Outsourcing IT (Information Technology)

When in doubt, source IT out.  It’s a big topic, but there are many ways to save time, effort, and money by outsourcing some of all of your IT functions.

Often, organizations staff IT themselves using one of these techniques:

  • The part-time IT person
  • The full-time IT person
  • The IT team

The part-time IT person

Smaller organizations might assign IT tasks to an existing employee; IT becomes an add-on to that employee’s full-time job.  This arrangement might work well initially, but can creates these issues:

  • Insufficient expertise – Your employee does not have enough expertise and makes mistakes that compromise performance, reliability, and/or security.

Not much needs to be said; basic training and certifications are helpful and should be encouraged.  It might help to have an outside look periodically (an IT audit) to see if your employee is heading in the right direction and doing the right things.

  • IT takeover (makeover?) – Your employee becomes enamored with IT and does not spend enough time on their full-time job.

Often the employee spends too much time chasing IT problems; they find the challenges fascinating and spend hours pursuing issues that might be solved faster by asking for help.  (Pride might also play a part.)  This behavior takes them away from their full-time role, which they might not like as much.

It is a fine line; when should I call for help versus getting it done without engaging anyone else.

  • Skill-set range – IT requires several different skill sets:
    • High-end – Plan strategically, define security requirements, etc.
    • Mid-range – Select and support required applications.
    • Low-end – Change toner in a printer, replace a keyboard, etc.

One employee is required to perform low-level tasks, but is also expected to address high-level functions.  At the mid-level, they own organization-specific applications and provide setup, training, and problem resolution.

It is difficult to find someone who can handle the high-level functions, but is willing to do the mid or low-level tasks; conversely, someone only capable of performing the low-level tasks often cannot support the high-level needs.

Ideally, you would have people for each end of the IT-needs spectrum and all things in-between; realistically, you might consider outsourcing various aspects to supplement the skills of your part-time employee.

  • Management – Who is managing this employee?  How do they know if they are doing things correctly?  How can they be sure that the employee can handle both his/her full-time job and the part-time IT job?

The full-time IT person

Investing in a full-time IT employee is considerably better that counting on a part-time person, but some problems linger:

  • Skill-set range
  • Management

This scenario typically works best if the full-time person is high-end enough to plan strategically, but engages and manages outside assistance to deploy and maintain high-impact items like the network infrastructure.  In this fashion, the skill-set range can be supplemented while direct management is provided.  In addition, this person is always onsite to address critical needs immediately (like showing the CEO how to call-up his/her Facebook page.)

The IT team

An IT team is ideal; you can staff it with individuals who have the appropriate technical skills while providing seasoned management to keep everyone focused and productive.  This manager, who might report to a C-level executive, becomes the interface between the organization’s business requirements and their translation to the technical efforts of the team itself.

An IT team is what you get from most IT-service companies; the good ones know how they fit with their clients and have a long-term relationships with these clients.

Questions to ask an IT-service company

When you engage an IT-service company, you should receive an IT team capable of handling most, if not all, of your IT needs.

Some key questions include:

  • Do you offer features and functions that meet the needs of my organization?
  • Can you state your services and their benefits in business-oriented language?
  • Can you demonstrate dependable service at a reasonable cost?
  • Are you certified and trained in the areas you support?

An IT-service company should be a strategic partner, someone capable of guiding your future while supporting your current infrastructure.

 

For more information, please email Info@Bryley.com or call us at 978.562.6077.

Bryley Basics: More of Anna’s Windows 8 tips

Those of you running Windows 8 have probably experienced the new Photosapp, which opens the image in the full-screen, hiding everything else on the screen. It is really inconvenient for me, and I am guessing I am not the only one.  Here’s how to change from the default photo-views application in Windows 8, Photos, back to the Windows 7 version, Photo Viewer:

  1. Once in Desktop Mode go to the Windows Icon winIcon, right-click, and then select Search.
  1. A search bar will open; type Default Programs and then select.

 

  1. Select Set your default programs.

scnShot_1

  1. Select Windows Photo Viewer, select Set this program as default, and then click OK.

scnShot_2

You can use the same procedure to change other default programs.  If there is some type of Windows 8 default application that you are not happy with, this is the place to make those changes.

Did you miss my earlier post on how to boot Windows 8 straight to desktop mode?  If so, check it out here.

Livingstone interviewed by CEOCFO Magazine

Gavin Livingstone, President at Bryley Systems, was interviewed by Lynne Fosse of CEOCFO Magazine, which was published in the 4/28/2014 web-edition.

Registered subscribers can see this in-depth overview of Bryley Systems by logging into the Subscriber Exclusives section at www.CEOCFOMagazine.com.  (The article resides at http://ceocfointerviews.com/CEOCFO-Members/BryleySystems14-CEOCFO-Article4.pdf.)  Or, click the button below to read the article on our website.

[su_button url=”http://www.Bryley.com/wp-content/uploads/2014/05/Bryley-CEOCFO-Interview-4-28-2014.pdf” target=”blank” style=”soft” background=”#cc0c00″ size=”5″]Read The Article Now[/su_button]

 

 

The problem with Heartbleed

Heartbleed is a much-publicized security flaw in the OpenSSL cryptography library; an update to this OpenSSL flaw was published on April 7th, 2014, which was (coincidentally?) the same day that the flaw was disclosed.

OpenSSL runs on secure web servers certified by trusted authorities; it is estimated that about 17% of secure web servers may be vulnerable to an attack based on the Heartbleed flaw, which could compromise the server’s private keys and end-user passwords and cookies.

Fortunately, most organizations with secure web servers have taken steps to identify and fix this flaw.  And, to date, no known exploitations of this flaw have taken place.

Unfortunately, this flaw has been around for over two years and leaves no traces; if exploited, there would be no ready evidence that anything was wrong.

At the moment, there is not much any end-user can do except to logout of any secure web server that has not been patched.  (See http://filippo.io/Heartbleed/, a site created by Italian cryptographer Filippo Valsorda, which claims that it can identify unpatched servers.)

Http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html contains an informative article and video by Jose Pagliery at CNN Money.

Living with Windows XP

Microsoft has officially ended general support of Windows XP, but many have not updated or replaced their Windows XP PCs.  Although we recommend against continuing to use Windows XP, particularly in any Internet-facing role, there are some steps that can be taken to reduce the risk of remaining on this platform.

The easiest, but least practical solution would be to disconnect all Windows XP PCs from the Internet or to limit their access to the Internet.  This step could exclude exposure to outside sources, but reduces the effectiveness of these PCs.

The second-most effective strategy would be to replace older versions of Internet Explorer (IE) with a supported Internet browser; replacing IE with Mozilla Firefox or Google Chrome will reduce, but not eliminate, the risk of using a Windows XP PC to browse the Internet.  (Windows XP originally released with IE 6, but most Windows XP systems are now running version 7 or 8.  The current version of IE is 11.)

Updating to Mozilla’s Firefox is easy:

Please see http://www.zdnet.com/windows-xp-support-ends-survival-tips-to-stay-safe-7000028188/ for more information from Charlie Osborn of ZDNet.  Or, visit http://www.computerworld.com/s/article/9246877/US_CERT_urges_XP_users_to_dump_IE?source=CTWNLE_nlt_pm_2014-03-11 for a similar message from Gregg Keizer of ComputerWorld.

Additional steps to reduce Windows XP risk include:

  • Disable the ability to add new applications to a Windows XP PC
  • Remove administrative rights of all Windows XP users
  • Disable ports and drives on Windows XP PCs

See the article from Toby Wolpe of ZDNet at http://www.zdnet.com/windows-xp-support-end-10-steps-to-cut-security-risks-7000028193/.

98% of mobile-device malware attacking Android (DROID) phones

Worldwide, a significant portion of the population owns and uses a smartphone;  mobile users search Google over 5.9 Billion times daily while over 6 Billion hours of YouTube are watched each month on mobile devices.  (Statistics taken from a presentation by Intel Corporation at the MOBILE World Congress 2014.)

Since most smartphones are based on Google’s Android operating system, these are the primary targets of malicious attacks.  Kaspersky Labs, a prominent anti-virus software manufacturer, reports that 98% of malware targeted at mobile devices attacks Google’s Android (DROID), which confirms “both the popularity of this mobile OS and the vulnerability of its architecture”.

Suggestions for DROID (and other smartphone) owners to suppress malware:

  • Keep your mobile phone updated with the latest patches
  • Deploy an anti-malware application

Visit http://blogs.computerworld.com/mobile-security/23577/98-mobile-malware-targets-android-platform for the entire article by Darlene Storm at ComputerWorld.

Fitness regime for your IT equipment: Keep it clean, cool, and empowered

IT (Information Technology) equipment is somewhat temperamental; it requires reasonable temperatures; stable, uninterrupted power; and some air flow to operate efficiently.  Cleanliness is important.  Here’s how to keep it toned.

IT equipment should be kept in a clean, neat, and (preferably) dust-adverse/static-resistant area; walls with painted surfaces, tiled or coated floors without carpeting, etc.  Fire-suppression equipment is a plus, but cannot be water-based.

Access should be restricted; a separate, locked room is ideal, but a closet with sufficient space and air flow can work for smaller sites.

Dust is the enemy of fans and electrical components; a reduced-dust environment and regular cleaning of equipment fans can lengthen the life of most items.  (Note: cleanings should be performed when equipment is powered-down, which is not always desirable or feasible.)

The area should have dedicated electrical circuits with sufficient amperage to match the power requirements of the equipment.  We also recommend an Uninterruptible Power Supply (UPS) for all critical items (and require them for equipment that we cover under our Comprehensive Support Program); the UPS provides emergency power when the input-power source is unavailable, but it also helps to regulate fluctuations in power, both spikes/surges (voltage overload) and brown-outs (reduction in voltage) that can damage sensitive equipment.

Cooling and humidity control are very important; most equipment runs optimally within a narrow range of temperature (64° to 81° Fahrenheit) and a maximum range of relative humidity of 60%.  HP, in an effort to be “greener”, lists current specifications on its DL360 server that provide a wider range of 50° to 90°F with 10% to 90% humidity (non-condensing).  However, cooler temperatures do make things last longer.  (The DL360 will actually throttle-back the CPU when the air-inlet sensors detect temperatures over 85°F.)

The area should have continuous air flow (to provide new, cool air while removing heated air that is exiting the equipment) and remain uncluttered to facilitate this air flow.  A dedicated A/C unit combined with a closed door is optimal; locating all equipment within a rack enclosure (with blanking panels over open areas) can enhance air flow.

TechAdvisory has 9 tips at http://techtimes.techadvisory.org/2011/11/9-steps-you-must-know-to-prevent-a-server-crash/.

CryptoLocker Case Study

The following event depicts a real-life malware attack that infected a New England manufacturing firm. The company has chosen to share its story anonymously to help other businesses avoid a similar fate.

The unsuspecting sales rep certainly reacted in a way anyone would expect. He received an email with a voicemail attachment that looked like it came from the company CEO. When the CEO calls, reps jump to attention, and at this particular manufacturing firm based in New England, the business relies on a communication system that sends voicemails as email attachments. So the sales rep had no reason to suspect anything was wrong.

As it turns out, something was very wrong.

Click the link below to read the full article.

Bryley — CryptoLocker Remediation — 2013

Bryley Data-Backup Guidelines for 2014

Please note that this document has been depreciated, and a more up to date version can be obtained from our articles page.

Bryley Systems is pleased to present our updated Data Backup Guidelines for 2014.  This free guide is updated annually and includes these topics:

  • The Importance of Backups
  • Backup Technologies
  • Cartridge-Based Backups and Scheduling
  • Backup-Rotation Calendar
  • Backup-Event Log

 

 

Comparing Cloud-based services – Part 2: Storage

Many Cloud-based services fall into one of these categories:

  • Productivity suites – Applications that help you be more productive
  • Storage – Storing, retrieving, and synchronizing files in the Cloud
  • Backup and Recovery – Backing-up data and being able to recover it
  • Prevention – Prevent malware, typically spam and related components
  • Search – Find items from either a holistic or from a specialty perspective

In this issue, we’ll explore popular options within Storage, the highlighted item above, and compare them with one another.

Storage often comes in a free version with separate professional/business (paid) versions that includes advanced features.  The basic premise is that your data is stored in the Cloud – hopefully in a secure manner with sufficient redundancy – is available from any location on any device, and is synchronized between devices.

Most free versions offer these minimum features:

  • At least 2Gb of storage with synchronization across multiple computers
  • Easy access from mobile devices and PCs via downloadable client software
  • Direct access to files through a web browser
  • File sharing with other users

However, you typically must upgrade to a paid version to receive these capabilities:

  • Access control – Define and control who can access what, where, and when
  • Additional storage – Purchase extra storage once your limit is exceeded
  • Auditing – Identify and record what files are stored where and by whom
  • Integration – Integrate with other platforms (i.e.: Active Directory)
  • Security – Enable advanced encryption and security techniques

Popular services (alphabetically) include:

  • Box – 10 Gb free storage with NetSkope’s second-highest rating
  • Dropbox – 2 Gb free storage with over 200 million subscribers
  • Google Drive – 15 Gb free storage shared with Gmail and Google+ Photo
  • SkyDrive – 7 Gb free storage and integrated within Microsoft Office apps

Box

Box (www.Box.com) is a Q3-2013 leader in Forrester’s “File Sync & Share Platforms”.  It offers a free version, but is built for professional use with available integration to Active Directory and LDAP, security with rotating encryption keys, access control, and auditing.

According to Netskope’s review of Cloud-based applications, Box was the second highest-scoring Cloud application, coming in the number two spot on the NetSkope Q3-2013 Cloud Report.  (Please visit Netskope’s http://www.netskope.com/reports-infographics/netskope-cloud-report-q3-2013 for the complete report.)

My take:  Box is the most-comprehensive offering, but a bit more complex due to its advanced features.  It is a serious choice for those that value advanced features (access control, auditing, integration, etc.) and are willing to pay to get them.

Dropbox

With over 200 million users, Dropbox (www.Dropbox.com) claims market leadership.  It is built upon Amazon’s S3 storage and is easy to use.  The free version offers 2 Gb, but there is a professional (Dropbox Pro) version with greater functionality (and storage) and a business version (Dropbox for Business) that offers team collaboration.  All three versions offer synchronization and file-sharing; the help screens are brief, useful, and entertaining.

My take:  Dropbox is the easiest and most-fun to use, but it has the least amount of free storage and its paid plans are a bit more expensive than others.

Google Drive

Google offers Google Drive (www.GoogleDrive.com) as a stand-alone service or bundled within Google Apps.  The free version offers 15 Gb with synchronization among devices and sharing among peers.  It is a no-frills alternative with little glitz, just reliable storage at reasonable cost.  It is the base of Google Apps.

My take:  Google Drive has fewer doodads and the least amount of whimsy, but it is reliable and offers the greatest amount of free storage.

SkyDrive

Microsoft offers its free version of SkyDrive (www.SkyDrive.com) with seven Gb plus an additional three Gb for students.  SkyDrive is an option in newer versions of Microsoft Office and integrates to Facebook, Twitter, LinkedIn, and Bing.  You can also “fetch” files from your base computer via web-browser on a remote computer.

My take:  SkyDrive offers the most for the least, although there is some buzz about slow synchronization between devices.  Its “fetch” feature is unique among these alternatives and its integration within Microsoft Office is a killer feature.