IncTechnology.com > Networks

Tech Talk: Biochem Firm Shares Network

Elizabeth Wasserman — 2009-09-28T14:30:16-05:00

BBC Biochemical, based in Mount Vernon, Wash., is a maker of the stains, reagents, and fixatives used for diagnostic and medical lab testing. The company shares a building and a network and phone system with its sister company, Medical Diagnostic Labs, which collects specimens and performs patient testing. Adrian Biesecker, CEO of BBC, tells IncTechnology.com that a new network and phone system helped the firm better protect patient data while improving customer service and productivity.

Elizabeth Wasserman: What does your firm do?

Adrian Biesecker: We make the stains, reagents, fixatives, and lots of solvents that are used in testing medical samples. If you go to the doctor to get a mole removed, the doctor puts the piece of tissue in a bottle. They bring that bottle to a lab. The lab runs it with different stains and fixatives and other chemicals used to determine an accurate diagnosis. We make the products that improve the accuracy for many different diagnoses -- cancers, tumors, you name it.

Wasserman: Your business is located in the same building as a sister company. How does that work?

Biesecker: I own BBC Biochemical. My Dad owns Medical Diagnostic Labs. They're housed under the same roof. Medical Diagnostic Labs is a clinical lab that runs tissue samples and blood culture. All that data has to stay very secure. , There are lots of regulatory agencies that require patient information held close to the heart. HIPAA [the Health Information Portability and Accountability Act] is one such regulation. With the two businesses being on the same network, we needed to make sure we could share results of how our products performed but not share patient information. Being able to be on the same network but only being able to share parts of information was a challenge.

Wasserman: How did you address that challenge?

Biesecker: We looked at many different options. We looked at many companies but they couldn't provide the solution that Cisco was able to provide, encompassing everything including network, phone, mobility -- all of the great things that we use today. Only one company could come to the table with all the appropriate technology. They were able to separate the information on a network with multiple VLANs to house the phone system across both companies and have it act like separate companies. We have routers here that have VLANs [virtual local area networks] and they keep all the data separate except what we choose to share. We can have multiple networks, subnets on the same router, and you can choose when you want to traverse or cross over to another VLAN. It keeps the information completely separate 24 hours a day until you choose actively to go across the network to get pieces of information that you're allowed to get. We have to have results on our chemicals and how they perform, but we don't want to get patient results. We want to know whether the stain we produced is as strong and intense as it should be. We need to keep that data accurate as far as different lots of product.

Wasserman: What have the results been?

Biesecker: Flawless. We don't have any problems. With regard to BBC, it used to be we had a phone system where you could page or activate a speaker phone on the other end to see if anyone was there. It often took a long time to find someone and pin them down. With this installation we are able to get people quickly. We have a wireless solution so people can take their phone anywhere in the building. Everyone has to have their "Batphone." We have many people who don't just sit at desks and this helps everyone be more productive. It also gave us peace of mind. We don’t have to worry about data leaving the building or leaving the network it's housed on.

Tech Talk: Pipe Supplier Networks Depots

Elizabeth Wasserman — 2009-05-01T15:55:29-05:00

CTAP has been supplying the oil and gas industry drilling in the Rocky Mountain region with tubing products and service for 25 years from its Louisville, Colo. headquarters. Andy Carlson, CTAP's director of IT, tells IncTechnology.com that by centralizing the firm's information environment and networking its storage yards along railroad routes the firm has improved inventory management, billing, and internal communication.

Elizabeth Wasserman: How many storage yards do you manage in your business?

Andy Carlson: CTAP supplies steel tubular products, pipe, and services for the drilling rigs in the Rocky Mountain region. We have our service yards strategically positioned on rail sites, where we can receive, ship, store, manage and service our customers’ needs. The tubing products we work with generally range from 20 feet to 40 feet long and are extremely heavy, requiring loaders and heavy machinery to move. We’re currently at six yards now located in Montana, North Dakota, Wyoming, Utah, and Colorado, and expect growth this year.

Wasserman: What was the issue with communications between the yards?

Carlson: This business has grown by acquiring other businesses and locations over 25 years. As a result, we have very different methods of management, communication and culture in each of these locations. The first task was to be able to standardize our method of inventory management, so we would know how much tubing has come in, how much has gone out, where it's gone and who it's for. Historically, this was accomplished on spread sheets and e-mailed into the corporate office on a weekly basis. We used that to assemble our billing packages for customers, but there was latency issue in the timing of the bills and the fact that we had no auditing trial at all. The communication of inventory information was not part of an efficient process and did not leverage available technology.

Wasserman: What did you do?

Carlson: I started at CTAP a year ago, and the first priority was to create a perpetual inventory management system. We needed a centralized information application and a centralized information environment. Given that I was the only IT person at that time, I needed a cloud based solution, and the expertise to design, build and implement it fast. I chose 3T Systems because they provided both of those services, and had worked well with them in the past. We developed our network environment based on Citrix. It allowed all of us including main office and yards to communicate on the same platform, through e-mail, file sharing, and application sharing. Today, we use the same working environment and we've been able to be consistent in the way we work. The second thing we did with 3T was to develop an inventory management application specific to when the product comes in and out of the yards. It's a perpetual inventory management system so we can bill faster and have accuracy in terms of reporting, both internally and back to our customers. Our customers were asking questions such as, 'How much of our tubing do you have at the Montana yard?' It would literally take three days to figure out. Someone would have to go out and count and report back. The spreadsheet would need to be re-keyed in, then adjusted for any last minute inventory level changes. Today, any one of us can get that information in 10 seconds. Shortly, customers will be able to get that information on demand through our customer portal.

Wasserman: What are the improvements that you've noticed?

Carlson: It's revolutionized the way we communicate, forecast and implement decisions. It’s contributed to our profitability in that we are able to assemble billing packages much more quickly. It’s allowed our management team to monitor the inventory levels from a macro level, and respond to new business accordingly. It’s allowed our sales team to monitor the inventory levels at the micro level, and respond to customer inquiries in real-time. It's reduced a lot of errors and inefficiencies. Finally, we now have a competitive advantage over other businesses that provide similar services because of our information system. That's a big improvement for our customers because sometimes we store some of their inventory, and the confidence they gain in our processes They like to know how much of their inventory is in our yards at any given time, and they now have the tools to get that information a lot quicker than they use to.

Tech Talk: Cafeteria Chain Streamlines with VPN

Elizabeth Wasserman — 2009-03-05T15:19:13-05:00

K&W Cafeterias, a chain of 33 cafeteria-style restaurants based in Winston-Salem, N.C., has been operating for nearly 71 years with a paper-based system for ordering food and other supplies. Tom Hutchens, senior PC/network support technician, tells IncTechnology.com that secure virtual private network (VPN) technology enabled each cafeteria to place orders directly into the company's purchasing database.

Elizabeth Wasserman: How does a chain of cafeterias use information technology?

Tom Hutchens: Within the cafeteria, we do a lot of work with point of sale hardware and software. We have networks both internal at the stores, internal at the home office, and a wide area network encompassing the stores and home office. We have security surveillance systems in the stores and real-time reporting on sales and item counts.

Wasserman: What led you to install VPN technology?

Hutchens: The reason we turned to VPN was we wanted our stores to be able to place orders to our suppliers pretty much directly into our database without having to call up like in the old days. Each store used to have to call up to the purchasing department or do a paper order and fax that in. The purchasing department would then have to key those in to our IBM AS400 database server, which holds all of our accounting databases. We wanted to get rid of having to use paper and we wanted to streamline our ordering system. The only way we could do that is to let stores input orders into the system directly.

In about half of our stores, we also have a closed circuit TV system, CCTV. It's a digital-based DVR system that basically means you have a bunch of cameras and they record onto a hard drive and then you're able to save a great quantity of data. It's larger than video tapes or CDs. It has a Web interface on the back end and you can go into each one in each store and see what's going on in the store. We can do this from home or the office. We log in to our VPN and go to each store to track incidents and accidents.

Wasserman: What did you decide to do?

Hutchens: The way we figured it would work best was to use VPN so that our stores could connect to the K&W network. For the cost, that was the best technology and, we're finding today that it's still the best way to continue to do our ordering. We turned to a local company, Secure Design, which does all of our managed services work, for the VPN service.

Wasserman: What have the results been?

Hutchens: It's been great for us. The orders now come in over the computer. The time involved as far as ordering everything has been greatly reduced. We don't have to worry about having someone keying in anything anymore. We's been able to cut down on paper and on work hours at the store levels. Our purchasing department is only a two-person department. Most of their time now, where an order is concerned, is spent fixing mistakes -- you know when someone with a fat finger puts in a wrong number. It's definitely cut down on the time it takes to get these orders done. It's cut down on mistakes and misreads. And it's cut down on a lot of theft and insurance claims. Through the security systems, we can catch accidents that happen or catch people stealing from us. It's paid for itself.

Tech Talk: Restaurant Automates Processes

Elizabeth Wasserman — 2009-02-17T12:46:46-05:00

BJ's Restaurant and Brewhouse, a restaurant chain based in Huntington Beach, Calif. opened in 1978 with one restaurant but has grown rapidly and now has 82 restaurants scattered throughout the South, Southwest and Midwest. Brian Pearson, vice president of information services, tells IncTechnology.com that a network automation server helped the restaurant change menu prices across the company in 15 minutes – as opposed to six hours.

Elizabeth Wasserman: What type of IT services do you provide to restaurants in your chain?

Brian Pearson: When I arrived here about five years ago, we had 28 restaurants. Our growth has been pretty dramatic since then. We have a management team here that has a fundamental belief in the ability of technology to accelerate your business practices. We look for every opportunity to accelerate things with the use of technology. In the restaurants, we have a point of sale system and a kitchen display system, which is kind of the point of sale system in the back of the house. Instead of the kitchen receiving a ticket on a printer, we send them information on touch screens and do what's called coursing, which is a more efficient way for each section of the kitchen to receive orders. We also have a table management system. There are two major components -- there is this computer up at the host stand with the floor layout, and the other big component is integrated with other IT systems. One of the jobs of the host is to roam around the floor and give updates on the table status, whether they are empty or dirty or whether someone has their check.

Wasserman: When you started with BJ's, were you able to perform business processes across the chain?

Pearson: We were running each restaurant as an individual. Any time we wanted to update a price on the menu, we had to dial in using remote software to each individual restaurant for every activity we were performing. Let's say we had to do it 28 times. There is no scale in that model. You can't take the business beyond 25 or 30 restaurants before seeing an impact on general and administrative overhead.

Wasserman: So what did you decide to do?

Pearson: One of my mandates going forward was to make this a scalable environment. The new management sees this as being a 300-plus unit chain. When you're given that mandate and you only have 28 restaurants, that's a pretty big job. We set out looking at automated tool sets. Several companies had similar tool sets that provide some measure of automation, but nothing that would allow me to change it as our needs changed. We tried half a dozen products. We came across Network Automation’s BPA Server and were blown away immediately by how versatile it was. It has its fingers in everything we do from a technology standpoint. Today we have over 200 tasks, we use to execute everything from the installation of a new system to changing prices on the menu, to grabbing the day's sale and labor figures.

Wasserman: What have the results been?

Pearson: We can do more with fewer people. I would estimate that it's probably saved us by doing the jobs of five people, although it could be more than that. You're automating this activity hundreds of times, where before you had to do it each time individually. I don't know if you remember, when the "I love you" virus hit, we had to shut down a service on every one of our computers companywide. That was 17 terminals per restaurant and 100 computes at the main office. Inside of 15 minutes we had written the code and deployed it companywide. It took me at one point six hours to change all the menu prices companywide. That was when we only had 28 restaurants. Now it takes us 15 minutes.

Keys to Improving Network Fraud Protection

Kim Boatman — 2009-01-27T10:25:03-05:00

Security was little more than an afterthought for the original designers of the Internet. Networks were either cordoned off, private and secure, or fully open to the public. But network security is a critical concern for businesses these days. IT managers and, in smaller businesses, the owners themselves must balance access and functionality against reliability and the need to safeguard data.

Taking time to prioritize your network security needs and understanding best practices to ward off threats is essential. For most IT managers, the approach involves both technology and employees.

The technology

There are several smart steps IT managers can take, say experts. These will minimize your network risks:

Configure your firewall or hire someone else to do so. Most small businesses run the firewall set just as it came from the factory, and most firewalls are set to let everything go out, says Luke Walling, founder of North Carolina-based Walling Data, an IT outsourcing, management and support firm. Make sure your firewall limits attempts to connect to suspect service ports. Also, says Walling, consider an additional stand-alone device, such as those manufactured by Cymphonix, to filter content and block attempts to bypass your firewall.
Protect in depth. It’s not enough to protect at the network level. Make sure each workstation is also protected against spyware, malware and viruses.
Understand your limitations. Frequently, small businesses don’t maintain security software, says Michael Davis, CEO of Savid Technologies, a security consulting company in suburban Chicago. “Pick a technology that is auto-updated or easily and inexpensively updated.”
Run a separate network. Consider segregating sensitive data on a network that has no connections to the outside world.
Use effective logging data. Log management doesn’t have to be a headache for small to medium businesses, says Davis. For instance, Splunk is a free open source management tool handling limited amounts of data each day. “It can help you when you have an actual incident,’’ Davis says.
Manage portable devices. Lost laptops, USB drives, and other portable devices comprise one of the biggest security threats today. Using encryption for portable devices and even limiting USB capability on workstations can minimize threats. Some government agencies go so far as to place epoxy in the USB ports on computers.

The human factor

Black Monday, the Monday after Thanksgiving noted for an explosion in cyber sales, got its name for good reason. Before the widespread advent of fast, home Internet connections, employees returned to work and shopped at will on their workstation computers. Employees don’t often recognize boundaries and limitations when it comes to workplace computer use, says Walling. “The typical person walks into work and uses the computer just as they would at home,’’ Walling says. “The biggest single hindrance is any single business is the fact that people don’t understand what they’re doing could be a threat.”

Managing the human factor takes a four-pronged approach, say experts.

Define limitations. “The balance between functionality and security is constantly getting worse as the number of things people want to do with their computer increases,’’ says Paul Kocher, president of Cryptography Research, a San Francisco-based data security firm. “Are users allowed to be able to go to any website they want? Watch YouTube during the day? Should users have any access to the Internet during the day?” Define an acceptable use policy, a step most small businesses don’t take, says Walling.
Educate employees. Firewalls work, says Davis. Most threats to your network security will come at your employees’ workstations, as they download that funny video or screensaver or click on that url in an email. Attacks are so slick these days that even sophisticated users can be easily fooled, points out Davis. He cites the example of a supposed draft of an earning announcement supposedly sent from the CEO of a large corporation to company executives. The e-mail included a Powerpoint presentation using the corporate template, but it was fictitious. When executives opened the attachment, the company network was compromised.
Communicate regularly. Have a personable IT employee who regularly makes the rounds, talking with employees about issues that arise and noting their security practices, says Kocher. If your company isn’t big enough for a dedicated IT staff, make sure you’re modeling good security practices. Often, says Kocher, senior management personnel are the most difficult to convince when it comes to taking precautions. Executives want immediacy and convenience and may not think about the potential consequences.
Test and review. Develop a survey about best security practices and have employees take the survey at least once a year, suggests Davis. Follow through on incorrect responses.

The good news is attacks on small andmid-sized businesses are usually an afterthought. Directed attacks are usually aimed at bigger prey, such as large corporations. Your greatest vulnerability lies in your employees. “Most of the time, it’s literally an employee doing something they shouldn’t do,’’ says Davis.

A Network Tune Up for Tough Times

Mary O. Foley — 2008-10-28T16:38:04-05:00

The U.S. economy may be tanking, but Lilli Wiggins is as busy as she’s ever been.

Wiggins, the vice president and customer care manager of Gainsville, Fla.-based Computer Network Experts, is taking in more business than ever. Small and mid-sized businesses are flocking to the nine-employee IT solutions company to find ways to make their existing network equipment and systems last longer.

“Usually, when equipment gets to a certain age… about four years out, you’re on the edge, and thinking you’ll buy something new. Most people right now, though, are fixing rather than buying new. They’re not throwing anything out,” notes Wiggins, whose best customers are companies with fewer than 50 employees.

October’s grim news of the housing market’s collapse sent stocks tumbling around the globe, creating recession woes and a credit crunch that’s making banks leery of lending to any but their best customers. Faced with the prospects of less available capital and fewer sales, businesses big and small are holding off on many major outlays, experts say. In a mid-October report, Cambridge, Mass.-based Forrester Research forecast that computer and communications vendors will “bear the brunt of IT cost-cutting” as companies tighten their belts.

How to make your networks last

But just how can businesses make their networks last longer? The experts offer these five suggestions:

Be proactive. Smart companies are taking a look at their networks now to make any fixes so that crucial systems don’t fail, says Wiggins. Clean out the hard drive and take care of any basic maintenance. “In this economy, people can’t afford to have a crash,” says Wiggins.
Keep malware and spyware up to date. Yes, it’s basic, but so important, and many companies forget to keep things updated, says Wiggins. For companies lacking the staff or know-how, hosted spyware solutions are offered by MessageLabs, Cisco’s Linksys, and others.
Keep close tabs on Internet use. Hammer down those inter-office and remote-worker policies about Internet use, and make sure employees aren’t downloading freebies onto the network. “There’s a fine line between open-source and free, and people are still downloading things that carry viruses and malware. It’s a quandary for many businesses,” says Wiggins.
Schedule a check-up. Consider bringing in a consultant to independently review your networks and make sure there isn’t something you’ve overlooked in terms of maintenance.
Consider upgrades. Adding memory, adding CPUs, or switches may be a good option for some companies wanting to use what they’ve got for a while longer, notes Jennifer VanDerHorst-Larson, CEO of Minnetonka, Minn.-based Vibrant Technologies, a business-to-business IT reseller that offers technical support. Consider buying them from a reputable reseller: by buying used, companies can save 50-80 percent on quality parts, says Larson.

CNE’s Wiggins notes that most of these suggestions “are just common sense.” But in this tough economy, common sense is something few can afford to be without.

Network Defense: Intrusion Prevention Systems

Michelle V. Rafter — 2008-10-01T14:44:40-05:00

Here’s a quick network security quiz: When it comes to detecting and stopping IT threats, is it better to position intrusion prevention systems:

On the network
At particularly important devices on the network
All of the above

For small businesses, the correct answer is “All of the above,” according to IT security specialists, who say more small businesses are figuring that out and installing IPS accordingly.

Network intrusion prevention systems (IPS) are hardware appliances that sit on a company’s intranet to inspect incoming Internet traffic and block anything malicious, be it a worm, virus, or spyware. IPS can also block attacks that originate inside an intranet. IPS complements firewalls, anti-virus software, and other security measures small businesses take to keep their networks safe, says Elisa Lippincott, a spokeswoman for TippingPoint, an Austin, Texas, IPS maker. “We have some customers using our box to protect their firewall,” Lippincott says.

By contrast, host IPS works at the device level, doing its job from inside a server, desktop or other machine attached to a network.

Although large companies have long relied on IPS for network security, more small businesses are starting to use it. They’re being propelled by technical upgrades that prevent the false alarms that previously dogged the appliances, as well as other improvements, such as behavior-based IPS that looks for traffic patterns that could signal an attack, according to security industry sources.

Small and mid-sized businesses are also being pushed to using IPS by industry regulations that require it, such as the PCI Security Standards Council’s Data Security Standard, security measures any company that processes credit card payments have to follow, according to security industry sources. An updated version of the council’s standard is expected to debut this month. “We’ve seen tremendous interest down market driven by PCI” standards, says Michele Perry, chief marketing officer at Sourcefire, a Columbia, Md., network IPS vendor.

Depending on the size of the business, small companies either buy and set up IPS themselves, or subscribe to it as an add on from their firewall vendor. They can also purchase it from a regional or national managed security services provider (MSSP) such as or Clone Systems, or from a business broadband carrier such as Verizon Business.

Network IPS and host IPS

Which ever way they go, small businesses should consider using both network and host IPS. Network IPS should come first because it casts the widest net, says Greg Young, research vice president with Gartner, the Stamford, Conn., technology researcher. With network IPS, if a virus is detected, the system will block traffic long enough to allow IT staff to make sure anti-virus software is up-to-date on individual workstations, says Lippincott, the TippingPoint spokeswoman. Another advantage of network IPS: since it’s installed on the network it doesn’t slow down individual devices’ computing speed the way host-based IPS could, Lippincott says.

However, host IPS is a smart option for machines where critical information is stored, or for devices that have to reside outside a company’s firewall, such as servers used to handle online credit-card transactions. Host IPS is the only way to protect devices like laptops that leave the network, says Sean Martin, a vice president at SkyRecon Systems, a French maker of host IPS solutions. Host IPS also makes sense in situations where a company can’t put new devices on a network but can change what’s on a server, Gartner’s Young says. But put it on the network first, he says. “Threats come through the network first so stop them there first.”

IPS prices range from free open source products such as Snort, which has been downloaded 3 million times, to tens of thousands of dollars for applications for mid-sized businesses running multiple Internet traffic-intensive applications for hundreds of users. Or companies can pay by the month or annually for IPS from a MSSP or other third party.

Whether it’s network-based or host-based, small businesses need IPS, maybe even more than larger companies, Young says. “Worms don’t discriminate.”

Sidebar: Intrusion Prevention Systems for Small Businesses

The following vendors offer network or host IPS for small businesses as stand-alone products or part of a multifunction security solution:

Check Point Software Technologies -- The UTM-1 product line includes firewall, VPN, IPS, gateway antivirus, anti-spam, URL filtering, and IM and peer-to-peer blocking and is marketed primarily to the top end of mid-sized companies and branch offices of large companies.
Cisco ASA Advanced Inspection and Prevention Module -- An IPS hardware appliance for Cisco routers. According to Gartner’s June 2008 report on multifunction firewalls for small and mid-sized businesses, Cisco has struggled to adapt enterprise-scale hardware to small businesses, but the report says a long-term road map for an improved small business console "is encouraging.”
Fortinet -- A multifunction firewall appliance with antivirus, anti-spam, URL filtering, and IPS services offered by annual subscription after the first year.
Secure Computing SnapGear -- A multifunction network security device for small and mid-sized businesses. In late September, Secure Computing agreed to merge with McAfee, which offers the McAfee Network Security Platform.
http://www.skyrecon.com/>SkyRecon Systems -- Offers host IPS as part of a unified endpoint security solution.
SonicWall -- The multifunction network device maker offers IPS as an add-on to its TZ series for small and mid-sized businesses.
Sourcefire -- The commercial version of a pioneering open-source network IPS created by programmer Martin Roesch in 1998. “Snort is the engine and Sourcefire is the whole car put together,” says Perry, Sourcefire’s chief marketing officer.
TippingPoint -- Offers a behavior-based network IPS hardware appliance.
WatchGuard Technologies -- Offers a subscription antivirus, IPS service for its X Core E-Series multifunction network security devices for small and mid-sized businesses.

Tech Talk: Telco Thrives with Network Management

Elizabeth Wasserman — 2008-09-25T14:15:51-05:00

TMC Communications, of Santa Barbara, Calif, resells telecommunications services such as phone, voice over Internet protocol, data and other enhanced services mostly to business customers. The business, which has 45 employees, including several who work remotely, found that it could best control its internal use of bandwidth – and avoid the cost of adding bandwidth – by deploying an application delivery system, IT director Alan Nafziger tells IncTechnology.com.

Elizabeth Wasserman: What type of problems were you trying to solve by deploying a network management solution?

Alan Nafziger: We move a lot of data around. Being a telecom reseller, we do a lot of billing and we get a lot of data from carriers and have to process that data. We also do a lot of backup. We have a hot standby database at Rackspace for disaster recovery, so we are continually transferring Oracle files to the backup database in case of an earthquake, a fire, or what not. We have a nice, bonded T1 circuit with a 3 Meg pipe that we are able to fully utilize. We also run our own Web services and have people who work offsite and connect through a remote desktop VPN into our network. As soon as we deployed Rackspace for disaster recovery, we had issues with our remote people. They reported slow, intermittent service. Basically, the network was choking off the remote applications.

Wasserman: What did you decide to do?

Nafziger: We were reselling a product from Streamcore and, in the process, we realized that the product was practical for us to use. It lets you see exactly what's going on with the network at an application level. It's different than just shoving traffic through the network. You can see what's going on at a granular level – which applications are taking up bandwidth. If someone calls in and says the website is slow, I can look and see if it is a network problem or an application problem. It enables me to be much more intelligent in terms of where we put our resources and in terms of troubleshooting.

Wasserman: How did this help you with your remote workers?

Nafziger: We have a handful of people who work from remote locations. One guy works in Thailand and every night at 1 a.m. he was kicked off our network or reported things being slow. Since we're a telecom reseller, we get all call detail records come in over night. We get all these FTP downloads between midnight and 2 a.m. But as soon as we put in the solution and turned on the optimization feature, we could prioritize which application gets bandwidth at any time. It not only tells you what's going on but helps you control it. Anyone can look outside and see what the weather is doing, but can they control it? This allows you to assign a higher priority to traffic moving in an interactive way, such as voice over IP, any real time protocol traffic, Web conferencing, audio visual streaming, and so on. In our situation, we have a remote desktop protocol, a Citrix or RDP session that we don't want to be interrupted.

Wasserman: What have the results been?

Nafziger: I haven't heard from him since regarding those complaints. We're not getting as many complaints in general and I'm also able to give the websites that our agents sign into a higher priority than the file transfers. The results are that I get a maximum use of my bandwidth. If the bandwidth is available, and there are no remote sessions, those file transfers get to take up the whole pipe. The result is a more efficient use of my network. I could have added more bandwidth to solve the problem and our remote employees still would have been choked out. This is a more intelligent way to address the situation. I don’t have to buy another circuit or a single, dedicated circuit to do all file transfers. It's plenty of bandwidth if it's managed properly. People that throw bandwidth at a problem without understanding the applications running over the circuit are really doing themselves a disservice. They're attacking the symptom, not the problem.

Providing a Safety Net for Confidential Data

Michelle V. Rafter — 2008-07-30T11:40:42-05:00

No company is an island.

Today, even the smallest enterprise hands over back-office functions to outsiders, interacts with suppliers and clients through joint supply-chain management systems or uses software applications that live on the Internet.

As a consequence of this interconnected style of doing business, companies are at greater risk of having confidential information spill into the outside world, either accidentally or through some form of data theft. “We’re seeing a growing number of instances where contractor personnel are being bribed to steal” data from their clients, warns Jay Heiser, a research vice president with Gartner, the IT research and consulting firm, who recently wrote a report on data security.

It is possible for companies to simultaneously share data with business partners and safeguard it from falling into the wrong hands, according to Heiser and other security industry experts. To do it, they recommend that companies create a data-security policy, use software or hardware appropriate to a particular situation and require any outside party that’s privy to sensitive company information to sign a non-disclosure or other types of contracts.

Before a company so much as transfers a file, managers need a data-security plan to chart how they’ll handle sensitive information, security experts say. According to Javed Ikbal, principal with zSquad, a Boston IT security consulting firm, such a policy should include:

What company information is confidential, how that material is labeled, where it’s stored and who has access to it
What company information can be shared with which third parties and under what circumstances
Familiarizing all employees with data security policies, through written materials, education sessions or both
How data security policies will be monitored

In creating data security policies, companies have to weigh the cost of putting systems in place against the value of the data, Ikbal says. If something’s worth $10 “you don’t put a $10 lock on it, that doesn’t make sense,” he says, but if the price is information is high “you take reasonable measures” to keep it safe.

Controlling access to corporate documents

When a company sends a business partner an e-mail or file, it gives the partner implicit permission to copy, forward or otherwise use the information as the partner sees fit, even if the material was originally encrypted, according to Heiser, the Gartner analyst. While that’s acceptable in many circumstances, in others a company may want to share information but restrict what a partner can do with it. According to Heiser, there are several basic methods of doing this, or what security experts refer to as mandatory access controls. They are:

Digital Rights Management -- Standard encryption allows the recipient of an encrypted file to use the same key to unlock it over and over again. Digital right management from Microsoft and other vendors is an extra-strength form of encryption that requires a recipient to request a new key each time they want to open the same file. Digital rights management is useful for companies that publish things like price lists that may need to be updated often, Heiser says.
Secure ICA -- This proprietary, heavy-duty encryption technology from Citrixlets a company put a secure version of an application on the Web where a contractor, outsourcer or other business partner can access it remotely.
Virtual machines -- Secure virtual machine technology such as VMware ACE, Moka or Sentillion's vThere allows a company to create a software-based virtual computer within a physical desktop machine or laptop. A company can load a virtual machine on a CD or memory stick and give it to a contractor or business partner so they can access applications or files they need but not to the company’s entire intranet or database, Heiser explains. “But if administration doesn’t want a contractor to copy information from that environment to their laptop they can’t,” he says.
Web-based secure portals -- Heiser recommends BoardVantage, a proprietary, Web-based, secure portal for companies that need to share highly sensitive or regulated information, such as quarterly financial reports, with an outside board of directors. Information and communications between users gets funneled through a secure “vault” on the Web so there’s no chance for sensitive data to get copied or leak out of an email, Heiser says.

Companies need to back up policies and technology with contracts that spell out the penalties a business partner would incur for breaching any part of the agreement. Contracts can’t physically prevent things from happening “but they provide the incentives for someone to do what you want them to,” Heiser says.

Protect Your Network from Users

Minda Zetlin — 2008-07-30T11:32:54-05:00

A small technology provider installed a T1 and shared it with two other small companies in the same building. One of these was a real estate office that began experiencing network problems.

"Fortunately, there was a guy there who had a background in IT," recalls Danny Nickason, who managed technology for the provider in a previous job, and is now IT director for Genesis Physicians Group. "He told me they were getting heavy pinging, about 25,000 a second, and gave me the IP address it was coming from."

Devices on a network use "pings" to check the connection to other devices, but viruses can also use them to overload a network. Nickason checked the IP address, which came from a wireless system his company used for demos. He shut down the server in question, and the pings immediately increased to 1 million per second. "It brought both our network and their network down," he says. "We were hosting eight or nine websites for our clients, and those went down as well."

Nickason investigated further, and discovered the problem originated with the computer a new employee was using. He began by disconnecting the offending computer, which immediately returned both networks to normal. Next, he tried a virus scan on the computer, and encountered a file that wouldn't let him complete the scan. The file was located in the computer's "My Music" directory -- the result of downloading infected music files. Because of this activity, Nickason notes, "That employee cost several companies money. We had to send apologies to both the companies using our T1 line, and to our clients whose sites went down."

Inviting the vampire in

When asked how a network became infected with a virus, Nickason once replied, "The vampire gets in if you invite him in. If you don't invite him in, he stays out." This is a major issue in security, where most problems begin with someone downloading an infected file, browsing to an infected site, or leaving a computer unprotected.

"Computers come configured to do just about anything," notes David Rice, author of the new book Geekonomics: The Real Cost of Insecure Software (Addison Wesley 2007). "So you're starting out behind the eight ball, as far as security is concerned."

How can you improve those odds? Consider these steps:

1. Invest in educating users. "Employees do stupid things, and attackers are out there trying to trick them," Rice says. "So making them aware of the dangers is probably the biggest bang for the security buck."

Frequent communication is essential, Nickason adds. "I see too many IT departments hide in a room, waiting to react to problems," he says. "I'm very vocal, constantly reminding them about security. If there are updates, I make sure to advise everyone to reboot their computers, and leave them running that night. I let them know not to open attachments, even from someone they know, unless it's something they're expecting."

Communication also helps build trust. For instance, Nickason reports, suspect e-mail is quarantined until he can look at it and make sure it's virus-free. Employees could override the quarantine if they so chose -- but they never do because they understand the risks.

2. Create an acceptable-use policy. "Some companies say that you can't make personal phone calls, but they let employees use their computers any way they want," Rice notes. In one case, he says, he found an employee running a "home-based" business entirely on an employer's computer.

"Most companies have very lightweight acceptable-use policies, if they have them at all," he says. "You need to have the mindset that the equipment belongs to the company, and should be used only for company business. If you start from there, it's much easier to influence user behavior."

3. Don't assume all users have identical access needs. "Knowledge workers need more Internet access than someone in the mailroom assembling components to ship," says Adam Hils, primary research analyst specializing small and mid-sized businesses for Gartner. "Yet many IT departments set the same profile for everyone, so they all wind up with the same access. If you have 100 people in your company, and you give all 100 the same access, but only 50 actually use it for their jobs, you've doubled your security exposure unnecessarily."

4. Don't prevent people from doing their work. "Your users are higher-order problem-solving primates," Rice notes. "And they're trying to get their jobs done. So if you prohibit something, make sure they have another path to doing what they need to." Otherwise, he says, they're likely to look for workarounds that may create worse security problems than the one you solved.

5. Accept that mistakes will be made. Ultimately, even the best-educated users will eventually make a security mistake, so make sure your firewall, antivirus, and spyware filtering are as robust as you can make them. Dirk Morris, CTO and founder of the security gateway Untangle notes that, while purchasing software recently, he himself did an Internet search for a discount coupon, downloaded it, and would have given the company a virus had it not been protected with its own product.

"You can educate a lot, and it will make a big difference, but it won't solve everything," he says. "There are too many ways even a perfectly well-informed user can still do something harmful."