Xvand Technology Corporation is honored to be selected as a Houston finalist for the 2013Best and Brightest Companies to Work.
As a long time promoter of the flexible workplace, this initiative is near and dear to our hearts, and we encourage you to partake in this effort.
We've found that many of the organizations that use our Houston computer services to implement a flixible workplace program have reported more productive (and happy!) employees.
The program – also called Flexworks - encourages area employers to utilize flexible workplace policies that promote business activity and improve Houston's mobility.
This year’s symposium and awards luncheon will be Nov. 7 at the Bella Elegante at 300 Milam St.
Click here to learn more about this program.
Tropical storms, like Ernesto, are once again threatening the Gulf Coast.
Thankfully, you've stored offsite data backups and have tested your disaster preparedness plan.
You have, right?
(Editor's note: If you prefer last-minute dashes to Home Depot, miles of bumper to bumper- traffic heading out of harm's way and scrambling to protect and recovery lost data, this article is not for you.)
Disaster preparedness is always better than disaster recovery. Houston-based businesses like have become all too aware of this adage.
Unfortunately, after Hurricane Irene left $15 billion in damages in its wake, the East Coast was rudely awakened to this message as well.
The silver lining in this hurricane cloud? We know from experience how to plan for such disasters.
Here's a brief outline disaster recovery checklist & plan:
1. Take inventory of IT equipment
- Take inventory of computers, equipment, supplies and receipts/verification of ownership (individual employees should be encouraged to do the same)
- Take “before” photographs for documented evidence
- Back-up power supply
- Have copies of maintenance agreements and break/fix providers readily accessible; be sure to capture serial numbers of equipment
2. Risk Assessment & Management
(Identify & categorize the risk of IT disaster on business)
- Impact on revenue
- Impact on clients/reputation
- IT systems assessment (create a spreadsheet that uses weighted values assigned to various systems, functionality and dependencies)
- Which data can the organization afford to lose?
- How long can data be inaccessible?
- Examples: Email = critical. Photoshop = less critical, etc.
3. On the Road - Mobile Device Security
- Do not back up company data on mobile devices (49% of data breaches were due to lost or stolen laptops or devices such USB flash drives – Dell)
- Use best practices for securing wireless devices
- Protect against lost laptops and remote devices
- Record all serial and model numbers of all equipment
- Laptop tracking and remote data deletion capabilities are a safe and economical way to protect company assets and data
- Contact local law enforcement and your organization's data recovery department as soon as a laptop goes lost or missing
- When sensitive data contained on laptop hard drives needs to be destroyed
- Ensure your organization is in compliance appropriate data destruction policies.
- Ask for a certificate of destruction and find out how the hard drives are disposed.
4. Prepare Disaster Recovery Plan in Advance.
Test the following on a QUARTERLY basis:
- Data access – move data to systems that will allow browser access
- Data backup, is your offsite storage facility in the hurricane path
- Data restoration - how do your vendors define “recovery” and how long is the recovery interval – have you timed it?
- Where will restore occur? Are the backups up-to-date and good? Will the data be in sync? How LONG will it take?
- Will the equipment be compatible
- Data security – cyber thieves love natural disasters, best time to strike
- System uptime – your recovery interval is twelve hours and your battery back up is good for four hours
- Data accessibility (before, during, after hurricane)
Five Questions to Ask Your DR Vendor
- What’s the recovery interval?
- Who’s responsible for restoring data?
- Do you document your backup procedures?
- How often do you test your data backup plan?
- What are staffing levels in an emergency?
Did you know that cloud computing can help create the framework for a comprehensive disaster plan? Register for a free webinar on the Five Steps to Understanding and Implementing Cloud Computing.
Photo courtesy of National Geographic
We recently shared a few practical tips on how to determine whether cloud computing services are right for your organization.
Once you've conducted an internal risk assessment to determine what "flavor" of cloud computing aligns best with your business needs, you need to ensure that the provider will deliver the desired outcomes down the road.
5 Must-Haves For Every Cloud Computing Contract
Many business executive are still unsure about the viability of cloud services or are concerned about the security of data that's not hosted at their offices. Many simply been jaded by personal or heavily-publicized news stories about cloud computing services nightmares.
To protect your business interests and ensure data security in the cloud, make sure that your cloud computing contract identifies the following five key components:
1. Determine Data Ownership
While this seems like an obvious step, some cloud service contracts state that any data uploaded to their "cloud" becomes property of the provider. Make sure that the contract clearly keeps all data and files in your company's possession.
2. Establish a Right to Audit
If you work in an industry that is bound by data security legislation that require periodic auditing of a company's data access policies and procedures, choose a cloud provider that has previously met these requirements.
Or if you've identified a cloud computing company that fits your needs, but has yet to pass your specific data security requirements for a previous client, ask if they will allow an assessment of their systems and data access policies before you engage with them - and periodically throughout the life of your contract.
3. Ensure Application and Server Uptime Guarantees
Ask for your potential provider's uptime levels and establish a guarantee with financial penalities for failing to meet the predetermined threshold. For example, let's say that during a given month the availability of the applications and the server does not meet the specified performance level, make sure that you receive a service credit based upon the monthly fee for the affected service for the affected month.
4. Establish "Exit" Provisions For Data
To avoid a messy split when the time comes to terminate the relationship with your provider, make sure that there are provisions in place to obligate your provider to retrieve and restore your organization's data, and that all copies of the your data and confidential information contained in any computer memory or data storage apparatus are properly destroyed.
5. Establish Support Response Times
The greatest IT infrastructure in the world can be rendered useless if you and your employees can't access it or can't get answers to their technical questions. Ask about your potential provider's mean time to resolve issues. Will your employees be put in a queue or will they get a live person on the line? How long will it take to get a technical expert to respond?
As a cloud computing service specializing in disaster recovery in Houston, we were asked by Jennings Wire to spend some time on their podcast to share a few steps small and mid-sized businesses should take to prepare and implement a successful disaster preparedness plan.
JenningsWire (JenningsWire.com) is a community of bloggers led by Annie Jennings. We briefly discussed the evolution of cloud computing before exploring how to approach small business disaster recovery.
We'd like to thank Annie and her team for including us on the podcast and alerting the business community on the importance of preparing for disaster.
Disaster Preparedness Plan Topics Included:
- What’s the first step small business should take to prepare for disasters? (Hurricanes, tornadoes and other natural disasters)
- What should be included in a disaster plan? How often should it be tested?
- Should small businesses consider outsourcing disaster preparedness?
- What’s the best way to find an outsourcing partner for DR planning?
- Describe an example of a successful disaster preparedness plan.
To help properly plan for disaster, we've compiled a small business disaster recovery infographic
that, we hope, helps your organization plan for future disasters.
Embed this infographic on your site (copy code below):
Does your business have a disaster plan in place? Download a complimentary 10-Step Disaster Preparedness template.
In the ever-expanding online world, and the business that takes place within it, cyber crime has become the topic of many discussions. Not only confined to the most knowledgeable IT experts today, we see words such as "Cyber-Terrorism" thrown around in our every day speech, and reports of large-scale incursions of company privacy leave many clients with a feeling of dread when it comes to dealing with online business and data storage. Instead of the traditional method to data storage, with companies investing mass amounts of capital into large data warehouses and IT staffs, there is another approach which is gaining considerable interest and use in our global economy.
How serious is cyber crime?
The threat of cyber attacks is real regardless of how many people may actually be familiar with it. It is not only those who are not computer savvy that are the most susceptible to being victims of attacks; everyone is at risk. Almost every aspect of our lives has been affected in one way or another by the digital revolution. The explosion of computer technology for personal use has given rise to an entirely new way of living for most people. Truth be told, we conduct much of our lives online now, primarily due to the ease and convenience of using computers for such activities as banking and commerce. While this shift in lifestyle has been positive overall, there is somewhat of a "dark side" to the digital revolution--unfortunately, the phenomenon of cyber crime has emerged as well, increasing almost in lockstep with the progress made in technology.
What is cyber crime?
Simply put, it is criminal activity of various kinds perpetrated through the use of computers. While certain types of illicit activity such as hacking (i.e., exploiting vulnerabilities in computer programs to gain illegal access to a network or computer system) have been around since the dawn of the computer age, for the most part it was still considered a "fringe" activity, primarily done as a means of juvenile entertainment or even to garner "bragging rights" in the underground hacking community. Nowadays, however, hacking and other variants of cyber crime are a full-blown, multi-billion-dollar industry. Due to the massive amount of financial transactions (i.e., banking, commerce, investing, etc.) that are conducted online each day, cyber crime poses a formidable threat, costing individuals, businesses and governments billions of dollars each year.
Common types of cyber crimes
Fraud consistently ranks as one of the most prominent types of illegal activity conducted by cyber criminals, with identity theft being one of the most popular crimes falling under the fraud category. Identity theft takes place when a cyber criminal gains illegal access to a victim's online financial accounts and either steals the victim's funds outright or steals sensitive information such as the victim's social security number. Armed with this information, a cyber criminal can do even more damage by taking out loans or applying for credit cards in the victim's name.
Another huge category of cyber crime comes in the form of online scams. Online "merchants" can offer goods for sale with no intention of delivering them after receiving payment, or websites can offer counterfeit goods, passing them off as authentic. "Phishing" is another form of online scam where cyber criminals attempt to acquire sensitive information such as usernames, passwords, or even bank account numbers by means of sending a fraudulent email posing to be from a legitimate institution. They will use deceptive tactics such as stating that the victim's account has been "compromised" and then asking the victim to "verify their account information", and other such methods intended to obtain sensitive account information from the victim. A more sophisticated version of this is "spoofing", where perpetrators will trick victims into entering their account information into a fraudulent website.
Other more sophisticated forms of cyber crime include the creation of malicious software (called "malware") that basically wreaks havoc on people's computer systems. Malware encompasses a broad category of harmful software including viruses, worms, Trojan horses, and other sophisticated programs that can greatly affect the performance of your computer, and many times can even render your entire system ineffective. One example of malware is "scareware", which is a software program that displays fake alerts on your computer screen to warn you that your computer has been infected by a virus. The program urges you to click on some type of button or link in order to remedy the "problem", which usually directs you to a web page encouraging you to buy some type of anti-virus software. Many times this software is not legitimate, and only serves to remove the scareware alerts that were fraudulent to begin with.
As you can see, there are a myriad of categories of cyber crime, much of which is beyond the scope of this article. If you feel as though your online security has been compromised through identity theft or some other means, it is vital that you take immediate action to prevent a cyber criminal from using your account information to access your funds. Make sure to call your bank, credit card companies, and other institutions where you may have an account (such as a charge account for a particular retail store) and inform them that your accounts may have been compromised, and to be on alert for any suspicious purchasing activity. Most credit card companies and banks have a "zero liability" or limited liability policy set in place when they detect fraudulent activity, and many of them will even freeze your accounts until you can verify the authenticity of the transactions.
How to protect yourself and your company
For any issues regarding the security of your computer, make sure that your system is updated with anti-virus and anti-malware protection in order to hinder cyber criminals from gaining a foothold. Also, don't respond to emails that ask for your account information. If you have any doubts as to whether the email is legitimate or not, contact the institution by phone to confirm that they are the source of the email communication. While cyber crime is an ever-present threat, taking these common-sense steps will prevent many of the mistakes that victims of cyber crime make, and ensure a greater overall level of online security.
Cyber crime targets businesses of all sizes
Not only do individuals have to be cautious but business too, no matter how big or small. But how does cloud computing protect against data theft, and cyber threats? By moving information off a centralized server onto a specialized cloud hosting service, this only helps to diminish the risks of cyber-threats, but creates a multi-fold approach to data security. These cloud services, through virtualization of their own software, invest more resources, time, and capital to protecting your information, and in addition to a companies' own internal IT protection, can potentially create a web of security protocols that thwarts many would-be hackers and data thieves.
To protect client's valuable information, one of the most effective methods today for data theft prevention is a phenomenon known as "Cloud Computing". The term takes its name from the abstract idea of a cloud in cyberspace - this cloud represents the vast array of connections across secure network interfaces.
While still a relatively recent form of data storage, it has nonetheless had breakaway success in businesses large and small: it is estimated that over half of U.S. businesses now use cloud computing. This has created boom for these businesses, especially those with limited personnel with advanced computer skills. This does not diminish the quality of protection. With utilizing and developing trust with a cloud computing service, a company can expect to protect its information investments for years to come.
Don't jump head-first into the cloud
To combat the risk of IT espionage, many small businesses are hiring third-party IT services, including cloud computing services. However, just because a cloud provider offers more robust security, doesn't mean you should jump in head-first. Please feel free to download the tool below to help you find the right provider.
Earlier his month, an IT employee in Delaware rigged a hidden laptop to his company's computer network to secretly read his boss's email, and threatened to make the information public unless he was paid a substantial sum.
Fortunately, the suspect was apprehended and arrested before the extortion plan could take root. However, such corporate blackmail schemes underscore the need for companies to have checks and balances within their IT departments or to hire an outside IT outsourcing or auditing firm.
While your company's IT professional is not likely quite as rogue, how do you know for certain that he/she has your best interest in mind?
5 Questions to Ask Your IT Staff
Most small business executives don't have the time, IT knowledge or familiarity to know whether their IT staff's actions are aligned with company goals. Here are five questions to ask your IT employee about your company's IT setup:
1. What happens if the server goes down?
In other words, how does the company protect against productivity and data loss in the event of a server or workstation failure? What redundancies are currently in place?
Even if the data is backed up in a secure offsite location, how long would it take to repair or replace the hardware, retrieve, restore and configure the data/software to restore operations as usual?
Has this process been tested?
2. What if a laptop or workstation is lost or stolen?
One of the leading causes of data loss is misplaced or stolen thumb drives or laptops, with the average laptop containing approximately $250,000 worth of confidential client data or trade secrets.
Is this data properly backed up? Is the company equipped to remotely wipe the data in such an event to prevent the data falling into ther wrong hands?
3. If data is corrupted, how long would it take to restore the data, if at all?
How many backup copies of a particular file are kept? How long would it take to go back and retrieve the most recent, good version?
3. What is your mean time to resolve technical issues?
For how long are company employees unproductive while they are kept waiting for technical issues to get resolved? Do the same metrics apply to remote workers or those in satellite locations where support is not as readily available?
4. What is our per-employee IT cost?
Most executives have a good idea of their one, three and five-year growth plans, and should know what it would cost to add new employees as the company continues to grow.
5. Who else has access to critical company information?
Is the IT person the only one with access to company information to the point where he/she can hold the company hostage? What checks and balances are currently in place?
If these questions can't be adequately addressed, you may want think twice about who is controlling your company's data.
How to hire an IT auditor or IT outsourcing service
To combat the risk of IT espionage, many small businesses are hiring third-party IT services, including cloud computing services. Please feel free to download the tool below to get started.
Image courtesy of Saturday Night Live.
It's human nature. When a new paradigm arises, those accustomed to the traditional model become skeptical. And cloud computing is certainly not impervious to this trend of preliminary cynicism.
Like any new model, cloud computing deserves the skepticism, if not a barrage of questions. After all, clients are being asked to hand over their data - the lifeblood of their organization to the cloud computing provider.
Like any business venture, cloud computing implementation should be aligned with business objectives. How else would one measure ROI or the success of a cloud project? On the flip side, cloud computing will always fall short when compared to utopia. Here's a recent true story to illustrate this point.
Client: What happens when one of your system components fail?
Cloud Provider: Business critical functions run in a disaster-proof data-center, on multiple, independent components that switch over automatically in the event of failure.
Client: What happens if a super-disaster incapacitates your entire data-center?
Cloud Provider: We have yet to encounter an issue, but as a contingency, the entire system is replicated in real-time to a data-center in another geographical location.
Client: What happens if a nuclear holocaust destroys the entire region?
True story. In all likelihood, the client did not have a contingency plan to protect against a mass-destructing nuclear holocaust, but it didn't matter. Perception is reality. In reality, if a nuclear bomb destroys your entire region, there's a good chance that data is not your biggest problem.
According to CIO and CFO Magazines, most executives don't have a good understanding of what their IT system truly costs their organizations. Issues like downtime, security breaches and time spent discussing IT issues are rarely factored into the equation.
Here are two steps on evaluating an onsite IT network versus a transition to a cloud computing provider:
Step 1: Know your IT Hazards (Infographic)
The following inforgraphic outlines a few of the hidden pitfalls of owning and managing an onsite IT system. Click on the image to view a larger version.
Step 2: Conduct a Risk Assessment
So how would you advise a nervous business owner or manager? Make a realistic assessment of the processes and systems involved in day-to-day operations:
Here's a sample risk assessment matrix:
- Evaluate scenarios and their probability of damage
- Identify systems, users and departments that might be at risk
- Evaluate contingencies, disaster plans, costs pros and cons
We at Xvand would like to extend our sympathies to those affected by the devastation of Hurricane Sandy.
As a Houston computer service company serving the Gulf Coast area, disaster preparedness is a prevalent topic of discussion.
Since Hurricanes Katrina, Rita and Ike ravished the region, business executives have been bombarded by seven years of accouncements and warnings surrounding the dangers and risks of natural disasters.
In 2010, the world witnessed the deadliest year in a generation. In 2011, the United States suffered a record ten weather catastrophes costing more than a billion dollars.
With so much pomp and circumstance, human nature begins to sink in. Most of us don't want to think about the potential for disaster unless it's absolutely necessary. The problem, of course, is that by that time, it's probably too late.
To help properly plan for disaster, we've compiled a small business disaster recovery infographic that, we hope, helps your organization plan for future disasters.
Embed this infographic on your site (copy code below):
Embed this infographic on your site
(copy code below):
Does your business have a disaster plan in place? Download a complimentary 10-Step Disaster Preparedness template.
Our educational institutions, whether universities or elementary schools, possess a tremendous amount of confidential and sensitive data. Unfortunately, the number of data breaches at educational institutes has been higher on average than those in other sectors, indicating that as yet, schools have failed to effectively make use of modern data protection methods.
Failing to Implement Effective Data Protection
Unencrypted data is a glaring security vulnerability from which many schools suffer. Should any storage media with unencrypted data be lost, it is almost certain that the data will be lost. By utilizing a centralized system with organization-wide access, cloud computing providers enable schools to reduce the danger that the theft of equipment will result in the loss of confidential data.
Improperly Secured Data and Equipment
In today’s world, the ubiquity of portable data storage equipment presents a challenge in maintaining data security. All too many schools have not set policies for what files may be copied to these items, nor have they created an effective inventory system to track the use and status of mobile computers and data storage systems.
By creating a policy that limits the distribution of confidential data to secure machines only, and by effectively tracking those devices at all times, the school can drastically reduce the danger of a data breach stemming from the loss of such a device. This is especially useful when all critical data is not stored on the device but in the secure confines of the cloud computing provider's datacenters.
Limiting Information Distribution
All schools have a wide variety of employees, including volunteers, student employees and outside vendors. Another source of data breaches is the failure to effectively limit system privileges to those who require them.
A cloud computing service can help ensure that all employees only have access to the confidential information they need to perform their duties. Using the management console provided by the cloud vendor management can revoke the access privileges of former employees, especially those who have been asked to resign or terminated to avoid the malicious vandalism or theft of privileged records.
Establishing a Clear Data Security Policy
The last and most serious source of data breaches is the failure to create and adhere to a clearly defined information security policy. Although the cloud computing service provides the back-end data security, schools fail to focus on making information security a part of the school culture, in addition to failing to establish managers who are clearly responsible for implementing the policy.
By creating such a policy, the school can ensure that its security policies are continually examined and updated for devices outside the control of the cloud provider, and that all employees are effectively prepared to maintain data security.
Data security requires a holistic approach on the part of the school. By working to deal with all potential weaknesses, a school can effectively protect the information of its educators, students and managers alike.
Additional Ways To Implement Security Programs
Identify goals of the security program, create a clear and defined process so that all parties involved know the correct protocol (i.e. Proper process after an employee is terminated is to immediately revoke all access etc)
Schools can implement access control management systems (there is both physical access control and logical) by implementing a logical access control system the school could restrict access to certain files or restrict users to read only so that information cannot be edited etc.
In addition to cloud computing, schools can print smart cards on-site and the cards can be used to control these access rights or used to create role based access control where based on the persons role they are granted access to specific information.
IT departments should ensure devices are regularly inspected for any malware, and updated, and should make sure that all employees are instructed on how to maintain the security of confidential information.
Special thanks to Rebecca Fischer at CardPrinter.com, a retailer providing identification printers and logical access control products to a variety of industries.
Sick of hearing about how great cloud computing is? Want practical tips on whether cloud computing services are right for your organization?
Do you need a few pointers on how to successfully transition to the cloud? Want to sound informed at your next board meeting?
As a Houston cloud computing provider, we're met with an array of opinions from the people with which we correspond. Some aren't sure about the viability of cloud services. Others are simply concerned about the security of data that's not hosted at their offices. Most have simply been jaded by personal or heavily-publicized experiences with cloud computing services.
In fact, we recently had someone tell us that they don't trust advice of IT people. Fair enough! In addition to our own thoughts, we've gathered 11 tips from experts in different fields on how to approach cloud computing.
1. Determine whether cloud computing serves a business need
You may be experiencing explosive growth and you don’t want to keep over-investing in onsite equipment. Or perhaps your employees are frustrated with the instability of your in-house IT system and you’re looking for a more stable infrastructure. Today’s businesses are no longer confined to a specific geographic location, and a centralized remote repository might be a business need.
If you find yourself not really using the clouds full capabilities, you may find that your organization isn’t quite ready for the cloud.
Bottom line: Tying your cloud decision to a specific business benefit will help you gauge and monitor the ROI of your cloud investment. (Source: IsUtility®)
2. Clearly delineate what business objectives you can achieve by moving to the cloud
Carefully list what business problems you can resolve by moving to the cloud. (Source: Sean Kapoor, Gestalt Health)
3. Determine if there any legal or compliance constraints before moving to the cloud
What should be considered for data or systems targeted to be hosted externally? (Source: Josette Rigsby, Elektronic Kopy)
4. Outsource your IT from “Day 1.”
This is because computer technology is changing so fast you won't be able to keep up with it all; and because you have enough hassles to deal with running your own business.” (Source: Shane Fischer, Shane E. Fischer, P.A.)
5. Before moving to the cloud, make sure to scope out your specific requirements and don't over-buy.
A big benefit of the cloud is being able to easily upgrade but buying too much up front and getting locked into a contract with that configuration could end up costing you much more. They can always sell you more horsepower later. (Source: Mike Ogburn, ABC Signup)
6. Find out what your employees need before moving to the cloud
All sorts of new work strategies will be revealed as a result of this internal assessment and discussion - make good use of the information and use it to design your cloud interface well and sufficiently (Source: Billie G. Blair, PhD, Change Strategists, Inc.)
7. Take a holistic approach to cloud computing
Examine how your business processes are supported (or not) by the systems and people in place. Determine what's redundant, what's inefficient and where there are gaps. Then build a holistic delivery model for technology services that identifies the functions that should be performed in-house versus by a third party and the technological architecture associated with those functions.
Based on that delivery model, the company can then build a sourcing strategy to determine what functions should be outsourced, to whom, and when. (Source: John L. Nicholson, Pillsbury Winthrop Shaw Pittman LLP)
8. Do diligent research on the security levels of your cloud computing provider.
Many cloud computing providers are created for convenience – and not security – so be prepared to ask a prospective provider some tough questions. Due to the ‘shared’ nature of the cloud, knowing about a cloud computing provider’s security features is a key component in your search for a provider. Do they outsource some of their data security features? If so, to what extent? If you need a password for every new screen you move to, that may be an indication that more people than you realize are handling your information.
Bottom line: Your cloud provider should have impeccable security history – ask if they’ve ever been breached or whether you will be notified when/if they are breached in the future.(Source: IsUtility®)
9. Ensure the agreement with the cloud provider acknowledges your rights
Make sure you contorl who has access to data and under what circumstances. Be careful of a “click to acknowledge“ agreement that may be subject to change at the service provider’s option. (Source: Livia)
10. Determine data portability and retention in your cloud computing contract.
Make sure you fully understand the policies around secure deletion, data retention/requests and what happens to your data if you sever the relationship or the cloud vendor is acquired/goes out-of-business.(Source: Chris Caldwell, LockPath)
11. Develop exit clauses to mitigate the pain of cloud computing vendor lock-in.
(Source: Rob Barrish, GfK Business & Technology)