Why it’s time to rethink what drives your IT security program

intrusion prevention system (IPS)In the past, IT security was like insurance, viewed as an expense, not a revenue generator. That perception left IT with minimal dollars allocated to securing networks, data, and other assets. But with the increase in threats, ranging from malware to data and identity theft, security has become a priority for all organizations.

Over the past three decades, businesses have developed structured security programs as federal and industry regulations became more prevalent. The Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and Payment Card Industry Data Security Standard (PCI DSS) are some of the well-known guidelines that have advanced compliance-based security.

But regardless of the industry guidelines, both compliance controls and the threat landscape have evolved, introducing a new requirement to address: risk. Security can no longer simply check the box of compliance as it could in the past. Risk is the new basis for every effective IT security program. (more…)

3 vulnerability and assessment tools that will strengthen your IT ecosystem

snapshot-syndromeDig up your high school yearbook photo and you’re likely in for a laugh — the clothes, the hair styles, the glasses are distant memories for most of us. That snapshot of 18-year-old you is unlikely to be confused with who you are today.

And yet when it comes to IT, many organizations often find themselves the victim of a kind of snapshot syndrome, the common misconception that our environments exist in the state in which they were last measured or assessed. In reality, most infrastructure, policies, and processes are in a continually dynamic state, and just like current you compared to your high school yearbook photo, only a few undergo limited changes. (more…)

IT time wasters: IT procurement and managing the long tail

clock in trashIT departments are centering their sights on key software and hardware initiatives for 2015, aiming to increase productivity and enhance the entire IT environment. But there’s a pervasive obstacle to those plans that often steals IT’s focus from these goals and robs them of the time to implement them. That IT time-waster is managing the multitude of vendors that an organization works with.

Most IT departments aim for an 80/20 distribution for vendor management: 20 percent of all vendors representing 80 percent of IT’s total spend, with the other 80 percent of vendors representing only 20 percent of the spend. Typically, the biggest players in the IT market – organizations like Microsoft, Oracle, SAP, and IBM – are an organization’s strategic suppliers and fill the top 20 percent. All other vendors represent the long tail. Here’s what that breakdown tends to look like: (more…)

How to make professional services work for you

professional servicesIn his classic book “Flawless Consulting,” Peter Block lays out the three ways that a consultant interacts with clients: as an expert, a pair of hands, or a collaborator. As Block points out, when a consultant is the expert, all the responsibility rests on his shoulders, and when it’s just a pair of hands, it’s of little value to the customer. But if the consultant and client collaborate to solve a problem, everyone gets the best outcome and the most value.

Nowhere is this more clearly illustrated than in IT. Companies approach professional services organizations (PSOs) when they face an IT problem they can’t fix on their own, whether because they don’t have the skill set internally, can’t spend the time, or don’t have the resources needed to solve the problem. The best of these relationships are true collaborations. The customer has a clearly defined problem and the PSO helps the customer develop and implement a clearly defined solution.

But too often organizations approach professional services with only a vague sense of the problem, like the need to “configure hardware” or “fix a performance issue.” The timeline is hazy, the goals uncertain, and the outcome poor. These projects often take longer and cost more than if the organization brought specific needs to the table from the start. It impacts the effort required on the part of the consultant, and even how the professional services are purchased.

Here’s how to ensure a strong collaboration with a PSO and get the job done on time and on budget. (more…)

The 3-step approach to improving IT security

IT securityEvery year we regularly schedule physicals, oil changes, car inspections, and other appointments in order to keep the systems that we depend on running at peak operational efficiency. There might not be anything noticeably wrong to necessitate one of these checkups, but that’s not really the point. The purpose is to take a proactive approach to system maintenance in order to catch any coughs or hiccups that might later call for an expensive fix.

SHI recommends a similar preventative approach to IT security. Organizations need to regularly assess their security programs to pinpoint small issues that could later turn into devastating security leaks. They can do this internally or hire a professional security services team.

To help our customers confirm that they deployed their security controls properly and identify any security gaps that might exist, SHI developed the Security Posture Review (SPR). The SPR is an assessment designed to evaluate various technical and operational security controls within an organization’s IT environment, which will help maximize security spend.

Our SPR consists of three phases: (more…)

Leasing vs. financing: What’s the difference?

SHI blog post imagePurchasing new hardware or software can be a costly and burdensome investment for even the most profitable organizations. But purchasing outright isn’t a company’s only option. Organizations can lease hardware and finance software and maintenance to ease upfront costs and increase IT flexibility. So before you sign that check for your next big order of desktops, servers, or software, see if any of these options are right for you.

The two types of hardware leasing

Leasing is the most common way to acquire IT equipment without paying for it up front. There are two main types of leases: the fair market value (FMV) lease and the $1 buyout lease.

FMV lease

The most common type of hardware lease is the FMV. It’s similar to a car lease, in that you don’t own the product at the end of the term, which is typically two to three years. In an industry known for a 36-month product lifecycle, this is a compelling benefit. The greatest part of IT is that the power keeps going up and the price keeps going down. FMV leases offer the lowest payment option since you’re only paying for the use of the product, not the purchase price. Payments are usually referred to as rent. (more…)

Mastering SMARTnet renewals in 4 easy steps

Cisco SMARTnet Cisco’s SMARTnet technical support service is renowned for its hotline of Cisco engineers ready to help troubleshoot. After all, even IT teams have to call tech support every once in a while, especially when those teams protect complex and critical systems. And the award-winning service lives up to its reputation for slashing downtime.

But to maintain service for all Cisco equipment in use, organizations need to keep a close eye on their contracts and upcoming renewals to ensure there are no gaps in coverage. And too often, renewals become a challenge for many organizations. Many companies hold between 10 and 15 SMARTnet contracts for various Cisco devices. And with so many contracts, businesses struggle to keep track of important expiration dates, terms, and conditions.

No IT team wants to find out their SMARTnet contract has unexpectedly lapsed while on the phone with Cisco to get a system back up. But due to lack of contract visibility, organizations sometimes falsely assume their business-critical devices are secured by SMARTnet. Due to unpaid renewals or missing agreements, devices can slip through the cracks, risking downtime and other damaging network issues.

Just as harmful, many organizations continue to pay SMARTnet subscriptions for out-of-date or unused devices due to knee-jerk renewals on forgotten contracts. And as organizations grow and add more Cisco services and devices, the complexities associated with managing new subscriptions will only escalate.

For organizations seeking greater visibility into their SMARTnet services, here are four easy tips to regain control over contracts. (more…)

Microsoft’s volume licensing transformation: Here’s everything you need to know about MPSA

Late last year, Richard Smith, GM at Microsoft Worldwide Licensing & Pricing, revealed it would be introducing a “next-generation approach to commercial licensing” to provide customers a more flexible and simplified purchasing experience across all solutions. Dubbed by Microsoft as Next Generation of Volume Licensing (NGVL) or transformation of volume licensing, the initiative takes a multi-phased approach, which began and will continue to be driven by feedback from the different licensing communities–partners, customers, and Microsoft field.

NGVL then entered the pilot phase, for which SHI was proud to be one of the handful of participating partners across the globe. On Dec. 1, 2013 the initiative reached its current phase, a controlled, but broader, launch. This current phase is not the final product. We will likely see the transformation continue for some time to come.

Today’s offering, the Microsoft Products and Services Agreement (MPSA), is simple but clearly displays the three primary tenets of the transformation. (more…)

3 tech megatrends that will redefine business in 2014

Gartner identified 10 strategic technology trends for 2014 at a symposium last fall, including mobile, the Internet of Everything, and cloud technology. As we enter 2014, several megatrends stand out from the rest, shaping the way we do business and accelerating the transformation of IT. It’s important to understand these trends beyond the buzzwords and marketing lingo. The key to preparing for tech’s imminent shift is recognizing the business drivers behind these changes and acknowledging their impact on the future of business.

Here are the megatrends that should be top of mind for IT departments and business owners alike:

Software-defined anything (SDx)

The traditional datacenter landscape has changed forever, leaving infrastructure abstracted and virtualized, delivered as a service. We’re seeing virtualization extend well beyond just computing, with storage and network virtualization quickly becoming the norm for most organizations.

This model holds true regardless of whether the infrastructure resides internally or in the cloud. Dependency on physical hardware is being eliminated as software manages everything, increasing flexibility and agility. As infrastructure becomes highly virtualized and moves toward the private cloud, traditional IT resources need to evolve or risk becoming irrelevant.

As businesses begin to consume infrastructure as a service, the skills required to architect and support these environments must evolve as well. Once infrastructure is fully abstracted and optimized, organizations can shift their focus to developing applications to support business outcomes. (more…)

Putting the value in value added reseller: Why both manufacturers and customers rely on VARs

Many organizations struggle to keep tabs on their IT assets. The number of products, manufacturers, and licensing agreements is enough to make any person’s head spin. That’s why most companies use some sort of IT asset management (ITAM) to keep track of the various renewal dates and understand what licenses they have on hand. But even then they have little strategic direction for their licensing.

Software manufacturers too have their work cut out for them. They can’t afford to spend the time and money to find every potential customer for their software. In order to earn a reasonable profit on their products, they need a base of customers and a dedicated sales force.

To make the landscape more manageable for both the manufacturers and their ultimate customers, value-added resellers (VARs) serve as a liaison, helping manufacturers get their software in users’ hands while offering customers a range of manufacturer and software options that best fit their business objectives.

It’s too difficult for one customer to attain knowledge about every manufacturer, product, and licensing option on the market, just as it’s nearly impossible for manufacturers to gain clear insight into customer markets and needs. Since both spheres are so vast, VARs meet in the middle to fill the gap.

Value add for customers

No organization looking to license software or hardware has the time or resources to research every potential manufacturer’s products and compare the costs and benefits. VARs, on the other hand, have staffs devoted to staying up to date on the products available, as well as the nuances of every agreement. When customers work with VARs, they receive advice on which manufacturers and products can best support their goals, as well as guidance on manufacturer pricing. (more…)