Archive for the ‘Pharmaceutical’ Category

Top 10 Security Risks Found by Your Auditor

February 21st, 2013
Posted by: admin

GUEST BLOG

By Sarah Morris
KirkpatrickPrice

At KirkpatrickPrice, we strive to provide the proper assurance and resources to help our clients maintain security within their organization.  Recently, we held a client webinar focused on the “Top Ten Security Risks” that your auditor finds during your auditing process.  Below is a summary of the most common risks that we find.

1.      No Formal Policies and Procedures

Formal guidelines of policies and procedures help provide your employees with clarity of what’s expected of them.  They define the accountability for each employee and also establish necessary training. Information security policies are mandated by the FTC Safeguards Rule, PCI Data Security Standards, and the HIPAA Security Rule. This means they are mandatory.

2.      Misconfigurations

Standards need to be applied consistently. Organizations should utilize benchmark configuration standards from a recognized entity such as: Center for Internet Security (CIS), International Organization for Standardization (ISO), SysAdmin Audit Network Security (SANS) Institute, and the National Institute of Standards Technology (NIST).

3.      No Formal Risk Assessment

Assessment should cover assets that are critical to your enterprise to continue business operations for the following: hardware, software, human resources, and processes (automated or manual). Some important things to consider when thinking about risk assessment are the threats to your assets as well as the likelihood of vulnerability being compromised. Threats can be both internal (employees or third party contractors or partners) as well as external (natural events or social engineering). Developing a proper risk assessment can help to mitigate potential risks that you face.

4.      Undefined Incident Response

It is always important to have clear instructions on reporting procedures when determining incident response. It is suggested to build a culture within your work environment that encourages reporting of all incidents the moment they present themselves.

5.      Lack of Disaster Planning

Disaster planning is important in a situation where written plans were available for others to follow in the event that key personnel are not available. A business impact analysis can help quantify what level of redundancy is required for disaster planning. Proactive arrangements should be made to care for the staff and to communicate with third parties. Walkthroughs and training scenarios can benefit organizations so employees are properly prepared in the event of a disaster.

6.      Lack of Testing

The concept of testing applies to all areas of your security. If your security is not tested, there is no way to determine whether or not vulnerabilities are present.

7.      Insecure Code

Developing secure coding is something we find lots of companies struggling with. To develop secure coding, training must be implemented as well as specific development standards and quality assurance.

8.      Lack of Monitoring/Audit Trails

Log Harvesting, parsing, and alerting methods must be determined to efficiently deal with massive event logs. The responsibility for review must be formally assigned as part of daily operations.  Audit trails should be stored in such a way that system administrators cannot modify without alerting someone with and oversight role.

9.      Data Leakage

Some things we often forget are where the data is located and how long should it be retained? How is encryption implemented and verified? How is access to data granted and audited?  These things are all very important, and if not corrected, can keep you from complying with federal and industry standards and regulations.

10.  Lack of Training

A lack of training can prove to be a striking blow to the security of your organization. Employers should recognize the importance of properly training all employees on safety and security best practices. Standards and guidelines should be clearly set and determined in each organization. Several training opportunities are offered through KirkpatrickPrice to properly train you and your company on the basics of security awareness, awareness for managers, awareness for IT professionals, and awareness for credit card handling.

Determining your individual risks is the first step toward the mitigation process.  Maximum security of your sensitive information is KirkpatrickPrice’s number one priority.

If you’re ready to get started with your assurance process, you’ve come to the right place. We’re ready to help. Let’s work together.

Sarah Morris is a technical writer for KirkpatrickPrice, a provider of world-class audit services. Visit www.kirkpatrickprice.com.

 

TAGS:

CATEGORIES:

No Comments »

Disasters Happen. Is Your Business Ready?

February 14th, 2013
Posted by: admin

 

By Laurie Head
AIS Network Vice President

Preparing for an emergency is a key factor to business continuity after a disaster. Wherever the threat comes from – whether it’s physical, virtual, network failure or cybercrime-related – it’s important that your business is equipped to deal with the problem.

In fact, the U.S. Department of Labor estimates that over 40 percent of businesses never reopen following a disaster.  And, when we consider these potential consequences, it’s important that you have a disaster preparedness plan ready.

We consulted Cindy Bates, Microsoft US SMB Vice President, for some tips.  As you create your business continuity plan, she recommends that you keep in mind the following:

Communication strategy.  Make a plan about how you will communicate any disaster and its impact on your internal and external audiences.  Remember that 40 percent of businesses will never reopen following a disaster.

Financial management. Ensure that you can still access your company accounts, pay bills on time and make the payroll.

Data backup.  Keep your company information safe by backing up assets and storing a copy offsite on a regular basis.

Cloud-based software. Move software to cloud-based versions of the programs that you use today.  This acts as a great alternative to data backup and enables your employees to have access to email, important documents, contacts and calendars – anytime and from virtually anywhere.

Technology updates.  Maintain vigilance when it comes to keeping your technology updated with security patches to safeguard your network against the latest threats.

Your digital assets are extremely important to business continuity in the aftermath of a disaster.  Do you need help protecting them?  Contact us for a free assessment.

TAGS:

CATEGORIES:

No Comments »

Why Email Archiving?

August 3rd, 2012
Posted by: admin

 

By Laurie Head
AIS Network Vice President

Why email archiving?  Well, from the knowledge management perspective, valuable information is contained within our everyday email conversations, and yet that vast knowledge repository is typically not documented or stored using any formal means or framework.  Email archiving solves this problem, especially if it is designed with simple yet robust search capabilities.

email archiving

Email archiving addresses legal readiness and regulatory compliance needs, among other business requirements.

However, information archiving also addresses several key business requirements, particularly for enterprises.  To start, consider:

  • legal discovery readiness
  • regulatory compliance
  • email storage optimization

Being prepared for legal discovery and regulatory events means knowing where data is stored and being able to collect, search, and retrieve that data in a short period of time.

Organizations must also be able to establish and enforce policies, which reflect specific regulatory and geographic market requirements that align with internal information governance strategies. When managed improperly, exposure to legal and compliance risks can be significant and challenge an organization’s ability to defend its processes. This can lead to costly fines, guilty verdicts and damaged reputations.

Also, keep in mind that because regulations mandate that data must remain in its original state (native format), robust search capabilities are needed.  An archive provides a centralized, searchable repository that provides end users with access to historical information.  We believe that this access should be simple and intuitive, with a familiar user experience that fits existing work habits and enables greater productivity.

Finally, an information archive should address all of these requirements while also supporting the dual IT objectives of centralizing email storage and reducing the cost and management complexities of exploding data volumes — both within managed systems as well as in the wild.

AISN has recently introduced a new cloud-based offering for enterprise email archiving — one that has a variety of attractive features, especially if you need to meet high compliance standards.  AISN’s next generation email archiving, Proofpoint Enterprise Archive™, offers a proven email archiving solution architected explicitly for the cloud.  It features ultra-rapid parallel email search capabilities for discovery, DoubleBlind Encryption™ as the industry’s only email archiving solution to secure against hacking or legal challenges, and unlimited storage with straightforward flat-fee pricing.

Read more about our new email archiving solution on our site’s email archiving page; it’s also briefly highlighted in our disaster recovery section.  Because we price email archiving on a case-by-case basis, you won’t find a pricing guide, so please be sure to contact us for a free quote.

TAGS:

CATEGORIES:

2 Comments »

Slow SharePoint Server? If your SharePoint Loads Slowly, This May Be Why.

July 9th, 2012
Posted by: admin

 

By Terry Engelstad
MCP, MCSE, CCNA, MCDBA, MCTS, MCITP
AIS Network Operations Manager

Is your SharePoint Server running slow?

Recently, a client emailed to say that he was noticing large slowdowns in connecting to their SharePoint server at AISN.  It seems to be happening nightly and intermittently throughout the day, he said.  Specifically, his issues were:

  1. SharePoint content loads slowly
  2. Uploading/ downloading from SharePoint is impossible (speeds come to a crawl at less than 5KBps)
  3. Remoting in to the SharePoint server is very slow

He asked what could be causing a slow SharePoint Server and SharePoint SQL Server.  Here’s the problem in his case.

The servers, in general, are starving for memory.  The hypervisor on which they reside (XYZ1) has only 74 MB of free memory.  Microsoft recommends not dropping below 2 GB of free memory on a hypervisor.

See the image below for XYZ1 (real names changed to protect client).

Slow SharePoint

As I explained to our client, the server “SharePoint” has 0 free memory and is warning that it needs more.  It looks like the vast majority of the memory on SharePoint is being consumed by w3wp.exe – IIS Application Pools. This would certainly contribute to slow web page rendering.  And with 0 free memory, anybody who remotes into it will take more memory away from the Application Pools, thereby making it slower.

In our client’s case, the server “SharePointSQL” is grossly overtaxed.  I count 68 databases defined and live.  This is way, way too much for a SQL Server with only 8 GB of memory.  The Microsoft recommendation is 8 GB of memory for a lightly used SharePoint Foundation Farm and 16 GB for a lightly used SharePoint Server Farm.

This level of memory, combined with the number of databases, will create very small page caching (perhaps not even caching at all).  This will seriously degrade the speed of uploading documents.

As you may or may not know, SharePoint stores all documents as Binary Large Objects (BLOBs).  In order to properly convert, for example, a Word document to a BLOB, it must cache the entire uploaded document somewhere before it can go through the conversion to a BLOB. So again, small or non-existent cache, means real slow upload and download times, among other slownesses.

In this case, adding more memory is the solution to a slow SharePoint Server.   However, a SharePoint private cloud would be an ideal approach – one that allows for the flexibility and scalability this client needs to accommodate growth smoothly.

TAGS:

CATEGORIES:

3 Comments »

AISN’s Redundant Power and Connectivity Protect Customers From Power Outages in Aftermath of Massive DC Storm

June 30th, 2012
Posted by: admin

By Jay Atkinson
AIS Network CEO

data center reliability

Unplanned outages are costly. Redundant power and connectivity are critical values that managed hosting providers offer.

Can the AIS Network data center reliably maintain data availability when a massive storm hits?  Yes!

Last night, the Washington, DC, metropolitan area suffered a massive, highly destructive storm replete with high winds, thunder, lightning and heavy rains.  This afternoon, more than 1.3 million households and businesses across the area are still without power.  In fact, power company officials are predicting a “multi-day outage.”  All this bad news comes in the middle of a heat wave when weather forecasters are calling for dangerous heat levels and still more storms.  We sympathize with those who are still without power and who have suffered property loss.

Last night’s storm, which crippled many businesses with a primary utility power outage, underscores why it’s tremendously advantageous to host your mission critical data in an SSAE 16 Type II-compliant data center.  Outages are costly.  Customers don’t really care if there was a storm, an earthquake, a rolling blackout or some other issue responsible for an outage.  They  simply expect perfect availability of and connectivity to their data, and that is understandable.

Reliable, redundant power and redundant IP connectivity are two of the most important safeguards that a managed hosting provider can offer its customers, especially when a natural disaster strikes.  Yet, what many hosting providers offer falls short of that.  AIS Network’s Tier III data center in Virginia came through with flying colors and kept our customers’ data up and running.  No hiccups, just solid availability.

Choosing to move your mission critical applications and data from an on-premise hosted environment to a fully managed hosted environment within a secure data center definitely makes good economic sense but it’s also a decision that provides for more reliable protection against power and Internet connection outages.  That’s a critical value proposition.

Managed hosting support systems must be predictably available, and system availability is only as predictable as the availability of power to those systems.  When you host your data in AISN’s data center, you are choosing to add a level of built-in redundancy for failover protection during common and extreme conditions.  AISN facilities are designed for redundancy and high availability of power to our clients’ critical server systems, and high density Internet connections.  Clearly, to build this sort of environment for your data on-premise would be cost-prohibitive.

Some data centers promise redundant/ backup systems, but nonetheless, it’s still very important for a prospective customer to confirm precisely what that promise entails.  In some cases, a physical inspection may be necessary or advisable.  If you’d like to learn more about AISN’s data centers or take a technical tour, please contact us.

TAGS:

CATEGORIES:

5 Comments »

SharePoint Users: Microsoft SQL Server 2012 Solves Common Business Challenges

June 29th, 2012
Posted by: admin

 

By Jay Atkinson
AIS Network CEO

Microsoft SQL Server 2012 is here now.  How much do you know about it?

If you’re using Microsoft SharePoint 2010 or Microsoft SharePoint 2010 for Internet Sites or if you manage big data, then it’s likely that you are familiar with SQL Server.  This newest version of Microsoft’s premier enterprise database management system has numerous new (and quite powerful) features over the previous release, 2008 R2.

In fact, there are so many noteworthy improvements over 2008 R2 that it would take quite a long time to blog about them all.  Rather, let’s just examine how this new version helps you solve some basic business challenges effectively.

Why use SQL Server 2012?  As the foundation to the cloud-ready information platform, SQL Server 2012 will help businesses of all sizes unlock breakthrough insights across the organization as well as build solutions quickly and extend data from server to private or public cloud — all backed by advanced capabilities for mission critical confidence.

Not only does SQL Server 2012 help improve customer management, but it also may help you face a number of common challenges.  Let’s look at five:

SQL Server 2012

But how do you know if you need SQL 2012?  Many organizations are 24×7 operations.  They may have a global presence too.  But they all have one very important quality in common:  they cannot afford downtime.  Does this describe you?  If so, ask yourself some of these questions:

  • How is your current database supporting your needs?
  • Is the performance of your current database where you need it to be?
  • Are you planning a move to the cloud?
  • Do you see yourself introducing new mission critical applications or planning migrations within three months to a year?
  • How are you viewing business insights for your organization?
  • Are you planning any major projects within the next three months to a year?

These are all good discussion points that we’d be happy to help you work through in your effort to discover whether or not SQL Server 2012 would benefit your organization.

Finally, I’d suggest three brief points for consideration:

1)  Mission Critical Confidence. SQL Server 2012 enables mission critical performance and availability at low TCO.  Consider that it offers:

  • A new integrated high availability and disaster recovery solution
  • Advanced performance speeds
  • Built-in encryption capabilities help protect confidential information without changes to the application

2)  Breakthrough Insight. Use SQL Server 2012 to unlock new insights with pervasive data discovery across the organization.  With SQL Server 2012, you can:

  • Empower business users to create visually rich dashboards or reports across heterogeneous data sources
  • Activate managed self-service BI, which easily balances an employee’s need for rich information and collaboration with IT’s need to manage the safety and confidentiality of information

3)  Cloud on Your Terms. SQL Server 2012 is useful in enabling you to create business solutions quickly – on your terms – across servers to private or public clouds. You’ll like that you can:

  • Easily move applications across on-premises and cloud with unlimited virtualization (available through SQL Server 2012 Enterprise Edition) and license mobility
  • Extend data across on-premises and the cloud

Are you aware of the significant improvement Microsoft has made to the licensing model for SQL Server 2012?  We’ll cover that topic in a future blog.

In the meantime, to learn more about how Microsoft SQL Server 2012 can help you stay productive and reduce costs, please just contact our office.  We’re happy to help.

TAGS:

CATEGORIES:

Comments Off

Outsourcing Hosting: Talking Points for the C-Suite (Part II)

June 2nd, 2012
Posted by: admin

By Laurie Head
AIS Network Vice President

We are often asked, “How do I make the case to upper management that outsourced hosting of our mission-critical data and apps is the way to go?”

AISN

If you are considering outsourcing your hosting, you may need to prepare some talking points for your C-suite executives.

First, because many businesses rely upon their Web site as their primary public face and their IT infrastructure as their office backbone, Internet downtime is simply not an option. “Always on” is mission-critical to business performance.

Next, if you are dealing with aging IT assets, growing application portfolios to manage, or capital spending cuts due to the economy, then you are like most businesses evaluating hosting solutions for your mission-critical data and applications, and we can help guide you through that process.  IT departments everywhere are finding it’s tough to do more with the same or even less staff.  That’s why hosting has major appeal.   It minimizes your operational risk exposure, makes your business more efficient and agile, and knocks down the high fixed cost of IT.

Here are some talking points to consider:

Better—Hosting decreases your risk

  • Frees up your capital for other projects
  • Guarantees you’re always online (with a 100% Service Level Agreement)
  • Helps you avoid poor server purchasing decisions
  • Offers complete scalability, freeing you to upgrade your server or capacity without service interruption
  • Deploys your solution rapidly and provides expert monitoring, 24x7x365
  • Allows you to focus on growing your business by managing operational and strategic risks that you would not be able to handle in the event of a catastrophic loss

Faster—Hosting extends your resources

  • Cuts your labor/staff training costs to stay ahead of the technology curves
  • Enables you to tap more expert talent, faster and for less cost
  • Allows your people to focus on core business needs that accelerate business growth
  • Provides instant staffing for the “what if” scenario that may occur
  • Improves your access to new technologies while eliminating the need to hire more expertise
  • Offers increased flexibility, so that your IT can be more agile and move as the business does

Cheaper—Hosting delivers the best dollar value

  • Delivers consistent, affordable IT coverage 24x7x365 with virtually no downtime
  • Eliminates big capital expenditures on hardware and data centers
  • Frees up your IT budget and staff for other strategic initiatives
  • Enables you to better predict monthly IT costs and therefore reallocate precious resources
  • Grows with you as you grow—at the same superior service level and without requiring you to over-purchase capacity upfront
  • Provides a quicker return on your investment that’s provable

Clearly, just how much you improve your risk management and exposure, efficiency, and cost savings depends on the hosting provider that you select.

We can help you draft your internal proposal or determine honestly how—and if—your company would benefit from hosting serviceseither traditional or in the cloud. Contact us!

TAGS:

CATEGORIES:

3 Comments »

Cloud Computing Fosters Innovation in the Pharmaceutical Industry

May 28th, 2012
Posted by: admin

By Ali Giancarlo
AIS Network Associate, Marketing and Sales

Google “pharma innovation,” and you’ll find that the results reveal a blaring need for a reform in current business strategies — with words like ‘anemic’ and ‘hit a wall’ on just the first page of results.  It’s not just posts by political activists and concerned pharma consumers.  The concern has spread to the pages of BusinessWeek and Forbes, among other credible publications.

Pharma research

Cloud computing will help spur innovation in the pharmaceutical industry.

The underlying problem with the pharmaceutical industry extends to lessening profit margins with little focus on innovation. Sure, the pharma industry can’t get too innovative with their medications, but we’re not talking about revamping small-scale pill production.  Rather, it’s becoming common opinion that widespread innovation among many different fields of the industry will make all the difference.

The new wave of innovation in the pharma industry requires a large collaborative effort from company employees, universities, research institutions, private researchers, etc.  These parties, working together to pool ideas, can only help but to benefit pharmaceutical companies in the long run.  In other words, 2+2=5 when the synergy of all professional opinions come together to examine the customer needs and the products available to match these needs.

Like Rome, this collaboration is not built in a day.  With current server power, lesser software capabilities and all that big data to manage, how could it be?

After all this gloomy talk, there is some good news: the use of cloud computing is serving to increase the possibility of innovation.  As pharmaceutical companies reduce their dependence on their own IT infrastructures, they are rapidly discovering that cloud computing is scalable, fast, resilient, and cost effective.

The business advantages of cloud computing for the pharma industry include:

1)  Scalability to business needs. Let’s say that today you have two medications on the market, but the company is adding two more in research and development.  This doubling of business processes would normally require installation and configuring of multiple new servers (and the hassle that comes along with that is enough of a headache to require significant investment in aspirin).  With cloud computing, as the business grows, so does the availability of RAM and storage.

2) Faster project installment. With cloud computing, the “lab-to-launch” process is streamlined to increase operational speed and efficiency.  Your R&D innovation for those two new products?  It was made exponentially easier with the scalability of cloud.  Now, after the product leaves the initial stages, the cloud continues to accommodate your data by growing throughout subsequent stages.  It enables better collaboration internally and externally, provides improved integration by breaking down information silos, and can handle all of the big data associated with the remainder of the life cycle: quality management, production, clinical trials, packaging, the regulatory process, marketing, etc.

3)  Resiliency. In today’s market, there is no room for a server blunder, as this could cost a business everything.  The beauty of cloud computing is the resiliency and recovery process should any outages occur due to natural or man-made disasters.  It may well be the first time that a disaster is not a disaster. (You can breathe now.)  And, as adoption of the cloud increases, expect even greater improvements with respect to security, privacy, data protection and IP management.

4)  Lower costs. Cloud computing enables pharmaceutical companies to move away from IT capital expenditures.  CAPEX-intensive deployments are suddenly less appealing than a business model in which your IT costs are a predictable operating expenditure.

Of course, there are more benefits.  However, these four benefits alone will strengthen pharmaceutical companies and improve their return on investment.  Given that, cloud computing is an option that should not be a tough pill to swallow.

Are you a pharmaceutical company interested in knowing more about the cloud?   We work with numerous health care companies, including those in the pharmaceutical industry.  We’d love to work with you too.  Get in touch!

TAGS:

CATEGORIES:

3 Comments »