Clients      Employees

February 26, 2014

No Comments

Ignoring Microsoft End-of-Support Deadlines Is a Major Gamble


Continuing to use Microsoft XP and Office 2003 after April 8 is kind of like driving at night without using your headlights or your seatbelt. You may get where you need to go if you’re lucky, but it’s only a matter of time before disaster strikes. Is it worth the risk?

With the end-of-support deadline quickly approaching for these popular Microsoft products, a recent study of more than 1,000 predominantly midsize organizations found that 77 percent are still using XP and 60 percent don’t expect to upgrade by April 8. These organizations will quickly become prime targets of hackers.

Zero-day exploits are capable of identifying and exploiting vulnerabilities in your network on the same day. Are your antivirus software and IT manager capable of preventing such threats? You better hope so, because critical security updates and patches from Microsoft won’t be released after April 8. Security software is best utilized when combined with updates and patches from Microsoft.

In addition to security concerns, organizations that are subject to industry regulations are likely to face compliance issues if they don’t upgrade by April 8. For example, healthcare organizations and medical facilities that are required to ensure the privacy of patient medical records will not be HIPAA (Health Insurance Portability and Accountability Act) compliant if they’re using XP.

Similarly, the Model Rules of Professional Conduct, a set of rules that addresses ethical obligations of attorneys, state that an attorney must act competently to protect sensitive information used to represent a client. If a security breach occurs, the use of unsupported technology despite public warnings from the developer would be difficult for even the most skilled attorney to defend.

Attorneys can even be held responsible for technology used to store and transfer data by staff, vendors and clients outside of the office – not just Windows XP and Office 2003, but also Small Business Server 2003, Exchange Server 2003 and SharePoint Portal Server 2003. All of these products will reach end-of-support deadlines on April 8.

Many organizations that still have no plan to migrate away from XP may have been relieved to hear Microsoft’s recent announcement that it will continue to provide updates to its antimalware signatures and engine through July 14, 2015. For enterprise customers, this includes System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune.

However, this is an incomplete solution. Microsoft has made it clear that the effectiveness of antimalware solutions on unsupported operating systems such as XP is limited. Utilizing modern hardware and software is critical to preventing security breaches and maintaining regulatory compliance.

You have a number of options for migration, but time is running out. To avoid the risk of using unsupported technology, let ICG help you put a migration plan into action that suits the needs of your organization.

February 21, 2014

No Comments

Data De-Duplication Is No Longer Just for Backup


If a document is emailed to 500 people within your organization, do you think it makes more sense to store all 500 copies of that document… or just one?

Data de-duplication eliminates copies of data so storage space isn’t wasted with multiple instances of the same data. Using the above example, only one copy of the document would be stored instead of 500. The remaining 499 documents would be replaced with a pointer to the single stored document.

Traditionally utilized as part of backup and archival processes, the removal of redundant data can reduce the amount of data needing to be backed up by 90 percent or more. Because significantly less data is transmitted for remote backup and disaster recovery purposes, bandwidth requirements also drop by up to 99 percent. By conserving storage capacity and bandwidth, data de-duplication enables organizations to reduce storage costs and recover data faster.

While the benefits are significant, data de-duplication hasn’t been widely used in primary storage, which houses data in active use. This has been largely due to performance issues and data integrity concerns. Also, far more redundant data was eliminated during the backup process, so data de-duplication solutions focused on that tier of storage.

However, thanks to evolving data center technology, primary storage data de-duplication is likely to produce more business value today than it might have five years ago. Increasingly virtualized environments are producing more redundant data, while cloud storage requires smaller volumes of data in order to transfer data efficiently. At the same time, performance issues associated with data de-duplication can be negated by flash storage, which is much faster – and more expensive – than traditional disk and tape storage.

In a virtualized environment, most data originates in primary storage and is distributed to other storage tiers. Consequently, using data de-duplication to improve primary storage efficiency and optimization can produce significant downstream cost savings across the entire storage infrastructure.

A stronger business case for primary storage de-duplication has led more vendors to offer such solutions. For example, data de-duplication is built into Microsoft Windows Server 2012 R2 for primary storage. Administrators can minimize performance issues by scheduling data de-duplication jobs at specific times and configuring policies to control which files should be processed. Microsoft’s data de-duplication feature promises to provide data integrity, bandwidth efficiency and faster download times.

Let ICG assess the storage requirements of your network and help you determine how your organization could benefit by implementing a data de-duplication solution for backup, primary storage or both.

February 12, 2014

No Comments

What You Need to Know about Migrating to Windows Server 2012 R2


In a previous post, we warned you of the impending end-of-support deadlines for some of Microsoft’s most popular desktop and server products. After April 8, 2014, users of Windows XP SP3, Office 2003, Small Business Server 2003, Exchange Server 2003 and SharePoint Portal Server 2003 will no longer receive security patches and updates from Microsoft. These organizations may also face regulatory compliance issues.

For organizations that are still using these products, migration to another platform is critical. But even if you’re running a newer Microsoft Server product, it’s worth considering an upgrade.

Microsoft has streamlined Windows Server options by retiring Windows Small Business Server and Windows Home Server and offering just four editions of Windows Server 2012 R2. The features are basically the same across all editions, each of which is capable of supporting a different number of users. Here are the four editions:

  • Datacenter is intended for enterprises that utilize highly virtualized environments with a private or hybrid cloud.
  • Standard is intended for midsize organizations that utilize non-virtualized or moderately virtualized environments.
  • Essentials is intended for small businesses with up to 25 users running on servers with up to two processors. This edition replaces Small Business Server and Home Server. Office 365, a cloud-based version of Office, can be integrated to provide users with anytime, anywhere access to email, collaboration tools and popular Office programs such as Word, Excel and PowerPoint.
  • Foundation is intended for small business with up to 15 users running on single-processor servers. This edition is preinstalled on hardware and through original equipment manufacturers.

Organizations of all sizes should be excited about a number of new features and benefits delivered by Windows Server 2012 R2. Here are just a few of the highlights:

Simplified Licensing: Fewer editions mean less-complex licensing, which makes it easier to determine the true cost of Windows Server 2012 R2. Datacenter and Standard licensing is based on processors plus the Microsoft Client Access License (CAL), while Essentials and Foundation licensing is based on servers and user limits.

Data Deduplication. Now part of the core Windows Server 2012 R2 operating system, data deduplication eliminates identical copies of data to reduce redundant space by up to 90 percent. It also helps you avoid wasting time with unnecessary backups and conserve bandwidth.

More Flexible, Reliable Storage. An alternative to public cloud storage and network storage options, Storage Spaces enables organizations to create expandable storage pools using affordable hard disks. This new feature makes it easier to manage large amounts of data, improves resiliency and optimizes utilization of storage resources.

While migration is essential if your organization is using server products that will be unsupported in less than two months, you need to determine the right migration strategy. For example, if you’re using older products, you’ll need to check compatibility with your applications before you upgrade. Also, pay close attention to Microsoft requirements to determine if you should upgrade your domain controllers or install a new domain controller with Windows Server 2012 R2.

ICG can help you develop a migration strategy that minimizes downtime, ensures application compatibility, and helps you take full advantage of the new products and features at your disposal.

February 4, 2014

No Comments

Don’t Be Duped by ‘Scareware’


“Ransomware” has been making news lately due to the rise of Cryptolocker – a nasty combination of malware and extortion that encrypts all your files and demands money in exchange for the key. Other forms of ransomware use popup messages claiming that the government or police have been monitoring your computer use and that you have a violated some law. These schemes demand payment of a “fine” to unlock your computer.

But ransomware isn’t the only sneaky form of malware circulating the Internet. “Scareware” pops up messages claiming that your computer is infected with malware or has other critical errors.  The goal of these scare tactics is to induce you to purchase software products to remedy the purported defects.

The FBI has categorized scareware as one of the fastest-growing and most prevalent types of Internet fraud. A recent scheme targeted mobile devices running the Android operating system, attempting to trick users into downloading a fake antivirus app to remove the “Tapsnake” threat. The scareware was distributed through a spam email campaign.

Looking Legit

Scareware tactics can be difficult to spot because they typically carry legitimate-sounding names and feature professional-looking graphics. Pop-ups typically warn that threats such as viruses, spyware or registry errors have been detected, and users are baited with the offer of a free scan to identify all threats. Then comes the catch — one must purchase the application to get rid of these alleged threats.

Worse yet, scareware seems to leave users with no options. Upon execution, these rogue products not only prevent legitimate security software from loading, but also block access to system tools, third-party applications and security web sites with the claim that these all represent unsafe executions. Each mouse click only produces more prompts and more offers to download installation files. This is when exasperated users are most likely to give in and buy the bogus products.

In a best-case scenario, the product will simply deactivate its own scareware. In the worst cases, users will wind up downloading additional malicious code such as Trojans, keyloggers or bots that will continue to silently infect their systems.

What Now?

There often is a way out of these ambushes. With a couple of simple steps, you generally can end the popup nightmare and regain control of your system:

  • Right-click on the task bar or press “ctrl+alt+delete.” Click Start Task Manager and terminate any suspicious processes such as the exe file for the offending scareware (i.e. “defensecenter.exe).
  • Run an antivirus scan to find and remove the offending program and its related files. Freeware tools from Malwarebytes and Superantispyware are known to be effective in rooting out and eliminating scareware.

For protection, you should ensure you are running legitimate, up-to-date antivirus software and keep your web browser and applications patched with the latest security releases. To protect your mobile devices, make sure that security settings only allow the installation of apps from trusted sources such as Google Play.

Scareware attacks are prevalent for one simple reason — they work. It’s all too easy to frighten unsuspecting computer and mobile device users into buying and installing fake antivirus software. If you see a scareware popup, don’t panic. Call ICG if you need assistance in removing the malware.