by Dave Moorman

Given the state of the economy in the past few years, many small and medium businesses (SMBs) have taken a “wait and see” approach to IT spending. While this attitude is understandable, it positions companies to become reactive rather than proactive.

The reality of IT is that things break; they fail; they become outdated. Companies that don’t have a solid IT plan to address at least the core replacement cycle risk lowering productivity and/or making unplanned IT expenditures that do not fit into their overall strategic business goals. Beyond basic needs, companies also need a strategic vision for using IT, not simply to enable their business (or worse, just prop it up), but rather to drive its future success.

If your company has a strategic IT vision and is implementing it, then I congratulate you. If not, I urge you to allocate time, early in 2014, for IT assessments and planning. Commit—right now—not to spend another unplanned dime on technology.

Whether you are a business owner or an IT executive, take concrete steps to make this happen. First, ask company personnel to submit a list of IT equipment and tools they think would invigorate their productivity in 2014. Ask them to persuade you with a compelling explanation of why they need these enhancements and how they can benefit the company’s success.

Then, sit down with executive management and other IT staff or your services provider and consider such important issues as:

• Business processes (how can IT better help you do what you do)
• Content management (how can IT improve the way you store, access and share documents and knowledge in your company)
• Infrastructure requirements (what is the IT foundation on which the business runs and how does it need to evolve over time)
• Security (what IT changes will enable you to better protect and defend the business and its intellectual assets from theft, damage or loss from inside or outside forces)
• Workflow requirements (how can IT tie everything together so that work moves smoothly from one process to the next with appropriate oversight and management)

Armed with this information and other insights you will gain along the way, you and your associates can develop an IT plan and budget. Only then should you consider the 2014 purchase cycle.

For companies that have not previously developed and implemented a strategic IT plan, this can be a tall order, but it’s a crucial one. At DynaSis, we strongly urge our customers not to embark on any IT program without an up-to-date IT plan. If a firm is uncertain how to implement its plan without blowing the budget, we ask them to pinpoint the most important of three core benefits (reduce costs; minimize risk; increase productivity) IT can provide and to focus on plan items that will accomplish that goal, first.

For companies that don’t have a plan and don’t know where to start, we provide numerous assessment tools and techniques that can help them develop a plan and make these decisions. If you would like us to help you assess and plan your IT future give us a shout!

Your network runs pretty well most of the time. Sometimes, it seems a little slow, but usually, it works well enough to keep business humming along reasonably smoothly. Your network is in good shape, right?

If this sounds like your business, think again. Nine out of 10 corporate networks have some type of problem, from security flaws to improperly configured devices that slow down network speeds. Network hardware has become so adept at resolving or bypassing conflicts and other glitches that one or two problems alone might not cause an outage.

But when the right combination of issues occurs, BAM! Down goes your network. If you have myriad problems, untangling them all and finding the source of the outage can take hours—or days.

Fortunately, there is a technique that can identify problems with your network, hopefully before they take your network down or compromise its security and that of your systems and business assets. It’s called a network assessment, and it’s a service that can be run as an automated process, in the background, with little to no impact on your users.

So, what does the network assessment tool do? It tunnels through your network, identifies and creates an inventory of all its connected devices, and scans for anomalies. Problems it will identify include:

• Rogue devices (such as unauthorized network access points or connections).
• Outdated permissions, insecure passwords and other points of weakness.
• Installed applications across the entire network.
• List of servers on the network, including configuration details.

Network assessments gauge the security and composition of your network, enabling a comparison against your current expectations and objectives for the future. Additionally, this information is valuable for more than simply exploring your network and its ecosystem. It also helps you determine if users have installed software outside of company licensing agreements, pinpoint devices where users are not following password reset policies and more.

Network assessments usually include a collection of reports (ours do) that explain what the evaluation uncovered and make recommendations for improvements. With those in hand, you can decide to take action internally or hire outside specialists to alleviate pressure points and reconfigure questionable or misconfigured devices.

Network assessments aren’t designed to evaluate network health (e.g. service availability; application performance). That’s a separate operation that works in tandem with the network assessment to ensure your network is 100% optimized to power your business. When you’re ready to learn more, we’d love to hear from you.

by Dave Moorman

In the IT security world, service firms toss around terms such as Vulnerability Assessment and Penetration Testing as if everyone knows what they mean. This may leave you wondering, “What do these two processes do, and are they both important or do they cover the same ground, twice?”

Vulnerability Assessment (also called Vulnerability Analysis) is the process of identifying weak points on a network where a cyber-attacker could potentially gain access or otherwise do harm. Vulnerabilities can be anything from open ports (the “doors” that let data flow between devices on a network and the Internet) to open, rogue access points (unsecured, unauthorized Internet connection points). During a Vulnerability Assessment, specialized software scans and analyzes network traffic, connected devices and other elements of the network to identify flaws that increase vulnerability to attacks.

Penetration Testing, on the other hand, focuses on gaining unauthorized access to the system and its resources by simulating an actual attack on the network and/or its devices. Although Penetration Testing can reveal vulnerabilities, its goal is to determine what an attacker could do once he found the system’s flaws. Furthermore, Penetration Testing is often used as a way of validating whether or not implemented security improvements are working or holes can still be exploited.

The two processes work together in much the same way that a home security expert might examine your house for windows that are easy to open (Vulnerability Assessment) and then determine how difficult it would be to bypass your alarm system, open the windows and get inside to steal your jewelry (Penetration Testing).

In other words, Vulnerability Assessments tell you what within the network needs securing; Penetration Assessments confirm whether or not the network is actually secure. Both processes can play a role repeatedly throughout the lifecycle of an IT framework as new devices are added, network configurations change and other adjustments are made.

Most importantly, these two processes are part of an enduring IT security management effort designed to secure your system, its resources and its assets against intrusion, theft and exploitation. With companies from global conglomerate Sony to the smallest Mom and Pop shops falling victim to cyber-attacks, IT security is something no business owner should overlook. To learn more about security management and the role these two processes play, give us a call.