Archive for the ‘Nonprofits and Associations’ Category

« PREVIOUS

Top 10 Security Risks Found by Your Auditor

February 21st, 2013
Posted by: admin

GUEST BLOG

By Sarah Morris
KirkpatrickPrice

At KirkpatrickPrice, we strive to provide the proper assurance and resources to help our clients maintain security within their organization.  Recently, we held a client webinar focused on the “Top Ten Security Risks” that your auditor finds during your auditing process.  Below is a summary of the most common risks that we find.

1.      No Formal Policies and Procedures

Formal guidelines of policies and procedures help provide your employees with clarity of what’s expected of them.  They define the accountability for each employee and also establish necessary training. Information security policies are mandated by the FTC Safeguards Rule, PCI Data Security Standards, and the HIPAA Security Rule. This means they are mandatory.

2.      Misconfigurations

Standards need to be applied consistently. Organizations should utilize benchmark configuration standards from a recognized entity such as: Center for Internet Security (CIS), International Organization for Standardization (ISO), SysAdmin Audit Network Security (SANS) Institute, and the National Institute of Standards Technology (NIST).

3.      No Formal Risk Assessment

Assessment should cover assets that are critical to your enterprise to continue business operations for the following: hardware, software, human resources, and processes (automated or manual). Some important things to consider when thinking about risk assessment are the threats to your assets as well as the likelihood of vulnerability being compromised. Threats can be both internal (employees or third party contractors or partners) as well as external (natural events or social engineering). Developing a proper risk assessment can help to mitigate potential risks that you face.

4.      Undefined Incident Response

It is always important to have clear instructions on reporting procedures when determining incident response. It is suggested to build a culture within your work environment that encourages reporting of all incidents the moment they present themselves.

5.      Lack of Disaster Planning

Disaster planning is important in a situation where written plans were available for others to follow in the event that key personnel are not available. A business impact analysis can help quantify what level of redundancy is required for disaster planning. Proactive arrangements should be made to care for the staff and to communicate with third parties. Walkthroughs and training scenarios can benefit organizations so employees are properly prepared in the event of a disaster.

6.      Lack of Testing

The concept of testing applies to all areas of your security. If your security is not tested, there is no way to determine whether or not vulnerabilities are present.

7.      Insecure Code

Developing secure coding is something we find lots of companies struggling with. To develop secure coding, training must be implemented as well as specific development standards and quality assurance.

8.      Lack of Monitoring/Audit Trails

Log Harvesting, parsing, and alerting methods must be determined to efficiently deal with massive event logs. The responsibility for review must be formally assigned as part of daily operations.  Audit trails should be stored in such a way that system administrators cannot modify without alerting someone with and oversight role.

9.      Data Leakage

Some things we often forget are where the data is located and how long should it be retained? How is encryption implemented and verified? How is access to data granted and audited?  These things are all very important, and if not corrected, can keep you from complying with federal and industry standards and regulations.

10.  Lack of Training

A lack of training can prove to be a striking blow to the security of your organization. Employers should recognize the importance of properly training all employees on safety and security best practices. Standards and guidelines should be clearly set and determined in each organization. Several training opportunities are offered through KirkpatrickPrice to properly train you and your company on the basics of security awareness, awareness for managers, awareness for IT professionals, and awareness for credit card handling.

Determining your individual risks is the first step toward the mitigation process.  Maximum security of your sensitive information is KirkpatrickPrice’s number one priority.

If you’re ready to get started with your assurance process, you’ve come to the right place. We’re ready to help. Let’s work together.

Sarah Morris is a technical writer for KirkpatrickPrice, a provider of world-class audit services. Visit www.kirkpatrickprice.com.

 

TAGS:

CATEGORIES:

No Comments »

Disasters Happen. Is Your Business Ready?

February 14th, 2013
Posted by: admin

 

By Laurie Head
AIS Network Vice President

Preparing for an emergency is a key factor to business continuity after a disaster. Wherever the threat comes from – whether it’s physical, virtual, network failure or cybercrime-related – it’s important that your business is equipped to deal with the problem.

In fact, the U.S. Department of Labor estimates that over 40 percent of businesses never reopen following a disaster.  And, when we consider these potential consequences, it’s important that you have a disaster preparedness plan ready.

We consulted Cindy Bates, Microsoft US SMB Vice President, for some tips.  As you create your business continuity plan, she recommends that you keep in mind the following:

Communication strategy.  Make a plan about how you will communicate any disaster and its impact on your internal and external audiences.  Remember that 40 percent of businesses will never reopen following a disaster.

Financial management. Ensure that you can still access your company accounts, pay bills on time and make the payroll.

Data backup.  Keep your company information safe by backing up assets and storing a copy offsite on a regular basis.

Cloud-based software. Move software to cloud-based versions of the programs that you use today.  This acts as a great alternative to data backup and enables your employees to have access to email, important documents, contacts and calendars – anytime and from virtually anywhere.

Technology updates.  Maintain vigilance when it comes to keeping your technology updated with security patches to safeguard your network against the latest threats.

Your digital assets are extremely important to business continuity in the aftermath of a disaster.  Do you need help protecting them?  Contact us for a free assessment.

TAGS:

CATEGORIES:

No Comments »

Understanding Cloud Deployment Models

November 27th, 2012
Posted by: Donna Hemmert

By Donna Hemmert
AIS Network Vice President, Strategic Development

Public Cloud, Private Cloud or Hybrid Cloud?  Which one is for me?

First of all, let’s define the Cloud.  A Cloud is a consolidation of hosted computer services (storage, computing power) and is delivered as a service.

Cloud services are often fully managed by the provider and are usually sold based on usage (for example, per hour or even by the minute). One of the main benefits of the Cloud is that it is elastic, allowing organizations to use as much resources as they need.  They can easily add or reduce those services without the need to deploy equipment.  This can be really useful in situations where companies have a project (for example, a development project or marketing promotion that requires a special new temporary website) or their business has a lot of associated seasonality (i.e., they need more computing resources for the Christmas season).  In that case, a company can call a company such as AISN and simply request another “virtual machine” or more storage.

Many of our customers like the cloud model also since they don’t have to put out upfront capital for equipment and software, but instead can pay a set amount each month.  It’s more predictable and it is captured as an operational expense, which can be beneficial.

As for the deployment models, here are the main types of Cloud:

  • Public Cloud is a cloud that is available to all customers and these customers share the resources of the cloud.  Examples of public clouds are Amazon AWS, Microsoft Azure  and Google Cloud.
  • Private Cloud allocates resources to be used solely by your organization from a shared infrastructure.  Your data is stored in dedicated, segregated silos.  With Private Cloud, adding more storage or CPU is easy and often instantly available.
  • Dedicated Private Cloud is a cloud infrastructure built solely for your organization’s use – with all services and hardware dedicated to your organization.  Some organizations prefer dedicated private cloud for additional security but the down side is that there are reduced economies of scale. That being said, adding and reducing computing resources is much easier to do as with any cloud.
  • Community Cloud shares infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.).  This allows the community to customize the cloud based on these concerns and spread the cost – making it generally more cost effective than a private cloud, but less so than a public cloud.
  • Hybrid Cloud is a combination of more than one cloud type.  For example, you can combine a private cloud with a public cloud.  This will give you benefits of more than one deployment model.  Often an organization will deploy hybrid clouds to provide the flexibility of in-house applications with the fault tolerance and scalability of cloud-based services.

 

TAGS:

CATEGORIES:

No Comments »

Going Green with Cloud Computing

August 8th, 2012
Posted by: admin

 

By Julia Uglietta
Associate, Marketing and Sales

“Going green” is a phrase that has become increasingly popular over the last decade.  Among many businesses, it has become a major focus to become more green by becoming less wasteful and paying more attention to the environment when making decisions about products, resources, and energy consumption.   At the same time, the use of cloud computing has also taken off recently. And although both movements are not directly associated with one another, there are a number of green benefits that come along with cloud computing.

“The cloud” is a metaphor for the Internet that may connote a strong impression of nature and the sky.  And, while nature may not be the underlying purpose of this new technology, the cloud is fairly associated with environmental stewardship.

Cloud Computing giving off a green advantage today

The Cloud is already a symbol representing nature and the sky, and while nature may not be the underlying purpose of this new technology, the cloud is fairly associated with environmental stewardship.

First, cloud computing is all about extending your existing IT capabilities and capacity on the fly without the hassle of investing in new infrastructure, licensing new software, training new staff and so forth.  That’s a pretty good value proposition, especially when you consider that moving to the cloud might lead to IT cost savings as well.

Now, factor in the energy savings and resource conservation that you may achieve by using cloud computing as an energy efficient approach to data center consolidation.  Cloud hosting providers are increasingly becoming competitive about their eco-friendly status and rightly so.  More data centers are doing all they can to make their building and hardware as energy efficient as possible. Their facilities are being designed with power conservation in mind as well as energy efficient hardware and equipment, and cloud providers are promoting environmentally conscious internal programs and policies (such as recycling bins, green certified office cleaners, employee education programs, etc.).  Also, with cloud computing, server virtualization makes datacenters more agile by enabling more efficient use of existing software and hardware resources. Less hardware leads to less waste and reduced power demand/ energy consumption.  In this way and others, “less is more” can finally be accomplished through cloud computing.

And, that is also evident in the workplace.  For example, since some businesses are moving to cloud-based virtual desktops, they can cut down on the number of devices they need. One physical machine can now be configured to access multiple different desktops.  Moreover, the cloud has also enabled a new wave of telecommunicating and video conferencing.  This is clearly saving time, money and energy. With fewer people having to travel to a physical location, less energy is being used in the daily work routine.

It’s important to remember that cloud computing environmental benefits go hand in hand with economical benefits as well.  In the Forbes article, “Cloud Computing’s Hidden Green Benefits,” the author states, “By 2020, [the Carbon Disclosure Project] estimates large US companies that use cloud computing can achieve annual energy savings of $12.3 billion and annual carbon reduction equivalent to 200 million barrels of oil.”

Many hosting companies are making it their mission to become as green as possible and still more is yet to come from the industry.  For our own part, we take the environment seriously.  While we don’t claim to have all of the answers, we are committed to doing our part, daily, to foster eco-friendly leadership and contribute to making this industry greener.  Cloud computing will continue to grow rapidly throughout the decade, and hopefully, the green benefits will only increase with it.

TAGS:

CATEGORIES:

No Comments »

Why Email Archiving?

August 3rd, 2012
Posted by: admin

 

By Laurie Head
AIS Network Vice President

Why email archiving?  Well, from the knowledge management perspective, valuable information is contained within our everyday email conversations, and yet that vast knowledge repository is typically not documented or stored using any formal means or framework.  Email archiving solves this problem, especially if it is designed with simple yet robust search capabilities.

email archiving

Email archiving addresses legal readiness and regulatory compliance needs, among other business requirements.

However, information archiving also addresses several key business requirements, particularly for enterprises.  To start, consider:

  • legal discovery readiness
  • regulatory compliance
  • email storage optimization

Being prepared for legal discovery and regulatory events means knowing where data is stored and being able to collect, search, and retrieve that data in a short period of time.

Organizations must also be able to establish and enforce policies, which reflect specific regulatory and geographic market requirements that align with internal information governance strategies. When managed improperly, exposure to legal and compliance risks can be significant and challenge an organization’s ability to defend its processes. This can lead to costly fines, guilty verdicts and damaged reputations.

Also, keep in mind that because regulations mandate that data must remain in its original state (native format), robust search capabilities are needed.  An archive provides a centralized, searchable repository that provides end users with access to historical information.  We believe that this access should be simple and intuitive, with a familiar user experience that fits existing work habits and enables greater productivity.

Finally, an information archive should address all of these requirements while also supporting the dual IT objectives of centralizing email storage and reducing the cost and management complexities of exploding data volumes — both within managed systems as well as in the wild.

AISN has recently introduced a new cloud-based offering for enterprise email archiving — one that has a variety of attractive features, especially if you need to meet high compliance standards.  AISN’s next generation email archiving, Proofpoint Enterprise Archive™, offers a proven email archiving solution architected explicitly for the cloud.  It features ultra-rapid parallel email search capabilities for discovery, DoubleBlind Encryption™ as the industry’s only email archiving solution to secure against hacking or legal challenges, and unlimited storage with straightforward flat-fee pricing.

Read more about our new email archiving solution on our site’s email archiving page; it’s also briefly highlighted in our disaster recovery section.  Because we price email archiving on a case-by-case basis, you won’t find a pricing guide, so please be sure to contact us for a free quote.

TAGS:

CATEGORIES:

2 Comments »

Private Cloud Success Trends Upward

July 17th, 2012
Posted by: admin

 

By Laurie Head
AIS Network Vice President

How successful are private clouds, anyway?

That’s the question asked by a recent research report from Information Week.  The survey reveals that most companies with private clouds in place are pleased with the results and are experiencing heightened efficiency and lower costs.

I find this report particularly interesting, since we’re building more and more private clouds — and particularly SharePoint private clouds — every day.  While it’s not entirely clear to me how many of the companies surveyed are hosting their private cloud with a hosting provider or building their private cloud on premise, I think that the takeaways are broadly applicable.

Network Computing editor Mike Fratto, who wrote the 66-page report, said in his abstract:

The big takeaway? Those with private clouds experience more efficient use of hardware and superior scalability and reliability, and they make better use of IT’s time.  These are all measurable benefits that can make your IT department shine in the eyes of users and the CFO.  Those with private clouds also report success in lowering capital and operational costs and total cost of ownership.

There are some keys to success, though:  Have a well-thought-out migration plan. Make sure new software can leverage the scaling and reliability features of your private cloud, and be prepared to train employees on the new systems. They’ll love you for it, and you’ll get better results.

A majority of the 414 IT professionals surveyed said they aren’t running private clouds yet.  However, 21 percent of respondents said they have private clouds in place, and 30 percent more said they’re beginning private cloud projects.  Of the respondents with private clouds, 72 percent described their implementations as “very successful” or “a complete success.” Another quarter said they were “somewhat successful,” while only 1 percent chose “somewhat unsuccessful.”  Most reported having successfully lowered capex and opex.

The report digs deeper into cloud expectations, cloud costs, cloud maintenance, challenges, obstacles, vendor choices, best practices, keys to success and more.  You can download the report here.

TAGS:

CATEGORIES:

2 Comments »

Slow SharePoint Server? If your SharePoint Loads Slowly, This May Be Why.

July 9th, 2012
Posted by: admin

 

By Terry Engelstad
MCP, MCSE, CCNA, MCDBA, MCTS, MCITP
AIS Network Operations Manager

Is your SharePoint Server running slow?

Recently, a client emailed to say that he was noticing large slowdowns in connecting to their SharePoint server at AISN.  It seems to be happening nightly and intermittently throughout the day, he said.  Specifically, his issues were:

  1. SharePoint content loads slowly
  2. Uploading/ downloading from SharePoint is impossible (speeds come to a crawl at less than 5KBps)
  3. Remoting in to the SharePoint server is very slow

He asked what could be causing a slow SharePoint Server and SharePoint SQL Server.  Here’s the problem in his case.

The servers, in general, are starving for memory.  The hypervisor on which they reside (XYZ1) has only 74 MB of free memory.  Microsoft recommends not dropping below 2 GB of free memory on a hypervisor.

See the image below for XYZ1 (real names changed to protect client).

Slow SharePoint

As I explained to our client, the server “SharePoint” has 0 free memory and is warning that it needs more.  It looks like the vast majority of the memory on SharePoint is being consumed by w3wp.exe – IIS Application Pools. This would certainly contribute to slow web page rendering.  And with 0 free memory, anybody who remotes into it will take more memory away from the Application Pools, thereby making it slower.

In our client’s case, the server “SharePointSQL” is grossly overtaxed.  I count 68 databases defined and live.  This is way, way too much for a SQL Server with only 8 GB of memory.  The Microsoft recommendation is 8 GB of memory for a lightly used SharePoint Foundation Farm and 16 GB for a lightly used SharePoint Server Farm.

This level of memory, combined with the number of databases, will create very small page caching (perhaps not even caching at all).  This will seriously degrade the speed of uploading documents.

As you may or may not know, SharePoint stores all documents as Binary Large Objects (BLOBs).  In order to properly convert, for example, a Word document to a BLOB, it must cache the entire uploaded document somewhere before it can go through the conversion to a BLOB. So again, small or non-existent cache, means real slow upload and download times, among other slownesses.

In this case, adding more memory is the solution to a slow SharePoint Server.   However, a SharePoint private cloud would be an ideal approach – one that allows for the flexibility and scalability this client needs to accommodate growth smoothly.

TAGS:

CATEGORIES:

3 Comments »

AISN’s Redundant Power and Connectivity Protect Customers From Power Outages in Aftermath of Massive DC Storm

June 30th, 2012
Posted by: admin

By Jay Atkinson
AIS Network CEO

data center reliability

Unplanned outages are costly. Redundant power and connectivity are critical values that managed hosting providers offer.

Can the AIS Network data center reliably maintain data availability when a massive storm hits?  Yes!

Last night, the Washington, DC, metropolitan area suffered a massive, highly destructive storm replete with high winds, thunder, lightning and heavy rains.  This afternoon, more than 1.3 million households and businesses across the area are still without power.  In fact, power company officials are predicting a “multi-day outage.”  All this bad news comes in the middle of a heat wave when weather forecasters are calling for dangerous heat levels and still more storms.  We sympathize with those who are still without power and who have suffered property loss.

Last night’s storm, which crippled many businesses with a primary utility power outage, underscores why it’s tremendously advantageous to host your mission critical data in an SSAE 16 Type II-compliant data center.  Outages are costly.  Customers don’t really care if there was a storm, an earthquake, a rolling blackout or some other issue responsible for an outage.  They  simply expect perfect availability of and connectivity to their data, and that is understandable.

Reliable, redundant power and redundant IP connectivity are two of the most important safeguards that a managed hosting provider can offer its customers, especially when a natural disaster strikes.  Yet, what many hosting providers offer falls short of that.  AIS Network’s Tier III data center in Virginia came through with flying colors and kept our customers’ data up and running.  No hiccups, just solid availability.

Choosing to move your mission critical applications and data from an on-premise hosted environment to a fully managed hosted environment within a secure data center definitely makes good economic sense but it’s also a decision that provides for more reliable protection against power and Internet connection outages.  That’s a critical value proposition.

Managed hosting support systems must be predictably available, and system availability is only as predictable as the availability of power to those systems.  When you host your data in AISN’s data center, you are choosing to add a level of built-in redundancy for failover protection during common and extreme conditions.  AISN facilities are designed for redundancy and high availability of power to our clients’ critical server systems, and high density Internet connections.  Clearly, to build this sort of environment for your data on-premise would be cost-prohibitive.

Some data centers promise redundant/ backup systems, but nonetheless, it’s still very important for a prospective customer to confirm precisely what that promise entails.  In some cases, a physical inspection may be necessary or advisable.  If you’d like to learn more about AISN’s data centers or take a technical tour, please contact us.

TAGS:

CATEGORIES:

5 Comments »

SharePoint Users: Microsoft SQL Server 2012 Solves Common Business Challenges

June 29th, 2012
Posted by: admin

 

By Jay Atkinson
AIS Network CEO

Microsoft SQL Server 2012 is here now.  How much do you know about it?

If you’re using Microsoft SharePoint 2010 or Microsoft SharePoint 2010 for Internet Sites or if you manage big data, then it’s likely that you are familiar with SQL Server.  This newest version of Microsoft’s premier enterprise database management system has numerous new (and quite powerful) features over the previous release, 2008 R2.

In fact, there are so many noteworthy improvements over 2008 R2 that it would take quite a long time to blog about them all.  Rather, let’s just examine how this new version helps you solve some basic business challenges effectively.

Why use SQL Server 2012?  As the foundation to the cloud-ready information platform, SQL Server 2012 will help businesses of all sizes unlock breakthrough insights across the organization as well as build solutions quickly and extend data from server to private or public cloud — all backed by advanced capabilities for mission critical confidence.

Not only does SQL Server 2012 help improve customer management, but it also may help you face a number of common challenges.  Let’s look at five:

SQL Server 2012

But how do you know if you need SQL 2012?  Many organizations are 24×7 operations.  They may have a global presence too.  But they all have one very important quality in common:  they cannot afford downtime.  Does this describe you?  If so, ask yourself some of these questions:

  • How is your current database supporting your needs?
  • Is the performance of your current database where you need it to be?
  • Are you planning a move to the cloud?
  • Do you see yourself introducing new mission critical applications or planning migrations within three months to a year?
  • How are you viewing business insights for your organization?
  • Are you planning any major projects within the next three months to a year?

These are all good discussion points that we’d be happy to help you work through in your effort to discover whether or not SQL Server 2012 would benefit your organization.

Finally, I’d suggest three brief points for consideration:

1)  Mission Critical Confidence. SQL Server 2012 enables mission critical performance and availability at low TCO.  Consider that it offers:

  • A new integrated high availability and disaster recovery solution
  • Advanced performance speeds
  • Built-in encryption capabilities help protect confidential information without changes to the application

2)  Breakthrough Insight. Use SQL Server 2012 to unlock new insights with pervasive data discovery across the organization.  With SQL Server 2012, you can:

  • Empower business users to create visually rich dashboards or reports across heterogeneous data sources
  • Activate managed self-service BI, which easily balances an employee’s need for rich information and collaboration with IT’s need to manage the safety and confidentiality of information

3)  Cloud on Your Terms. SQL Server 2012 is useful in enabling you to create business solutions quickly – on your terms – across servers to private or public clouds. You’ll like that you can:

  • Easily move applications across on-premises and cloud with unlimited virtualization (available through SQL Server 2012 Enterprise Edition) and license mobility
  • Extend data across on-premises and the cloud

Are you aware of the significant improvement Microsoft has made to the licensing model for SQL Server 2012?  We’ll cover that topic in a future blog.

In the meantime, to learn more about how Microsoft SQL Server 2012 can help you stay productive and reduce costs, please just contact our office.  We’re happy to help.

TAGS:

CATEGORIES:

Comments Off

Outsourcing Hosting: Talking Points for the C-Suite (Part II)

June 2nd, 2012
Posted by: admin

By Laurie Head
AIS Network Vice President

We are often asked, “How do I make the case to upper management that outsourced hosting of our mission-critical data and apps is the way to go?”

AISN

If you are considering outsourcing your hosting, you may need to prepare some talking points for your C-suite executives.

First, because many businesses rely upon their Web site as their primary public face and their IT infrastructure as their office backbone, Internet downtime is simply not an option. “Always on” is mission-critical to business performance.

Next, if you are dealing with aging IT assets, growing application portfolios to manage, or capital spending cuts due to the economy, then you are like most businesses evaluating hosting solutions for your mission-critical data and applications, and we can help guide you through that process.  IT departments everywhere are finding it’s tough to do more with the same or even less staff.  That’s why hosting has major appeal.   It minimizes your operational risk exposure, makes your business more efficient and agile, and knocks down the high fixed cost of IT.

Here are some talking points to consider:

Better—Hosting decreases your risk

  • Frees up your capital for other projects
  • Guarantees you’re always online (with a 100% Service Level Agreement)
  • Helps you avoid poor server purchasing decisions
  • Offers complete scalability, freeing you to upgrade your server or capacity without service interruption
  • Deploys your solution rapidly and provides expert monitoring, 24x7x365
  • Allows you to focus on growing your business by managing operational and strategic risks that you would not be able to handle in the event of a catastrophic loss

Faster—Hosting extends your resources

  • Cuts your labor/staff training costs to stay ahead of the technology curves
  • Enables you to tap more expert talent, faster and for less cost
  • Allows your people to focus on core business needs that accelerate business growth
  • Provides instant staffing for the “what if” scenario that may occur
  • Improves your access to new technologies while eliminating the need to hire more expertise
  • Offers increased flexibility, so that your IT can be more agile and move as the business does

Cheaper—Hosting delivers the best dollar value

  • Delivers consistent, affordable IT coverage 24x7x365 with virtually no downtime
  • Eliminates big capital expenditures on hardware and data centers
  • Frees up your IT budget and staff for other strategic initiatives
  • Enables you to better predict monthly IT costs and therefore reallocate precious resources
  • Grows with you as you grow—at the same superior service level and without requiring you to over-purchase capacity upfront
  • Provides a quicker return on your investment that’s provable

Clearly, just how much you improve your risk management and exposure, efficiency, and cost savings depends on the hosting provider that you select.

We can help you draft your internal proposal or determine honestly how—and if—your company would benefit from hosting serviceseither traditional or in the cloud. Contact us!

TAGS:

CATEGORIES:

3 Comments »

« Older Entries