By Dave Moorman

If you read my blog last week, you know that service-provider hosted cloud environments of all types are more secure than on-premise (in-house) owned and managed infrastructure in nearly every instance. What you may have missed in that blog is that the survey didn’t evaluate on-premise IT environments where a service provider manages its customers’ security needs.

If a cloud-hosted environment isn’t right for you (for any reason) you can significantly mitigate your risk of successful attack or intrusion by using managed security services. For small to medium-sized businesses—especially those with distributed locations where confidential information is being shared across the Internet—the complex, specialized, and rapidly evolving nature of IT security (not to mention the growing focus on regulatory compliance) make it nearly imperative for most SMBs to have some type of managed security solution in place.

“So,” you may be asking, “what does this mean?” Managed security services encompass a wide array of assistance that helps a firm secure the intellectual and business assets that could potentially be acquired by unauthorized individuals (inside or out). Although some firms have created “one-size-fits-most” packages, the best companies will work with their customers to develop a systematic approach to managing the organization’s security needs.

Functions of a managed security service (some of which may already be present in a managed IT services solution, if you have one), may include:

1. Penetration and vulnerability assessments, testing and audits
2. Round-the-clock monitoring and management of intrusion detection systems and firewalls
3. Monitoring and interpretation of important system events such as unauthorized and malicious behavior and other anomalies
4. Proactive trend analysis
5. Patch management and upgrades
6. Security policy monitoring and change management
7. Content filtering for email and other traffic
8. Emergency response, mitigation and recovery

Although organizations are, in the end, legally responsible for defending their networks against security and business risks, offloading the security functions to a service provider lets management focus on core business activities. Using managed security services also makes it easier to certify compliance with the regulatory and privacy requirements that are affecting an increasing number of industries.

by Dave Moorman

Cloud computing, as you may have heard, is an environment where a company’s data, programs and other IT assets are hosted off-site on either shared or private servers and then delivered on demand through high-speed Internet connections. This not only can reduce costs but also can enable remote productivity by giving employees access to corporate resources from home or on the road.

One objection I hear to cloud computing is security. The media has done a great job in recent years of promoting the concept that cloud computing environments aren’t secure.

Since “the cloud” is an aggregate term used to describe solutions where data, programs, and/or infrastructure are stored remotely and run over the Internet, it is certainly possible for a cloud computing solution to have security flaws.
However, “cloud” computing environments running from best-practices data centers (like the ones DynaSis operates), are remarkably secure.

The relative safety of the cloud was borne out in a report released recently by security provider Alert Logic. The company surveyed 1600 firms and compared the number of incidents reported for on-premise (in-house) installed and managed hardware environments versus service-provider solutions including virtual, managed and dedicated environments (more about these three options in a future article).

In five out of seven vulnerability categories, companies with in-house installed and managed hardware reported a higher percentage of incidents than companies using cloud service providers, sometimes by a dramatic margin. More importantly, because service providers manage environments for multiple customers, the number of incidents per impacted customer was lower in every category for service providers than for on-premise installations.

Here are a few highlights:

1. App attacks (attacks by a malicious application executing code on the system): These were experienced by 18% of on-premise installations, but only 1% of service-provider environments.
2. Malware/botnet attacks: On-premise customers, on average, experienced 29 of these incidents; compared with 6 for service-provider customers.
3. Brute force attacks (a computerized effort to decrypt data such as passwords by trying random combinations) occurred at a rate of 72 incidents per on-premise customer versus 46 for service-provider customers.

Our prospective customers sometimes express concern about “losing control” of their IT assets by moving to cloud computing or even allowing us to manage their on-premise IT infrastructure. It’s a fact that more criminals are targeting smaller firms (perhaps because they are perceived as being more vulnerable). If you become the target of a cyber-criminal, you’re already in a position to lose control of your assets. Isn’t it better to give your firm the least exposure possible?

by Dave Moorman

Corporate mobility has been in the headlines so much over the past few years that you might assume its potential has peaked. Nothing could be further from the truth. Every day, application developers debut new products that businesses can implement to fuel the mobile productivity of their workers. For SMBs, the proliferation of BYOD (bring your own device) policies is making it easier—and more affordable—than ever to bring mobile devices into the workplace.

Of course, BYOD comes with risks, but that’s a topic I’ll cover in depth in a different article. Today is all about how you can maximize these devices to propel your business success.

Email: As I mentioned in an earlier blog, numerous surveys report that employees frequently check corporate email during off hours. The amount of benefit your business gains from this is staggering: a study by Good Technology, as reported in August 2012 by CNBC, indicates that after-hours email checking and other “work from home” adds up to a month and a half of overtime, per year.

However, that same article cautions that companies should enable, not expect, their employees to spend time on work issues and email after hours. The key is to strike a balance between employee satisfaction and accomplishment—that’s where the greatest productivity occurs.

Expand Your Boundaries: There are so many helpful business apps available for smartphones (many of them free) that you’re doing yourself a disservice not to explore them. For example, Bump lets two individuals with the app installed exchange business card data, photos, and other information simply by bumping their phones together. And, Bump is cloud-based, not Bluetooth-reliant, with a “smart” protocol that ensures it sends your information only to the phone you actually bumped.

These are just two of the many, many great ideas SMBs can adopt to increase their employees’ mobile productivity. There is a world of opportunities available to you (I’ll share more ideas in future articles.)  If you find yourself uncertain which ones to adopt (or how to make them safe), we’ll be happy to help you develop a roadmap that’s both dynamic and safe.

by Dave Moorman

Infrastructure as a service (IaaS) is one of the most efficient IT cost-control mechanisms ever invented. As a bonus, it also eliminates the cost and hassle of equipment maintenance and reduces downtime dramatically.

So, how can infrastructure (hardware) be a service, and how does it provide these great benefits? IaaS, companies pay an IT provider a flat monthly fee for providing, installing and maintaining their IT infrastructure, such as servers, storage appliances and backup devices. There are no hidden fees or unpleasant surprises—the provider takes care of everything.

And, since the provider (and not the customer) owns the equipment, it has a vested interest in making sure everything stays in top-notch condition. When equipment nears the end of its life, the provider replaces it. Most also offer upgrade plans that enable customers to move to faster, more powerful equipment on a scheduled timeframe.

This solution is truly a win-win for the customer, and it amazes me that more firms aren’t taking advantage of it. Its benefits speak for themselves:

• Gain access to an immediate hardware upgrade without new capital outlay.
• Avoid the expense and hassle of selecting and purchasing IT hardware in the future.
• Transition hardware costs from a CapEx to an OpEx, eliminating the need for depreciation schedules and allowing full expensing each year. (This benefit may become especially valuable if the expanded Section 179 deduction is not renewed this year.)
• Work with an IT expert whose best interest is served by maintaining the hardware and ensuring it doesn’t fail.
• Implement business plans with confidence, knowing that appropriate hardware replacement cycles are built into the program.

The one caveat about IaaS is that you must be confident your new IT partner adheres to the highest standards of service to avoid an excessively long and painful transition to the new system as well as workflow disruption during routine maintenance.

If you would like to learn more about how these programs work and can be customized to your needs, give me a call. I’d be happy to help you navigate your way to embarking on a truly revolutionary approach to IT.

by Dave Moorman

For more than a decade, the media and IT experts have been touting the benefits of corporate messaging and collaboration as a productivity enhancer, but the adoption of these tools has been restricted largely to larger enterprises. Now, with the proliferation of smartphones, messaging both inside the office and out has become easier than ever, and the majority of office workers are already comfortable with at least two forms of messaging (email and texting).

As a result, small and medium-sized businesses (SMBs) are perfectly positioned to leverage this powerful tool for their benefit. Making the concept even more attractive, third-party vendors have developed messaging and collaboration platforms specifically for SMBs. These can be deployed on a smaller scale than their enterprise counterparts with a correspondingly smaller budget.

Many business-grade IT messaging platforms go well beyond email and/or real-time communication (instant messaging or texting) to include calendar scheduling, file exchange, and even voice and video features. Once a product becomes this extensive, it functions as a full-fledged collaboration platform, enabling workers to exchange ideas and information for brainstorming, sales development, training and more.

Of course, not every SMB needs a full-blown messaging and collaboration platform. In fact, if your employees are equipped with smartphones, they may have already created an ad-hoc messaging solution of their own, texting one another from various locations to confirm meeting times, find out where someone is or exchange other basic but valuable business information.

Similarly, if you use Microsoft Outlook or Exchange (especially Hosted Exchange) you already have a feature-rich communication platform in place—you just need to explore its full functionality and evaluate the other tools with which it connects.

The point is that messaging can be whatever you want it to be – from simple text messaging or office email to a unified platform where all forms of communication flow through a centralized gateway. (The latter solution is more expensive to deploy but provides security controls that are important for protecting corporate communications.)

The key is to determine what you need and how to implement it in a manner that is affordable but enables you to begin accelerating productivity immediately. In an October 2012 report, research firm Radicati Group predicted the messaging platforms market will grow from $5.7 billion in 2012 to more than $7.8 billion by 2016. Where will your firm be during this period of explosive growth?

Give me a call and let’s discuss how messaging can drive productivity for you.

by Dave Moorman

Are you confused about the difference between “business continuity” and “disaster recovery?” Have you heard the terms used interchangeably, or has your IT manager or provider used the term BC/DR (business continuity/disaster recovery)? These two activities go hand in hand, but they are not the same. Making matters more confusing, the definition of disaster recovery can vary based on the company; the industry; even the situation.

In future articles, I’ll dig more deeply into solutions for and approaches to business continuity and disaster recovery, but right now, let’s review the distinctions between the two. Knowing the difference will help you avoid exposing your firm to greater risk than its ownership considers acceptable.

Business continuity is almost universally defined as the plan for ensuring a business can perform critical functions—usually at a level tolerable to customers, vendors, regulators and other outside entities—no matter what life throws its way. Business continuity plans can come into play after a disaster or major disruption (and may be put into action before the event occurs), but they are much more than the mechanism by which a company gets through such an event.

The definition of critical functions varies from one firm to another, but they go well beyond getting servers up and running to incorporate maintaining power supplies and/or securing a location for employees to work. Business continuity plans also include personnel—which individuals or positions are required to ensure the business can operate at the desired level. Most companies develop their business continuity plans after making a thorough evaluation of business processes to determine which are essential to baseline operation.

Disaster recovery is a plan for recovering from a disaster at a level of downtime acceptable to the company ownership. Disasters come in all types and sizes, from tornadoes to virus outbreaks. As a result, most companies have multi-layered plans to address various scenarios.

IT continuity/recovery plans are components of both business continuity and business disaster recovery. A core recovery mechanism for both types of plans is data backup and recovery. However, firms that can tolerate little, if any, downtime also incorporate advanced recovery solutions such as failover servers (off-site, backup servers that can be activated in the event of an outage). Such solutions provide both business continuity and disaster recovery.

Firms that can survive week-long data outages—or that have very small budgets—may opt for offsite backups (with tests) but anticipate they (or their provider) may have to rebuild their environment completely, from scratch. These solutions enable disaster recovery, but they could place a firm’s business continuity in jeopardy. Stay tuned for more information on the finer nuances of these vital business operations.

by Dave Moorman

The productivity gains companies achieve through technology are undeniable. Historians and economists confirm them constantly on a broad scale; many experts even attribute the sluggish hiring recovery to technology. The increased efficiency and productivity workers achieve with technology continues to reduce the number of employees companies need to perform core functions.

For SMBs, the challenge isn’t recognizing that technology increases productivity. Rather, it’s figuring out how best to start that process in their operation, especially when budgets are tight. For example, big enterprises are touting the productivity gains of giving their field workers iPads, but how many SMBs can shell out thousands of dollars to purchase 10 of the devices at one time?

The trick, then, is to find inexpensive ways to accelerate productivity, and then use the economic benefits of those improvements to pay for more technology tools. One way to do this is to ask your staff to submit ideas. Hold a contest and give away gift certificates to a local restaurant to the staff with the best submissions.

A few ideas that are inexpensive to implement include:

• Install a wireless network printer so field staff can print documents from their mobile devices without having to send them to desktop PCs, then open the documents and print them from the desktop.
• Add a video conferencing systems to your conference room. This enables your staff to meet with clients, vendors and field personnel remotely, which frees up travel time for more productive pursuits. As a bonus, once the system is installed and everyone knows how to use it, you’ll find that brainstorming sessions and other business-innovation drivers will happen more frequently.
• Empower your personnel to work remotely with smart, Internet-connected devices. Surveys show that many employees are happy to check email and perform other business tasks outside the office if you make it easy for them to do so. If you cannot afford to equip your personnel with smartphones, iPads, and the like, you can adopt a BYOD (bring your own device) policy that gives them access to company resources, such as email, on their own devices. Just be sure you have a knowledgeable person (in-house or outsourced) to configure adequate security policies.

Never before has technology been such a powerful enabler of productivity gains for companies of all sizes. In future articles, I’ll detail some of the more significant (but still manageable) technology changes you can implement to drive your company forward through the power of productivity.

by Dave Moorman

For many small or medium business (SMB) owners, the concept of technology purchases is associated with spending money, not saving it. In reality, it’s entirely possible to save money with technology upgrades and services—not only on the technology side itself, but also in other departments throughout your operation. These savings are in hard dollars you can count—not the harder-to-quantify savings through the increased productivity technology enables.

Here are some examples:

• Save energy through virtualization: Replacing your existing servers with virtualized servers, either on-premise servers or in the cloud, reduces your electricity consumption and cooling costs (and also saves on costly office space). According to a report the U.S. government’s Energy Star site, server virtualization can reduce a firm’s server room/data center energy consumption by 10-40%. Furthermore, if your servers are cloud-based, employees can telecommute (work from home) full or part time, saving you even more office space.
• Cut payroll expense by outsourcing technology management: Not only does the virtualization mentioned above reduce your dependence on in-house server experts, but handing off system security, maintenance and other important monitoring tasks to a third-party firm will also reduce in-house IT staff expense. Furthermore, technology has become so complex that rarely can one or two people be masters of all its aspects. As a result, only very large companies can afford to have sufficient in-house expertise for all their processes. SMBs that outsource some or all of their IT management needs reap the benefits of a large IT staff—without the expense.
• Speed your network; reduce its financial toll: Another aspect of IT where firms save money is through managed networks. Rather than pay several thousand dollars a month for a dedicated T1 connection for each office, firms turn to third-party managed service providers. Redundant Internet feeds and network management services ensure 99.99% uptime for their Internet and network connections. This speeds the flow of work and increases productivity, of course, but it’s generally less expensive than dedicated lines—especially for firms with small satellite offices. In a 2012 article that ran in BizTech magazine, Houston-based firm PSC reported saving $500,000 when it switched to managed network services.

These are only a few examples of the hard-dollar savings you can achieve through technology upgrades and enhancements. In many cases, the savings are greater than the cost of implementing the technologies. Many firms have found themselves able to equip their staffs with iPads; hold employee loyalty events, and provide other perks to personnel with the savings they have achieved through technology improvements.

by Dave Moorman

Risk is all around us. It’s beside us as we step off a sidewalk and cross a street; it’s seated next to us every time we fly in an airplane or drive a car. It’s our constant companion, and some experts say this causes humans to inadequately recognize the importance of risk mitigation.

In life, that’s a good thing, to a degree. It’s gotten humans where they are, today. For example, if we stopped to adequately assess the risks in hurtling ourselves across town in a metal bucket (a car) at 60 miles per hour, we might never go anywhere.

In business, the opposite is true. Inadequate risk mitigation can be highly destructive to a company’s future prospects; it should be one of every company’s top objectives. And, with technology playing such an important role in business achievement, it must be a core consideration in this process.

So, where are you in the risk management and mitigation process? Do you have valid reason to believe you have adequately shielded both your business assets and technology infrastructure from possible loss, damage or theft? For most businesses, the answer is either “No,” or “I don’t know.” (If you answered “Yes,” give me two minutes to persuade you otherwise.)

What constitutes risk management and mitigation as it relates to technology? A successful approach encompasses all the following activities, and more:

• Network security management (including but not limited to virus blocking, spam filtering, intrusion detection, firewall monitoring and management, network device monitoring and management, and remote access—e.g. virtual private networks—management).
• Infrastructure security (restricting virtual and physical access to your servers and other core hardware)
• Monitoring and application of system changes, modifications and upgrades.
• Effective, replicable backup and recovery within a timeframe that works for your business objectives, both on-site and remotely.
• Desktop and device management (securing and managing access to the hardware and system resources that employees use for daily activities without hampering productivity).

Nested within these line items are many other operations, from policy management to data deduplication. Collectively, these activities represent the technology component of corporate security. And, although they are limited to technology, for most companies they protect against 90-95% of the most persistent and harmful threats.

Such a broad list of items may seem overwhelming to many, but when incorporated into a systematic approach to security, they are highly manageable. In fact, DynaSis manages all these activities for dozens of customers on a daily basis, without a hitch.

The gut-wrenching reality is that risks to businesses and their assets are greater than at any previous time in man’s history, and the task of protecting critical resources and precious intellectual property is more daunting. Fortunately, the weapons available to fight this war and its many battles are more robust and comprehensive that ever. Are you ready to enlist?

by Dave Moorman

For several years, I’ve been hearing from customers who liked the idea of cloud computing but were worried about the security, privacy or accessibility of their applications and data. Some had a hard time envisioning what the cloud is, or how it works. How can their data and programs be segregated from those of other businesses if they are on the same server? How can a solution used by so many companies offer better delivery speeds than a pipeline used by just one?

Interestingly, once company questions or objections regarding cloud computing are addressed (by us or others), we often get a phone call from an executive or decision maker saying, “We’re ready to go to the cloud.” With the reliability and security of cloud computing established and its promise explained, some companies are ready to embrace it like a new best friend. With objections resolved, they are ready to start reaping the benefits, pronto.

In reality, just because a company’s management is conceptually and psychologically “ready” for the cloud doesn’t mean the business is. As much as we support cloud computing and the dramatic advantage it can provide to most firms, not all business models transition well to it.

Don’t get me wrong—nearly all companies can benefit from some form of cloud computing, even if it’s just hosted email and disaster recovery. But to leverage the cloud to greatest benefit, companies need to draw a parallel between their business goals, challenges and opportunities and the technologies available in the cloud. They also need to explore their current IT state and determine their “readiness” for the move. Things such as are my applications compatible, do we have enough bandwidth or have i maximized my depreciation on our existing hardware not only can minimize cloud benefits, they can increase the risks of running your business there.

That’s where cloud assessment solutions come in. Whether it’s a purpose-built program implemented by an IT services firm like DynaSis or a brief, self-administered test from a cloud hardware or software provider, a preparedness assessment is an integral component of moving to the cloud. And, if the assessment results indicate your firm isn’t as ready as you thought, the insights you’ll gain can help you refine your plans and realign your goals.