Clients      Employees

May 29, 2015

No Comments

ICG-SMB-virtualization-pitfalls

Avoiding the Pitfalls Server Virtualization in SMB Environments

In Part 1 of our post on virtualization at small-to-midsize businesses (SMBs), we discussed how virtualization is helping SMBs do more with less while streamlining operations and enhancing productivity. We also looked at how SMBs are seeing a real impact on their bottom lines rather quickly. Not surprisingly, this is leading more and more SMBs to explore server virtualization in their IT environments.

 

According to research from Techaisle, 60 percent of servers in SMB organizations have been virtualized, and those organizations expect 70 percent of their servers to be virtualized this year. That’s the good news. The bad news is that SMBs continue to struggle with virtualization adoption due to the complexity involved.

 

What are the most common pitfalls that prevent virtualization deployment success? Techaisle identified these as the top five:

 

  • Cost of licenses for the virtualization solution
  • Failure to achieve projected cost savings
  • Challenges associated with managing virtual servers
  • Cost of software licenses for applications in the virtual environment
  • Budget overruns for the project as a whole

 

Just as the benefits of virtualization are magnified for SMBs, so are the long-term costs and impact of a poorly conceived and managed virtualization deployment. As with any corporate initiative, SMBs should focus on the following factors when embarking on server virtualization:

 

Be sure of your budget. Most of the reasons for virtualization deployment failure have to do with cost overruns. SMBs need to have a clear picture of the capital and operational costs involved and enter the project with a concrete budget.

 

Do your homework. What do you expect to achieve from your virtualization deployment? You can’t implement an effective solution until you’ve clearly defined areas for improvement and what a virtualization solution should allow you to accomplish.

 

Is the virtualization platform you’ve chosen scalable and aligned with your business processes? Does it follow an industry-standard approach that will simplify management, maintenance, licensing and support? How will it be managed and monitored? How can you leverage your existing infrastructure? Have you checked to make sure that you won’t run into compatibility issues with legacy applications? What type of training is involved for administrators? How can you ensure optimal performance and security?

 

These are just a handful of the questions that need firm answers before you begin your virtualization deployment. Doing this homework in advance will save you money and make for a much smoother deployment.

 

Make sure you understand virtualization. You don’t need to understand all technical aspects of virtualization backward and forward. However, your technology solution provider should be able to answer all of your questions and make sure you have the foundational knowledge necessary to evaluate your options and make sound decisions.

 

You certainly don’t want to miss out on the benefits of virtualization because you feel overwhelmed, but you also shouldn’t rush into any decisions that could cost you money because you don’t understand what you’re buying.

 

Don’t focus solely on cost. You will inevitably encounter a solution provider that tries to win your business based on price. Cheap hardware and software tends to be difficult to manage and scale, making it more expensive in the long run. Make sure your hardware and software investments will deliver the performance and capacity you need now and five years into the future.

 

ICG can help you decide if virtualization is right for your business. If virtualization does make good business sense, we can design and deploy a solution that helps your organization become more efficient and productive while reducing operational costs.

May 15, 2015

No Comments

ICG-PCI-3.0

What Merchants Need to Know about PCI 3.0

In our previous post, we discussed the Payment Card Industry (PCI) Security Standards Council (SSC) latest update to the PCI Data Security Standard (DSS) and Payment Application Data Security Standard (PA-DSS) – also known as PCI 3.0. The main driver behind PCI 3.0 is a desire to make payment security a business-as-usual activity and shared responsibility across entire organizations rather than an annual compliance report.

 

This shift in thinking is driven by the lack of PCI compliance among merchants. According to a Tripwire survey, only 41 percent of retail companies are using penetration testing to pinpoint security vulnerabilities and just 44 percent have implemented a process for file integrity monitoring.

 

While the PCI-SSC has provided a summary of changes and evolving requirements in PCI 3.0, there are certain updates to the standard that are likely to have the greatest impact on merchants.

 

Stricter Penetration Testing Mandates. An ongoing concern has been whether cardholder data is adequately segmented from other networks, which is why organizations must conduct penetration tests and vulnerability assessments to determine if a security breach is possible. With PCI 3.0, penetration testing must now follow an industry-accepted methodology.

 

Those organizations that don’t have in-house personnel with the expertise to conduct such a test will need to hire a service provider who adheres to a formalized methodology that validates segmentation.

System Components Inventories. System components include any hardware or software used in the cardholder data environment. Merchants must maintain an inventory of system components and explain what each piece of technology does and for what purpose. Organizations that have many locations and those that utilize virtualization may struggle to manage the inventory of these ever-changing system components.

 

Increased PoS System Inspections and Access Controls. Point-of-Sale (PoS) devices that capture cardholder data must be inventoried and periodically inspected to ensure they haven’t been altered or replaced by different devices. Because card skimming is a prevalent problem, employees must be able to identify signs of tampering or suspicious behavior, which is likely to require additional security training for anyone who works at the point of sale. Physical access to PoS by employees must be controlled and authorized by the merchant, and if an employee leaves, access must be revoked immediately.

 

Additional Service Provider and Vendor Requirements. In addition to using unique authentication credentials for each customer environment, PCI 3.0 requires service providers to provide comprehensive written details of compliance-related services, roles and responsibilities. For example, service providers are required to take responsibility for cardholder data that they possess. Documentation should clarify which PCI compliance requirements are the responsibility of the merchant and which are the responsibility of the vendor or service provider. Agreeing to the scope of each party’s responsibilities in writing will add accountability and avoid confusion during compliance assessments.

 

Stronger Antimalware Systems. Previously, antimalware systems needed to be working, remain current and produce report logs. Under PCI 3.0, merchants are required to “identify and evaluate evolving malware threats” and have a process in place that alerts the organization of new malware. The antimalware system must also be configured to prevent users from disabling or altering the system without authorization from management.

 

ICG understands the latest PCI compliance requirements and can help you make cardholder data protection part of your everyday business processes.

December 30, 2014

No Comments

ICG-2015-technology-predictions

Technology Predictions for 2015, Part 1

Every organization on the face of the earth shares the same core goals. Operate more efficiently. Become more agile, flexible and productive. Create a better customer experience. Make more informed decisions.

 

Having a clear understanding of the technological landscape has become essential to achieving these goals. The challenge is to separate reality and practicality from big talk and sales pitches. Many technological advances grab headlines when introduced but take years to become widely used – if they ever are. A rare few have an immediate impact on business operations, and those who are slow to adopt them find themselves at a competitive disadvantage.

 

With that in mind, here is a list of predictions that we expect to take center stage — not five years from now, but in 2015.

 

Windows 10 will make businesses very happy. Although Microsoft continues to dominate corporate desktop operating systems, Windows 8 has been a nightmare. Microsoft can’t turn the page soon enough. Windows 10 promises to provide an infinitely better user experience across all devices with significantly reduced licensing costs. We believe the newest Windows product will be well-received by businesses large and small, although we admit that it would be difficult to look bad next to Windows 8.

 

The Internet of Things will explode. The Internet of Things has largely been discussed in conceptual terms, describing a world in which billions of objects would be connected to the Internet. However, we expect the Internet of Things to take off beyond the IT and telecom sectors in 2015 as several key pieces – pervasive Internet connectivity, improved sensor technology, and improved ability to automatically store and analyze large volumes of data – fall into place. It will have an impact on industries as diverse as healthcare, manufacturing, retail and more.

 

Wearables will see mixed results. Most people have heard of smartwatches and Google Glass. Many athletes use fitness bands to monitor their workouts, and wearable devices can also be embedded in clothing. As innovation continues and new use cases emerge, the wearable market will grow, but advances in smartphone technology that can deliver similar results could very well stunt the growth of wearables.

 

Enterprise mobile applications will see a spike in demand. In order to improve productivity and agility, especially among the “non-desk” workforce that is underserved by technology in many cases, a growing array of enterprise mobile applications will be developed. These applications will be designed for an organization’s specific use cases while simplifying management and improving organizational security.

 

In Part 2 of this post, we’ll share more of our technology predictions for 2015 related to the cloud, big data analytics and 3-D printing.

May 5, 2014

No Comments

Why You Still Need Rules around Thumb Drives

 

ICG-thumbdrive-security

In January, the University of Texas MD Anderson Cancer Center notified more than 3,500 patients that their confidential information may have been compromised because a researcher’s thumb drive had been lost.

In December, the loss of an unencrypted thumb drive led a New England dermatology practice to pay a $150,000 fine under HIPAA.

Last October a thumb drive was stolen, putting the names, birthdates, phone numbers and health information of hundreds of Denver elementary school students at risk.

While much has been written about the risks of data loss associated with cloud computing and mobile devices, the humble thumb drive has largely been forgotten. But these portable storage devices — small enough to attach to a key chain — are capable of storing scores or even hundreds of gigabytes of data. That makes them potential security nightmares.

What’s the Risk?

There’s no question that thumb drives offer a convenient way for users to keep a copy of critical files handy. Just slip the device into a USB port, drag and drop files, and then pocket the device again. What could be easier? The tradeoff for that convenience is security.

Viruses: Users could bring in infected documents from home, or take home a business document to an infected PC, update it, and return it to a corporate file server. Network administrators typically combat viruses by installing antivirus software on email servers and restricting Internet sites with firewall settings, but the use of USB flash drives can bypass these safeguards entirely.

Inappropriate and malicious files: Users could bring in unauthorized software, MP3 files, video clips, pornography and other inappropriate files that affect productivity and violate corporate policies. Even worse is the prospect of spyware or keystroke loggers that could enable someone to capture passwords or other sensitive information.

Data theft: These devices greatly increase the risk of data theft and corporate espionage. A disgruntled employee or contractor could copy client lists, sales forecasts or research data in a just a few minutes.

Data loss: Thumb drives open the door for data to fall into the wrong hands. Most of these devices have little or no security features. Anyone who finds a lost device may be able to access all the data on it. In addition, these devices can also be quickly stolen from a desk, or “borrowed” and later returned to the office once the data has been copied.

What You Should Do

Thumb drives are extremely difficult for network and storage administrators to manage. Short of disabling all of the USB ports in an environment, they are nearly impossible to defend against.

However, it would be a mistake for organizations to attempt to forbid the use of the devices. To do so — or to create a burdensome set of rules — will simply drive their use underground and remove any control the business may hope to have over them. Ultimately, these devices cannot be locked out, so they must be accommodated and managed.

To deal with the potential problems personal storage devices create, organizations should develop guidelines and rules for their use. This should include educating users about the risks these devices can present, and establishing policies for taking data out of the office, or bringing files in from home. Encryption should also be used to protect sensitive information, particularly in regulated industries such as healthcare and financial services.

March 26, 2014

No Comments

Texting Etiquette for Professionals

 

ICG-text-messaging

The notion that texting is a way teenagers carry on “conversations” about last night’s date, this weekend’s plans or the horrible outfit worn to the dance is a dated stereotype. Forget about LOLs and OMGs. Texting has proven to be a legitimate and very valuable business tool.

From a marketing standpoint, we all read text messages, and because our smartphones are rarely more than an arm’s length away, we read them immediately. Various studies have shown a 97 percent or higher open rate for text marketing messages, and 90 percent are read within three minutes. This allows organizations to develop cost-effective, time-sensitive campaigns and connect with customers in a very personal, intimate setting. (Just be careful not to run afoul of legal requirements – you can only send marketing texts to customers who have affirmatively opted in.)

The immediacy and brevity of text messaging also enhances customer service. Texting allows you to notify customers with important information right away without interrupting them. Need to send a document to a customer right now? Take a photo of the document with your smartphone and instantly text it. Texting is also commonly used to send product alerts, reminders and confirmations of service.

Texting is becoming an important component of unified communications. With the emergence of the bring-your-own-device culture, and smartphones and tablets becoming the hub of communication, texting is playing a more prominent role in cultivating relationships and moving business forward. Instead of playing phone tag, organizations are texting to communicate on a more personal level and get business done. It’s simple, direct and efficient.

In order to fully leverage the business benefits of texting, there are six rules of texting etiquette that should be followed.

1)    Know your boundaries. Some people don’t like to be contacted after certain times or on the weekend. Get permission before texting people outside of business hours. Also, you may think you and the person you’re texting are best buddies, but they may think differently. Keep personal messages to a minimum.

2)    Respect the environment. Texting during a meeting, a meal or right in the middle of a conversation can be considered rude and disrespectful. If it’s that important, excuse yourself and text privately.

3)    Abbreviate with caution. Spell out entire words and phrases, especially if you’re texting with someone for the first time, whether it’s your boss, a co-worker or a customer. Abbreviations could be interpreted as unprofessional shortcuts, so only abbreviate after you’ve established a relationship with an individual and they find abbreviating acceptable.

4)    Check for autocorrect mistakes. Conduct an online search for “autocorrect mistakes” and you’ll see how autocorrect can lead to messages that are inaccurate, embarrassing or even offensive. Always proofread texts before sending.

5)    Be conscious of tone. Just like emails can be misinterpreted as abrasive, harsh, rude or insensitive, texting creates an even higher risk because we often text on the go or while we’re doing other things. Full sentences and proper word choices can go a long way towards avoiding hard feelings.

6)    Place a call when the news is bad or urgent. Whether you’re running late for a meeting, a major deal fell through, or the answer you’re giving a client isn’t the one they wanted, give the person the courtesy of a phone call. This enables you to smooth things over without the perceived abruptness of a text.

March 20, 2014

No Comments

Choosing a Productivity Suite: Options and Considerations

 

ICG-Productivity-Suite

Microsoft Office is the most well-known and widely used productivity suite, used by more than 90 percent of organizations according to a study from Forrester Research. Office costs more than other solutions and most users don’t utilize the vast majority of its features. Still, the familiarity people have with Microsoft Office, along with file and browser compatibility, has helped make it the most popular productivity suite in the workplace.

In addition to its traditional Office product, Microsoft offers Office 365, a cloud-based version of Office that can be accessed from desktop and mobile devices. At its recent SharePoint Conference in Las Vegas, Microsoft announced several upcoming enhancements to Office 365, including social sharing and artificial intelligence capabilities.

As dominant as Microsoft continues to be in the workplace, other productivity suites from Google and Apple continue to grow in popularity. Google Apps for Business is a cloud-based productivity suite that utilizes popular Google apps such as Gmail, Calendar, Drive, Sheets and Slides. There are several key differences between Google Apps and Office 365:

  • Google Apps offers a simpler pricing plan – one monthly or yearly rate – compared to Office 365’s variety of plans based on the number of users and features.
  • Google can use your information for advertising, while Microsoft will not scan or share your data.
  • Microsoft provides 50GB of storage space and data backup, while Google Apps provides 30GB of storage and does not back up data by default.
  • Office 365 offers desktop apps for core programs in some plans, while Google Apps is strictly browser-based.

Another alternative is Apple iWork, which comes free with every new Mac, iPad and iPhone. Programs can also be purchased for $9.99 on existing devices and require no monthly fees – a major difference between iWork and Office and Google Apps. Unveiled in October 2013, the newest version of iWork brings together Apple productivity apps such as Pages, Numbers and Keynote and enables collaboration through iCloud, even if you’re using a PC.

Early reviews point to compatibility complexities when importing Office documents, particularly formatting issues with Word documents in Pages. Although it offers important features that most users will utilize, iWork did remove certain functionality to build a more compatible productivity suite, which has ruffled the feathers of many long-time Apple users.

Before you choose a productivity suite, assess your existing software, programs and applications. What is working well? What is lacking? What features are used most and least often? For example, modern collaboration tools enable real-time communication, including the exchange and editing of files, and could be used to speed decision-making and customer service. If your employees are spending more time working remotely, it may be time to switch to a cloud-based solution. Again, you’ll need to evaluate your existing infrastructure to make sure it will support cloud services.

Finally, pay attention to the rumblings from Microsoft. Microsoft is reportedly considering unbundling Office components to appeal to those who don’t want to pay for the entire suite of programs and services. Also, a new, lower-cost Office 365 subscription plan could be a sign that an iPad version is in the works, and efforts are underway to make the product “smarter” with a learning application that will provide insights about how Office 365 is used.

December 20, 2013

No Comments

Happy Holidays!

icg-holidy-blog-post

November 27, 2013

No Comments

Thanksgiving and Hanukkah Greetings from ICG!

2013I-CG-thanksgiving-greeting