Here are some interesting details about data loss and business disaster recovery:

The University of Texas reported 43% of businesses who suffer a catastrophic loss of data never reopen, and 51% of businesses experiencing a catastrophic loss of data are out of business in two years. When a severe data loss occurs, the clock begins to tick.

From The National Archives & Records Administration in Washington: Of the companies that lost data for ten days or more, 93% filed for bankruptcy within one year. In fact, 50% of businesses which lost data for ten days — filed for bankruptcy immediately.

From Home Office Computing Magazine: 30% of all businesses that have a major fire go out of business within one year. 70% of businesses experiencing a fire fail within the five years.

From The Contingency Planning and Strategic Research Corporation: 96% of all business workstations are NOT being backed up.

From Gartner: 50% of all tape backups FAIL to restore.

This data was from a recent report issued by UniTrends showing the danger of losing your data. The statistics are truly breath-taking, and potentially business-ending. It’s sometimes difficult to identify the root cause behind the loss of data in your business. Often times it can be human error or hardware failure. Regardless, there are steps you can take right now that can help minimize the chance your business suffers through a data loss.

Simple issues, like not backing up your data are easily rectifiable — just do it! However, there are plenty of companies still using tape backup systems. Tapes fail and the data is gone, unrecoverable. Some small organizations may swap external drives. Remember: hard drives large and small can fail on a moments notice, without warning. So clearly, a partitioned drive is not a solution, either. We have also found that “daily routines” like copying existing files can sometimes lead to accidental deletion. And, sadly, many times this “accidental deletion” is not discovered until a business or organization tries to restore from a backup. We don’t even want to think about what happens when a senior executive loses his tablet or laptop. Backing up your data should and could be an automated process.

Today’s business owner or CTO needs to PLAN for the day they have an unexpected data loss, and be prepared for a disaster. In that regard, Roan Solutions can help your business become better organized and ready for the day when that happens. Be sure to call Roan Solutions at 877-774-4647 if you would like more information on securing your business data.

How many computer issues begin by ignoring basic maintenance and security steps?
More than you may think!

Like a simple exercise program, some of the pointers we offer clients appear to be pretty basic. And well-beyond the catastrophes we have encountered and solved at Roan Solutions. Often we encounter responses like, “shouldn’t there be a more complicated or involved solution? That’s it, some basics?” When we skip exercise, we can become flabby and open for illness and injury. So too can our computer systems (and our business) become “unfit” without performing some of the most basic routines and checks.

So, what are some of these basic steps we ought to incorporate into our daily and weekly routines?

Check Your Software
How many users in your organization are using different platforms? How many are using different versions of the same software? How many on your team even KNOW the difference? If employees utilize different plug-ins, different software, different versions, different plug-ins, your systems can be vulnerable. Even simple tools like a PDF reader can cause heartache and stress down the road if left unchecked.

Patches!
It’s not just a “good” idea to check for updates. It’s a GREAT idea to check for updates. Such a simple step, but very few ever do it. Most operating systems, along with many reliable software tools, ActiveX controls, add-ons and plug-ins will issue updates and keep a changelog. It’s a good idea to check and see if there has been an update. Also, a tip for plug-ins and apps: if there are just a few downloads, or only a few reviews, let someone else take the risk of trying something out. Don’t even get started in the first place with an app or plug-in unless it has been installed many many MANY times.

How About That Password?
Weak passwords are, well… weak! They can make your entire system (and thus, your business) vulnerable. It is stunning in 2012 how many passwords are still variations on the word “password” or number sequences like “1234.” Avoid using common words found in the dictionary, or birthdays, family names (you may inadvertently be giving away more than you realize!). Try to stick with longer passwords, random strings of numbers, symbols along with uppercase and lowercase letters. And change the password on a regular basis! Many times, when we hear an account has been compromised or hacked, the fault may lie with the fact a password was given out. Be very careful of who has access to your passwords!

While this clearly not an exhaustive list, it IS a good start. Be sure to call Roan Solutions at 877-774-4647 if you would like more information on securing your business data.

Roan Solutions Helps With Computer Equipment Decisions

Are pending changes in lease accounting helping the migration to the cloud for many businesses? Cloud computing usage continues to spread like a virus in 2012. But some of the source behind this migration to the cloud may be coming from the accounting department.

Operating leases are not reported on company balance sheets. Rather, many times leases will appear in the footnotes of company financial reports. Until now, only outright equipment purchases needed to appear on the financial statements. The Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB) have proposed changes that will require companies to reflect leases on balance sheets.

This change in how equipment leases get expensed can have a dramatic effect on the bottom line for an organization. The draft of this proposal is expected this month (April 2012) followed by a 120 day comment period.

Your organization needs to exercise good cash flow management, while providing the most robust technical solutions for your employees, team members, clients and end-users.  At Roan Solutions, we work with organizations and businesses in the Boston area to optimize your technology needs — without busting the budget.

This new proposed accounting change may require organizations to reexamine the benefit to leasing (or buying) on-site equipment or whether it may be an opportune time to examine whether a cloud-based solution is a possibility.

“There are many benefits to leasing, and the primary reasons to lease equipment will remain intact under the lease accounting proposals, from maintaining cash flow, to preserving capital, to obtaining flexible financial solutions, to avoiding obsolescence,” said ELFA chairman Crit DeMent, chairman and CEO of LEAF Commercial Capital Inc. “However, the financial burdens imposed by the standards under consideration are the last thing American businesses already struggling to regain their footing in a challenging economic landscape need. We urge the Boards to reconsider some of the more onerous and burdensome proposals under consideration to minimize the negative financial impact on businesses.”

Roan Solutions can accommodate businesses and organizations that may be scrutinizing the impact of including leases for technology equipment on the financial statements.  It’s imperative your organization remain fully cognizant of the options available.  Leasing your technology equipment may or may not be the right solution for your team.  This may be the appropriate time to take a look at whether cloud computing may be a better solution for your organization.  You can reach us at (617) 799-8922 if you would like to discuss in more detail.

In a recent white paper issued through BMC Software, the topic was broached about “custom clouds” since one size may not fit all clients. In fact, one size may not fit all levels of employees or users. Rest assured, at Roan Solutions, we will work with your Boston-based business and tailor a custom solution that fits your organization’s needs.

Roan Solutions Can Customize Your Cloud

The white paper discussed how many businesses are faced with an up-front decision: should our cloud be structured as a “take-it or leave-it” service, or shall we “customize the services available in our cloud”? The customized cloud solutions break down even further into two groups: what BMC refers to as the “thousand shades of cloud” scenario (where a virtual library is created to assist in a unique experience) or a “modular” cloud service (where each user can piece components together).

In the “take it or leave it” approach, the work involved with a customized cloud is often left to the application administrators. This can create an additional burden of time (and work) needed with each end user, and each application. This additional level of work involved should be factored into the decision to offer this approach to service. What BMC found was many end users simply stopped using the service, or resorted to public clouds or alternate methods to get the work done. As organizations and businesses grow, this “take it or leave it” approach may not serve as an optimal solution.

When you try to conceive of the “thousand shades of cloud” approach, a different image unfolds. One request becomes two, two become four and soon the whole cloud is a customized mess. End users get the results they desire, but (again) at what cost? The software stacks become a project all on their own.

With a “modular” approach to cloud services, a system can be employed where users select the services or data they want and disregard the services they do not need. The business or organization has complete control over which packages (or components) are available for end users, and can offer a menu from which users can then customize further.

We feel the customized, modular approach is the best solution, but here at Roan Solutions, we remain ready to customize your system to suit the needs of your organization. Call us at (617) 799-8922 to discuss how we can help you optimize your team AND your work environment.

An article recently published by IDC (and commissioned by Microsoft) projecting 14 millions new jobs will be created in the next two years related to cloud computing. The authors project nearly half of these new jobs will be based in emerging market countries.

One of the projected hang-ups that could prevent even more jobs from being created in the new cloud computing sector is the “legacy lag.” This legacy lag is described as companies that — even two years forward — will remain tethered to the traditional office computing systems.

And, in our opinion, remaining with your existing system may be the right solution for your organization. See, while many businesses and organizations remain curious about “the cloud,” it makes good business sense to make sure your potential transition to any new platform has been completely thought through, mapped out, secure and seamless.

The good news is Roan Solutions remains ready to help organizations who will fully migrate to the cloud, remain tethered to their current systems — or somewhere in between. Feel free to get in touch with us if you are considering implementing a change in your systems.

The article also projects that cloud computing will ultimately generate over one trillion dollars in annual revenues. The article was unspecific how or where these revenues will be generated (or when!). We’ve learned projecting large numbers makes for great headlines. But what we are far more interested in is making sure a cloud solution is right for you, and helps your team become more productive and more efficient.

A more productive and efficient team helps your business grow!
To access the original article issued through Press Pass and Microsoft, click here.
Copies of the full whitepaper PDF can be found here.

Your business IS vulnerable. You just do not know it.

Roan Solutions is an IT Consultant helping Boston business owners from falling into this very situation.

Think your bank — and your money — is safe from hackers? Possibly not. A recent article found on arstechnica.com, written by Robert McMillan of WIRED.com discussed how corporate networks — even your corporate network in Boston — can be easily hacked into with little effort. And sometimes with lots of cooperation from unwitting duped employees.

“I saw it and I was like, ‘Oh my god this is the hacker’s dropbox,’”

This is an excellent example where an IT Consultant can help, and an important story you need to read. If you have ANY hesitations about whether or not your corporate business files are locked down, call us immediately at 877-774-4647.

The article goes on to discuss a study conducted by a prominent West Coast bank, where a security team attempted to access files in several branch offices. This really got our attention:

“At one branch, the bank manager got out of the way so I could put it behind her desk,” Street says. The bank, which Street isn’t allowed to name, called the test off after he’d broken into the first four branches. “After the fourth one they said, ‘Stop now please. We give up.’”

If you are not proactively securing your business, you are potentially giving away the farm. It will not take long for Roan Solutions to survey your level of security and propose a course of action to lock down the security of your business.

Here is a link to the full article, here.

Better Budgets for 2012: Four Ways to Save on Security Essentials
used with permission from the Cisco Small Business Resource Center

Information security risks are up, but IT budgets at many businesses are down.

What can you realistically do this year to better protect your company?

Now Is The Time Making IT security a business priority is urgent in 2012 for these reasons:

• Employees will increase their use of wireless hotspots and cloud applications — and handheld devices (a practice known as “bring your own device,” or BYOD).
  
• Cybercrooks already steal $1 billion a year from small and medium-sized businesses (SMBs) in the United States and Europe; businesses without effective security have become a prime target.
  
• The most damaging security threats today target a business’s finances and customer records, and often take down its IP network. Incurring a security breach is now much more costly than preventing one.

If cash flow and IT staffing at your business are limited, it’s essential to get the most protection from the resources that you do have. Following are ways you can lead the campaign.

1. Enlist an Army: Educate Your Employees
This strategy is inexpensive and potent: Simply align the people power you already have.

Human behavior is always the wildcard in security, and now BYOD puts that card in every hand. A top security essential is having and enforcing an acceptable use policy (AUP) that spells out how your company’s network and other IT resources can be used.

The AUP is a legal document. It must be signed by anyone who needs to use the resources; the signatures help protect against the excuse, “I didn’t know.”

To simplify and speed the development of your AUP, you can request assistance from a local Cisco® Certified Partner with an Advanced or Master Security Specialization. Some may also help you put your policy into effect — for example, by training employees.

Then enforce the policy, leading by example and rewarding employees who exemplify desired security behavior. Don’t forget to update the policy on an ongoing basis. And retrain employees as needed, at least annually.

2. Improve Your Techies’ Security Skills
A second way to control costs is to tap existing in-house IT resources: Help one or more of your IT staff develop security expertise.

Training your techies in the hot field of IT security can get them excited about their jobs and reduce turnover — and improve your business’s information security.

Professional security training and certifications are available globally; the cost is typically a few thousand dollars for the training, written and lab exams, and travel. Less formal education is available for a lower price at IT industry events such as Cisco Live!TM. And online tech support forums offer tips for free.

3. Simplify Your Technology
Choosing comprehensive and effective security technologies that are easy to use will increase their use by employees, reducing security risks.

Internet and other digital threats demand that a business defend itself with multiple levels of security technology (this guide outlines them and their ROI). Four of the security essentials are:

• Firewall and virtual private network (VPN) technologies to control access into and out of your business network
  
• An intrusion prevention system (IPS) to monitor and stop rogue applications and undesired communications
  
• Content security — anti-virus, anti-spam, web threat protection, and website categorization — to protect business data, network resources, and employee productivity

Some are a capital expense (CapEx), some an operating expense; often they combine CapEx with cloud subscription services. Their pricing ranges from a few hundred dollars to a few thousand dollars and up. But beware the costs that technical complexity adds.

For businesses with fewer than 100 employees, Cisco simplifies security by combining firewall, VPN, and IPS technologies into a single appliance. These unified threat management (UTM) solutions support wireless access security (WPA and WPA2), can apply cloud-based content security, and are priced at under a thousand dollars.

For businesses that are larger or have other functionality demands, Cisco ASA 5500 Series Adaptive Security Appliances can be an efficient solution; prices start at a few thousand dollars.

4. Outsource: Draw on Experts’ Services
Professional IT security services can dramatically reduce complexity and costs. Many services are delivered and managed remotely; subscription pricing may be offered on a per-device, per-user, or per-use basis. The Cisco Certified Partners with an Advanced or Master Security Specialization offer a wide range of services, such as:

• Evaluation of vulnerabilities
  
• Remote security monitoring and management, as well as log management
  
• Acceptable use policy (AUP) development and employee training
  
• Services for Payment Card Industry (PCI) and other compliance requirements

The Partners that are Cisco IronPort® certified also have specialized content security expertise. And Partners that are managed security service providers (MSSPs) offer the most comprehensive services.

Now you can lead a campaign to improve your company’s IT security — without busting the budget.

Cloud Security: Risks vs. Reality
used with permission by IBM ForwardView

The mobility of smart phones, netbooks, tablet PCs and other portable devices has fundamentally changed the when, where and how of our computing lives. And with cloud services, the source for data and applications used by these devices can be anywhere, too. The flexibility of cloud to scale bandwidth up or down at will, and its affordability as a pay-as-you-go service, have resulted in an interconnected, intelligent approach to smarter computing.

The benefits of cloud computing are well-recognized. In fact, cloud computing ranks among the most popular new IT initiatives, with 66 percent of midsize companies implementing cloud strategies, according to IBM’s study, “Inside the Midmarket: A 2011 Perspective.” Yet the excitement about leveraging cloud’s economies of scale to lower total IT costs and improve agility is often tempered by concern that this external delivery of services could compromise security.

Perceived risk versus actual risk

Cloud may seem new, but the fact is companies have been outsourcing services and technology for years. Providers already deliver hosted technology offerings that are located offsite with client access via the Internet. This is a common scenario for services such as remote storage or hosted email and other software as a service (SaaS) solutions. And just because companies may give up some control to the provider when they move to a cloud-based environment (just as they give up some control in any outsourced arrangement), it doesn’t mean they have to compromise on security.

Companies still weighing the advantages of cloud with the perceived security risk should begin by asking the right questions and examining the right considerations to help build a “trust and verify” relationship with the cloud provider that will support success.

Although there are additional variations, let’s consider the three main types of cloud service and deployment models: software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).

Each version has its own level of control for the provider and the company purchasing services, but all cloud services can help companies increase agility and boost efficiency by removing the burden of managing all of their own IT. This frees up organizations to do more with less and stay focused on their core competencies.

• Software as a service (SaaS) puts most of the responsibility for security management with the cloud provider and is commonly used for services such as customer relationship management and accounting. This popular option is considered low-risk because it primarily deals only with software and not hardware or storage. With SaaS, companies are able to control who has access to these cloud services and how the applications are configured. The complexity of software installation, maintenance, upgrades and patches, meanwhile, is automated and handled by the provider.
• Platform as a service (PaaS) is similar to SaaS but often includes further application-specific software to help businesses create customized services. For example, a company using PaaS could develop its own custom cloud software to perform some specialized task, whereas SaaS offerings generally are provided as-is. Most PaaS offerings are multi-tenant, meaning that some of the services may be shared with other companies. This means it is critical for companies who use PaaS to have a well-defined trust relationship with the provider on security issues such as access, source code distribution, navigation history, and application usage
• With infrastructure as a service (IaaS), companies get a unified, scalable cloud package that offers tighter control over many aspects of a traditional IT infrastructure than they do with SaaS or PaaS. Companies using IaaS pay on a per-use basis to access services and applications, and can also tap the operating system that supports virtual images, networking and storage environments for additional control. Often, IaaS is offered as a private cloud, giving companies complete internal control over access and security.

Questions to ask to ensure cloud security

Regardless of which flavor of cloud a company chooses, it’s important to remember that the same factors apply to ensuring security whether it is cloud-based or within a traditional IT infrastructure. The key difference in the cloud model is that it includes external elements, and those elements will be managed by the cloud service provider. This means companies need to understand the environment beyond their own data center and consider how it impacts the organization from a security standpoint.

To help ensure security and peace of mind, and to craft the most effective working relationship with the cloud provider, the client company should always identify and prioritize cloud-specific security risks beforehand. Often, companies will find they have the same amount of control, if not more, with a cloud service.

For identity and access management issues, companies need to control passwords, support privileged users and enable role-based access to these cloud services. With data protection, a key concern is knowing whether or not a company’s hosted data is secure, especially if data from rival companies is also being stored on the provider’s cloud service. Companies should also be asking how the cloud provider is deploying antivirus software on all supported systems that could be exposed to virus or spyware attacks, and ensuring that selected programs can identify and protect against malicious software or processes.

From an auditing and monitoring perspective, companies need to determine how the cloud provider is testing and assuring the infrastructure. The legal, regulatory and privacy requirements include making sure the company and the provider understand the rules of engagement by determining who is responsible for governance and meeting any regulatory restraints.

Reaping the benefits of cloud

On a smarter planet—the when, where and how of living and working is more instrumented, data-driven and interconnected than ever before-cloud computing can be a powerful way for companies to be more agile, effective and efficient.

Organizations interested in reaping the benefits of cloud can best begin by understanding the security ramifications of a cloud deployment to their business, keeping in mind they can start small by deploying cloud in low-risk workload areas like email services. This easing-in process gives organizations valuable time to become familiar with cloud on a scale that’s simpler to grasp and doesn’t put them at increased security risk. And as familiarity of cloud and trust in the provider grows over time, companies can expand their use of cloud computing into other areas of business. By following this gradual path, companies can learn to wield the power of cloud in a way that’s safe and secure.

Going Hybrid: Best of Both Worlds in Cloud Computing
used with permission by IBM ForwardView

With all the chatter about accessing data and applications anytime, anywhere it’s little wonder that cloud computing has generated so much interest. Indeed, the proliferation of mobile devices, high–speed connections and data–intensive applications have challenged many organizations to continuously meet the demand for more computing power. And that’s why operating “in the cloud” makes real business sense for midsized companies.

Cloud computing, the thinking goes, allows companies to improve efficiency and do more with less – benefits that are attractive to budget–conscious companies with limited IT staff and resources. It has been positioned as a new way to operate – from accessing applications to storing massive volumes of data – allowing organizations to use only the hardware capacity they need, without paying for idle computing resources. And not only does the cloud model provide cost savings, but it also keeps a company’s infrastructure up to date while offloading responsibility for its maintenance.

The cloud computing model enables access to IT resources without re–engineering the entire infrastructure – or, in some cases, without having an infrastructure at all. But like any new technology implementation, determining the right path to cloud adoption is dependent on an individual company’s specific needs and constraints.

There are three different flavors of cloud to choose from: private, public and hybrid. A private cloud which holds computing capacity solely on a virtual private network can be expensive for budget–minded companies. But some concerns about the suitability of public clouds for highly sensitive data are valid. Luckily, adopting cloud computing is not an all or nothing decision and the hybrid model can offer the best of both worlds.

Understanding the hybrid cloud model
For end users, cloud computing often means browser–based interfaces that allow IT to be ordered and accessed almost immediately. However, using browsers to access IT can substantially change security plans and considerations. With a public cloud companies are securing the end users–how they access the network and what they do once they’re on. But when a private cloud environment is created inside a firewall, it can provide users with the same rapid access to IT as the public model, but with less exposure to Internet security risks.

A hybrid cloud model blends elements of both the private and the public cloud. In the simplest terms, the hybrid model is primarily a private cloud that allows an organization to tap into a public cloud when and where it makes sense. By and large, all models of cloud provide security measures to keep data and applications secure. However, in contrast to a purely public cloud model, the hybrid cloud can provide a higher level of security for sensitive data and instances where companies are affected by industry or financial regulations.

This crossbreed of cloud computing has its share of admirers in the midmarket. The cloud model allows companies to adjust the amount of computing power used based on their individual fluctuation in actual usage. So for companies that have a lot of variation in their computing needs, a hybrid model makes them much more nimble by using a public cloud for times where more computing capacity is needed. Generally, adding public space to a company’s cloud model is a much easier proposition than growing its private cloud to meet mounting needs. In this way, a hybrid model is more cost effective in providing world–class computing power that is available anytime, anywhere without as big a budget commitment as a private cloud.

This is not to say that a hybrid model is right for everyone. To determine whether the hybrid cloud is a good fit, companies should take a hard look at their internal needs including individual usage requirements, budgetary considerations, and the sensitive nature of data that will be stored in the cloud environment, as well as any applicable industry or financial regulations.

Mixing and matching to meet security needs
The nature of a hybrid model requires that companies determine which data or applications reside on the private cloud and which can reside on a public cloud. Companies need to assess how much risk they are willing to tolerate with their data and applications.

Regardless of which flavor of cloud a company chooses, it’s important to remember that the same factors apply to ensuring security whether it is cloud–based or within a traditional IT infrastructure. The key difference in the cloud model is that it includes external elements, and those elements will be managed by the cloud service provider. This means that companies need to understand the environment beyond their own data center and consider how it impacts their organization from a security standpoint.

Companies should also consider the level of customer support desired from the cloud provider. The many benefits of moving to the cloud can only be realized if the operation and access is seamless. Companies need appropriate monitoring, governance and security tools to expedite the process of accessing key applications securely, anytime and anywhere. The good news is that specialization in IT delivery often makes cloud providers better suited to delivering and securing applications, allowing midsized companies to enjoy comprehensive data protection in addition to faster and less–expensive IT provisioning.

Cloud computing on a smarter planet
As companies face flat budgets and high demands for services they’re thinking differently about the IT infrastructure they will need to respond to market forces and the pace of business and society. Companies of all sizes are moving toward more adaptive capabilities like cloud computing to deliver new services with agility and speed, while driving down costs. And for midsized businesses, the hybrid cloud model can provide cost–effective computing that balances security, reliability and flexibility.

As companies seek to drive continuous and sustainable operational improvements to lower costs and reduce complexity, cloud computing is an opportunity to reinvent IT in preparation for the next phase of growth and innovation.

We recently read an article at Network World which talks about a recent hack that has been discovered for PCs that are running the pcAnywhere program.

Roan Solutions manages many different types of clients that have different situations but one of the most dangerous things to see in a marketplace is a number of computers be this vulnerable for an attack.

The article suggests that there are over 200,000 computers that are vulnerable. 2.5% is the average rate of computers that run point of sale programs which estimates that there are approximately 5,000 computers that are vulnerable that also contain crucial credit card information.

According to Rapid7, which prowled the Web looking for pcAnywhere systems, an estimated 150,000-to-200,000 PCs are running an as-yet-unpatched copy of the Symantec software, and are thus vulnerable to be hijacked by remote attacks, which could commandeer the machine’s keyboard and mouse, and view what’s on the screen.

About 2.5% of those vulnerable Windows PCs, or between 3,450 and 5,000 systems, are running a point-of-sale system — Windows PCs are often paired with cash registers by small businesses — potentially putting credit card data at risk, said HD Moore, chief security officer at Rapid7.

Although privacy is a major concern, the problem isn’t that hackers can use over 200,000 computers to spy on the owners of these computers, the problem is that since hackers now have computers that contain credit card information, they can turn their efforts into a profit.

Roan Solutions helps businesses to prepare for these kinds of things and also against any threat to the technology that a business might use.

But Moore sees it as a big problem. “There are a lot [of PCs] that haven’t been updated,” he said. “It seems the recent patches have been very much ignored.”

And it will likely get worse before it gets better.

Another major issue that the company is experiencing is that despite there being a repair to the original software, users aren’t taking the time to install the updated software, leaving them vulnerable.

You can read the full article by clicking here. Let us know what you think! Do you think that these hackers will take full advantage over the information that they have now obtained?