Posts Tagged ‘AIS Network’

« PREVIOUS

Microsoft Hosting Summit 2013 Helps Build Strong Partnerships

May 21st, 2013
Posted by: admin

By Jay Atkinson
AIS Network CEO

Once again, I am honored to attend the annual Microsoft Hosting Summit, which is being held this week in Seattle.

Why organize a globally focused hosting summit? Smart businesses build strong partnerships, Microsoft says. And, the AISN Team couldn’t agree more. Since Microsoft has upwards of 640,000 partners globally, we really appreciate that they take time out for their hosting partners.

Space Needle

Seattle is the site of the 2013 Microsoft Hosting Summit. In the distance, the famed Seattle Space Needle is bathed in evening light.

The Microsoft Hosting Summit, which is an invitation-only event, provides an unparalleled opportunity for leaders across the industry to connect and share ideas on how to expand and build new services, drive innovation and create new business opportunities.

This week’s agenda includes keynote sessions, breakout tracks, workshops, exhibits, and networking opportunities intended to help Microsoft Partners like us forge new ideas, services, and partnerships to advance our hosting business. Ultimately, the goal is to walk away with a better understanding of how to create, optimize, and grow the next generation Web.

I’ll report more later.  In the meantime, you can follow this week’s Hosting Summit via Twitter by searching for tweets using #MSHostingSummit.

 

TAGS:

CATEGORIES:

No Comments »

PRIMER: How are Disaster Recovery and Backups Different?

April 16th, 2013
Posted by: Donna Hemmert

So, you are working through your go-forward IT strategy and need to make sure that you have things covered should something go wrong. Pretty quickly, you notice that the terms “Backup” and “Disaster Recovery” are quite often being used interchangeably. But, the truth is, they are different. Related, yes, but different.

Backup

Backup really can be defined very simply. Backup is just a copy of your files on another disk (or tape, cloud, etc.). In fact, if you copied each and every file to a DVD (and we are not sure why you would do that), that would be a backup. Having a full backup that is up-to-date means that when you lose a few files or a whole drive or more, you can take the time it takes to copy those files back once your systems are ready to rock. But, it can be a time-consuming disruption. You will likely need to setup a new server(s), re-install the OS, and reinstall all the applications, etc. There are two ways to backup your systems:

  • Onsite Backup: This is when you backup locally to some kind of physical storage option. These solutions are capable of imaging servers and storing data locally so you can recover from incidents.
  • Offsite Backup: This is when you backup your data to an entirely different location. This, of course, helps protects you in the case of an entire geographic location being affected by a disruption. Also, often organizations need offsite backup to be in line with compliances such as those rules defined by Sarbanes-Oxley, HIPAA, FISMA, NASD and NYSE, etc.

Disaster Recovery

So, what is Disaster Recovery? Disaster recovery is beyond backup. The big benefit of disaster recovery is that rather than taking what may be days or months to recover for an unplanned outage, Disaster Recovery will greatly shorten that time.

With Disaster Recovery, a complete image of your disk drives and servers are mirrored. This is sometimes referred to as a “bare-metal” backup, meaning the backup isn’t just the files, but the OS and everything. For example, with AISN’s Disaster Recovery service, we replicate the “bare-metal” backup image to another geographic site so in the event of a disaster in one geographic location, it can be restored from an entirely different geographic location. This gives you added protection and the image(s) allows you to restore systems more quickly – there is no need to reinstall an OS and copying files. The amount of time it takes to actually continue operations after a disaster also depends on whether you choose “Hot Site” or “Cold Site.” So what is the difference?

  • “Hot Site”: Environments are available at a moments notice. So, in the case of an outage, all data processing can quickly be moved to the “Hot Site” and operations continue.
  • “Cold Site”: Critical applications are available at a secondary location. This is similar but is supplied as basic office space, but with “Cold Site” the customer provides and installs all the equipment needed to continue operations. It is less expensive but will take longer for full operations to continue.

So, that’s really all there is to it from a high level. You really need to understand what your goals and objectives are. Do you need systems available in minutes, hours or would days be just fine? Is backup just fine, or do you need Disaster Recovery? And what level of Disaster Recovery do you need? There are lots to consider, but remember, we are always here to help you think through your IT plans.

TAGS:

CATEGORIES:

No Comments »

The Pros and Cons of Social Media in the Workplace, Part 2

March 27th, 2013
Posted by: admin

 

GUEST BLOG

By Daniel Dimov
InfoSec Institute

In Part I of this two-part blog, I explored the advantages of restricting social media access for employees.  In this second part, we explore the disadvantages.

Disadvantages of restricting social media access for employees

There are seven main disadvantages of restricting social media access for employees; namely, the (1) decrease in morale of the employees, (2) missed opportunities for free advertising, (3) missed opportunities for team building, (4) missed opportunities for skill building, (5) missed opportunities for internal and external communication, (6) missed opportunities for networking, and (7) the attraction of new employees becomes more difficult.

Decreasing the morale of the employees

The main disadvantage of restricting social media access for employees is that the employees may feel oppressed by the employer. This may affect employee morale and satisfaction from their work. In this regard, Ann Cavoukian, a privacy commissioner for the Canadian province of Ontario, noted that blocking of social networks in the workplace is a mistake. She also said that “It’s like waving the proverbial red flag in front of your staff – it’s almost a challenge to them to find a way around it.”

Missed opportunities for free advertising

In most cases, employees add to their social network profile the name of the companies for which they work for. Thus, each of their friends can see the name of the company. Taking into account that, in 2012, the average number of Facebook friends of U.S users at 18-24 years of age was 429, an employer with 10 workers who restricts social network access will lose thousands of views of his/her company name and logo.

Missed opportunities for team building

Social networks allow employees to know more about each other. It may lead to a better cooperation between team members which, in turn, will improve the team’s performance. Social media also gives team members the opportunity to communicate on a personal level. This may bring them closer together. Moreover, social networks may be used for organizing team building events. For example, Facebook has a comprehensive system for event scheduling. The organizers of events in Facebook may not only post information, including audio and video content, about the event, but may also see the users who are going to attend the meeting or not.

Missed opportunities for skill building

In the past five years, there has been a steady increase in the users of social networks. As a result, effective skills in using social networks are a must for anyone willing to practice certain professions, such as PR and Marketing. Allowing the employees to use social networks may serve as a valuable training for them.

Missed opportunities for internal and external communication

Communication between employees, and between the company and its potential customers, is very important to the success of any business. Social networks provide excellent opportunities for internal and external communication because it is more interactive than traditional means of communication, such as email and phone.

Missed opportunities for networking

Business networking allows the employees of a company to know what other companies are doing and obtain information about recent developments in the company’s field of activity. A business network can be very well supplemented by an online social network. Through an online social network, the people who have met in person will be able to receive more information about each other. The most prominent business social network is LinkedIn.

Making the attraction of new employees more difficult

Many potential new employees may get to know that the company restricts social media access for employees. Some of them may not apply for a position at the company because they may consider the restriction of the access to social networks as a form of oppression.

Conclusion

The restriction of social networks at the workplace has both advantages and disadvantages. The decrease in the productivity of employees seems to be an often cited disadvantage. However, a recent study has indicated that employees who have access to social networks may be more productive than employees in companies that block access. While it is debatable whether or not the restriction of social networks increases the productivity of a company, it is certain that the use of social networks may be a source of malicious code. Consequently, the restriction of the use of social networks at the workplace may be considered as a preventive information security measure. It should be added that doing so may not only limit the risk of getting viruses, but also protect the employees from identity theft. As many know, the results of an identity theft can be catastrophic for both individuals and companies.

The restriction of social networks has several disadvantages as well. One of the most important disadvantages is that some employees may feel oppressed as a result of the restriction of social networks. The decreased morale of the employees may then negatively affect their productivity. Besides, by not allowing employees to use social networks, the employer may deprive himself of free advertising that employees would otherwise make using social networks. Moreover, the employer will also miss opportunities for team building, training the staff in skills related to social networks, developing internal and external communication, and networking. Last but not the least, the restriction of social networks may have a negative impact on attracting new employees.

Daniel Dimov is a security researcher for InfoSec Institute.  The InfoSec Institute is a provider of information security training specializing in PMP certification classes.

 

TAGS:

CATEGORIES:

1 Comment »

The Pros and Cons of Social Media in the Workplace, Part 1

March 25th, 2013
Posted by: admin

 

GUEST BLOG

By Daniel Dimov
InfoSec Institute

Employees using social networks such as Facebook and Google+ may not only waste a lot of their working time, but also spread viruses on their work computers. Due to this, some employers have implemented security systems designed to closely monitor or restrict, as needed, an employee’s access and use of social networks. The purpose of this blog is to discuss the advantages and disadvantages of restricting social media access for employees.

social media in workplace

Restricting social media access in the workplace has four main advantages but it also carries some disadvantages.

Advantages of restricting social media access for employees

The restriction of social media access for employees has four advantages; namely, it (1) increases employee productivity of, (2) decreases the risk of getting malicious software, (3) increases the availability of bandwidth, and (4) prevents identity theft. These four advantages are discussed below.

Increasing the productivity of employees

Surfing in social networks may waste a lot of an employee’s time. A Proskauer International Labor & Employment Group survey conducted in 2011 indicated that 43 percent of businesses using social media have dealt with employees’ misuse of social networks, and approximately a third of all businesses have taken disciplinary action against employees concerning this. It is also worth mentioning that, on the basis of an analysis of the web traffic of 1,636 companies, the firewall supplier Palo Alto found out that there was an increase in employees’ use of Facebook to run web apps and games. The wasted time spent there can be otherwise used for completing tasks assigned by the employer or for educational purposes. This is why implementing security systems that restrict access to social media may improve the productivity of the employees.

It should be noted, however, that a study conducted at the University of Melbourne found out that employees with access to social networks were actually more productive than employees in companies that block access. Dr. Brent Coker, a researcher involved in the study, noted that employees who can reward themselves between the completion of one task and the start of another with a visit to their Facebook or MySpace page are more motivated than the workers who do not use social networks. The study found out that workers using social networks get 9 percent more accomplished than their blocked counterparts. Consequently, it is doubtful whether the restriction of social networks should be considered as an advantage.

It is important to note that the study of Dr. Coker should not be interpreted as stating that the use of social networks cannot decrease the productivity of the employees. Social networks may increase productivity only if they are used moderately. As Dr. Coker said, “Short and unobtrusive breaks, such as a quick surf of the internet, enables the mind to rest itself, leading to a higher total net concentration for a days’ work, and as a result, increased productivity.”

Decreasing the risk of malicious software

Often, social networks are a place where users can easily exchange files, some of which may contain viruses. In this regard, it should be noted that, after analyzing the web traffic of 5,500 PC users in 20 nations, firewall maker Barracuda Networks discovered that one of every 60 Facebook posts and one of every 100 Twitter tweets contained malicious code. The press regularly publishes reports noting the appearance of new types of Facebook viruses.

For example, a new computer virus labeled Steckt.Evl has been recently discovered by Trend Micro. This virus spreads via the chat window on Facebook. In particular, a message from a friend appears in the pop-up window that is used for person-to-person chat. The message contains a link to an innocent-looking website. If the victim installs the virus on his computer, it instantly disables and removes the existing anti-virus software. Then, it spreads itself by opening chat windows on the Facebook friends of the infected user. (For additional information on malware, check out the ceh training course offered by InfoSec institute, an IT security training company.)

Increasing the availability of bandwidth

Social media may generate a lot of internal traffic. This is because the use of social media websites is often accompanied by the use of video sharing websites, such as YouTube. In this connection, Patrick Wood, senior director of product management for Exinda, a provider of WAN optimization and application acceleration products based in the US, stated that, “While it varies from organization to organization, we have seen instances where as much as 60 percent or more of network resources are being consumed with things like Facebook, YouTube and Twitter.”

Preventing identity theft

Social networks can be used by criminals to steal identities. For instance, photo- and video-sharing websites like Facebook, Flickr, and YouTube may provide a lot of information about their users. Moreover, such social networks may contain information about the family and the friends of the users.

The next section of this article will discuss the disadvantages of social media in the workplace and draw a conclusion on the subject.

TAGS:

CATEGORIES:

1 Comment »

Windows Server 2012: Navigating the New Licensing Structure

March 20th, 2013
Posted by: admin

 

By Bill Peters, AIS Network Director of Sales

Windows Server 2012, which was released last fall, is the latest among Microsoft’s Windows Server product offerings, and it delivers a dramatically simplified licensing experience.

What went away? Away went the Enterprise edition, which was retired.  Windows Server 2012 Standard edition includes all the premium features previously included in Enterprise edition.    Away went the Web Server, and now web workloads running on a Windows Server 2012 edition will continue to receive the “CAL waiver” that is in effect for these workloads today.  Windows Server CALs will not be required to access the licensed server if it is only being used to run web workloads.  Away went HPC Products.  Microsoft will now deliver the HPC Pack 2012 as a free download that can be used with any Windows Server 2012 Standard or Datacenter license.   HPC workloads running on Windows Server 2012 Standard or Datacenter editions will continue to receive the “CAL waiver” that is currently in effect for these workloads.

So what’s new? Well, now there are just four Windows Server 2012 editions from which to choose.  And, shaped by feedback from customers and partners, the new Windows Server licensing approach should help make choosing the right Windows Server a whole lot easier too.

Windows Server 2012 Licensing Overview

Microsoft holds that its new licensing approach will deliver the following benefits to its Windows Server customers:

Simple. It’s easier than ever to determine the right Windows Server edition for you.  Choose from just four editions of Windows Server 2012, based on the size of your organization and your requirements for virtualization and cloud computing.

Economical. All editions of Windows Server 2012 deliver excellent economics and ROI for your business. For example, the Datacenter edition, with its unlimited virtualization rights, provides the benefits of cloud-level scale with predictable, lower costs. The Standard edition now offers all of the same enterprise-class features as the Datacenter edition and is differentiated only by virtualization rights.

Cloud-optimized. Businesses today are rapidly adopting a hybrid approach across private and public cloud computing.  Windows Server 2012 offers the right edition for you, no matter where you are on your path to the cloud.  Use the Datacenter edition for highly virtualized cloud environments, the Standard edition for lightly virtualized environments progressing toward cloud, or the Essentials edition for an ideal cloud-connected first server.

Here’s the Windows Server 2012 licensing at a glance:

*CALs are required for every user or device accessing a server. See the Product Use Rights for details.

Why a streamlined licensing model for core infrastructure? In short, this new model enables easier assessment and management of your server environment.  For one thing, a single licensing model makes it easier for you to purchase the right product for your organization’s needs and also compare the cost of alternatives.  Another plus is that it allows for a single, familiar and easy-to-track metric for all infrastructure products (reducing management overhead).   Finally, as part of the alignment with the Microsoft private cloud licensing model, Windows Server 2012 and System Center 2012, as well as Enrollment for Core Infrastructure (ECI), now all have the same licensing and packaging structure.  Simple and convenient, right?

Choosing Between the Windows Server 2012 Standard and Datacenter Editions

Obviously, the Foundation and Essentials editions are for small business.  If you are a mid-size business or a large enterprise, like the majority of AISN customers, your choice lies between Standard and Datacenter.  When it comes to determining which of the two editions is best for your enterprise, there are only two words to keep in mind: virtualization rights.

Both the Standard and Datacenter editions provide the same set of features (including high availability features like failover clustering).  The only differentiator between the editions is the number of Virtual Machines (VMs) being used.  If your strategy calls for a highly virtualized environment, then the Datacenter edition provides you with optimum flexibility, since it allows for unlimited virtualization.  If you aren’t ready to heavily virtualize your environment, a Standard edition license entitles you to run up to two VMs on up to two processors.

Calculating Your Windows Server 2012 License Needs

So, how do you decide how many licenses you’ll need? Good question.  Because the Datacenter edition allows for an unlimited number of VMs, only physical processors need to be counted when determining licenses for the Standard edition.  Here’s a quick formula:

1 license = 2 physical processors

To determine the number of licenses needed to fully license a physical server, simply count the number of physical processors in the server and divide that number by two.  That will tell you the number of licenses you need.

Each Standard edition license provides you with the right to run up to two VMs.  If you want to run additional VMs but do not require the highly virtualized environment that Datacenter provides (which is unlimited VMs), then you can simply purchase additional Standard edition licenses and assign them to a single physical server in order to increase your VM entitlements on that server.

Now for the nitty gritty.  What activities are NOT allowed under theWindows Server 2012 licensing?  You cannot:

  • Mix Windows Server 2012 Standard and Datacenter licenses on the same server.  All of the processors on a given server must be licensed with the same version and edition.
  • Split your Windows Server 2012 license across multiple servers.  Each license can only be assigned to a single physical server.
  • Assign a Windows Server 2012 license to a virtual machine.  A license is assigned to the physical server and each license will cover up to two physical processors.
  • Use your Windows Server 2008 CAL to access Windows Server 2012. The CAL accessing the instance of Windows Server must be equivalent to or higher in version than the server being accessed.

Factoring in Software Assurance

A number of enterprise customers will be concerned about how Software Assurance will work with Windows Server 2012.  Here are some scenarios.

Software Assurance and the Datacenter Edition. If you have Software Assurance on the Datacenter edition, you are entitled to the Windows Server 2012 Datacenter edition.  On the old version, a Datacenter license covered up to 1 processor.  With Windows 2012, a Datacenter license covers up to 2 processors.  So, for every two current Datacenter licenses with Software Assurance, you will receive one Windows Server 2012 Datacenter edition license.

Software Assurance and the Enterprise Edition. If you have Software Assurance on the Enterprise edition, you’re entitled to receive two Standard edition licenses for each Enterprise edition license that you have.

Software Assurance and the Standard Edition. If you have Software Assurance on the Standard edition, you’re entitled to receive one Windows Server 2012 Standard edition license for each Standard edition license that you already have.

Software Assurance and the Web Server Edition. If you have Software Assurance on the Web Server edition, you’ll receive an additional Windows Server 2012 Standard edition license to use while also maintaining your right to run your current Web Server license.  For every two Windows 2008 R2 Web Server edition licenses, you’ll receive one Windows Server 2012 Standard edition license.

What if I want to upgrade to the Datacenter edition? Remember that the Step-Ups from the Enterprise edition to the Datacenter edition are being removed from the price lists.  Therefore, if you’ve decided to move to a more highly virtualized or private cloud environment, you should consider taking advantage of the Software Assurance Step-Up benefit to upgrade to the Datacenter edition prior to the Windows Server 2012 General Availability.

Purchasing Windows Server 2012 Licensing

Okay, now how do you get going?

You can purchase Windows Server 2012 licenses through multiple channels, which provides you with optimum flexibility and choice to acquire the software.  Microsoft Hosting Partners like AIS Network are an excellent resource in evaluating your Windows Server 2012 licensing needs.  We can help you evaluate, plan, deploy, and manage any type of hosted system—from a small business implementation to supporting the largest enterprise applications built on the latest technology.

At AISN, we recommend Service Provider Licensing Agreement (SPLA) licensing (as opposed to other volume licensing), based on ease of deployment.   How does it work?  AISN tracks and manages the licensing for you.  We provide a monthly subscription-based pricing plan, including software assurance.  This eliminates any large, upfront costs needed to purchase the right amount of licensing as well as the over-purchasing of unused licenses.  However, if you own volume licensing we can utilize those licenses in our hosted environments.

Why so many options for licensing?  The various licensing options enable you to choose the program that works best for your management and operational needs.  We’d be happy to discuss with you in more detail all of your options and how they can be delivered via a custom hosted solution.  For a conversation about this and a free quote,  email me now and let me know your needs.

AISN is ready and eager to work with you on all of your hosting needs and on helping to save your business money too.

TAGS:

CATEGORIES:

No Comments »

What is Infrastructure as a Service (IaaS)?

March 16th, 2013
Posted by: Donna Hemmert

 

By Donna Hemmert
AIS Network Vice President, Strategic Development

If you don’t want to own the equipment that supports your operations, and want increased flexibility, especially when it comes to expanding or downsizing, you may want to consider Infrastructure as a Service (IaaS)** from a provider such as AISN. In contrast to having to purchase all the equipment for your infrastructure such as storage, hardware, servers and networking components, you can pay on per-use basis and avoid the headache and capital costs.

The difference between IaaS and PaaS (Platform as a Service) is often confusing so let me clarify. In an IaaS model, the underlying infrastructure is provided which includes network, storage, compute resources and virtualization technology. This means you are responsible for the additional operational tasks. With PaaS, the underlying infrastructure is provided, but also the application development platform. This includes automation to deploy, test and integrate applications. Your vendor also handles operational tasks such as configuration and updating your environment.

IaaS has been experiencing huge growth and, in fact, according to Gartner’s latest report on public cloud adoption***, the biggest part of cloud growth is coming from IaaS. This interest in IaaS, according to Gartner, is driven by enterprise and government growth in IT, and the new and more cost efficient options that IaaS public clouds are offering these days.

** Sometimes called Hardware and a Service (HaaS)
*** Forecast Overview: Public Cloud Services, Worldwide, 2011-2016, 4Q12 Update Published: 8 February 2013

TAGS:

CATEGORIES:

No Comments »

Hosted Private Cloud Services to Surpass $24 Billion in 2016

March 1st, 2013
Posted by: admin

 

By Laurie Head
AIS Network Vice President

Good news from IDC yesterday — at least for those of us engaged in private cloud hosting.

The research group forecasts that worldwide spending on hosted private cloud services will surpass $24 billion in 2016.  Compare that to $5.5 billion spent on such services last year. IDC predicts that spending will rise 64% to $9.1 billion in 2013.

Have a look below at the press release, which also talks about two popular private cloud deployment models:

IDC Forecasts Worldwide Spending on Hosted Private Cloud Services to Surpass $24 Billion in 2016

FRAMINGHAM, Mass., February 28, 2013 – According to a new forecast from International Data Corporation (IDC), worldwide spending on hosted private cloud (HPC) services – an operational model for deploying computing infrastructure services of many types via a cloud model – will be more than $24 billion in 2016. HPC spending will experience a compound annual growth rate of more than 50% over the 2012-2016 forecast period as companies and IT providers look to cloud in its various forms as a means to transform and make more efficient and scalable the “how” of what they provide to their customers. Along the way, Hosted Private Cloud services will become the backbone of a new set of infrastructure services, transforming existing provider models for IT outsourcing, hosting infrastructure services, and other key IT industries.

At the highest level, there are two types of deployment models for cloud services: public and private. Public cloud services are designed for a market and are open to a largely unrestricted universe of potential users who share the services. Private cloud services are designed for a single enterprise and have user-defined and controlled restrictions on access and level of resource dedication.

Hosted private cloud is a composite view of two private cloud services deployment models, both of which offer customers and providers very different choices about resource dedication, tenancy cost, user access/control of the computing asset, and real and perceived security structures in place. The two HPC deployment models are:

  • Dedicated Private Cloud: This model offers dedicated 1:1 physical compute and storage resources focused on the needs of one enterprise or extended enterprise. This model offers the greatest customer control over their contracted resource. Examples of dedicated private cloud service offerings include Amazon EC2 Dedicated Instances, IBM SmartCloud Enterprise, Savvis Symphony Dedicated, and Rackspace Cloud: Private Edition.
  • Virtual Private Cloud: This model is an adjunct of public cloud services with shared virtualized resources and a range of customer control and security options distinct from most public cloud services. Examples of virtual private cloud service offerings include Amazon Virtual Private Cloud (VPC), IBM SmartCloud Enterprise Plus, Savvis Symphony VPDC/Open, and Rackspace RackConnect.

“IDC anticipates that virtual private cloud will be the predominant operational model for companies wanting to take advantage of the speed and lower capital costs associated with cloud computing while cloud service providers will welcome the move away from the expense of dedicated 1:1 physical systems for delivering their business process and datacenter outsourcing and other services,” said Robert Mahowald, Research Vice President, SaaS and Cloud Services.

Virtual private cloud is expected to make steady gains in part because of its similarity to public cloud, particularly public Infrastructure as a Service (IaaS), which many IT buyers are already using as a cost-saving alternative to replacing aging infrastructure. As more companies evaluate their Platform as a Service (PaaS) and Software as a Service (SaaS) options, the need to centralize the management of all cloud-sourced capabilities will become apparent. Meanwhile, the majority of dedicated private cloud buyers will be those companies with existing IS outsourcing or hosted infrastructure services contracts. Potential buyers of dedicated private cloud services will place a premium on off-loading the asset management burden and on operational reliability, over and above other cloud features such as scalability, granular billing, and customer self-service.

When dedicated private cloud grows, the winners are likely to be large incumbent packaged software providers and equipment providers, global systems integrators, professional services firms, and telecommunications service providers. These providers are working mightily to build single-vendor stacks, providing all the underlying components from bare metal to “trusted partner applications.” But if virtual private cloud becomes the dominant provider-based model, as IDC expects, it will be more like a public cloud model with mostly standardized, virtually dedicated assets, which means a vastly different set of vendors will benefit.

“Not even the largest technology incumbents can sustain IT market leadership without achieving leadership in cloud services. Quite simply, vendor failure in cloud services will mean stagnation,” added Mahowald. “Vendors need to be doing everything they can – today – to develop a full range of competitive cloud offerings and operating models optimized around those offerings.”

The IDC study, Worldwide Hosted Private Cloud Services 2012-2016 Forecast: New Models for Delivering Infrastructure Services (Doc #238689), examines the hosted private cloud services market, composed of dedicated private cloud services and virtual private cloud services. The study includes a detailed discussion of the overall cloud services market and how public and private cloud services are distinguished from one another, as well as revenues for 2011 and a five-year growth forecast for 2012-2016.

TAGS:

CATEGORIES:

No Comments »

10 Dangerous Risks to Your Server Security

February 27th, 2013
Posted by: admin

GUEST BLOG

By Sarah Morris
KirkpatrickPrice

Security.  That’s usually the first thing on the minds of those in the IT world.  To keep up with changing technologies, we are constantly changing and improving our security standards, so that we can remain one step ahead of malicious attackers in defending our confidential information.

Royce Howard, of Global Knowledge, offers some tips about the 10 most dangerous risks to your server.  These tips are important to remember when developing and securing your IT infrastructure.

Physical Attacks. Make sure no one has physical access to your server.  Server rooms should be kept secure, and sensitive data should be encrypted.

Password Policies. Create complex passwords and change passwords every 90 days.

Privileged Accounts and Social Engineering. Vulnerabilities can be mitigated by removing administrator rights.

Email Attacks. Beware of phishing emails.  Never open an email from an untrusted source and avoid clicking on links in emails.

Worms. Worms are self-replicating programs that copy themselves from machine to machine, using up computer processing time and bandwidth.

Increasingly Malicious Malware. Scheduling regular scans can help detect and prevent against malicious malware and spyware.

Unauthorized Network Access. Network Access Control and Network Access Protection can help control network access of a computer host while using a set of protocols to define and implement a security policy.

Not Updating Patches. Automatic updating of patches can help avoid threats.

3rd-Party Applications. Check security platforms of 3rd-party vendors and applications from independent developers and manage exploits.

The Human Factor. People are the weakest link in security initiatives.  Develop strong policies and procedures so that people are prepared.

At KirkpatrickPrice, we have years of experience in information assurance by performing assessments, audits, and tests that strengthen information security controls.  Contact us at info@kirkpatrickprice.com for more information on how we can help you in your compliance efforts.

Sarah Morris is a technical writer for KirkpatrickPrice, a provider of world-class audit services. Visit www.kirkpatrickprice.com.

TAGS:

CATEGORIES:

No Comments »

Top 10 Security Risks Found by Your Auditor

February 21st, 2013
Posted by: admin

GUEST BLOG

By Sarah Morris
KirkpatrickPrice

At KirkpatrickPrice, we strive to provide the proper assurance and resources to help our clients maintain security within their organization.  Recently, we held a client webinar focused on the “Top Ten Security Risks” that your auditor finds during your auditing process.  Below is a summary of the most common risks that we find.

1.      No Formal Policies and Procedures

Formal guidelines of policies and procedures help provide your employees with clarity of what’s expected of them.  They define the accountability for each employee and also establish necessary training. Information security policies are mandated by the FTC Safeguards Rule, PCI Data Security Standards, and the HIPAA Security Rule. This means they are mandatory.

2.      Misconfigurations

Standards need to be applied consistently. Organizations should utilize benchmark configuration standards from a recognized entity such as: Center for Internet Security (CIS), International Organization for Standardization (ISO), SysAdmin Audit Network Security (SANS) Institute, and the National Institute of Standards Technology (NIST).

3.      No Formal Risk Assessment

Assessment should cover assets that are critical to your enterprise to continue business operations for the following: hardware, software, human resources, and processes (automated or manual). Some important things to consider when thinking about risk assessment are the threats to your assets as well as the likelihood of vulnerability being compromised. Threats can be both internal (employees or third party contractors or partners) as well as external (natural events or social engineering). Developing a proper risk assessment can help to mitigate potential risks that you face.

4.      Undefined Incident Response

It is always important to have clear instructions on reporting procedures when determining incident response. It is suggested to build a culture within your work environment that encourages reporting of all incidents the moment they present themselves.

5.      Lack of Disaster Planning

Disaster planning is important in a situation where written plans were available for others to follow in the event that key personnel are not available. A business impact analysis can help quantify what level of redundancy is required for disaster planning. Proactive arrangements should be made to care for the staff and to communicate with third parties. Walkthroughs and training scenarios can benefit organizations so employees are properly prepared in the event of a disaster.

6.      Lack of Testing

The concept of testing applies to all areas of your security. If your security is not tested, there is no way to determine whether or not vulnerabilities are present.

7.      Insecure Code

Developing secure coding is something we find lots of companies struggling with. To develop secure coding, training must be implemented as well as specific development standards and quality assurance.

8.      Lack of Monitoring/Audit Trails

Log Harvesting, parsing, and alerting methods must be determined to efficiently deal with massive event logs. The responsibility for review must be formally assigned as part of daily operations.  Audit trails should be stored in such a way that system administrators cannot modify without alerting someone with and oversight role.

9.      Data Leakage

Some things we often forget are where the data is located and how long should it be retained? How is encryption implemented and verified? How is access to data granted and audited?  These things are all very important, and if not corrected, can keep you from complying with federal and industry standards and regulations.

10.  Lack of Training

A lack of training can prove to be a striking blow to the security of your organization. Employers should recognize the importance of properly training all employees on safety and security best practices. Standards and guidelines should be clearly set and determined in each organization. Several training opportunities are offered through KirkpatrickPrice to properly train you and your company on the basics of security awareness, awareness for managers, awareness for IT professionals, and awareness for credit card handling.

Determining your individual risks is the first step toward the mitigation process.  Maximum security of your sensitive information is KirkpatrickPrice’s number one priority.

If you’re ready to get started with your assurance process, you’ve come to the right place. We’re ready to help. Let’s work together.

Sarah Morris is a technical writer for KirkpatrickPrice, a provider of world-class audit services. Visit www.kirkpatrickprice.com.

 

TAGS:

CATEGORIES:

No Comments »

Disasters Happen. Is Your Business Ready?

February 14th, 2013
Posted by: admin

 

By Laurie Head
AIS Network Vice President

Preparing for an emergency is a key factor to business continuity after a disaster. Wherever the threat comes from – whether it’s physical, virtual, network failure or cybercrime-related – it’s important that your business is equipped to deal with the problem.

In fact, the U.S. Department of Labor estimates that over 40 percent of businesses never reopen following a disaster.  And, when we consider these potential consequences, it’s important that you have a disaster preparedness plan ready.

We consulted Cindy Bates, Microsoft US SMB Vice President, for some tips.  As you create your business continuity plan, she recommends that you keep in mind the following:

Communication strategy.  Make a plan about how you will communicate any disaster and its impact on your internal and external audiences.  Remember that 40 percent of businesses will never reopen following a disaster.

Financial management. Ensure that you can still access your company accounts, pay bills on time and make the payroll.

Data backup.  Keep your company information safe by backing up assets and storing a copy offsite on a regular basis.

Cloud-based software. Move software to cloud-based versions of the programs that you use today.  This acts as a great alternative to data backup and enables your employees to have access to email, important documents, contacts and calendars – anytime and from virtually anywhere.

Technology updates.  Maintain vigilance when it comes to keeping your technology updated with security patches to safeguard your network against the latest threats.

Your digital assets are extremely important to business continuity in the aftermath of a disaster.  Do you need help protecting them?  Contact us for a free assessment.

TAGS:

CATEGORIES:

No Comments »

« Older Entries