Don’t Be a Sitting Duck

December 12, 2016 No comments yet

As a child growing up in New Jersey, we were taught extensively about the state’s significance in the Revolutionary War.  One thing that always stood out to me was the battlefield culture of the Europeans. Both sides would line up in an orderly (some would say gentlemanly) fashion, and simply fire at each other until each line of defense was wiped out.  It made little sense, and ultimately, one of the tactics that helped the colonies was not to play by the rules of the English.  If you’ve watched Mel Gibson in “The Patriot”, this is well-depicted as his character changed the rules and refused to be a “sitting duck”.

The key in that example was the Colonies not playing sitting duck and going on the offensive.  In similar fashion and over 240 years later, organizations are very much “sitting ducks”.

Organizations today are predictable and regulated, work off publicly available industry security standards and, for the most part, are static in their security defenses.   Today’s attacker uses this predictability against them.  Attackers have intimate knowledge of the rules organizations follow so very well, understand defense practices, and are able to gain the advantage because they are not required to follow any rules when launching their attack campaigns.  Organizations, and their protected/sensitive data, are sitting ducks without any ability to response or launch counter measures.

This article will explore the challenges in the current environment and introduce ways that Deception Technology can put the odds back in the good guys’ favor.

The Current Environment of Security In Relation to Hackers

 Static in Nature

Most companies follow the same protocol in setting up their environments. There are Active Directories, End Users, Routers, Switches, Firewalls, etc.   Hackers know this and, once they’ve gotten past the best defenses, are easily able to navigate as they feel right at home.
Risk & Compliance Standards Driving Action

As our country has become increasingly regulated, keeping up with the necessary protocols to simply exist per the law has become a huge challenge for security teams and companies in general.

Reactionary Environment

The process of IT Security is essentially the same as watching a “Tom & Jerry” episode.  The mouse (the hacker) runs around the house (your corporate environment) and your security team (the cat) chases them.  It’s really that simple.

 Solutions Available To Both Sides  

Did your team attend RSA or BlackHat this year?  They probably learned about the latest technologies available to defend against the bad guys.  They may have even scheduled meetings with the sales teams and attended demos.  Guess what?  The bad guys attend those same conferences and they’re buying those same defenses. Once they reverse-engineer them, they learn how to get through.

Overwhelmed Security Teams

While InfoSec is the fastest growing segment of almost any organization’s IT staff, seemingly every organization that I speak to tells me that they are overwhelmed in managing their protocols, users, reacting to events/breaches, and purchasing yet more solutions to keep the cycle progressing in the same pattern.

Mobility & BYOD Environments

Security teams used to just worry about company issued desktops and laptops of their end-users.  The increase in mobile devices and tablets coupled with the application-driven smartphones has presented increasingly complex environments (and new, unseen endpoints) that security teams often cannot effectively protect.

Your Opponent Has Time and Automation in Their Favor

Professional criminals have patience and persistence on their side.  Targeted attacks are automated and eventually evade the best defenses.  As we all know, eventually they will get through.

Sophistication of the Criminals Has Increased Exponentially

No longer just mischievous or looking to exploit corporate data, the occurrence of Ransomware attacks is up significantly and a significant source of revenue to criminal organizations.

The Bad Guy Might Actually Be On Your Payroll 

Like the famous 1978 Lufthansa Heist made famous in the movie “Goodfellas”, many breaches are inside jobs.  It’s both disheartening and extremely difficult to guard against.

 No-Win Situation for CISO’s

The top Major League Baseball batters make in excess of $15mm a year to hit over .300, while a CISO is at risk of being fired for achieving 99.9999999% success. A single breach can result in an otherwise very adept and forward-thinking CISO’s termination.

A CISO currently has a thankless job in a reactionary environment with odds favoring the opposition/professional criminals.

So what can be done to mitigate risk of breaches and data theft and put the odds back in your favor?  The answer lies in Deception.

Deception-The Great Equalizer

We’ve established that bad guys will spend an inordinate amount of time to penetrate your defenses, and will eventually get through.  Once they’re in, they easily know their way around your corporate environment because everything seems the same.

Deception is the result of reverse-engineering the hacker’s mindset and finding a solution that prevents the hacker from being successful.  It provides the following benefits to corporations:

No Longer a Sitting Target:

Organizations that deploy deception place deceptive, or false, data and assets into their environment that force the hacker to make decisions using bad information.  By “poisoning information available to the attacker, we significantly alter the odds in favor of the organization rather than the attacker.  The deceptive approach is different than traditional honeypot technologies that serve as decoys and depend on the hacker to find the technology.   In contrast, Deception technology does not require decoy systems.  Deception uses current business assets and deploys deceptive data to every endpoint.   Deception takes the fight to the attacker as opposed to trying to guide them to a specific decoy system. The effectiveness and manageability of this approach is significantly better.  But perhaps the greatest advantage is identifying intrusions in real-time and on the source machine… often as early as the patient zero host.

Instant Breach Alerting & Remediation

Once deception is deployed, an alert tells the security team if unauthorized access has occurred, shows the source of the breach, and allows the team to shut down the intrusion immediately.  Compare this to the typical time an organization discovers a breach in their network (180 days and usually accompanied by a visit from the FBI).

Your Rogue Employee is Now Easily Identified

The biggest challenge to CISO’s is their personnel. An ill-intentioned employee determined to gain access to valuable corporate data is difficult to detect, and very little can be done to prevent it.  Deception provides a key tool in instantly identifying unauthorized internal access and provides the safeguard currently lacking in your environment today.

No Strain on the Network 

Network people and Security people are like oil and water.  Network engineers want open borders and Security engineers want to build a wall, for lack of a better analogy.  Deception provides no strain on the network whatsoever, so this is one technology that your security team can implement that will not result in conflicts between the two groups. More importantly, it will not affect your imperative application’s performance.

It Will Keep You Employed

As mentioned previously, very intelligent and capable heads of InfoSec lose their jobs over being 99.99999% successful.  Deception puts the odds in your favor of immediate breach discovery and remediation. There is simply nothing in the market today to even the odds as this technology.

So how does your organization find a Deception Solution, and how do you find budget for this when you may have already submitted budget for 2017?

 What Solutions Exist Today?

While a relatively new sector (Gartner has not yet created a “Magic Quadrant” for it), there are some mature solutions in the space.  Like you as a salesperson’s IT Target, I am approached by various solution providers and have spent time reviewing providers in this space. As you may have gathered, it is my intention to gain an audience with you to share the solutions available in the market, share my knowledge of the sector and help you make an educated decision on which solution best fits your particular organization’s need.

Pricing varies based on provider and some price by the endpoint while others price based upon VLAN.  The cost is relatively minor compared to the cost of a breach.

Finding Budget:

I recently finalized a deal with a regulatory body for one of the nation’s critical sectors. They did not initially have budget for the solution but recognized the importance and created funding.  This sentiment has been fairly well-exhibited by the majority of companies that have evaluated the solution.

Some companies, however, operate by a hard-line annual budget.  In these particular cases, I’ve seen companies allocate funds intended for endpoint towards Deception, as this does fall into that area (technically).

Another way to find budget is to simply look at the “Goodwill” section of the balance sheet.  If your company does not have a “breach remediation” budget, there is no “goodwill” better than preventing a data breach.  And the cost of breach remediation, such as hiring Mandiant, can run in the millions and cost you and your staff your jobs.  This is a pro-active approach instead.

Find the Time

In InfoSec, there is more fire-drill activity than in most sectors, but that should not prevent a head of Cyber to take the time to learn and evaluate the very tools that will keep the enterprise going.  Too many times, cancellations of meetings and demos resulted later in breaches and job losses (Home Depot, anyone?).

Final Thoughts

The technology of Deception is not new in theory, but is relatively new in practice. Proper safeguards of the traditional variety coupled with Deception can help any organization use simple math and probability to put the odds in an it’s favor.

About the Author:

Eric Blaier is the founder of Integrated Business Services, Inc.   An Atlanta-based IT & Security consulting firm established in 2001. He has held sales and sales management roles for such companies as Allnet, Teleglobe, ATT and Equinix, and his firm partners with the leading cloud, security and network providers in the marketplace to maximize the efficiency, safety and productivity of his clients.
He can be reached at or

Random thoughts on my Samsung Galaxy S4

May 12, 2015 No comments yet

I’ve now had a Samsung for the better part of 3 years, and for the life of me cannot understand why:

1. Applications simply disappear or move.  I’ll look to make a call and the phone icon is gone.  That can’t be good…..

2. A random glance of “applications running” consistently yields more “Samsung”-oriented applications to the mix.

3. The phone randomly decides that my screen is “too bright” and shuts it down.

4. There’s an app running called “Factory Mode”. Is this really necessary?

That’s enough rambling about the phone for today.

The Challenges of Public Cloud Deployment

May 6, 2015 No comments yet

For public cloud providers 2014 was a record year. Leading public cloud companies such as Amazon World Services (AWS), Microsoft Azure, IBM SoftLayer and Google continued to enjoy growing demand. What is certain is that more traditional IT services will move to the cloud, and public cloud will be a large portion of that rapid growth for a plethora of reasons.

A recent study from Computer World had some interesting data that compelled me to explore the public deployment side a bit deeper. That 2015 Forecast predicts that there will be a 46% increase in Security Technologies spending and a 42% increase in Cloud Computing.

One of the most interesting results from that forecast: 32% of all new IT spending will be geared toward the ”Internet of Things” ( This creation of a virtual “Orwellian society” is one of the top IT initiatives for the near future. It also has created significant challenges for those responsible.

Another key statistic from the forecast is that 22% of all new IT spending would go towards high Performance Computing (HPC). The study also showed that 16% of all enterprises surveyed stated that Cloud Computing is their most important initiative for the year, the most of any group.

So cloud computing is growing, and the public cloud providers are leading the charge. But what are the challenges for today’s enterprise to quickly and, more importantly, secure & deploy new cloud infrastructure? This paper will look at some of the drivers leading public cloud demand, the challenges facing enterprises to adapt to public cloud, and ideas to deploy both faster and more securely.

Some of the key business drivers leading to Public Cloud Adoption:

The Internet of Things (IOT) Gartner recently stated the Internet of Things Installed Base will grow to 26 billion units by 2020. That is quite a leap from where we are today. The IOT will, theoretically, allow companies to operate more efficiently, better serve clients and improve service level agreements (SLA’s).

Business Analytics The Computer World study found that Business Analytics are most relied upon to give insights gained in generating new revenue streams and increasing sales within existing channels. In a nutshell, George Orwell (coincidentally, born an Englishman named Eric Blair) had it right when he wrote the classic novel “1984”. Our lives are being focused on 24/7/365 by analytic engines gathering data from our mobile devices, computers, IP –enabled television, your new car, and seemingly just about anything else you are using that is manufactured after 2012.

I don’t watch much television, but one of my favorite characters of all-time was “Ron Swanson” (played by Nick Offerman) of the recently concluded show “Parks and Recreation”. This segment explains why.
In reality, we’ll never have that simple, “off-the-grid” life revered by Ron Swanson ever again.

Instant Infrastructure Many traditional enterprises are leading adopters of public cloud services, but you wouldn’t typically think that based on their business model. One large public corporation explained that what used to take us six months to plan, test and deploy now takes us a few days or even hours”. The example given was a promotional/seasonal website for a national ad campaign that was to be run during the Super Bowl. In the past, the company would have selected personnel, created a project plan, evaluate and purchase infrastructure, and then begin work. Now, the same company spins up new devices in the cloud and they are ready to go instantly.

These are just a few of the key drivers and there are many more, but let’s take a look at the challenges in deploying in a public cloud environment.

Key Challenges:

Speed of Deployment– a panel of CIO’s that I informally surveyed recently stated that speed of deployment is the number one challenge. In 2015, it’s no longer “whether to go to the public cloud” but rather “how fast can we go live?” Capacity to connect legacy enterprise systems internally to interface with the public cloud is not something that IT personnel have planned for nor been trained to do.

As a matter of fact, one of the key findings in Forrester Research’s June 2013 Cloud Study was that 76% of respondents stated that they needed cloud administrator training and 71% needed cloud operations training.

Security: Accessing public cloud infrastructure means utilizing the internet for transport. The model is filled with risk of an attack, hack, or data loss much in the same way an enterprise or hybrid network . With many critical applications being pushed to public cloud, this is an area of concern for CIO’s and CISO’s alike, and one that did not exist just a few years ago.

Many of the respondents to my informal survey cited this as an area of great concern, with several stating that it was the highest priority.

Risk & Compliance: Accessing the public cloud involves a lack of visibility into the rented infrastructure that an enterprise enjoys within its own environment. This could present risk and compliance obstacles for companies that must adhere to certain industry-specific standards.

The lack of visibility on a continuous basis means that a portion of the enterprise “assets” are at risk.
In my informal panel of CIO’s, this was the single biggest concern of those who responded.

These are just a few of the major concerns of public cloud utilization. So how do we get past those?

Ways to Improve Speed, Security and Compliance:

Speed to Deployment: Most organizations use public internet or a private MPLS circuit or Point-to-Point to access the leading cloud providers. This involves a traditional hub and spoke network typically with primary operations occurring at either a private in-house datacenter or at one of the enterprise data center operators.

One idea to consider is taking a small footprint at a “carrier hotel” type of datacenter operator with the intention of getting directly connected to the cloud providers with whom you wish to do business with. Typically, this would involve taking a cabinet (at minimum) at a carrier-neutral facility and then buying a direct cross-connect to the cloud providers that you want to connect to. One of my partners, Equinix, offers a 10G cross-connect for $200/month to their cloud exchange which can be partitioned to different providers. The benefits here are numerous. Among them, it offers an enterprise freedom of choice among cloud providers, much in the same way that freedom of datacenter choice allows your company to not be married to a particular telecommunications company. It is important to consider the number of cloud providers in such an environment for this particular reason. I partner with several datacenter providers and their primary growth strategies all revolve around the proliferation of public cloud users.

Further, public cloud infrastructure can be spun up instantly through self-administration portals with such providers. The speed, in terms of latency, will be much improved. This, in turn, has been another area that enables companies to give better SLA’s (Service Level Agreements) to their customers. In other words, everyone wins.

Security: Accessing the internet, simply stated, is putting your infrastructure at risk. One of the main benefits of housing the “public cloud infrastructure” (in a cabinet, etc….) is that the direct connect eliminates the internet. Problem solved.

Risk & Compliance: So, it’s been established that moving into a “cloud exchange” solves both the speed and security issues, but what about the visibility of assets for risk and compliance considerations?

The aforementioned solution alone will not mitigate that situation. In order to do that, there is a very unique start up that is changing the way the game is played. That company, Cloud Passage offers a cloud security solution that works in any cloud: public, private, and hybrid. The solution, Halo, which is offered as SaaS, provides instant and continuous security/compliance visibility into all cloud deployed assets. They, basically, consolidated all traditional security solutions (Firewall Orchestration, IDS, FIM, Vulnerability Scanning, Key management, etc..) and re-engineered how security is delivered , making it well suited for cloud environments. Utilizing this service will provide your organization with the tools needed to bring your public cloud environment into the same standard as the rest of your assets.

Final Thoughts In conclusion, I hope that you have found this article helpful as you look to the public cloud to increase productivity, boost efficiency and time to market and increase your revenue stream.
I thank you for taking the time to read this article and look forward to seeing each other again in the near future.

About the Author:

Eric Blaier is the founder of Integrated Business Services, Inc. an Atlanta-based IT consulting firm established in 2001.. He has held sales and sales management roles for such companies as Allnet, Teleglobe, ATT and Equinix, and his firm partners with the leading cloud and infrastructure providers in the marketplace to maximize the efficiency and productivity of his clients.
He can be reached at or

Dropbox to pay for bugs

April 16, 2015 No comments yet

Attention info security professionals:

Are You Considering a Hosted PBX Solution?

April 14, 2015 No comments yet

By Eric Blaier

By now, you are likely quite familiar with “the cloud” and the various applications, platforms, infrastructure, and other offerings available today. Those solutions extend to what is considered standard need in offices-Telecommunications. IP Telephony has been one of the leading success stories of the internet boom. When I started in the telecommunications industry over 20 years ago (I’m dating myself here), I worked at a long-distance carrier. That genre of company was made, for the most part, obsolete by IP telephony. The digitization of one of the oldest transmission methods changed the industry seemingly overnight.

Moving to IP-Based Phone Systems provided easier cost structures to the carrier, which led to more simplified pricing to the customer. It offered the ability to utilize new technologies like SIP Trunks (Session Initiated Protocol) which allowed extension dialing to remote locations. Moves, additions and changes, became much easier to manage. And the cost structure dramatically decreased across the board.

Today, one of the primary topics of discussion that I am having with clients is whether they should move to a “Hosted PBX” model or continue to utilize a traditional PBX system. The discussion has almost become not “should, but rather “when?” The factors in that decision typically come down to cost, functionality, administrative capability, IT support, and risk/business continuity/compliance considerations. This article will address those factors, some of the business drivers for considering a hosted PBX, and the primary areas that must be addressed before moving to that model.

Some of the factors in moving to a Hosted PBX model across the enterprise:

Cost Hosted PBX models are, across the board, almost always more cost-advantageous. The reason for this is that the Hosted PBX model eliminates the need for “phone services”, which include dial tone, T-1 charges, Long Distance Charges, certain FCC charges, and trunk fees. The Hosted PBX model includes dial tone with full-featured functionality and does so for a monthly “rental fee/lease”. The typical savings in a properly designed Hosted PBX Migration is upwards of 30%.

Functionality On-premise phone systems and Hosted PBX systems have, for the most part, all of the same functionality and features. The difference in how they are delivered comes down to the PBX (or brain of the phone system) being hosted in the office telephone closet while the Hosted PBX receives features and functionality from the “cloud”.

Administrative Capability Moves, additions and changes are the life of a telecommunications coordinator. The on premise model involves making changes in a decentralized environment, which can mean travel costs for programming, additional insurance premium costs for the business, and higher power bills. The Hosted PBX model allows telecommunications administrators to make changes from a central portal as if they were physically located at the remote site. It also means less cost for travel, insurance and utilities.

IT Support The cloud has lessened the need to keep IT staff in each location. A cloud solution can be centrally administered as discussed above. Further, the hosted model involves either a lease or purchase of the handsets. These often involve full warranty and support for the entire contract. This has eliminated the need to pay for service calls or “service contracts” that are the lifeblood of standard phone system vendors.

As a matter of fact, the migration from traditional PBX systems to Hosted has changed the business model of PBX Vendors. Many leading manufacturers have developed their own cloud offerings and have educated their leading and long-time vendors to recommend the cloud solution. The vendor is compensated a small percentage residually in lieu of the service contract, so they still maintain the client relationship even if delivering the solution in a different method.

Risk/Compliance/Business Continuity: If your business must meet certain standards for risk/security/compliance, it is vital to find partners that can meet those needs. Suffice to say, the Hosted PBX providers of today have designed their platforms to meet those needs from a “hosted perspective”, but there is still work to be done. More on this issue will be discussed below.

So far, it seems that a hosted model meets or exceeds the traditional PBX deployment. What are the factors that are leading companies to go with a hosted model?

Business drivers in favor of the hosted model:

Demand Economics– Hosted solutions are an OPEX rather than a CAPEX environment. The ability to order what is needed at that moment allows an enterprise maximize efficiency and ROI immediately.

Scalability-Hosted solutions are highly scalable in due to the OPEX model. This allows for future growth as well as redeployment of assets from one office to another.

Risk & Compliance: The hosted model gives instant visibility into all assets on the network with a central administration point. Having the ability to patch and send instant updates amongst the entire network of phones is something inherent to cloud solution PBX’s. In a cloud environment, the update comes from the provider, thus removing this task from your administrator while giving greater visibility.

Total Cost of Ownership (TCO) Factors to consider include Equipment/Service Costs/Warranty Costs/Installation Costs/Power & Utilities/Insurance/Travel and Administration. In almost every scenario, the hosted solution provides a lower TCO. One of the best TCO calculators available is that of Evolve IP, a partner of my firm

So, with the benefits shown, what are the negatives?

Primary Areas to Consider:

Redundancy: if you move your phone system to the cloud, you are an internet outage from being out of business. This means finding redundant circuitry that runs in parallel to the primary circuit. In larger enterprises, primary circuits can be 20mbps-100mbps dedicated fiber internet connections from “carrier A”. To back that carrier up properly, it is imperative to get a secondary from a different provider (“carrier B”) that consists of a different loop provider and/hopefully a different entrance point into the building.

In smaller and home-office environments, there is a trend towards backing up either a smaller Ethernet circuit or cable modem with a DSL line or 4G wireless services. The latter is gaining in popularity.

Security: You are now in the cloud. Your phone system is now another IP address on your network. Thus, a solid Firewall is vital to keeping your system free from DDoS attacks, viruses, and all of the nasty stuff that data networks come across.

The latest Firewalls, often called Next-Generation Firewalls or Unified Threat Management Devices, provide many features including Intrusion Protection (IPS), Web Filters, Load Balancing and Failover. Failover is vitally important because if one circuit goes down, the device automatically routes to the secondary circuit.

Investing in a decent device can make all of the difference in the world when disaster strikes.

Administration: Having the ability to patch and send instant updates amongst the entire network of phones is something inherent to cloud solution PBX’s. In a cloud environment, the update comes from the provider, thus removing this task from your administrator.

Forces of nature: Up until this point, planning for disaster and how to recover was something the IT executive thought about in terms of servers, network and personnel. The facility itself was an afterthought, as they paid somebody else to worry about it.

What if the power goes out? Do you have the ability to fire up a generator? Is it your facility or are you a tenant? Do you have Power over Ethernet (PoE) switches and phones so that your phones stay connected even in the event of a power outage?

Working with a skilled telecom consultant can give your company the roadmap for addressing each of these “unseen” threats and mitigate them prior to them becoming an issue.

Given each of these factors, it is a matter of when (not “if”) your organization moves to a hosted PBX model. The benefits of a fully-deployed, redundant solution typically far outweigh the risks or costs with keeping a soon-to-be antiquated technology. I thank you for taking the time to read this article and look forward to seeing each other again in the near future.

About the Author:

Eric Blaier is the founder of Integrated Business Services, Inc. an Atlanta-based IT consulting firm founded in 2001. He has held sales and sales management roles for such companies as Allnet, Teleglobe, ATT and Equinix, and his firm partners with the leading cloud providers in the marketplace. If you are interested in having a TCO analysis done for your business, please contact Eric for a consultation.

The Importance of Backing Up Your Network

August 28, 2014 No comments yet

Over the past few years, considerable attention has been given to the preservation of data within corporations and enterprises alike. Most companies, at this juncture, have on premise storage solutions, off-site/cloud, or perhaps a hybrid.

What I find fascinating is that many of these same companies do not back up the one element that gets them to that data, and that is the internet/network. What is even more astounding is the relative little cost to create a backup network.

The large majority of companies are running VOIP over Ethernet or PRI in enterprise environments as well as corporate.
Some companies will run VOIP over cable, particularly in small/remote/home office settings.

Most “next-generation” Firewalls or “unified threat management” devices contain features that allow not just the ability to fail-over from one circuit (the primary) to a secondary circuit, but many can often load-balance. This provides additional benefits to a company for bandwidth maximization.

To begin with, let’s look at the ways to back up a network:

1. If your company has an Ethernet Circuit for internet (10mbps-100mbps, etc….) from one provider, you could order a cable modem from the local cable company for less than $400/month on average. As a matter of fact (using Atlanta as an example), one of the local cable companies will provide a 100/7mbps cable modem for $180/month.

As long as your firewall could provide the automatic failover and load-balancing, you could gain the additional bandwidth from the secondary connection as well as the benefits of redundancy.

2. If your company is smaller and uses a cable modem as the primary circuit, back up options include DSL (even if it being phased out over the next several years) and 3G/4G wireless solutions. Both are very inexpensive, typically less than $100/month.

A smaller company may think that they cannot afford the type of equipment to do both failover and load balancing, but this is often a false belief. I have set several clients up with low-cost firewall solutions such as Fortinet’s Wifi 60D* which provides both features as well as the standard advanced features offered by security manufacturers.
*Full disclaimer: I am a Fortinet dealer.

3. If your company is using basic analog phone lines, it is only a matter of time until the incumbent phone provider phases out traditional phone service. Both AT&T and Verizon have stated that they will be leaving the local copper network by 2020, and that is not that far off. Chances are, you will be contacted by a local representative from AT&T or Verizon who are offering you a new package (U-Verse or FIOS, respectively).

As a matter of fact, I recently did some free-lance work for a friend of mine who runs a telecom agency, and AT&T provided him with a list of their clients on traditional PRI, 1FB, and other digital service. The initiative is to convert all clients over to Ethernet. So the story is, even if you are on traditional POTS (Plain Old Telephone Service), you’ll be going over VOIP very soon.

The main advantages of backing up your network are the following:
1. The data you have worked to protect and retrieve would not be accessible without a secondary circuit in the event that the primary circuit was down.

Gartner estimates that the cost to an enterprise ranges from $140K/hour and higher!

What would the cost to your organization be if your network was down for one hour? There are several “Outage Calculators” from consulting companies such as Deloitte and Gartner, but as a business owner or CIO, you should already have a pretty good idea of what the cost would be.

What would the loss of revenue per hour be if your call center was down?
What would the loss of revenue per hour if your card processing or ERP system was unavailable?
Would the marginal costs described above be worth implementing in order to prevent that?

2. With load-balancing, the network can run much faster using a low-cost secondary circuit for additional bandwidth. Thus, expenses will be cut.

For example, a 10mbps Ethernet circuit might cost $500/month. To add additional bandwidth, an upgrade to a 20mbps Ethernet circuit might cost an additional $300, or $800/month. The same company could keep the 10mbps Ethernet for primary, add a lower-cost cable modem (such as a 100/7 circuit) for $200/month, and actually save money. This configuration would not only be $100/month less expensive, but it will provide redundancy and far greater bandwidth than just upgrading the primary.

3. Company and brand reputation is at stake. Any time there is a known outage (or breach of company data), it reflects poorly on the company and results in a loss of consumer confidence, possible financial repercussions because of Service Level Agreements (if applicable). Loss of productivity, and possible job loss.
Backing up your network allows a company the peace of mind in knowing that all core components are backed up, at a very minimal cost.

4. Last but not least, cloud applications continue to grow in popularity. Considering that an internet pipe is the only venue to get to core hosted applications, a backup plan is vital. Core operations are compromised if the primary internet circuit goes down, effectively crippling a company. This may be the most important reason of all to back up a network.

So what are the keys to accomplishing this?

Assess the current situation:
Which provider do you use for internet?
What type of service do you have? Is it PRI, Ethernet, Cable Modem?
What is your contractual situation?
What are you currently paying for network?
What type of Firewall does your network utilize?
What are that Firewall’s technical limitations?

Evaluate options:
What options are available for network backup? (Cable/DSL/Fixed Wireless)
What is the cost to upgrade the Firewall if it does not provide failover?
What is the cost to upgrade the Firewall if it does not load balance (if that is desired)?
What is the cost of your hourly downtime in relation to these costs?

Implement the solution:
Who will do the implementation?
Typically, this is my client’s data vendor. When I have set up new offices, I use my own installer.

What is the cost of implementation?
Typical data vendor charges range from $100/hour to $200/hour and the typical time is about 4 hours.

I hope that this article was informative to you and gives you some guidance on the various ways your organization can better it’s infrastructure in a low-cost, high-yield way. If you are interested in discussing your company’s particular needs, my contact information is listed below.

Thanks for taking the time to read this article.

Review of the Galaxy SIII

March 22, 2013 No comments yet

I reluctantly made a move to an Android device back in August, due to the need to access files via mobile and the trouble I had doing so with my beloved Blackberry. Since 6 months have passed, it’s now adequate to review the do’s and don’ts of the hot new (now old, since they have come out with the SIV) SIII.
Speed-I am on Verizon Wireless and it’s just lightning-fast. It allows me to access files from anywhere, and quickly.
Size of display-it’s the largest display screen that isn’t a tablet. You will not do better for display and the clarity of the screen is nice as well.
Apps-virtually anything you want is available either free or for a small fee via the App store. It’s a huge upgrade over what I used to see in the Blackberry marketplace.
Negatives-Samsung Kies software. If you use Outlook and need to sync, you’re in trouble. I am an Outlook 2010 user and downloaded the Samsung Kies software to sync my data. The problem with the Kies software is that it is virtually a bug itself. Almost every time I connect the device (via cable) to the computer, the software will not recognize the device. This prompts me to have to “disconnect the phone” (which I do) and “troubleshoot/reinstall device driver” (which I also do). About 50% of the time after doing this, the software again fails to recognize the phone. I have to uninstall and then reinstall the Kies software at least every two weeks. This is simply no way to operate a business, much less a personal device. Samsung is clearly lacking in the software department and it’s made my decision for my next phone a lot easier-this is the last Samsung phone I’ll ever buy.


Cloud Partnerships

March 22, 2013 No comments yet

Over the past 6 months, I’ve undertaken some consulting that led me to evaluate cloud providers for an organization. As such, I’ve partnered up with some of the top cloud providers for services, which you can now get through us:
Filesharing: Egynte, Sharefile, Hyperoffice
Contract Management-Ariba (now part of SAP)
Expense Reporting-Concur, Parmamount Technologies, Expensepoint
Email Archiving-LiveOffice, GoogleApps, ClubDrive Systems
Hosted Infrastructure-Google Apps, ClubDrive, Cirracore, Rackspace
Cloud Call Center-inContact
Marketing Automation-SalesFusion.

These solutions have been researched, demo’d and are deemed to be suitable for outsourcing. If you are interested in learning more, send an email to

Why Are Companies Reluctant to Embrace Consultants?-by Eric Blaier

March 22, 2013 No comments yet

“You’re my competition”.

I sat stunned, but listening earnestly, as the new Vice-President of IT of a long-time client said these words to me. Sometimes, you don’t know exactly how to respond, and this was one of those times.

I asked him to explain and he stated, “You are doing the same thing as me and my IT staff. I view it as you being competition to us, unless there is a lack of resources such as time and hands to get the job done”. This certainly did not bode well for me as I had hoped to expand the relationship into other areas.

However, it was finally out in the open: the reason why some IT departments are reluctant to embrace third-party consultants when we (meaning, the consultants) could not understand why. So I wondered, why do IT Departments think this way? Further, how do I make the IT staff understand that my goal is not to displace them, but rather help?

To begin with, let’s examine the most common types of IT consulting models:
1. Paid Engagement-hired for a specific task or project and paid either hourly or a lump sum. These consultants tend to be specialized, such as providing Network Assessment or Design, Regulatory & Compliance Adherence or Certification, Disaster Recovery Specialization, or Security & Vulnerability testing. They are typically vendor-neutral, hired to help make recommendations for the client and based on ethics, not affiliated with any particular vendor.

2. Vendor Provided -these are solution architects that are sometimes viewed as the “consultant” and not really a “consultant” but sometimes are viewed as that based upon the client-vendor relationship. It is fairly common for companies to hire incumbents for services, such as Dell SecureWorks being asked to provide vulnerability assessments for a managed security client (full disclosure-I am a partner of Dell Secureworks and they do an excellent job). What needs to be remembered is that the ultimate goal of this “consultant” is to gain or keep additional business for their “free intelligence”.

3. Third Party or “Agency”-these solution providers are typically salespeople who are vendor-neutral and client-centric. They provide consultation, often for free, in exchange for the understanding that procurement of service providers will be executed through them.
The advantages of working with consultants are (at least in my admittedly biased opinion) numerous:
-Save time and effort on monotonous tasks, such as procurement. I have never found anyone who enjoyed calling telecom carriers to haggle over the best rate (hint-this is something that I do to keep you from having to do it).
-Focus effort on the core business, such as running a help desk, break-fix repair and maintaining network performance.
-Getting unbiased expert representation from a source whose livelihood is within that new “sourced” environment and can navigate between the corporate sales pitch and reality. I have always felt that this is the single greatest reason to work with a third-party consultant.
-Having representation amongst all providers allows the client to have, on their behalf, price negotiation in a more strategic position. For instance Storage Value-Added Resellers will provide solutions from EMC, DELL, NetApp, HP as well as managed and specialty providers. Security Resellers will provide options from McAfee, Symantec, Juniper, Checkpoint, Cisco, FireEye, Damballa, etc….. When the VAR has the ability to bid the solutions against each other, the end result is optimal pricing for the client.

So given these obvious advantages of working with consultants, why would an enterprise be reluctant to do so?

1. Competition. I had often felt that certain IT groups were territorial. It’s the nature of the business when dealing with very intelligent individuals, but it was never actually stated to me until that meeting I reference at the beginning of this article. For an IT staff to feel that the third-party consultant is their competition, they would have to feel threatened.

I can likely speak for 99% of third-party consultants when I say we are not trying to take our IT client’s jobs. We are not looking to displace your jobs through BPO (Business Process Outsourcing) in a third-world country or (typically) trying to get you to buy managed services to displace you. While a lot of that is, in fact, going on with cloud providers, it is not our intent. In fact, we’ll let you get the credit with whomever it is that you report to.

We want our clients to look good. We also want our clients to come back to us the next time we have a problem, get another answer/solution, and take full credit. That’s the value we seek to provide.

2. Ego. A natural defense mechanism in embracing change or ceding control is often the preference for being self-sufficient. In some cases, for the largest companies, there may be enough resources to accomplish what is needed (ie-having a dedicated procurement department in addition to an administrative IT group). In most cases, and having seen from experience in working with numerous large enterprises, most companies do not have this option. The general trend of the last few years has been position elimination with responsibility being divided amongst “survivors”. Thus, it’s a “do more with less” mentality. Given that situation, it’s almost incomprehensible to me that additional (free!) resources would not be taken seriously or even considered.
Another key point regarding the ego issue (we get it, most CIO’s are very smart guys) is that it typically helps anybody to expand their network/resource, particularly those that can offer true value and insight. These sources don’t live in the same world as the CIO and can offer unique perspective into areas not native to the typical enterprise.

3. Trust. It’s typically easier to control what you know. Employees typically have signed Non-Disclosure Agreements, Non-Competition Agreements, and the like. I have a secret that actually is not so secret-we (meaning outside consultants) will gladly sign NDA’s and non-use of your (the enterprise) materials, information, etc…. We’re typically willing to go the extra mile to meet the Regulatory and Compliance demands you are under and we’ll (typically) provide solutions geared towards those particular requirements.

4. Lack of Perceived Value. This is where the IT staff needs to seriously assess if they have the capability in terms of expertise in the field, knowledge of present market conditions, and if they have the actual time to commit to and go through the sourcing process. If the answers are “yes” to all of those questions, then it may be a venture that should be taken internally. However, this is where many IT staffs miscalculate and it costs them money, time, productivity and is often frustrating.

There are certainly other reasons, but these are the four that I believe to be most common. Hopefully this article will help to change the mindset of a few people (you IT folks) who might need some guidance in an area for the reasons listed above and will look to a new resource to help. Don’t be afraid to engage if you can learn something. It’s what drives me to seek new answers from sources and clients every day.

I bought a new Samsung Galaxy s3

August 10, 2012 No comments yet

Moving from the Blackberry 9650 that I used for a long time to this is taking quite a bit of time. I’ll be back later to share some tips of do’s and don’ts for you first-time Android (and Galaxy s3) buyers.