We’ve made it to fall. Football season is back, baseball is in its final stages, the kids are back to school, and the leaves are starting to change. It’s also budget time for 2012 for the vast majority of companies.
This year is one that I don’t expect to be any different than the past several years past. The mantra for the past decade seems to be the following:
•Do more with less
•Cut the budget
•Increase production
I don’t believe that it will change much this year from past years. The US Economy has not shown the job growth and housing recovery needed to sustain a true positive market correction. Last month, Moody’s said that they believe the US Economy will continue to flounder next year (http://www.businessweek.com/ap/financialnews/D9P4OVNO0.htm). More recently, the International Monetary Fund lowered the outlook for both the US and Europe: (http://www.freep.com/article/20110921/BUSINESS07/109210351/IMF-sharply-downgrades-outlook-U-S-Europe).
We can debate the reasons why the economy is the way that it is (lack of jobs, growth occurring overseas as we ship jobs there and then wonder why we’re having issues, for one thing; the fact that the economy is fully dependent upon human interpretation and emotion and is based on consumer confidence for another) but that does not solve the issue that corporations face today: How to produce more with less resources and keep within budget? It’s not an easy task.
Let’s explore some ways within IT that a company can slash costs to fund a necessary project. After all, there’s nothing like having a new compliance-driven initiative and finding “we don’t have budget for it’. The goal of this article is to arm you with some ways to prevent that from happening to you in 2012.
1.Lowering Local Access Costs within the corporate network
With corporations shifting applications and (sometimes) infrastructure to third party datacenters or hosted “cloud providers” in those same commercial datacenter, the opportunity to lower local access costs (or “local loop pricing”) is simple. In addition to moving your primary or secondary operations to a commercial, third-party data-center, you will find that many established telecommunications and Internet Service Providers (ISP’s) have established service within.
• Large Company Solution-Move to a Commercial Data Center
The vast majority of commercial data-centers are what we term “carrier-neutral”. This means that any telecommunications provider or ISP can provide service to clients in their facilities. When a carrier establishes service in the datacenter, “cross-connects” to the carrier are often very inexpensive. It is not uncommon to get a fiber gigabit connection in one of these centers at less than $1000/month. In that same scenario, a large company with a corporate headquarters and located in the suburbs (say, 30 miles outside the center of a city where the “Telco Hotels” typically stand) might pay $20,000/month for that same loop.
This scenario requires a strategic look at how operations are done today and what can be re-engineered for cost savings and better functionality. Removing fiber rings and local-access loop costs from large corporate networks is one way to get the budget you need for other projects.
*Small Company Solution-Look at Different Access Methods
Small companies that don’t have a huge data pipe or corporate network, but have the same need to find budget for next year, can also reap benefit from this strategy. One of the ways is to look at the cost associated with a small company’s current network.
Redeployment of older, traditional telecom access products like T-1 and PRI can often make a significant difference in monthly cost. T1 and PRI are often used with TDM phone products (think, old-time phones) and have higher access costs. The newer phone systems and networks are digital, and the favorite handoff (access method) is that of Ethernet. Getting Ethernet to a small-business can be tricky (it’s distance-sensitive) but can yield rewards of up to 70% savings! Ethernet Over Copper (EoC) is a method of delivering Ethernet over the existing copper line.
Note-the one drawback of having the EoC handoff versus the traditional Ethernet delivery (Fiber) is that growth and expansion take a back seat. If you order EoC, make sure it is enough for your immediate and intermediate-term needs. Unlike Fiber, it is not as easy to upgrade.
But the cost-savings are definitely worth it if it’s well-planned!
2.Look at Your Power Bills
This is not supposed to be a propaganda article on datacenters, but if your company is hosting either primary or secondary operations internally, take a look at your power bill. Mike Anderson, a Network Engineer at Primary Capital Mortgage in Atlanta, was spending $1600/month to cool a single rack of servers in their “server room”. This server room was located in their leased Headquarters and had only single-source, commercial-grade facilities. They had no redundancy of any sort from the infrastructure perspective such as those of the top-tier datacenter providers.
Mike made the decision to move to a leading datacenter provider, who provided them with a rack and fully-redundant power for a large savings over what they were managing themselves. The savings that the company realized funded their previously non-budgeted hosted e-mail security and archiving solution that they had wanted.
“We saved $700/month, plus an additional $2000 annually in maintenance costs”, said Mike. “It simply made sense for us to do this, and we improved infrastructure for our core operations”.
3.The Cloud is fine, but at what cost?
One of the greatest trends today is hosted applications (Software as a Service or “SAAS” or “Cloud”) but one really needs to look at why an application or infrastructure should be outsourced.
Some of the common reasons given by companies are:
a.Lack of Personnel to run applications or operations
b.Lack of Capital Budget
c.Cost-Savings over doing it themselves
Having a lack of personnel is likely the most compelling reason. If your company cannot provide the means necessary to host applications or infrastructure, external providers can easily do this for you.
Lacking a budget is another very good reason to go with a cloud or hosted solution. What would be a very expensive capital investment now becomes a much more affordable operating expense. While you may lose the capital depreciation for tax purposes, it is still the means to an end.
The idea of a cost-savings is a bit more complex. ROI is factored based upon variables such as internal costs (salary, benefits, training of personnel), software and hardware costs (options), systems and utilities, and risk-management. If your ROI clearly shows that a hosted solution is superior, it may be time to evaluate technology options.
EHarmony.com recently announced a move to a new technology rather than the cloud solution (Amazon Cloud) that they were using. This article discusses how they have increased their compute per-day by 20 hours.
While hosted solutions will continue to be a hyper-growth market, it’s imperative to explore what options are available and what the total cost of ownership is before going that route.
4.Using Today’s Technology
One way to get some budget actually involves spending money. The latest Unified Threat Management (UTM) or Next-Generation (NG) Firewalls have features such as web filtering, which can reduce bandwidth utilization drastically when set up with protocols. For very large bandwidth users, the cost reduction is not insignificant.
Another feature of the latest generation of these devices is that they allow users to add features (load-balancing, web-filtering, anti-virus, malware protection, etc…..) to suit the corporate network needs without having to spend money on additional equipment. This is often far less expensive than buying devices separately. It also is easier to manage.
I hope that you found this article helpful and hope to hear from you in the event that you would like to discuss your 2012 goals for your organization.
About the Author:
Eric Blaier is the founder of Integrated Business Services, Inc., an Atlanta-based Web Security, Business Continuity & Telecommunications consulting firm. His client roster includes numerous Fortune 500 clients in the healthcare, finance, technology, and broadcasting sectors. He can be reached at sales@integratedbusinessservices.net or www.integratedbusinessservices.net
By Eric Blaier
Every day, I learn something from my clients. Sometimes it’s something that helps me with another client. Other times, it’s something that lends credence to common misconceptions in technology. These misconceptions often arise due to companies positioning certain products or services differently than others due to, among other things, profit margins. Other reasons could be lack of a competitive offering, competitive deficiency, or a different brand-to-market strategy that does not involve client need.
This article will share those analogies along with the misperceptions I have encountered recently with you.
Telecom: I’m less than a carrier-grade client but I’d like Fiber
One client, clearly in the Small/Medium Business space (100 or so employees) was looking at fiber as way to connect several offices. Given the nature of the telecom business, carriers merge, consolidate, and change practice and pricing constantly. I explained to the client that it would be prudent to construct a fiber ring for, say, a data center project that revolved around very high capacity bandwidth. Another application might be a network provider (really, any OC+ opportunity).
The analogy I used with this client was that in the SMB world, you don’t “marry” your carrier. Laying fiber is the equivalent to marriage. The process involves a build-out, an amortization of the construction cost (often hidden in the quote) and getting a “divorce” is typically ugly. The alternative: date your carrier. Pick contract terms of 3 years for the best price and reserve the right to change when the contract is up.
Security: My Router can do what these Firewalls can do
This is, unfortunately, becoming more of a thought process than previously. A Router is defined as a network device that forwards packets from one network to another. A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules.
When a particular prospect was of the belief that utilizing Telco-provided routers at each of the company’s branch offices would provide adequate security, I used the following example:
There is a high school-aged child having a party and there are people coming in at the door. The Router is the host who is throwing the party and is just glad that people showed up. He lets everyone in, regardless of whether they’re there to cause destruction or to steal things, or to spread ill will and slow down the party. The Firewall is the person who lets people in that meet the criteria and do not pose a threat, as well as keeping those guests safe while they are at said party. Basically, the keeper of the car keys!
Fortunately, the prospect understood this rationale very quickly!
Business Continuity: We’re going to the cloud-it’s fine.
One of the most prevalent technology trends is to move applications (CRM, ERP, Exchange, etc…) to the “cloud”. The term “Cloud” itself has many meanings, but the main implication is that “it’s safer in the cloud”.
Is it?
It depends. What is the goal of your company’s cloud initiative? Is it to reduce capital investment and infrastructure and change to an operating expense? Is it to get mission-critical applications in a more secure and robust environment? Is it to get applications closer to end users? Or, is it to place these applications into a more secure environment?
Cloud Providers are a difficult group to define. Seemingly everybody claims to have a cloud offering. If you are using Microsoft Exchange and connecting through a VPN, I suppose that could be defined as “cloud” as well.
There are some fantastic cloud offerings, both public cloud (buying space on servers that are also leased to other companies) and private cloud (creating a custom solution with a server or server set dedicated to a particular client). Examples of these are Quality Technology Services, Colocube, Rackspace, and even Microsoft. These companies have taken the time to engineer the solution that fits all of the pertinent areas (security, high availability, robust network, diverse paths of network, and the people, procedures and processes to ensure that the offering works). Further, these companies are more likely to invest in the technical infrastructure to protect your data, and do proactive testing to take a best-practices approach in preventing a breach.
The flip side of the equation is companies formerly in the low-end Dedicated Server marketplace now offering “cloud solutions”. This group, has, by nature, always had to cut costs and margins in order to compete in a lower-end market. As such, engineering a solution to compete in the “cloud” space is vastly different than the companies who really invest in their infrastructure.
I’d like to issue a disclaimer that there are exceptions. There are some Server companies that have adapted and created top-end solutions with high-availability and top security. It’s a matter of doing your due diligence.
My analogy is that that it’s like the present-day hotel industry. You can go to a few “review” sites. You can go to a referral site, or you can shop online. Either way, everybody usually looks good at an initial glance on paper. When you get under the hood, and really do some digging (in this case, checking the company history if they are an unknown to see if they’re a dedicated server company), you should be able to see what the offering consists of. The top-end Cloud providers will never be the least expensive, but you know you’re in a good section of town, it’s safe, and you’re able to check and check out 24/7 without fear of being locked out. The lower end Cloud providers give you a better deal, but they might not mention that the neighborhood isn’t as good (porn, gambling, spammers, etc….), security may be suspect (cost-containment is the number one goal in hosting) and process may not be nearly as tight (thus, the down-time that you never envisioned could become reality).
The rule of thumb-choose your cloud provider very carefully if you are hosting primary applications. If you are hosting secondary, still choose them carefully. Do you want your company data getting into the wrong hands or a competitor? We’ll explore the issue of that happening in a later article.
I hope that these analogies provided a few answers to common misperceptions and, as always, I welcome your feedback!
About the Author:
Eric Blaier is the founder of Integrated Business Services, Inc., an Atlanta-based Web Security and Business Continuity consulting firm. His client roster includes numerous Fortune 500 clients in the healthcare, finance, technology, consumer goods, and consumer services sectors.
He can be reached at sales@integratedbusinessservices.net or www.integratedbusinessservices.net
By Eric Blaier
Most of my articles are about business problems and how they affect an organization. Often, I take a macro-level approach to introduce solutions to meet those problems. This month’s article will be a little different than what I normally cover. Instead, I’ll focus on a subject that has become all too apparent in my daily dealings with C-Level IT Executives.
I spend the majority of my time talking with CIO’s, CISO’s, CTO’s, Directors of IT, etc… as a function of what I do for a living-running an IT consulting company. In order to determine whether I might add immediate (or, at least, near-term value), one of the first questions I ask them is what their goals are for the present and next fiscal years. In doing so, theoretically, it should give me indication of what the goals are. Even more importantly, it has given me insight into whether their Board/C-Level team views the IT group.
I’ve found that IT Organizations fall into two main categories in how they are perceived within their company. One group of companies views their IT group as an asset that enables the organization to grow. The second is companies that consider IT to be a necessary cost of doing business but not much more.
This article will explore those two views as well as the typical strategies for each type as relates to competition, change, manageability and growth.
IT as an essential part of the organization
Companies that view IT as an integral part of the organization typically exhibit several characteristics:
1.They are early adopters of new technology. Having a belief that IT can empower their organization (reducing costs, mitigating risk, boosting effectiveness, etc…..); these companies typically are the first to research and adopt emerging technologies.
Some examples of recent emerging technologies include VOIP (Voice over Internet Protocol), Cloud Computing and SaaS Solutions (Software-as-as Service), Disc Storage and High-Availability Solutions, and Mobile Solutions.
Some of the advantages that these companies experienced include reduced operational costs, increased productivity and far superior continuity to operations, among many others.
The end result of this-a significant competitive advantage over the laggards who wait to adopt the newest and most beneficial technology.
2.They view IT as an integral part of their company and seek their input on critical decisions. One of the easiest ways I can tell if a company falls into this category is if the C-Level IT team states that their goals came from their group (presented to the board/CEO) or if it was dictated from the CEO or Board.
In an ideal world, positions are filled for reasons of competency and professional aptitude. The C-Level executive in any department is the ultimate head of that business unit. It is, then, reasonable to assume that any C-Level should be leading the decisions, direction, strategy and goals of their particular department. The CIO/CTO would use their group to evaluate the organizations current landscape, find areas of weakness, broken process, or productivity, and find solutions from the outside to solve these issues and improve the organization.
The best of these CIO’s (and companies, co-incidentally) work in a mutually-rewarding atmosphere whereby the problems and solutions presented by the IT group are then understood and approved by the CEO/Board for the betterment of the organization.
The benefit to a company is that productivity is increased and (theoretically) the most-qualified decisions are being made and implemented, which result in higher productivity, reduced expense and higher continuity. Long-term, however, is where the real benefit occurs: that the decisions were not made from the outside but rather from within the IT industry, often resulting in a better long-term strategic plan for the organization.
3.They have a long-term strategy. Any company that has to account for their decisions on a “task” basis rather than a planned basis plays “catch up” and doesn’t follow a long-term, strategic plan for the organization. It does not take a management effectiveness consultant to explain the benefits of following a long-term plan that is embraced, implemented and modified when needed as opposed to piecing solutions to put out fires. As a result, these companies typically have……
4.….more satisfied IT workforces. When companies have a culture of respect and self-worth/appreciation, their workers are typically more satisfied and have longer tenure. Typically, these organizations view their position as a career rather than just a job.
The benefits of having a happier workforce include decreased expense (hiring is expensive!), increased productivity (time to learn is minimized) and more time is spent on creativity and pro-active tasks as opposed to beaurocracy, job searches and reactionary activity.
IT as a necessary evil within a company
The flip side of the above scenario, of course, is that IT is not valued and is looked at as a cost of doing business. These companies typically exhibit several characteristics as well:
1.Low early adoption rates. Almost always, these companies are not early adopters of the latest technologies.
This results in the company often giving a competitive advantage to their industry peers. An example of this includes a national logistics company that failed to implement a VOIP solution for its offices nationwide and mobile solution with RFID for its truckers that could have significantly cut expenses experienced much higher costs than the competition. The result was that the competition was able to lower pricing, increased market share, and took market share from the logistics company in part, because of the higher cost structure.
2.Failure to plan for the long-term. Companies that perceive IT as another “cost of doing business” are less likely to invest in the infrastructure for the long-term. Thus, they often experience higher overall costs (both hard and soft) in terms of missing the competitive advantage adoption period and the hard savings that comes along with that. These companies are focused on solving the “task-at-hand” (example-we need a wireless refresh due to our contract expiring, which the company does instead of looking at it strategically and including factors such as deployment, web security, and business continuity).
As I reference above in the inverse role, you do not need to be a Harvard Business Professor to understand the value of strategic planning as opposed to management by task, especially at the C-Level. We have all learned this in the most basic of “Business 101” classes early in college. The most successful companies govern themselves based upon goals and then devise and implement a strategic plan to get there. It amazes me when I witness well-known companies that do not exhibit the most basic of management principles.
3.Their view of IT as a necessary evil of doing business results in lower productivity, higher employee turnover, losing business to the competition, and lower morale.
These are some pretty strong statements, but think about it: If you work in an organization that, by nature, refuses to accept change or input from the “expert on staff”, what is the point of even having that person. The reasons why companies experience these pitfalls include:
•Lower Productivity-a company that does not adopt technology as an enabler has to work harder in order to do the same tasks that the competition does automated. Examples include:
a. Automation of Compliance & Reporting
b. CRM Integration with remote users
c. Employing Virtualization to increase business continuity
d. Unified Communications
•Higher Employee Turnover-a company that does not allow its subject matter experts to do their jobs most effectively risks losing them to the competition. As is commonly known in management, there is a learning curve when bringing new employees into an organization, which results in lower productivity.
•Losing business to the competition-companies that can pro-actively execute their plan typically spend more time in acquisition-oriented activity and less in service-oriented tasks. Further, these companies utilize technology to better serve their clients. Examples directly related to this include corporate extranets, corporate communications initiatives and CRM Software to better manage the relationship.
•Lower Morale-it only takes a basic understanding of human nature to understand that happy (or, at least, respected) employees are more productive. A perfect example of this is Google, even though they might go to the extreme with the “20% of time devoted to innovation” (I’m not sure if this principle exists today but it was certainly a well-documented “core value” of the original Google management team).
Companies that give their employees a voice often get very positive responses. In the particular case of IT employees, it gives a company an opportunity to learn about technological innovations from the subject matter experts who were hired into that position for tasks such as that.
When these same employees are not able to share their discoveries and knowledge, it is dispiriting and leads to lower morale, which leads to decreased productivity.
A company that has disillusioned, over-worked, “firemen” cannot grow versus the competition that adopts technology to solve the same problems.
But how do we provide a change in an organization’s perception? We’ll tackle that issue at a later date and another article.
I hope that this article was one that you found informative and gave you some insight into how companies can enable or disable their IT staffs and the repercussions of each decision. And I hope you work for an organization that values it’s IT group!
About the Author:
Eric Blaier is the founder of Integrated Business Services, Inc., an Atlanta-based Web Security and Business Continuity consulting firm. His client roster includes numerous Fortune 500 clients in the healthcare, finance, technology, consumer goods, and consumer services sectors.
He can be reached at sales@integratedbusinessservices.net or www.integratedbusinessservices.net
By Eric Blaier
I was inspired to write this month’s article based on the fact that we are going to visit my family this summer for our annual family trip. I am blessed to have two daughters that are old enough to have their own laptop but not old enough to take proper care of it. Of course, by my standards and what I expect, that may not be a fair assessment. Being in an airport and trying to keep track of not one, but three laptops inspired me (for some reason) to write up 9 quick ways to improve an organization’s risk to a breach, attack, or virus.
Let’s get started with the first thing that crossed my mind.
1. Encrypt your laptop! Did you know that 7500 laptops are lost every week in US airports alone! Only 40% of those (156,000) are ever recovered (Source-2010 Airport Insecurity: The Case of Lost Laptops, Ponemon Institute Independent Research Report Sponsored by Dell, December 2010). Even more sobering-only 5% of US business laptops are ever recovered.
You can’t control user behavior, and humans by nature are forgetful, rushed, stressed and that’s only in airports! However, you can prepare for an imperfect world that expects perfect results.
If you haven’t implemented a good encryption product on your workforce’s PC’s, you are only waiting to have your data compromised. It’s not a matter of if, but when. The average cost of a missing laptop is over $49,000, determined by replacement cost, detection, forensics, data breach, loss of intellectual property costs, lost productivity and legal, consulting and regulatory expenses. (Source: The Cost of a Lost Laptop, Sponsored by Intel Corporation, Independently conducted by Ponemon Institute LLC, April 2009).
2. Defend the Edge! My uncle once taught me that one needs to look under the hood of a car to see what is really powering the machine (okay, in this case it was a PC-he’s an engineer!). The point I am trying to make is, not all Firewall solutions are created equal. If you are using a “Managed Firewall” solution from a Telecommunications provider, chances are that you are utilizing a previous generation defense tool that looks to keep out AV elements but is lacking in Web 2.0 protection. The same goes for standard 1.0 Firewalls from the leading security providers. Those appliances became outdated pretty quick.
What are Web 2.0 threats? I am referring to Bots, SQL injections and other “zero-day attacks”. The latest and greatest solutions have clear strategies and processes for defense against these and will give your old Firewall some much-needed muscle. The solutions that make the most sense for edge defense to combat Web 2.0 threats are Intrusion Protection (IPS) and Data Loss Prevention (DLP). Implementing these, in conjunction with a Firewall, can boost the perimeter of your organization to minimize the risk of attack. Or, your organization could…..
3. ….consider a Next-Generation Firewall! Designed for multiple purposes, the next-generation firewall provides protection against outside threats but also such elements as traffic shaping, filtering, IPS, DLP and other technologies. These devices may cost a bit more than your old, standard Web 1.0 Firewall, but when you consider that Risk=Security-Performance, this is really something that every organization needs (or will need very soon).
4. Automate your Reporting Process! Chances are, your organization uses disparate products for Anti-Virus, Firewall, Filtering, etc…..and when an event occurs, it makes it quite difficult to gather data quickly. This time-frame, defined as the “window of vulnerability”, is critical to an organization because that is when it is most “at-risk”. One of the easiest ways to fix this problem is to find a Reporting Solution that allows you to manage disparate devices from one central console.
If your company has ever experienced a breach or has been audited, you likely have felt that pressure to produce the reports quickly. This is one of the simplest things that your company can fix. Find a reputable security consulting company and explore the options available to you. Some even allow management of devices that are non-native to their product set, significantly lowering the TCO (Total Cost of Ownership).
5. Find a reliable Archiving solution! Given the proliferation of regulation in this decade, having a mechanism to quickly ward off a potential lawsuit or investigation is certainly something that provides CIO’s and CEO’s peace of mind. Finding an archiving solution, whether Cloud or Appliance-based, should provide you the ability to sort, discern quickly identify important content at a moment’s notice.
6. Use a Web Filter! IT Risk is defined as Risk=Security-Performance. Most organizations look at performance as the ultimate metric, but at what cost of their security? The key for truly successful organizations is to find balance, and an effective web filtering solution can provide just that. The ability to keep traffic defined as less priority (Social Media, Video, etc…..) can take a back-seat to mission-critical traffic that keeps your business booming. Further, this can keep your workforce focused on applications/business during the time you need them focused-at work!
7. Identify your mission-critical applications! All companies are different to some degree, but there is usually one commonality: there are mission-critical applications that must be kept up in order for the business to survive. What I’ve identified in my talks with CIO’s over the past few months (surprisingly to me but what the analysts have been saying for a few years now) is that many of these mission-critical applications are being outsourced through a Cloud or Software-As-A-Service (SAAS) model. That’s fine, so long as the SAAS/Cloud solution has a top-notch security infrastructure and a Continuously-available environment.
What about those companies that host their own mission-critical applications? At the most basic level, there are backup and restore options. In that scenario, restoration becomes just as important as the backup function due to the time of restoration being such a critical factor. The ultimate solution in this field is what is called “Continuous Availability”, which allows critical applications to be replicated in real-time and fail a primary server over to a second (or third) server in an outage. This cloned environment also allows companies to take advantage of commodity hardware.
One thing that is certain in this world-hardware will fail at some point. It’s just a matter of when!
8. Secure those mobile devices! Make sure any solution that you are considering on an enterprise level includes a mobile solution. The use of iphones, Blackberrys, Droids and iPads has increased our corporate security risks exponentially as it has significantly expanded the workplace (and, as an extension, the corporate network). Typically, the use of social media sites on these devices is off-the-charts with these devices, so finding a true Enterprise Mobile Management solution is paramount to securing the network. This is expected to be one of the biggest growth areas in IT security over the next few years, as hackers and cyber-criminals are looking for the greatest areas of vulnerability.
9. Analyze the network you’ve got now! So, you’ve paid a ton of money for an all-encompassing solution to protect your organization. Your defense strategy boasts Anti-Virus, Firewalls, Intrusion Protection, Data Loss Prevention, Reporting & Compliance Automation, Management Consoles that allow you to set up policy-based rules that can change on the fly, and so-forth. Would it hurt to take a look inside the network to make sure it’s clean?
A very cutting-edge solution provider that I work with absolutely blew me away with a metric a few weeks ago. They stated “100% of the time we have deployed our device in a test network environment (demo), we have found between 1-7% of all traffic within to be undesired”! This is an absolutely huge statement, and one that I have seen verified in test environments where all of the gear/software and strategy were previously in place.
In other words, there is now a solution to stay one step ahead of the cyber-criminals who are already in your network. Operating in a passively-deployed setup, the device searches the network for malware, bots, and other threats without any trace of detection. It is quite unlike any offering available today and is in what I would term “early adopter” stage presently.
Given the highly publicized breaches of the last 90-days (Sony, Sega, US Senate, Citigroup), it pays to stay ahead of the pack.
I hope that this article has provided an overview the cyber landscape of 2011 and given you some good ideas to use. Have a great summer!
About the Author:
Eric Blaier is the founder of Integrated Business Services, Inc., an Atlanta-based Web Security and Business Continuity consulting firm. His client roster includes numerous Fortune 500 clients in the healthcare, finance, technology, consumer goods, and consumer services sectors.
He can be reached at sales@integratedbusinessservices.net or www.integratedbusinessservices.net
If your organization is looking for an email archiving solution, I have found a fantastic solution from the McAfee brand. With their acquisition of MXLogic, it is a SAAS solution that provides excellent features and functionality, and is simple to use. Contact us for more details!
Having just passed the certification exam, we can now offer Polycom Unified Communications, Open-Source Soundstation and Soundpoint products in addition to the VVX 1500 Media Phone.
What are you doing to proactively protect your organization from the next-generation of IT security threats?
By Eric Blaier
Chances are, if you’re an IT professional working in the security field or a network administrator, you’ve noticed a significant reduction in the amount of e-mail spam that your network is receiving from a year ago. Symantec reported that spam dropped 47% from the period of August 2010 through December 2010 *(Source: Symantec-Eric Park Blog). That’s the good news.
The bad news-it’s not as if the spammers simply vanished or went into legitimate business. They have, in fact, gotten more enterprising and malicious. Rather than using email as a way to distribute extremely unwelcome content, they have found key areas in cyberspace that we utilize daily in our personal and professional lives. This article will examine those methods from a high-level view and discuss how it affects the typical enterprise, as well as some base solutions.
Some of the primary reasons why companies are focused on next-generation security include:
1. They experienced a breach and need to prevent it from reoccurring.
2. They have regulatory compliance and reporting requirements.
3. It is driven by customer demand.
Some of the questions that CIOs, Heads of Audit and Compliance, CISO’s, and Directors of IT need to consider are:
What is the cost of your network being down for a short duration?
What is the cost of your critical applications being lost or down in terms of productivity, serviceability and brand perception?
What would be the financial impact to your organization if customer information was lost or you lost critical information to a competitor?
If the heads of IT aren’t doing this in the current environment, they are playing a dangerous game until they are the victim of a breach.
Most companies that I talk to have a large network deployed nationwide, with some degree of edge protection. Typically, this involves a firewall, which was fantastic in the old Web 1.0 environment. However, the reality is that we simply are not operating in that environment anymore. The workplace is now not only seeing social media traffic (Facebook, Linked In, Twitter, etc…) but also adopting it as a business tool. This has opened up the floodgates for the targeted attacks that the former spammers are now sending. The use of social media in the marketplace continues to grow, so how do you deal with it?
One way is to eliminate it all together. If you do not see the value of social media, you can use a Web Filtering Device and decide which sites and/or content categories to block and that should solve your problem. However, that’s not the case for most businesses today.
So we’ve established that social media is part of and growing in the workplace. You have a Firewall protecting the network and that’s not enough? It’s actually not. The prominence of zero-day attacks, SQL injections and bot attacks on the network are increasing at an alarming rate. McAfee has stated in reports that they have identified an average of over 4 million new executable or malicious codes that are discovered DAILY!
There are new augmentations to your existing infrastructure, such as Data Loss Prevention and Intrusion Protection. Intrusion Protection provides the additional security to handle the zero-day attack threat and keep bad intentions from entering your network. Data Loss Prevention is actually the fastest-growing segment of the web security marketplace, and it entails keeping critical data from being lost or stolen from the network by establishing automated process and mapping the critical data. This is another topic that I’ll cover at a later date in another article.
Another method that is being exploited at a frighteningly explosive rate is that of web application targeting. Websites that host third party applications (Ads are a perfect example) are completely at risk because of the third-party application. Oftentimes, a developer of an ad (or any type of content, for that matter) is put on a short deadline to produce that content or code. Their goal is to complete the work and get paid. This often comes at the expense of shoring up the code to make sure there are no vulnerabilities within. As such, when you are hosting third-party applications on your site, you are exposing yourself to a major breach. PBS Kids recently experienced a breach on their “Curious George” website in exactly this fashion. Not exactly the type of site you would expect an attack to come from.
Fortunately for those companies hosting third-party content, there are solutions. Some of these include Web Application Firewalls and Web Application Filtering, which look at the content of the sites to make sure that there is no rogue code embedded in the applications or ads.
The workplace having expanded to home use and mobile devices have also opened up another can of worms. I recently talked to a CIO at a leading national restaurant corporation who told me that their main security priority last year was securing the perimeter, meaning, Wi-Fi access at their restaurants. There were a few ways to do that, and their idea was to have the internet access provided by the franchise owner and not the corporation. That works, but it still leaves the franchise owner more exposed than they would necessarily like, while probably having no idea that they are even at risk. One solution, in this instance, would have been a hosted edge protection that would have provided Data Loss Prevention, Intrusion Protection and the Anti-Virus/Firewall needs that the individual franchise owner would need. The key is to gain an understanding of the various technologies available to combat these growing threats and stay ahead of the bad guys.
I hope that this article has provided an overview of these threats and some base solutions that can help you.
About the Author:
Eric Blaier is the founder of Integrated Business Services, Inc., an Atlanta-based Web Security and Business Continuity consulting firm. His client roster includes numerous Fortune 500 clients in the healthcare, finance, technology, consumer goods, and consumer services sectors.
He can be reached at sales@integratedbusinessservices.net or www.integratedbusinessservices.net
I have utilized Vonage for my home office for the past year and a half. In that time, I figure I have saved about $300 from my previous service with Bellsouth/AT&T. However, the 4th broken VOIP device in that period was enough to make me switch. I recently lost service on my most recent Vonage device on Monday morning, which, of course, is probably the least opportune time. Using your cell phone for business calls teaches a person to move service to a reliable provider. I was more than patient, as most people would have canned the service after 2 failed devices.
I have chosen a new VOIP provider and will review that one after several months.
Vonage has a nice billing platform, good features, but could not deliver reliable VOIP service to me overall. Reliability is key.
Happy Thanksgiving!
Eric
1. It completely eliminates geographic disparity
This can apply to anybody doing business anywhere. You can instantly meet with people in your organization, partners, clients, or prospective customers. With products like Reservationless 800 Conferencing, you can e-mail, text or IM a number and access code from your Blackberry or other PDA and participants can join instantly. The proximity to a geographically separated client base becomes instantaneous.
2. It improves productivity in research and development
This applies to persons heading R&D in IT, biotech, physical science, product development, marketing, or any other area. The widespread introduction of conferencing and collaboration tools over the past few years has helped organizations better improve research and development among team members. For instance, web conferencing software has allowed company employees in separate locations to collaborate on projects in real-time, greatly boosting operational efficiency. Countless organizations have benefited from this technology and seen time-to-market improve, resulting in competitive advantages not enjoyed before, reduced R&D costs, and quicker ROI.
3. It improves investor relations
This applies to any and all CFO’s and CIO’s. All public companies are scrutinized in their quarterly conference call and earnings report. When the call does not go seamlessly, it makes a negative impression on the operational aptitude of the company giving the presentation. Investors think, “What type of company has an error-prone conference call?”
The unfortunate reality is that some companies do botch the investor call, whether having not enough seats/bridges open or a complete lack of moderation/order. Often, they utilize products not geared for such large audiences and/or products that don’t support the unique needs of such an important call. The top conferencing providers have solutions geared toward investor and enterprise-level calls, and a wide variety of solutions exist to accommodate such needs and eliminate highly-visible public disasters.
4. It boosts sales
This applies to any sales VP’s, Regional Directors, or Area Managers. Any company with multiple offices needs to have management tools in place to meet with the branch subordinates on a regular basis. As a former sales manager, I learned the mantra “inspect what you expect” very early in my career. Having regularly scheduled calls with subordinates will help prepare the organization better and teach a culture of being prepared and organized. It will also keep senior management informed on the sales activities as they are happening, instead of hearing about things in retrospect. This allows the senior sales executive the chance to act on accounts before they are possibly lost, like stepping in and offering better pricing, terms, or service level guarantees. The best organization leaders I have ever worked for personally made it a point to keep in regular contact with the field sales organization, and it showed in the results.
5. It improves corporate communication
This applies and directly affects everybody in an organization. Have you ever worked in an organization where you felt like the corporate office was a world away? Perhaps you do now, as I did at one time. The biggest difference between companies that grow successfully and those that do not is not being like-minded in goals and spirit across the organization. The most successful companies (like Google) convey a sense of togetherness and corporate culture that is inspired from a set of values, such as “thought leadership”, “customer-centric”, “caring”, etc….. The organizations that keep their main cultural values at the forefront do so by regularly communicating with their remote and regional offices. Audio conferencing and web conferencing are two of the simple ways to accomplish this high priority.
6. It speeds training and education
This applies to any C-Level who has a training requirement in their company. Organizations spend a lot of money getting new employees trained on company and industry information, internal procedures policies and methodologies. Many industries, such as education, legal, real estate, technology, manufacturing, and accounting, have initiatives that require constant training in order to maintain current standards in the respective industry. Audio and web conferencing are the dominant training tools to accomplish any organization’s e-learning initiative. Companies that utilize this technology save thousands, sometimes hundreds of thousands, in hard-dollars savings from travel, accommodations, meals and gratuities, and air-fare. The often-overlooked aspect of savings in using conferencing products for e-learning is that it is a definite boost in productivity. Instead of losing several hours (at best) with flight time, your employee is able to return to work instantly.
The company that utilizes these communications tools effectively trains their workforce more efficiently, save money, and boost productivity at the same time.
7. It improves your internal marketing initiative
This applies to Chief Marketing Officers and VP’s of Sales. Companies that can roll out new products in unison to a geographically disparate workforce have a greater chance of success. The ability to introduce new offerings in a clear, concise manner and in a positive fashion can boost sales’ attitudes about the new product or direction. In addition, the marketing message is the most important differentiator in our highly competitive society. The roll-out is the marketing organization’s best time to convey those vitally important differentiators to the internal sales team as most buyers want to know “what is in it for me”. Differentiators bridge that gap to the prospect and help the sales team close deals.
8. It improves the external marketing initiative
This applies to the direct and indirect field sales force and client retention specialists/account managers. Similar to the internal benefits listed above, the same benefits apply to external customers. When you roll out new products or services, it is easier to demonstrate it in a clear and concise manner. Audio and web conferencing solutions let a sales force introduce new offerings easily without geographic limitation. Retention and service personnel within a company can use the same conferencing and collaboration tools to introduce new products, conduct account reviews, and keep connected with vital decision-makers in an organization. Since sales is all about relationships, keeping those relationships active is vital to protect your customer base and maintaining contact with the most important positions is the key.
And for companies relying on an indirect channel, frequent communication is of paramount importance when driving productivity. Effective presentation done in an entertaining way is the best method to get your channel partners pushing your product and not your competitors.
9. It offers mobile proximity
This applies to anybody with a PDA or cell phone. While it is true that cell phones often can cause a lot of static when they participate in audio conferences, sometimes the urgency of the call overtakes the immediate need for everything to be 100%. Most conferencing providers today offer mobile solutions that allow web features to be accessed from PDA’s, so that you don’t miss any aspect of the call that is taking place at that moment.
10. It will save your company money, boost productivity and is good for the environment
This principle benefits everybody. Whether you measure by hard dollar savings in travel, meals, accommodations, entertainment, or soft dollar savings in areas like boosted productivity, increased sales, and better messaging, your organization will save money.
Further, it will help to lessen the carbon footprint that is of such great concern these days. Instead of consuming more fuel, conferencing adopters are making a socially-responsible decision that lessens the impact on the environment.
Less travel = less fuel = better for the environment.
So with these 10 reasons, you may be able to see other applications for a conferencing solution and how it could positively impact your organization.
About the Author:
Eric Blaier is the founder of Integrated Business Services, Inc, an Atlanta-based telecommunications consulting firm. He has worked in IT sales and sales management for over 17 years and has worked for companies such as Allnet Communications, Allegiance Telecom and AT&T. His client roster includes numerous Fortune 500 clients in the healthcare, finance, technology, consumer goods, and consumer services sectors.
He can be reached at www.integratedbusinessservices.net or sales@integratedbusinessservices.net
By: Eric Blaier, Integrated Business Services
In today’s current global economy, we are asked to do less with more, but do it quicker, better and in a way that is easy to replicate. Companies are trying to stretch their budgets, but often follow the same procedures and try to “trim the fat” from the same operations. I’ve always been a big believer in changing process if you want results, and one of the greatest areas to boost productivity, cut costs, and work smarter, is by more effectively utilizing the telecommunications services available to help today’s corporate user.
One of the key areas that can be improved is the “mandatory face-to-face meeting”, as there are several factors that should be considered when assessing business travel and the need for really meeting “face to face”.
The first thing to consider is, “What is the importance of this meeting relative to the time it is taking away from my staff?” The second consideration would be “How does this time away from their reports/duties possibly affect the overall well-being of our organization?” Finally, I would assess the total hard dollar travel cost and determine if it’s imperative to bring key personnel to meet on-site.
Recently a friend of mine (let’s call him Tom) told me a story that typifies the need for more time-effective, cost-efficient, and productivity enhancing organizational communication. Tom heads the national sales of North America for a European company. At the end of their most recent sales quarter, Tom was summoned unexpectedly to Europe with a 3-day notice to go over sales projections. In the meantime, Tom had several important sales meetings scheduled with his team that needed to close in order to hit those projections. Clearly, Tom could not be in both places at once.
His initial thought was to schedule a conference call with the principals in Europe to review the sales projections, but he regrettably did not do so. Tom took the meeting in Europe, met his superiors, and his sales organization missed their numbers for the first time in his tenure of several years with the company. Tom learned that his first priority is to deliver numbers, as that is what he is ultimately measured on.
A simple conference call set up between the parties, even globally, would have resulted in thousands of immediate dollars in cost-savings just from the travel alone. When you factor in the lost deals that needed Tom’s guidance, and the fact that the company missed its sales projections, it negatively affected the numbers of the company when it was reported to the investment community. The financial performance caused the stock to drop 5% over the news, negatively affecting the shareholder value, in addition to questions from the investment community as the strength of the organization.
In today’s global economy, it is paramount to do things in the most efficient way possible. Like the BlackBerry’s that proliferate corporate culture today, effectively using an audio conferencing service can truly help in making a difference between your organization succeeding or failing. Sometimes in more than hard dollar savings.
