Monthly Archives: November 2016

Comprehensive endpoint device security management

The variety of ways workers are now connecting together and to the web to work more effectively continues to grow.

 

As the connections expand, so do the steps that need to be taken to ensure those connections communicate with the network in a secure fashion.

Because employees increasingly are using mobile devices to connect to the corporate network, this puts pressure on IT to provide endpoint security and device management solutions that make sense for both the mobile worker and the enterprise.

Research firm IDC predicts that the number of mobile workers will increase to 1.19 billion by the year 2013. The variety of devices that these workers use to connect to the network will also continue to grow.

According to the iPass 2011 Mobile Enterprise Report, 73 percent of enterprises allow non-IT managed devices to access corporate resources. This is a figure that is likely to get larger as 83 percent of firms said they expect to support Apple’s iOS, while 77 percent anticipate supporting Android-enabled devices.

Each mobile device provides its own set of security vulnerabilities. Additionally, mobile equipment has less evolved security applications – most have no anti-virus or anti-spyware protection on the devices themselves. So endpoint devices are among hacker’s preferred targets.

According to the Juniper Networks Malicious Mobile Threats Report 2010/2011, there was a 400 percent increase in Android malware between June 2010 and January 2011.

To take advantage of the productivity offered by web-enabled endpoint devices, including laptops, smartphones and tablets, it is essential that firms adopt policies and procedures that protect enterprise data while enabling staff to use the mobile devices that best fit their needs.

Use Best Practices for Endpoint Security Solutions
There are a number of established best practices for endpoint security management- among these observances are:

  • Require the staff to sign policies and usage statements for all endpoint devices, including those owned by the business and employee-owned equipment. Policies and usage statements should clearly state the security and support that IT will provide, so it is responsible only for those apps and services that IT delivers and approves.
  • Use the cloud layer to route all network requests such as email and server access to block security threats before they can do any damage.
  • Place security solutions in the cloud. This method enables the enterprise to provide central endpoint device management and security rather than going to each device to install security applications.
  • Use the cloud layer to provide authorization capabilities, allowing workers to access different areas of the network, depending on their needs. For example, an auditor might need access to sensitive corporate financial information, while a customer service representative would need to access customer transactions.
  • Delete corporate information from endpoint devices in the event that they are lost or stolen or if the employee’s relationship with the company ends. The Juniper malware study reports that 1 in 20 mobile devices were lost or stolen.

How to Be Proactive About Potential Breaches

Are you tiring of users continuously badgering you to get corporate network access for their mobile devices?  Does your corporate management want to buy tablets for the sales team? If so, your small- to medium-sized business (SMB) needs to start proactively addressing mobile security breaches such as malware.

 

Modifying your existing security policies and protocols, establishing new policies and educating your mobile workforce are economically sound frontline solutions for securing your corporate enterprise and trade secrets.

Here are some tips on how to address mobile device security breaches beforethey happen:

  • Establish corporate information access guidelines. It’s important to pre-determine how mobile device users will access corporate information. Will users download data to devices? Will they access the data remotely? The answer will vary from company to company, so be sure to consider your situation uniquely.  If your company has to be in compliance with a regulatory body like PCI Data Security Standards (DSS) or the Health Insurance Portability and Accountability Act (HIPAA), then consult with your auditor before enabling network access to mobile devices.
  • Establish device control policies. Bring Your Own Device (BYOD) can be full of benefits like saving on corporate hardware purchases and increasing productivity for your mobile workforce and SMB. However, the negatives can outweigh all those positives when a BYOD device brings malware into your network. Create a policy that governs how your corporate IT staff can gain control over a personal device, while maintaining your network security. Include information about how to keep personal information private (e.g., via a mobile device backup strategy that doesn’t touch personal data) and define corporate ownership over data and applications.
  • Enforce device-level security.  Both corporate-owned and personal devices should have secure passwords and screen locks; document this requirement in your mobile device policies. In addition, make sure it’s clear that both personal and corporate mobile devices maintain up-to-date corporate-approved (and preferably corporate-managed) antivirus and security software installed to guard against malware and other security risks.
  • Develop and deliver mobile workforce security training. Education can be just as powerful a security tool as technology. Develop and deliver mobile workforce security training built around keeping your mobile workforce productive and prepared to be the first line of defense against malware and other security threats to their mobile devices. Spell out your corporate policies and include a participant sign-off stating that they understand and will abide by the policies.

Outsourcing IT

Just a few short years ago, the image of an IT department for small and medium businesses was one of Dilbert-looking technicians noodling around with Cat 5 cable and speaking in a blend of Klingon and Robot. In other words, IT seemed completely remote, complicated and inaccessible to most employees. Additionally, each new hardware and software deployment, including installing malware protection, could take weeks to manually implement across the enterprise, and rarely went smoothly.

One solution – outsourced IT – has found greater acceptance in the past few years as its benefits have become more tangible to even small businesses. It is estimated that globally, 74 percent of companies use some form of outsourced IT solution, up 25 percent from 2009.

 

Read further for compelling reasons why a small or medium business should consider the IT-outsourcing trend.

 

Cost savings

Moving IT off-site can save an SMB thousands of dollars per year. As most business decisions are predicated on the bottom line, this is often the main driver in the decision to migrate. Areas of savings include:

Reducing hardware expenses. Servers, storage, cabling, cooling, and datacenter square footage expense can now be on a cloud vendor’s dime, not yours.

No salary or benefits expenses for IT employees.

Potential tax savings by converting capital expenditures (servers), that depreciate slowly over time, to a monthly cost which can potentially be deducted in the current tax year.

 

The latest software versions – hassle-free

Outsourcing IT means software, including malware protection for endpoints, can be updated automatically by the provider. This obviates the need for a local tech to run around taking workstations offline for upgrades.

Furthermore, updating software not only unlocks newer features, but also closes exploits in older versions that might allow hacker penetration. So it’sworth exploring any platform that can make this process painless and automatic, such as a cloud service.

 

Focus on your business, not technical issues

Anyone who survived working in Corporate America from the 1980s onwards is familiar with the spectacle and lost productivity that accompanies the proverbial “system going down.”

When outsourcing IT to the cloud, this nightmare occurs less often as data is often distributed redundantly across many servers that are monitored constantly, leading to greater stability and uptime, and less worrying about IT matters.

Save money with cloud computing

Why move to the cloud? There are plenty of good reasons, but mainly it makes good business sense. You can call it efficiency, or call it doing more with less. But whichever spin you prefer, cloud computing lets you focus on what’s important: your business.

Cloud computing can be used for almost all types of applications, not just business security. While the idea of cloud computing can sometimes seem hard to grasp, it’s clear that it saves its users money – especially SMBs, including small office/home office (SOHO).

 

Plenty of oh-so-clever industry people will tell you what cloud computing is and isn’t. Here’s my simple view: It’s what we used to call software as a service (SaaS), but it’s set up so it’s easy to switch on, simple to expand and contract, and usually has a usage-based pricing model.

Read on to discover why moving to the cloud will save you money in five ways (six, if you’re picky)….

 

1. Fully utilized hardware

Cloud computing brings natural economies of scale. The practicalities of cloud computing mean high utilization and smoothing of the inevitable peaks and troughs in workloads. Your workloads will share server infrastructure with other organizations’ computing needs. This allows the cloud-computing provider to optimize the hardware needs of its data centers, which means lower costs for you.

 

2. Lower power costs

Cloud computing uses less electricity. That’s an inevitable result of the economies of scale I just discussed: Better hardware utilization means more efficient power use. When you run your own data center, your servers won’t be fully-utilized (unless yours is a very unusual organization). Idle servers waste energy. So a cloud service provider can charge you less for energy used than you’re spending in your own data center.

 

3. Lower people costs

Whenever I analyze organizations’ computing costs, the staffing budget is usually the biggest single line item; it often makes up more than half of the total. Why so high? Good IT people are expensive; their salaries, benefits, and other employment costs usually outweigh the costs of hardware and software. And that’s even before you add in the cost of recruiting good staff with the right experience.

When you move to the cloud, some of the money you pay for the service goes to the provider’s staffing costs. But it’s typically a much smaller amount than if you did all that work in-house. Yet again, we have to thank our old friend: economies of scale.

Beastly Servers

Oh beastly server, how I will miss thee and thy constant neediness. No longer will I need to cool you down, swap out your bad memory and reimage your data after the inevitable crash.

I have found a better way to handle all of my applications and storage and – get this – I will never again have to physically touch a server or worry about data loss because my backups are automatic and redundant.

Yes, we are breaking up because I have moved on – to cloud solutions. I understand you’re upset, but please get a hold of yourself – and let go of my leg. It’s embarrassing.

Why use the cloud?

In all eriousness, maintaining a local server farm for small- and medium-sized businesses has traditionally been looked upon with a certain amount of justifiable dread due to the time and expense involved in maintaining hardware, ensuring data redundancy in the event of corruption and putting new servers online when scaling up.

Cloud computing easily handles all of these issues, and its benefits extend beyond simply outsourcing these annoying tasks. In fact, the affordability and stability of cloud solutions are engendering a sea change in how enterprises can milk their data to improve operations in ways that were previously just too costly to consider.

 

The scalability factor

As an example, let’s consider one of the cloud’s main benefits: massive, and nearly instant, scalability. Storing enormous amounts of data live in the cloud allows that information to be creatively used to solve real-world problems.

Consider a case where a business uses artificial intelligence to detect employee theft by identifying transaction anomalies when compared with years of historical data stored in the cloud.

Prior to cloud solutions, this data might have been archived and taken completely offline to make space for new storage. The affordability of cloud storage and the ability to simply order up more of it with a few mouse clicks enables businesses to leverage and explore a robust, active data set that might go back to the first document or transaction ever stored.

Oh yeah, and don’t forget that this is all available for a much lower cost and faster speed than dedicated local servers, which might lack proper load balancing.

 

The world is your office

Another benefit to cloud solutions is the creation of a huge mobile workforce that not only allows workers to operate from all over the world, but also reduces the enterprise’s carbon footprint, thanks to less commuting and reduced power needs.

Using this model, office square footage is greatly reduced as workers access applications and data remotely, and the need for office staples such as desks, computer workstations, phones and kitchen supplies is eliminated.

Cost and environmental benefits not with standing, the cloud-based mobile worker phenomena does present a bit of a headache when it comes to one thing: security.

 

The security issue

The enormous amount of company data and wide variety of endpoints used in the cloud, compounded with the fact that a company’s data is on servers shared with other unrelated businesses, understandably brings to mind security questions and concerns.

The Latest VoIP Solutions

Many SMBs and SOHOs are walking away from their traditional phone companies and moving to the Internet for their telephony needs. In tech jargon, they’re switching from POTS (“plain old telephone service”) to Voice over IP (VoIP, pronounced as one word). Read on to find out what it is, why you should use it, and what to watch out for.

 

VoIP lets you make phone calls over the Internet with a number of advantages over your landline. It gives you low calling rates, especially when making overseas calls; excellent voice quality, rather than the muffled squawk of a traditional phone; and extra features (or easy access to the hard-to-use features you already have).

A phone using VoIP is different from a regular phone; instead of connecting to an analog phone line, it connects to a computer. That computer is usually called a VoIP gateway, and it’s the bridge between the handset and other telephone users.

 

Breaking it Down: VoIP Types

Cloud vs. Local

The gateway connects you to the regular telephone network, or to other VoIP users. Your gateway might be on-site, or it might be a hosted service—“in the cloud”—that you connect to via the Internet.

Running it yourself might be a good option if you have the expertise in-house, but for most people, a service is the simplest and least expensive option.

 

Which System?

Classical VoIP is based on Internet standards like SIP and RTP. The best-known example of a commercial service like this is Vonage; the best-known in-house product is probably the Cisco UCM Suite.

Some newer systems are based on a different standard, called Asterisk. This is a robust, battle-tested system supported by many vendors, including Fonality.

(Normally, you can ignore all this nerdy alphabet soup, but it’s helpful to know which standards your system uses, in case you ever need to know about compatible add-ons.)

No discussion of VoIP software would be complete without mentioning Skype. It’s probably best known as a consumer-focused, free, peer-to-peer service, but the company also offers a service aimed at businesses of all sizes. It’s not just a program you run on your computer; you can also buy dedicated desk phones that work with Skype.

 

Security

One of the advantages of VoIP over regular phone service is the extra security. In the VoIP world, voice scramblers aren’t just the preserve of the military.

It’s similar to working with a secure website, such as your bank. By enabling encryption, you get privacy for your business communication, plus authentication (i.e., protection against call rerouting).

While we’re on the subject of security… remember to stay safe. If your users connect to any Internet services—including VoIP—make sure they’re protected with business-class security.

Also, check with your provider about emergency calling (911 in North America, 112 elsewhere). Some providers do a better job than others of routing your call to the correct dispatcher for your location.