip themselves with the technology they need to communicate anywhere, anyplace and anytime.  As communicators, “being social” is no longer just another prerequisite for getting along in our jobs.  Rather, we are currently experiencing a fundamental shift in how we interact with the world, and essentially, in how we get the information that we need in a global marketplace.

The goal of my talk was to allow attendees to walk out of the presentation knowing enough to at least recognize their own business challenges and begin a dialogue with their IT department about how to solve those issues.  To do that:

1)     We explored the most common business challenges in a PR agency today:  remote communications, collaboration and aging, vulnerable servers.  For the benefit of those who requested them, here are links to the videos that I used to illustrate those business challenges:

2)     Next, we surveyed briefly the corresponding IT solutions that are, in fact, transforming the workplace and saving businesses money:  unified communications, collaborative platforms and hosting/ cloud computing.

I recommended Microsoft Lync 2010 (unified communications) and Microsoft SharePoint 2010 (collaborative platform), but there are plenty of competitors, whom I also mentioned in my slides.  I demonstrated the value of Lync 2010 and SharePoint 2010 in specific cases (content management, automated workflows, business intelligence, internal networking and more) and used video testimonials from customers to illustrate how these technologies benefit productivity and cut costs:

Then, I offered a brief look at two more detailed case studies: global PR agencies Edelman and Fleishman-Hillard.  I particularly like the Fleishman-Hillard case study because it shows a forward-thinking agency using SharePoint 2010, plus a Web 2.0 application called Newsgator, to build its employee community through very robust, intra-agency social networking.

Following, we looked at a couple of raw video clips (fire in a server closet) and (sprinklers flooding a server room) and discussed how vulnerable these server rooms – or closets, as they may be – are to any number of natural or man-made disasters (not to mention spilled beverages).  I guided attendees through the decision process for kicking their aging servers out of the office and examining other hosting options.

Moving to a professionally managed, hosted environment in a secure data center – whether to a dedicated server environment or a cloud environment – is the way most businesses are going, according to industry analysts.  Industry analyst Gartner, Inc., projects that by next year, a fifth of businesses will not own any IT assets; at least 35 percent of U.S. midmarket businesses (100 to 999 employees) will purchase cloud computing and IT utility services.

What is cloud computing anyway?  For this part of the presentation, “Cloud Computing in Plain English” was a useful video to show.

We examined the benefits and challenges of hosting in-house and outsourcing, after which I answered the questions, “When is on-premise best?” and “When is the cloud best?”  I provided a detailed decision matrix for attendees to share with their IT department.

3)     Finally, we discussed how to measure success/business value, including return on investment (ROI),  return on objective (ROO), increased productivity, increased flexibility/ scalability, more time to focus on business and staff/stakeholder qualitative feedback.

To help PR, marketing and advertising agencies upgrade their IT and move into the 21st century, there are a litany of tools and applications – certainly many more that are specifically designed for enterprise-sized organizations.  Now that the year is drawing to a close, public relations, marketing, advertising and other communications professionals should evaluate seriously the IT tools they will need to communicate, collaborate and engage in the global marketplace next year.  Everybody wins when they use better tools like Lync 2010, SharePoint 2010 and cloud computing.  PR agencies benefit from greater productivity at a cost savings – not to mention happier clients and employees.

If you are in an agency currently, I would be interested in hearing what your agency is doing to address these business challenges.

PRSA, thanks for another great international conference!

TAGS:

CATEGORIES:

4 Comments »