2014 was a banner year for cyberattackers, but not security. The high-profile data breaches of last year prove that antivirus is not enough, and the numbers of spear-phishing and web-based attacks, malware targeted at virtual machines, and ransomware continues its climb to historic levels.
Symantec highlighted the various methods hackers are using to attempt to steal company data in the 20th edition of its Internet Security Threat Report (ISTR). After a thorough reading of this April report, it’s clear that businesses of all sizes are at risk: (more…)
IT managers, take a second and think about your organization’s management of your Cisco SMARTnet agreements. If a hardware unit fails and needs replacing, how soon must that occur? When are your contracts up for renewal? If an emergency arises and you pick up the phone to call Cisco, do you know what service level your contract entitles you to?
While you think, ponder this astonishing fact: Cisco reports that 82 percent of all organizations that call into Cisco’s Technical Assistance Center (TAC) have incorrect information about their SMARTnet contracts and coverage.
Many customers have relayed uncertainty and confusion regarding management of their SMARTnet contracts to SHI. The disconnect between their contracted benefits and their understanding of those entitlements stems from four main issues: multiple SMARTnet contracts supporting a single organization, varied end dates, unaligned service levels, and SMARTnet purchases made through several different vendors.
Here’s another stat all IT professionals should know: 30 percent of all Cisco products are going end of life in the next three years, according to a recent SMARTnet webinar. Now is the time for organizations to start planning ahead and budgeting for the future. (more…)
When the federal government offers incentives to support a change, many organizations sprint to meet the benchmarks that trigger the payoffs. That was the goal when, in 2009, the government offered grant money to spur the adoption of electronic medical records (EMRs). Since 2009, 80 percent of doctors and 60 percent of hospitals have converted to EMRs, and $28 billion has been paid out to health care providers for converting paper files to digital.
A large health care provider in the Midwest was among them. Serving more than 200,000 patients, the organization had thousands of medical records on file that needed to be digitized. The company ramped up the push for electronic records to meet the government incentives, including its requirement to use only electronic records for Medicare and Medicaid patients by the end of 2013.
But as the company, like many providers, rushed to meet these new EMR requirements, it found the cyber security requirements were changing far faster than other technologies.
The organization knew it needed to ramp up security — and quickly — to continue to meet its responsibility to its patients and their privacy, and to continue to meet health care privacy rules and HIPAA requirements, while maintaining the security of the entire system. But with IT resources tied up in the switch to EMRs, how could the organization best upgrade its security? (more…)
In the past, IT security was like insurance, viewed as an expense, not a revenue generator. That perception left IT with minimal dollars allocated to securing networks, data, and other assets. But with the increase in threats, ranging from malware to data and identity theft, security has become a priority for all organizations.
Over the past three decades, businesses have developed structured security programs as federal and industry regulations became more prevalent. The Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and Payment Card Industry Data Security Standard (PCI DSS) are some of the well-known guidelines that have advanced compliance-based security.
But regardless of the industry guidelines, both compliance controls and the threat landscape have evolved, introducing a new requirement to address: risk. Security can no longer simply check the box of compliance as it could in the past. Risk is the new basis for every effective IT security program. (more…)
Dig up your high school yearbook photo and you’re likely in for a laugh — the clothes, the hair styles, the glasses are distant memories for most of us. That snapshot of 18-year-old you is unlikely to be confused with who you are today.
And yet when it comes to IT, many organizations often find themselves the victim of a kind of snapshot syndrome, the common misconception that our environments exist in the state in which they were last measured or assessed. In reality, most infrastructure, policies, and processes are in a continually dynamic state, and just like current you compared to your high school yearbook photo, only a few undergo limited changes. (more…)
IT departments are centering their sights on key software and hardware initiatives for 2015, aiming to increase productivity and enhance the entire IT environment. But there’s a pervasive obstacle to those plans that often steals IT’s focus from these goals and robs them of the time to implement them. That IT time-waster is managing the multitude of vendors that an organization works with.
Most IT departments aim for an 80/20 distribution for vendor management: 20 percent of all vendors representing 80 percent of IT’s total spend, with the other 80 percent of vendors representing only 20 percent of the spend. Typically, the biggest players in the IT market – organizations like Microsoft, Oracle, SAP, and IBM – are an organization’s strategic suppliers and fill the top 20 percent. All other vendors represent the long tail. Here’s what that breakdown tends to look like: (more…)
In his classic book “Flawless Consulting,” Peter Block lays out the three ways that a consultant interacts with clients: as an expert, a pair of hands, or a collaborator. As Block points out, when a consultant is the expert, all the responsibility rests on his shoulders, and when it’s just a pair of hands, it’s of little value to the customer. But if the consultant and client collaborate to solve a problem, everyone gets the best outcome and the most value.
Nowhere is this more clearly illustrated than in IT. Companies approach professional services organizations (PSOs) when they face an IT problem they can’t fix on their own, whether because they don’t have the skill set internally, can’t spend the time, or don’t have the resources needed to solve the problem. The best of these relationships are true collaborations. The customer has a clearly defined problem and the PSO helps the customer develop and implement a clearly defined solution.
But too often organizations approach professional services with only a vague sense of the problem, like the need to “configure hardware” or “fix a performance issue.” The timeline is hazy, the goals uncertain, and the outcome poor. These projects often take longer and cost more than if the organization brought specific needs to the table from the start. It impacts the effort required on the part of the consultant, and even how the professional services are purchased.
Here’s how to ensure a strong collaboration with a PSO and get the job done on time and on budget. (more…)
Every year we regularly schedule physicals, oil changes, car inspections, and other appointments in order to keep the systems that we depend on running at peak operational efficiency. There might not be anything noticeably wrong to necessitate one of these checkups, but that’s not really the point. The purpose is to take a proactive approach to system maintenance in order to catch any coughs or hiccups that might later call for an expensive fix.
SHI recommends a similar preventative approach to IT security. Organizations need to regularly assess their security programs to pinpoint small issues that could later turn into devastating security leaks. They can do this internally or hire a professional security services team.
To help our customers confirm that they deployed their security controls properly and identify any security gaps that might exist, SHI developed the Security Posture Review (SPR). The SPR is an assessment designed to evaluate various technical and operational security controls within an organization’s IT environment, which will help maximize security spend.
Our SPR consists of three phases: (more…)
Purchasing new hardware or software can be a costly and burdensome investment for even the most profitable organizations. But purchasing outright isn’t a company’s only option. Organizations can lease hardware and finance software and maintenance to ease upfront costs and increase IT flexibility. So before you sign that check for your next big order of desktops, servers, or software, see if any of these options are right for you.
The two types of hardware leasing
Leasing is the most common way to acquire IT equipment without paying for it up front. There are two main types of leases: the fair market value (FMV) lease and the $1 buyout lease.
The most common type of hardware lease is the FMV. It’s similar to a car lease, in that you don’t own the product at the end of the term, which is typically two to three years. In an industry known for a 36-month product lifecycle, this is a compelling benefit. The greatest part of IT is that the power keeps going up and the price keeps going down. FMV leases offer the lowest payment option since you’re only paying for the use of the product, not the purchase price. Payments are usually referred to as rent. (more…)
Cisco’s SMARTnet technical support service is renowned for its hotline of Cisco engineers ready to help troubleshoot. After all, even IT teams have to call tech support every once in a while, especially when those teams protect complex and critical systems. And the award-winning service lives up to its reputation for slashing downtime.
But to maintain service for all Cisco equipment in use, organizations need to keep a close eye on their contracts and upcoming renewals to ensure there are no gaps in coverage. And too often, renewals become a challenge for many organizations. Many companies hold between 10 and 15 SMARTnet contracts for various Cisco devices. And with so many contracts, businesses struggle to keep track of important expiration dates, terms, and conditions.
No IT team wants to find out their SMARTnet contract has unexpectedly lapsed while on the phone with Cisco to get a system back up. But due to lack of contract visibility, organizations sometimes falsely assume their business-critical devices are secured by SMARTnet. Due to unpaid renewals or missing agreements, devices can slip through the cracks, risking downtime and other damaging network issues.
Just as harmful, many organizations continue to pay SMARTnet subscriptions for out-of-date or unused devices due to knee-jerk renewals on forgotten contracts. And as organizations grow and add more Cisco services and devices, the complexities associated with managing new subscriptions will only escalate.
For organizations seeking greater visibility into their SMARTnet services, here are four easy tips to regain control over contracts. (more…)