Tag Archives: IBM Corporation

About 1876 days ago Servers and Routers

When to Fix a Server In-House

our beautiful site

If you’re a small or mid-sized business owner, one of the things you quickly come to realize is that support is expensive. Either you pay through the nose for a support contract for your hardware and software, hoping that it’ll come to the rescue when you need it, or you take a chance and go without support, hoping that something doesn’t break that will incur a high one-time cost for time and materials. Hardware and software manufacturers understand this, which is why they’re giving their customers more self-service options than ever before. They’re also making their product more self-serviceable, allowing the customer to make fixes without having to call in a field technician. But, at the same time, environments are getting more complicated, leading customers to go down more blind alleys than ever before. As complicated as all this sounds, however, the decision on whether to call in support comes down to one major factor: how much downtime your company can tolerate. How long you can be down “Many times, it comes down to a cost equation, and that cost includes cost of downtime,” says Flynn Maloy, worldwide marketing manager of HP’s technology services division. Their goal is to provide complete support solutions to customers, whether they’ve bought HP servers or not. “Even with our small customers, we have a conversation: ‘What does it cost you to go down for an hour? What is the uptime you’re looking for?’” Server manufacturers like HP have all made it easier for customers to service their own hardware. Hot-swappable fans, hard drives, and other modules are designed to be easily removed and replaced while the server is still online. Monitoring tools, such as HP’s Insight Manager, and remote operation boards, such as the company’s Lights-Out management package, allow customers to have more control of what they’re seeing. Customers seek self-service options Thanks to the Internet, customers have more self-diagnosis options than they had even a few years ago. In a 2007 study of small businesses, New York City-based Jupiter Research found that, when searching for customer and technical support, FAQs and self-service searches were adopted at nearly the same rate (over 90 percent of those surveyed) as more traditional phone and e-mail support. But satisfaction levels were lower for those methods: 41 percent for FAQ and 45 percent for search versus 58 percent for e-mail and 57 percent for phone. Text chat and community forums were being used less than FAQ and search, but yielded similar satisfaction statistics. “People do like to be in control. They like to go online and figure the problem out before they get on the phone,” says Sonal Gandhi, the main analyst on the Jupiter report. “The only reason people turn to the phone is that they can’t find the answer they’re looking for or it’s more complicated than what they can find online.” Managed solutions for complex environments Indeed, environments have gotten so complicated that customers sometimes go down the wrong path, blaming the hardware when it could be the software or network that’s to blame. Maloy quoted an internal HP survey conducted in 2006 that showed that only 20 percent of total system downtime could be attributed to hardware failures. The other 80 percent were attributable to what he called “people and process” factors such as software failures, human error, network problems, security breaches, and other issues. These wild-goose chases end up taking time, and even in a small business, downtime can potentially cost a business a lot of money. “There are certainly customers out there that roll the dice more,” and go without a support contract, says Maloy. “Once things get a little out of hand to the people who are running it, then they seek coverage.” That’s where companies such as HP step in, offering managed support of entire environments. The service arms of global companies like HP and IBM have groups that are dedicated to providing services for small and mid-sized businesses, with service packages that are scaled and priced to fit the needs of smaller shops. Solutions range from hosting software on shared servers managed by the outsourcing company to having people on-site on a full-time basis. Some companies, says Gandhi, are using a “hybrid” model, where the management of only new applications and environments are outsourced, and the current environment is still taken care of in house. “It really depends on how crucial the application is for running the business,” she says.

About 1876 days ago Data Security

10 Steps to Database Security

our beautiful site

March 1, 2008: a laptop containing unsecured confidential data is stolen from an employee’s car, endangering the privacy and financial well-being of thousands of people — and a company’s reputation.  Feel like you’ve read this before? Once only the stuff of nightmares, this unfortunate scenario has become almost commonplace. In this latest instance, the laptop belonged to an employee of San Jose, Calif.-based Stock & Option Solutions (SOS), a stock-plan manager and subcontractor to Agilent Technologies Inc., of Santa Clara, Calif., a life-sciences and measurement firm. The laptop contained a database listing the names, addresses, and Social Security numbers of 51,000 Agilent employees, retirees, and stakeholders, as well as information about their stock holdings. Despite a strict Agilent database-encryption policy, which covered SOS as well, the laptop version was unencrypted, confirms Agilent spokeswoman Amy Flores. “They blew it,” she says simply. Cautionary tale about databases This latest case should serve as yet another cautionary tale. Data such as Social Security or credit card numbers are not only crucial to a business, they are worth their weight in gold to those in the identity theft racket. Moreover, compliance with regulatory mandates, such as Sarbanes-Oxley requirements, requires companies, and their contractors, to keep an airtight lock on relevant data if they want to win and maintain lucrative business deals. And yet, database administrators (DBAs) probably only spend 7 percent of their time tending to database security, estimates Noel Yuhanna, principal analyst for database security at Cambridge, Mass.-based Forrester Research. If anything, DBAs spend more time trying to increase internal access to a company’s database, so that it can be used optimally by the accounting or sales staff. And for small businesses, where the DBA could have countless other duties, too, the problem might be greater. Sometimes insiders at fault Which brings us to another tough statistic — a January 2007 Forrester Research report estimated that 70 percent of all database breaches involve insiders. Even those employees who administer the database need to be viewed as potential risks to its safety. Awareness of the scope of this problem is growing, however. A separate Forrester study found in October 2007 that enterprise spending on database security and auditing is likely to double by 2010 to nearly $900 million annually. What should a small or mid-sized business do to protect its database? Here are some tips from the experts: What’s Your Risk?  “If your database is on the Internet, you have to protect it from hackers. Even if not, you have to protect it from insiders. And then you need to consider the laptops, thumbdrives, anything else that can include the data,” says Sushil Jajodia, professor of information technology and director of secure information systems at George Mason University, in Fairfax, Va. Figure out the scope of your risk first. Conduct a Vulnerability Assessment. Tools are out there that can help you check how well your existing systems work to protect your database. Products such as Imperva’s Scuba, an open-source assessment tool, can point out flaws in existing programs. How Many Databases Exactly? Make sure you track down any and all copies of your company’s databases that might be floating around. There may be more copies than you think, so make sure they are all found and eventually protected. Develop a Clear Policy…and Stick to It.  “Insiders need to know what they can and cannot do” with critical information, and how it should be stored, says Jajodia. “They need to understand the policy and know what will happen if it’s violated. Usually, that’s enough and people will do the right thing.” Insiders can include not only employees, but third-party contractors, too. Go Shopping for New Tools. DBAs should seek out the newest database security releases instead of relying on what’s on their systems now, says Forrester’s Yuhanna. For example, the latest offerings from Oracle, IBM, SQLServer, and Guardium offer far more advanced features. Guardium’s appliance, for example, features continuous tracking of all database activity, including failed logins, and includes an email alert service that can let others know of any suspicious activity. Make Sure the Tools Get Used. Make sure any software is properly installed. If encryption software for laptops is purchased, make sure it’s installed on every laptop in the office. In a recent case involving a laptop theft from a National Institutes of Health (NIH) employee, the laptop was not encrypted despite the existence of a U.S.-government-wide encryption policy, notes Jajodia. Control Access. Only certain employees should have access to the office database, and those employees who need only parts of the database to do their work should only have access to those parts. Products such as Applimation’s Informia subsetting solution or EMC’s Database Xtender can ensure that the sales force, for instance, only sees the specific data they need and nothing more. Don’t Give DBAs Sole Responsibility. Remember that most database breaches happen from the inside, so make sure someone is checking up on the DBA, too, notes GMU’s Jojodia. “This is the typical weakness, where a separation of duties isn’t followed,” he says. “There have to be checks and balances,” Newer product offerings can help by ensuring that even DBAs cannot make changes without notice. Handle Old Data with Care. Develop a solid strategy for storing databases that have outlived their usefulness, or old equipment containing such data. Remember that even old data can be misused if in the wrong hands. To store sensitive data, consider off-site archiving options with limited access, says Yuhanna. Should You Dump it Instead?  Legal experts note that keeping certain old data could add to your company’s risk in the event of an e-discovery case. If you decide to dump the data, wiping software, which overwrites your hard drive with unreadable gobbledygook, is one option: consider such products as WipeMaSSter or Active@KillDisk. Other options include degaussing (frying with an electrical impulse to render it unreadable) or destroying a hard drive outright. To be sure, protecting your company’s database is a challenging, time-consuming task. And, as Agilent’s Flores warns, the proverbial chain is only as strong as its weakest link. But nonetheless, making your best effort could help inoculate your company from all kinds of unforeseen dangers.

About 1907 days ago Computer Security

Minimize Security Threats from IM

our beautiful site

It’s no secret that instant messaging (IM) is wildly popular. It’s faster than e-mail, and so discreet that two people in the same business meeting can use it to communicate across the room virtually undetected. To top it off, it’s easy to get: many public IM software packages, such as Google Talk and MSN Messenger, are offered as free downloads. But IM carries the same security risks as e-mail — it can fall prey to worms, viruses, Trojans, and “spim” — unwanted spam sent via IM instead of e-mail. It can be intercepted by competitors, allowing trade secrets or confidential client information to fall into the wrong hands. And all of these risks can create the same types of security problems for your business — including regulatory and e-discovery non-compliance risks — that e-mail can. Chances are, you already know what type of e-mail system your office uses, have established guidelines for its use, and are vigorously protecting it with firewalls, anti-viral software, and the like. But are you aware if public IM systems are being used in your office? “It’s one of those stealth technologies, where people just install it, and it’s not blocked by an organization’s gateway,” notes Richi Jennings, an analyst with San Francisco-based Ferris Research. “You could ask many companies, ‘do you use IM?’ and they would say no, but they actually do.” Here are some tips from the experts on ways to minimize your risk: Develop an office-wide IM policy. Put together a written policy for your employees, and take the time to educate them about it. While it’s best to shut down any public IM systems in use in your workplace, companies need to decide such things as whether to allow employees to use public systems for personal use only, such as to family members. “You have to make a decision and stick with it,” says Rob Koplowitz, principal analyst for information and knowledge management for Cambridge, Mass.-based Forrester Research. Choose an office-wide internal IM tool. Invest in a secure product, such as IBM’s Lotus Sametime, that features encryption, limited access, and top-class antiviral software for internal business use. Don’t use consumer-based products, such as Google Talk or Yahoo, experts warn. Limit access.Joel Dubin, an independent security consultant and author, recommends configuring buddy lists to only known parties, and limiting internal access to those employees who must communicate real-time. Oversee screen names. Because IM is a very casual form of communication, some employees use offbeat, irreverent, or even racy, screen names that might not fit the corporate image, notes Jennings. “It’s important to not only control who uses it, but to control the screen names employees choose,” he says. Monitor use. As with e-mail, experts recommend monitoring use to detect any internal improper use or external efforts to sabotage the system. Some solutions, such as FaceTime’s, will warn employees in real-time that they are violating acceptable use policies. For businesses wanting to bundle their corporate IM service with other technologies, experts note, there are “a number of anchor points,” notes Koplowitz. “If you have an on-premise e-mail system, you may look to [link IM in with] e-mail,” he says. “But you can also link IM with telephony, or with some other business vendor.” Companies that offer full-service packages that include IM include FaceTime, whose Unified Security Gateway solution provides URL filtering, public IM, VoIP and P2P, and can work with unified communications suites offered by IBM Lotus Sametime and Microsoft’s Office Communications Server, according to Frank Cabri, FaceTime’s vice president of product management. These types of integrated solutions are likely to become more common at the enterprise level, and to trickle down to small and mid-size business-scale products as well, says Koplowitz. Whatever option you choose, experts advise that you take IM security as seriously as email security. The risks are real.

About 1907 days ago Printers, Copiers, and Peripherals

Bet on Telephone Headsets

our beautiful site

The crew at Karen Pierce Gonzalez’s public relations firm couldn’t function without telephone headsets. The staff of the three-person company near Santa Rosa, Calif., spends so much time on the phone during the workday that headsets are a must, and not just any will do. According to Pierce Gonzalez, cheap models aren’t worth the investment because static starts creeping into the earpieces about the time the warranty expires. Yes, over-the-head models muss their wearers’ hair every time they’re removed, and earpieces don’t always stay in place. But that’s a small price to pay for relieving the pain that comes with cradling a phone between your ear and shoulder all day. “Just thinking about it makes my neck hurt,” Pierce Gonzalez says. As Pierce Gonzalez’s experience shows, people take their headsets seriously. If recent trends are an indication, the day is coming when wearing a telephone headset for work will be almost as ordinary as, well, using the telephone. Not just for customer service reps anymore Wearing a headset used to peg someone as a receptionist or customer service agent. But the era of cell phones, Internet phones, iPods, and video games has erased any stigma associated with working while something’s stuck in your ear. Industry experts say headsets could become even more commonplace after California, Washington, and New Jersey later this year join the rank of states with laws banning people from talking on hand-held cell phones. When deciding what to buy, some things companies should consider: Wireless — Wireless headsets are the fastest growing segment of the business, thanks in part to lightweight batteries that last longer between charges than older models. “Once you cut the cord, there’s a lot you can do to unleash it to a lot more people in the building,” says Joe McGrogan, director of business-to-business marketing at Plantronics, a leading U.S. headset maker. Some new wireless headsets can be used with multiple phones, allowing the wearer to switch between a cell phone and office phone without switching headsets. Other models let the wearer answer or hang up a call by pushing a button on the headset, McGrogan says. Frequencies — Wireless headsets operate on multiple frequencies to transmit voice signals to and from a telephone base station, and the higher the frequency, the better the clarity and range. Today’s high-end headsets use a 1.9 GHz frequency, which the U.S. Federal Communications Commission opened up for voice-only communications in 2005. Other models use 900MHz, 2.4GHz and 5.8GHz. Bluetooth — This short range wireless technology developed by a consortium of major telecommunications players including Motorola, Nokia, Microsoft, and IBM allows someone using a Bluetooth wireless headset to connect to other Bluetooth enabled devices like cell phones, computers and printers. Wired — Although wireless gets all the hype, companies like Plantronics still sell as many corded headsets as they do cordless, McGrogan says. What can you expect to pay? Prices for corded headsets range from $25 to $100. New wireless models with all the bells and whistles cost from $200 to $400, according to McGrogan and other sources. SIDEBAR: Headset resources Telephone headsets aren’t hard to find. Small and mid-sized businesses will see a healthy selection at office supply stores such as Office Depot and Staples. Online specialty retailers such as Hello Direct and Headsets.com have a larger selection. Some small-business telecommunications vendors also carry the gear or can tell companies where to find it. For additional information on headsets suitable for office and mobile workers, check out the following online resources: An interactive selector on the website of Sennheiser Communications, a European telecommunications equipment reseller, lets people select their preferred use, style and brand and then spits out a list of equipment that matches their needs. Plantronics has a similar online tool customers can use to view the company’s products for office, mobile, and home phones. Amazon.com has a telephone headsets page with equipment from a variety of manufacturers and online stores searchable by brand, seller, or price. If you’re thinking of going wireless, read  this white paper on choosing a wireless headset at Headsets.com

About 1936 days ago Data Security

Pay for Storage? Weighing the Free — and Low Cost — Options

our beautiful site

As a small to mid-sized business grows, so does the sheer volume of information generated each day: account information and budgets, along with databases of inventory and employee records. The list is endless. A generation ago, it was euphemistically called the paper blizzard. Now, it’s more like a digital Tsunami that only gets bigger and more difficult to manage for the organization without a storage strategy. “Archiving data is less about where to put it and more about how to get it when you need it,” says Andrew Reichman, an analyst from Forrester Research. Indeed, many small to mid-sized businesses make the mistake of growing out their methods for storing data like the business itself: piecemeal and as needed. The end result can be disjointed, irretrievable data that is mission critical to the company, yet scattered across a variety of discs, servers, and individual employee hard drives. The good news: data storage has never been more plentiful or cheaper. The trick is wading through the myriad of options available and deciding which one works best for your organization. In-house versus out The first big decision to be made is whether to keep all or most of the company data in-house or out-of-house. Traditionally, companies of all sizes have kept their information on site. However, using a third party host to store data online is increasingly popular. Out of house options What do Intel, Google, Microsoft, IBM, Seagate Technologies, and EMC all have in common? They are all heavily investing in online backup storage solutions; whether it’s buying startups like IBM snapping up Arsenal Digital, EMC acquiring Mozy, or Seagate absorbing eVault. And then there’s Google launching its own initiative called GDrive service. There are also countless independent companies (that haven’t been bought up yet) offering data backup and storage online and on the cheap. Here are some of the advantages and disadvantages for the growing company: Advantages: It’s cheap, fast to deploy, and turnkey requiring no staffing to maintain the data. Plus, vendors have the advantage of using economies of scale to provide better security and store data more cheaply than a smaller organization doing it all on its own. However, the most important advantage is really more basic than that. The biggest reason to go out of house is to get remote backup capability,” says John Longwell, research director for Irvine, Calif.-based Computer Economics. Simply put, you don’t want to have all your eggs (or data) in one basket (or place). If the building burns down or even just a poorly-timed snow day keeps employees away from the office during a critical time for the business, the results can be devastating. Off-site backup and remote access to information is a core need for most businesses today. Disadvantages: “The server and the application need to be in the same place. Going outside works if you’re talking about using Gmail as the company e-mail client and then archiving it all on Google, or CRM data with Salesforce.com. Businesses need to be careful which parts of the business processes they can give to someone else,” says Reichman. Even Amazon is now offering cheap data storage and retrieval programs like “SimpleDB”, which is in beta as of this writing. However, simple is the optimal word in that brand. It is a very simplistic way of searching and fetching data. It is not the place to store financial information a company may need to aggregate in a variety of sophisticated ways to generate specific reports. In-house options Despite all the hype over third party vendors offering online storage, in-house options make a lot of sense, as well, and may be more practical for many businesses. Advantages:  The obvious advantage is retaining control at all times. The other advantage is that the major disadvantages are disappearing fast. In-house solutions are getting cheaper and more effective too. “There’s a big shift among small to mid-sized businesses from on-board discs (data separately stored on each individual computer and server) to what’s called centralized network storage. This can be as simple as throwing a single appliance on the network that houses all the data. By centralizing storage, information can be pulled from multiple sources and aggregated into richer data. It also makes it easier to manage all the company information, control user access and retrieve it when needed. Disadvantages: In-house solutions mean buying gear, getting it installed, and then taking on the expense of maintaining it. “Sometimes it’s a tough pill for small to mid-sized businesses to swallow,” admits Reichman, who encourages executives to look at the long term savings of better data management specific to the business. It’s something an outside vendor can’t provide, as well. Deciding factors Costs:  Web-based third party vendors are cheaper, at least up front. It depends on the size of the business, however, whether they make sense. If a company has someone on staff to maintain a centralized storage network, then it might make more sense to invest in the equipment and save on vendor fees typically based on the amount of data stored on a subscription basis. What data and why and when it is needed:  How will users interface and retrieve information as they need it? A third party vendor may not be able to offer the sophistication needed to work with certain applications or databases. Then again, it may make sense to house older and less important data off-site and out of the way. Prioritizing storage needs: What’s the primary motive for storing data? Is it backup and security? If so a third party vendor is likely the answer, since it offers off site protection of the data and often smaller businesses don’t have the same level of security as the vendor (like encryption and less network downtime).  Sidebar: Data Storage Options Carbonite is designed to backup data on each individual computer or server. It runs constantly in the background backing up data and is handy for the desktop user who loses a file or accidentally deletes something of importance. Lost information can be retrieved immediately. This is not a likely solution however, for growing companies that need to manage data in a centralized way controlling access and aggregating data driven reports. Mozy Similar to Carbonite, it is designed for the individual user who needs his or her information constantly being backed up remotely in case of a virus strike or ill-timed computer crash. Mozy, however, does offer a professional version with a number of features like administrative powers to manage data from multiple sources and encryption. Its new parent company, EMC, may have something to do with the increasingly beefed up services targeting corporate clients. Pricing is based on a combination of price by seat ($3.95 per computer, per month) and 50 cents a GB per month xDrive is primarily targeting the consumer market. But for the small business just starting out, it’s worth consideration. xDrive charges $9.95 for 50 gigabytes of storage.  Based in Beverly Hills, Calif., xDrive is actually owned by AOL and markets itself as a preferred solution for backing up pictures, graphics and video for easy web access and collaboration with others. As is, it’s easy to imagine a business quickly outgrowing xDrive. But with AOL as its parent company, it’s also easy to imagine xDrive scaling up it services for growing organizations before that happens. Nirvanix is attracting a lot of attention, as well as high profile investors like Intel. The San Diego, Calif.-based data storage company is especially attractive to the small to midsize business market because it offers scalable storage services for a flat fee of 18 cents a gigabyte. What makes Nirvanix special is its application programming interface (API) that enables companies to easily integrate Nirvanix Web Services into their own company applications. In comparing just these four examples of online data storage vendors, there is at least one common denominator: they are all still growing out their corporate features to accommodate businesses. “The options are still limited today, but it’s getting there,” says Reichman.

About 1967 days ago Business Software

E-mail Alternatives: Time to Ditch Outlook?

our beautiful site

Perhaps you’ve had this experience: you’re on the red-eye from L.A. to New York. You realize you need to access your e-mail. But you can’t: you’re offline. It will be hours until you land, and you’re stuck. For some companies, this scenario is one of several good reasons to seek out a better mousetrap than Microsoft Outlook and Exchange. Products such as Google’s open source-based Google Gears API, Zimbra’s Suite and Desktop, and IBM’s Lotus Notes & Domino offerings allow users to work offline in a similar environment to their online product. While Microsoft does have offline offerings, they do not have the same functionality as their online product, users say. A seamless transition “What we can offer is a more seamless transition between online and offline,” notes John Kobb, vice president of marketing for San Mateo, Calif.-based Zimbra, which was recently purchased by Yahoo! “You can take it on a plane with you. The administrators are saving the same information on the same server — you can go and access the same information from a different computer,” he notes, whether that computer is an Apple or PC. For small and mid-sized businesses, hosted solutions such as Zimbra’s have considerable appeal, because “you don’t have to deal with storage and backup,” notes Erica Driver, principal analyst for enterprise messaging and collaboration with Cambridge, Mass.-based Forrester Research. Other reasons to look beyond Outlook and Exchange, says Driver, include: wanting a system based more on open-source standards, preferring to cobble together a “best of breed” email/backup/archiving system to what MS offers, wanting a system not based on Microsoft due to lack of MS skills among workers wanting a system that allows workers to move from computer to computer, including Apples to PCs, seamlessly Zimbra’s Kobb also notes the inherent cost savings in using a hosted system that is a “one-stop shop” for messaging, archiving, and anti-spam/anti-virus protection, as opposed to budgeting each of these separately, either through several hosted solutions or in-house hardware. “The total cost savings could be significant, “he says, noting that Zimbra’s hosted solution runs about $4/month per user. Web 2.0 ready Another consideration is that offerings like Zimbra’s cut their teeth on Web 2.0-based technologies, so it’s easier to link them to blogs, wikis, and other collaborative tools than the older Outlook. “This is a real plus for products like Zimbra and Google,” says Driver. “They have been quicker to adopt 2.0 into their products.” Likewise, IBM’s Lotus Notes is well-known for its collaborative abilities, but is largely an enterprise-class product with a higher price tag. The bottom line: MS Outlook and Exchange is not the only game in town. Keep an eye on these alternatives– they may be a way to save your business time and money. SIDEBAR: Email Alternatives to Watch Zimbra offers hosted solutions featuring email, anti-spam/anti-virus, archiving, and collaborative tools. IBM Lotus Notes & Domino offers a range of desktop options, including calendaring, email and collaborative tools. IBM also offers a range of archiving, security, and other solutions. Google Gears API offers open-sourced based browser extension; easy to customize with additional functionality.

About 1998 days ago Data Security

Safeguard Your Biggest Asset — Your Data

our beautiful site

Do you know where your data is? If your company maintains databases, runs e-mail marketing campaigns, sells something online, or gives salespeople laptops, the answer could be “everywhere.” The more places a company’s data resides, the greater the possibility it could fall into the wrong hands, accidentally or by theft or hacker assault. With so much at stake, it behooves businesses to establish controls to ensure data is private, secure and stays that way. One method for doing that is a privacy audit, in which a company reviews its information handling practices to track where data is stored and moved, if it’s vulnerable to leaks or theft, and whether employees adhere to stated privacy and security practices or industry regulations. Data breaches and lost laptops Small business owners who don’t think they need to check privacy practices are fooling themselves, advises Mike Spinney, spokesman for The Ponemon Institute, a privacy think tank in Traverse City, Mich. Consider: Since January 2005, 216 million data records of U.S. residents have been exposed due to security breaches, according to the Privacy Rights Clearinghouse (PRC), a non-profit consumer privacy advocate in San Diego, Calif. According to the PRC’s online listing of data breaches, many of those occurred at small businesses. The most common causes of security breaches are lost or stolen laptops or other portable devices like USB drives, according to a November 2007 benchmark study of data breaches at 35 U.S. companies by The Ponemon Institute. A separate survey published by The Ponemon Institute in November 2007, found that of 893 U.S. IT professionals, 51 percent copied confidential company information to a USB memory stick even though the majority of them (87 percent) believed their company’s policy forbade it. That even IT professionals should exhibit such cavalier attitudes toward data privacy “is kind of shocking,” says Spinney, the Ponemon Institute spokesman. Setting up a privacy audit Routine privacy audits could uncover and prevent such behaviors, privacy industry experts say. To perform an audit: Decide what data to analyze: all employee and customer records, or a subset of sensitive information, like Social Security numbers. Use spreadsheets, employee interviews, technical monitoring, and blind shopping or testing to create a chart showing where data is collected, processed, transferred, or deleted and what applications or vendors are used for each step. Use the data flow chart to measure the company’s day-to-day information handling practices against its stated policies and any industry rules or regulations. If the two don’t match, take the appropriate steps to change them. At most small businesses, an IT manager, CFO, or CEO could spearhead an audit. Small businesses could also hire a privacy consultant, or use their outside legal counsel or accounting firm, if those firms provide such services, says Jeff Nicol, of PrivacyReady.com, a privacy industry consultancy in Hood River, Ore. Audits aren’t cheap. A small business can expect to pay around $20,000, Nicol says. That’s pretty pricey, so companies could consider scheduling a full audit once every three years or do partial audits each year, Nicol says. Between audits, companies can use security assessment software to keep systems running smoothly, Nicol says. Software like Watchfire from IBM, Web Vulnerability Scanner, from Acunetix, Hailstorm from Cenzic, or WebInspect from SPI Dynamics can check that a company’s use of Web applications complies with stated privacy directives. Online sellers can test their privacy practices by going through the assessment process necessary to get an online privacy seal from TRUSTe, the non-profit privacy trust organization. SIDEBAR: Securing laptops and educating employees About those laptops: security experts recommend putting passwords on everything, and using encryption software such as Credant Mobile Guardian Shield or KeyPoint Alchemy from RedCannon Security. Another suggestion: enroll employees in online courses like the Privacy Directions series from MediaPro. “Technology (is) a big part of having decent security, but the weakest link is workers,” Nicol says. “Proper policies, training, and monitoring all are critical to see that folks know and follow good information security practices.”

About 2059 days ago PCs, Laptops, and Notebooks

Ready For the Next Computing Platform? It’s Ringing Now.

Some people use it to play music. Others marvel at the photo-browsing interface, and some of its users just want to look cool. I don’t care about any of those things when I look at the iPhone. What I see is the breakout of the next major enterprise computing platform. Not the humble cell phone, you say? It’s too small, too weak, too underpowered for serious productivity? If history matters, new computing platforms have always emerged from the low-end of the marketplace. The Digital Equipment Corp. (DEC) minicomputer supplanted the IBM mainframe, then Sun’s Unix Workstations replaced DEC, and the PC replaced Sun. Now, the phone is going to surpass the PC. There’s no denying that cell phones have already played a huge role in boosting business productivity. We take for granted the tremendous shift that has taken place, from leaving a message with a secretary to being able to reach virtually anybody at any time, barring the occasional nap or airplane ride. But running business applications on these devices has been limited by bandwidth, screen size and particularly by “weak” browsers that don’t support things (like Java) that are required to run rich, browser-based applications. The iPhone has raised the bar and will finally deliver on what the mobility advocates have been pushing since the first cell towers went up. Two personal experiences opened my eyes to the inevitability of the cell phone as the next major computing device. The first was when we decided to bring our NetSuite application to the Japanese market. We found that to enter that market, a user interface that supported mobile phones was not an option — it was mandatory. No phone-based user interface, no sales in Japan. So in markets far more advanced than the US in terms of their use of mobile computing devices, the phone is already being doing much more than sending calls, texting and emailing. The second eye-opener was the day after Apple launched the iPhone. That Saturday morning, I logged on to the NetSuite user group and saw our users raving that NetSuite worked perfectly on the iPhone. While the iPhone was targeted as a consumer device, it was clear from the posts of these serious business people that it heralded a major transition for business as well. Apple may not have planned it, but by shipping with a complete Safari browser, they opened up an entirely new market because rich web-based business applications can now run on your phone. That doesn’t mean everything you do in an office today translates immediately to a phone. Just as there are still mainframes, mini-computers and workstations in use, the phone won’t eliminate the PC. But more and more work will get done on your phone. And the same transition we saw from keyboard-only mainframe applications to point-and-click mouse-driven interfaces is happening again, this time with designs that keep the needs of mobile users in mind. It is going to force software companies to think carefully about how they use that precious screen real-estate on the phone. If you still aren’t convinced, just wait, and the decision will be made for you by your best and brightest new hires. Never lose sight of what the college students of today are accustomed to. Living — not just communicating — on a small, handheld device is simply second-nature. They are so tied to these devices that their dedication, and the applications already being created for the latest vanguard of smart phones, is going to transform business five to ten years down the road.

About 2089 days ago Business Software

The Open Source Security Primer

our beautiful site

Open source software is both tempting and terrifying for many small to mid-size business owners. Tempting because it’s cheap up front and comes without those licensing fees. Terrifying because of the perception that it’s easier to hack. “There’s absolutely no evidence that open source is any less secure than commercially licensed software,” says Michael Goulde, a senior analyst from Forrester Research, who estimates 55-60 percent of all businesses use at least some open source software. Goulde goes on to dispel the two most popular concerns about open source software: Anyone can look at the source code. The worry here is that “anyone” can be any hacker who wants to wreak havoc. “Bad eyes can see the code, but good eyes can see it, too. If a vulnerability is found, then there’s a whole community of developers literally all over the world to fix it. It’s essentially under peer review,” says Goulde. It’s written by amateurs who don’t care about security. Goulde says that used to be true, but with the more established applications that is hardly the case anymore. Most open source developers are professionals with some even employed by the likes of IBM, Hewlett-Packard, and Sun Microsystems. One size doesn’t fit all “Open source is a very broad area. You can’t make a single judgement about it. Some areas of applications are quite mature, while others are not,” says Yefem Natis, a distinguished analyst from Gartner, a Stamford, Conn. IT research group. Natis advises business owners to be more cautious when it comes to open source applications like portals and business tools such as business process management (BPM), customer relationship management (CRM), and enterprise resource planning (ERP) systems. Operating systems and application servers, on the other hand, are more established and safer to use. Goulde, however, is less cautious and even sees open source as a unique opportunity for many small to mid-size businesses. “The amount of functionality you get from the open source versions of these technologies, like CRM, ERP, and BPM tools, is just right for many small to mid-size businesses. And, it’s affordable. Similar products that are commercially licensed are more likely to be priced beyond their reach,” says Goulde. The argument for open source safety For all the debate, a business owner has to wonder why not just play it safe and stick with the commercially licensed software.  Here are some of the advantages of open source applications that may make it too tempting to pass up: It’s cheap.  Not having to pay licensing fees can obviously be a huge savings. Don’t forget, however, it still has to be maintained. Open source is not completely free! It’s easier to integrate with other applications. Open source is written to support standards, rather than proprietary code (like Microsoft applications written to support other Microsoft applications, for example). This means fewer headaches combining it with other products from a mixture of vendors. It’s easier to get serviced. Since the code is freely available, there are more businesses and consultants around to help with service and maintenance. More choices mean more competition to get your service contract. More competition, of course, means a cheaper service contract. More innovation. Since its open source, there’s an open field of developers working on new versions with new features. This can mean both more innovation and more interesting innovations. How to play it safe Feeling more tempted than terrified? Here’s what a business can do to take the open source plunge with minimal risk: Know where the software is coming from. There are often many, many places to download these applications. Companies need to verify the source as reputable and safe. Always check references. Use a consultant. This is especially important for most small to mid-size businesses with little or no in-house IT staff. Its money well spent to hire someone who knows the most established applications, their best download sources and how to install them. At the very least, work through a reseller who can guarantee the source of the software. Plan on having ongoing support. “Open source is often in a more raw form, compared to commercially licensed software. Therefore, it requires more expertise to fine tune it to make it work with the business,” Natis says. “Support is a must.” For those businesses still feeling more terrified than tempted, here are some final unsettling words from Natis: “Open source is so widespread nowadays, some businesses are already using it bundled into other products without knowing it.”

About 2120 days ago Servers and Routers

Routers for Small Business: No More “Mickey Mouse” Gear

There was a time when small and mid-size businesses had to pay through the nose for high-end corporate networking gear made for large enterprises if they wanted to get any kind of decent performance out of their business systems. That, of course, assumed that you could schedule an appointment with a sales rep who was more interested in hunting big game clients. But times have changed. With the large enterprise market now saturated with technology, today many networking vendors are developing, packaging, and selling products specifically for small and mid-size businesses. The small business market is now seen as a hot, high-growth target of opportunity. While this is undoubtedly good news for small and mid-size businesses, buyers need to careful. Price and packaging is important in providing access to technologies once the exclusive domain of the Forbes Global 2000.  But it is also important to ensure that smaller businesses get access to the support and maintenance services that are critical to business continuity and ongoing operations.  Large vendors that have typically done business with big firms can easily fall short of making these key ancillary services available to their mid-market clients. This is because they primarily sell through channel partners who don’t have the resources and know-how to offer these support services. Price is no longer the only issue “Affordability is not the issue anymore,” says Amir Hartman, co-founder of consulting firm Mainstay Partners, based in San Mateo, Calif. “It’s the post sale service and support that small and mid-size businesses have to be aware of.” Large vendors see a huge untapped market in this space, Hartman says. Take Dell, which earlier this month announced its Vostro line of notebook PC computers designed for small businesses that have 1-25 employees. Dell has cut out unwanted applications that normally ship with new computers, and it has streamlined the process and time it takes for a customer with no IT experience to set up the machines down to 6 minutes. Dell says it’s dedicating 6,500 of its customer service workers to be available for 24-hour access. IBM, meanwhile, introduced a BladeCenter system for small businesses; blade servers were previously sold exclusively to mid-size and large businesses.   Cisco, earlier this year introduced the Smart Business Communications Center (SBCS), a product specifically built for companies with fewer than 250 users, which supports new hardware products, a unified communications applications and offers basic systems-management tools. The product provides routing, switching security and wireless support, which can be turned on and off independently, at a customer’s own pace, says Ed Kudey, senior manager of solutions development for the Global Small and Medium-Sized Business group at Cisco. More products let you pick and choose Hartman notes that small and mid size companies should expect to see more products that give users the flexibility to pick and chose the feature and functions they want to activate when necessary. Kudey says that Cisco has been supporting this market for eight years and is gratified to see that it continues to grow. Small (250 users or less) and medium (251-1,000 users) businesses now account for just over 25 percent of the company’s business. Like many vendors, Cisco supports this market through value-added resellers. “We spend a good amount of time educating our partners on our direction so they can help us establish a strong eco-system” for small and mid-size businesses, says Kudey. Just as Cisco will spend time consulting with the IT staffs of large enterprise customers, he says they do the same with smaller partners. While Hartman concedes that using established vendors like Cisco, Dell and IBM can offer small and mid-size companies some assurances in product stability and reliability, he argues that users should be clear with both vendors and resellers about support and service expectations. Although support is usually available, some vendors may charge extra to receive that support, he warns. As always, getting the facts before buying is critical.