Category: information security

Posted on

Mobile Device Security is a Moving Target

Mobile Device Security is a Moving Target

mobile-devicesAs businesses mobilize their workforces and processes the volume and variety of sensitive data passing through and sitting on mobile devices increases dramatically.  Even though the business owner or IT manager may recognize the importance of mobile data and device security, doing something useful about it is altogether another issue.  New considerations enter into the picture frequently, turning mobile security into a moving target. Protecting the business – the organization, its employees and its customers – requires adopting mobile security strategies that cover a broad range of issues.

First of all, is there any means of monitoring the activities of the connected or mobile devices?  Knowing which devices are interacting with your information would seem to be an essential part of business information security, yet smartphones and tablet devices often fall under the proverbial radar of IT or business management.  Actually, business management is likely among the base of users with the very mobile devices in question.

Are there ways to limit what information is accessible via these mobile devices, and is that data encrypted?  Consider also that data is sometimes at rest (like when it is just sitting on a hard drive) and sometimes in transit (like being uploaded/downloaded/transmitted over the wire).  In either state, the data should be encrypted in order to be more secure.

Is there a standard set of apps or services that users can enable, or is it pretty much personal choice?  Too often a user will innocently install a malicious app on their device, exposing the business to a variety of potential threats.  Creating strict policies around app selection and use is a really good idea, and finding a way to actually enforce them is even better.

The big issue is separation of work and personal apps and content.  Especially in small businesses where personal devices are the norm (well, not just in small business… Hey Hillary!) it is quite a challenge to create any useful separation between personal and business use.  The mobile device is often adopted as a personal choice of the user – who elects to invest their personal mobile device in their work – so exacting any real level of control in how the device is used is tough.  The security of the information is only as good as the security of the device, meaning that it is usually up to the device owner to decide if a password or pin is required.  Unfortunately and for the sake of convenience, there is often little or no real security on the device meaning there is no real security around the information on the device in the event that it becomes lost, stolen or compromised.

There are a lot of things that the business can do in order to improve the security of their business data in a mobile device environment.  Here are a few of the basics:

  1. Have defined procedures for what happens when a device is lost or stolen; make sure they’re followed
  2. Have a way to do a remote wipe of the device
  3. Make sure all devices lock after a period of inactivity, and that they have password or pin protection
  4. Have a mobile device use policy, and make sure all employees understand why it matters and agree to it.

jmbunnyfeetMake Sense?

J

Posted on

Confused about QuickBooks and the Cloud? Join the club

cloud-computingIn most regions around the country high-speed broadband is readily available, and using the Internet for working and playing online is a part of everyday life.  Facebook and Twitter and Instagram are household names and just about every conversation starts or ends with a reference to a meme.  It seems that everyone is connected and app-savvy, using high technology while doing business, doing homework, or doing just about anything.  Yet this move to online and cloud technologies has come with a high price tag for some businesses, especially small businesses trying to keep up with the pace of change and who are being encouraged to adopt just about every new thing that comes their way.  It’ll make them more efficient, more profitable, more attractive to customers, more interesting to prospects, and will allow them to do more in less time.  All of the “apps” for this and that have created a great deal of confusion for the average small business owner who may need a few tools to help get business done, and who is now facing the daunting task of figuring out which ones to use as the type and number of tools grows exponentially every day.  It used to be so simple, but now even the simple things are becoming difficult to understand – like QuickBooks, for example.

QuickBooks desktop editions, born from Quicken personal finance management software, continues to be the most popular small business bookkeeping solution available.  Yet QuickBooks is now offered as either desktop application (software you install on your PC), as a hosted solution (software installed and run on service provider systems and which you access via the Internet), or as an online application (QuickBooks online edition).  Initially, the lines were fairly clearly drawn – the desktop software gets installed on the local machine and the online edition runs from Intuit’s servers.  Then things got a bit more complicated as hosted services rolled out, and users were able to have their desktop QuickBooks managed with a service provider and accessible via an Internet connection.  Now, just to add to the confusion, Intuit delivers a new desktop app to access the online version of QuickBooks.   What?!  Yeah, you heard me.  There’s a desktop app to install to the PC (97MB!) that accesses the QuickBooks online system.

When Intuit, like to many other software companies, began pushing the online-only version of their solution, the messaging was all about making life easier with “no software” to install or manage.  Customers could simply sign up and have all the features and capability they need using only the browser on an Internet-connected machine.  Failing to consider that computing devices (PCs, tablets, phones, et al) continue to get smarter and more powerful each day, the software companies firmly believed that everything would eventually be on the Web, and the “access device” wouldn’t matter any more.  However, things haven’t turned out quite as planned, and users continue to not only demand desktop and device-based apps, they will often forgo the browser-only approach until a better app and interface comes along.  The truth is that the market wants apps and software running on their devices because the user experience and performance is almost always better than with a purely browser-based approach.  Browsers are great for visiting websites, but not so much when it comes to running business applications.  Sure, there are a lot of browser-based solutions out there, but not too many of them are as trusted or as heavily used as their desktop-based counterparts or competitors.

There is little argument to be made regarding the fact that many software developers are working towards entirely online application models, where little or no software would exist on the device and all data is managed and stored online.  What is arguable is whether or not the “fully online” model will ultimately win, or whether software will continue to be installed and maintained on the device.  Performance, functionality, integration with other applications, and usability will all influence the buyer’s decision regardless of the marketing hype.  It may simply be that users will have to try each model before they decide which one works best for them.  It seems that, with the introduction of the desktop app for QuickBooks Online, the QuickBooks-users club has voiced an opinion which sounds a lot like they liked the desktop software approach best.

Joanie Mann Bunny FeetMake Sense?

J

 

Posted on

Formula for Success: The Cloud and a Pair of Bunny Slippers

Formula for Success: The Cloud and a Pair of Bunny Slippers

drawn-bunny-slippersInformation technology and the “cloud” is amazing.  With the right IT resources and connectivity, individuals and small businesses are able to compete at global levels with much larger organizations, and are proving that placing focus and attention on the right aspects of the business helps the business perform better. The right IT approach is to use technology to make the business smarter so more gets done in less time and with fewer resources – this is wearing the bunny slippers.  The goal is leveraging systems, software and connectivity to be more efficient and effective, creating the time to stop and think for a while, innovate, or simply relax.

Too often the business owners or managers are tending to computers and systems which simply support status quo and aren’t spending their quality time growing and managing the business – getting more clients, creating new products, rising above the competition. Cloud computing models play a big part in changing that standard, supporting new levels of business sustainability and supporting process improvements never before imagined.

Cloud computing is now integral to many business technology models because the potential benefits are great.  Cloud computing solutions and outsourced information technology management allow businesses to focus on what they do best, and  not on the IT supporting it. These solutions and services are in high demand because they allow businesses to scale easily and affordably, paying only for what is needed at the time.  Improved collaboration and centralized access to applications and data make cloud computing models an important consideration for every business.

I’m not the only one who recognizes how beneficial the right IT approach and anytime/anywhere access can be. Others have recognized the freedom and flexibility these new technology models have enabled… and know the value of a pair of bunny slippers.

Joanie Mann Bunny FeetMake Sense?

J

Doing Business In Bunny Slippers Around The Globe.

Susan Solovic

When I first started my business, like many start-up operations, I decided to work from home.

I equipped an empty bedroom with a card table for a desk, cardboard boxes for filing cabinets and my dogs served as my office assistants. Voila! I was ready to roll, and it was great.

I could go to work in my fuzzy pink robe and bunny slippers. After all, no one other than the dogs would know.

Start-up business operations are always strapped for cash. It’s much less expensive to conduct business from your home than to rent commercial office space. And thanks to the Internet and technology home-based businesses can easily become international enterprises.

Read more at http://www.business2community.com/startups/doing-business-in-bunny-slippers-around-the-globe-01252506

 

 

Posted on

Two Ways to Get QuickBooks in the Cloud

Get QuickBooks in the Cloud: Hosted QuickBooks Desktop or QuickBooks Online

cloud-computingRunning applications online, or “in the cloud” using today’s parlance, is top priority for a lot of businesses.  It’s not that these organizations have a burning desire to post their financials to the web, which is what a lot of folks thought was going to happen when we first suggested they use their financial applications online.  Rather, business owners and managers have begun to recognize and experience the benefits of connecting their various locations, remote and mobile workers with real time access to business applications and data.  Further, centralization of IT coupled with outsourced IT management and subscription service pricing has introduced financial and operational benefits which make businesses more cost-efficient as well as more agile.  From being the basis for foundational process and workflow improvements to allowing the repositioning of IT costs from capex to opex, online application services are proving their value in various ways every day.

The evident popularity of cloud solutions is clearly visible in one small corner of the global software marketplace: the small business accounting solution market. Intuit’s QuickBooks product, almost a default go-to with entrepreneurs and small business owners, is still the most prevalent accounting solution in use by US small businesses.  While there may be growing usage of other applications on the web, such as Xero or FreshBooks (both are awesome SaaS apps that do what they do quite well), there is equally strong growth in Intuit’s own SaaS version of QuickBooks.  The SaaS applications are easier to localize for different places in the world – different languages and currencies – so international use of these products is likely to continue to grow.  Even more to the point, these solutions address functionality and pricing levels which are acceptable to entirely different classes of users that previously wouldn’t even consider buying accounting software to do the books (like freelancers and solo/soho operators), so the overall size of the market of “businesses who use accounting or bookkeeping software” is actually growing.

Intuit’s QuickBooks Online edition is a true SaaS solution that is quite different from the desktop-based QuickBooks.  While QBO has gained tremendous popularity, it has yet to reach the user numbers the desktop products have.  The desktop solutions boast not just a particular range of functionality, but integrated applications and add-ons, and – perhaps most importantly – being a foundation for a wide variety of financial and business record keeping, bookkeeping, accounting, operationally oriented and reporting processes.  To sum it up: it’s embedded.  People know the software, the data is in a known format, and the product is simply part of how the business operates.

Once a solution is as entrenched as QuickBooks is – kind of like the entrenchment Microsoft Word and Excel have in the productivity area – it doesn’t go away very quickly and only when the value proposition is much greater… and maybe not even then.  Rather, folks find ways to make the solution they want work for them.  This is where hosting comes in and meets with the market’s demand for running applications (yes! even desktop applications!) online, as managed subscription service.

Running your QuickBooks desktop online via a hosting provider is how businesses take advantage of the best benefits of SaaS without actually converting to a SaaS application. They retain investments in training, process and integration yet introduce mobility, remote access and office connectivity, centralized information and predictable costs. QuickBooks-using businesses need to know about hosting their QuickBooks and the providers who can offer anything from standardized to extremely customized service.

As technology continues to evolve at ever-increasing rates, businesses will continue to be faced with new paradigms for doing business.  Some will adopt early and some will adopt later, and some simply won’t adopt.  Certainly the market as a whole doesn’t adopt as quickly as software companies would like, but then that’s always the way it is.  Customers will do what works for customers, and right now hosting is working for QuickBooks customers.

Joanie Mann Bunny FeetMake Sense

J

Posted on

EMV and Retail – Your Trusted Advisor Should Be Advising You about This

EMV and Retail – Your Trusted Advisor Should Be Advising You about This

EMVChipCardThere is ‘big change a comin’ for retailers, merchants and any business that accepts credit cards for payments, and there are a great many businesses that are completely unprepared for it.  The change, what is being referred to as the “Payment Networks’ Liability Shift”, goes in to effect in October 2015 and places the burden of liability for fraud squarely on the shoulders of the merchants and card issuers who are not compliant with certain payment system security standards.  Accounting professionals and Trusted Advisors – here’s one of those things you should be helping your clients with.  Help them get informed, trained, and prepared.  Help them to understand the risk and decide on a course of action.  This is part of what makes a trusted advisor: they got your back.

The way things generally work in the US today, a fraudulent charge on a credit card is likely to end up being covered by the credit card company (the issuer). Starting in October, retailers are supposed to be able to accept payment cards with EMV chips (named for the founders of the standard: Europay, MasterCard and Visa), and must process those cards using the compliant technology that takes advantage of what the chip processing and security offers.  If these conditions aren’t met – like having a POS or payment terminal not capable of reading the EMV chip – the merchant is on the hook for the fraudulent transaction.  Given the volume of credit card and payments fraud in the country you’d think that most merchants would already be ready for this, but replacing all the POS and terminal equipment could be pretty costly.  It may take a bit of analysis to understand the real risk and compare that to the cost of compliance.  Certainly it makes sense to always be in compliance, but there are always factors which influence how quickly (or how completely) compliance may be met.

The liability shift is part of the influence being leveraged to get businesses to adopt newer and more secure models of electronic payment acceptance and processing.  It is simply the case that the magnetic strip on a credit card isn’t good enough any longer.  The new EMV Chip reading payment terminals require that the card be inserted and processed by the terminal rather than simply swiping the magstrip across a reader.  Over 40 years of using the magstrip approach has helped to earn the United States a top spot on the leaderboard for credit card and financial fraud, and we seem to be lagging behind in adoption and implementation of the EMV technology even though it has been shown to seriously curtail fraud even as payment card usage increases.  The EMV chip process, which encrypts information about the card so that even the local POS system doesn’t get access to it, is far more secure and is being widely adopted and used in Europe, Canada, Latin America and the Asia/Pacific regions.  Now the clock is ticking for US businesses to get ready to either update their systems or accept the liability for not doing so.

The shift in how payment cards are made and processed is simply one of many changes which will continue to occur as technology and human ingenuity continue to be applied in both good and not-so-good ways.  Recognizing that the pace of change is increasing, businesses must find ways to remain informed and prepare for those changes which will impact the business operation and sustainability.  This is among the essential roles the trusted advisor plays, and the current imperative simply underscores the growing need for such advisors by business large and small.

jmbunnyfeetMake Sense?

J

Posted on

Confusing Value Propositions: Cloud Platforms and Hosted Applications

it-balancing-actConfusing Value Propositions: Cloud Platforms and  Hosted Applications

When a service provider is in the business of selling computing resources – like bandwidth, processors and memory, and disk storage – it makes a lot of sense to also leverage the value of software products and systems which drive consumption of computing resources.  In short, they market and sell software that runs on the platform in order to get folks to buy the platform, no different from selling desktop and server software in order to sell the hardware to run it.  It’s just that these days the hardware and networking components are often referred to as the “platform” or maybe “the cloud”.

Let’s face it… cloud computing platforms are just no fun if there’s nothing to run on them, and a hard drive has little value when there isn’t anything stored on it.  Once there is something there – an application, data… something – then the part has actual value in terms of driving revenue.  This is the difficulty and the basis for confusing value propositions when it comes to offering and delivering services in the form of a hosting platform.  Once again: platforms are just no fun if there’s nothing to run on them.  Is the value is really about the applications, not the platform? Or is the value in the platform, because it’s necessary for running the applications?

The truth is that both are essential parts of the entire “solution”, and the value of how the solution is packaged and offered is purely up to the purchaser to determine in terms of applicability to the business.  When it comes to hosted application offerings for businesses, there isn’t a single one-size-fits-all approach that will work.  Sometimes people want to purchase from different vendors and put their own solutions together, and sometimes folks want turnkey delivery of whatever they need.  Even channel partners and value-added resellers are finding that, with diminishing margins and aggressive competition prevalent in the market, removing the time-consuming aspects of solution delivery becomes paramount to achieving some level of profitability on the work.

What this means is that providers are looking for ways to increase the overall value and usability of their solutions, and when it comes to platform services there are only two directions to look: automation to support self-service, and application software delivery to drive consumption and usage on the hosting platform.

So now we’re back to the applications again.  There’s no way to avoid them, but there’s no great way for platform companies to engage with them, either.  Working with business application software is sometimes complicated, often annoying, and can be exceptionally time-consuming and resource intensive. And there are few licensing models which make it really easy for hosts and ISVs (Independent Software Vendors) to work together.  Then, of course, there is the desire for exclusivity on one side or the other.

Software companies don’t generally want to select a single platform provider for their software for a very simple reason: they don’t want to limit their potential user base.  Now that Windows platform is available just about anywhere – on local computers, on mobile devices, from platform and infrastructure hosting providers – how does the ISV make a decision on a single delivery channel or model or provider?

Some lean towards working with hosting providers to create branded, point-deliveries of the application.  Too often, however, this approach removes the ability for customers to benefit from other applications or integrations, eliminating some of the value of the solution and certainly curtailing benefits for integrating partners of the ISV.

Host it themselves?  The last thing most software developers want is to be responsible for hosting and maintaining some other guys’ software products; they have enough to worry about with their own offerings.  If the solution is standalone, maybe this approach works.  But there are few solutions made for the desktop which don’t have some strange integration point with MS Office apps, Adobe reader, Internet browsers or other things prevalent on the user desktop.

There isn’t any proven or easy path for software developers, IT suppliers or small business customers looking to create mobility and managed subscription service around desktop and server applications, and there is likely never going to be a single story line that all will follow.  This is among the reasons for the popularity of the “hybrid” cloud approach and growing importance of managed application hosting and ISV-authorized delivery models.  Yet even key providers in those areas have a tough time really communicating what they do in a way that is meaningful to the buyer.  Are they selling a platform, applications, or both? Folks in the industry know the jargon and how to use it, and are often skilled at adjusting their language in order to obfuscate or confuse certain sticky issues regarding software licensing in the cloud and other similar aspects of hosting.  It’s no wonder that many customers remain confused as to what, exactly, they’re being asked to buy, and where the lines of flexibility and responsibility are drawn.

The applications justify the platform, and there are possibly multiple platform approaches to delivering the app. It is a confusing situation for business buyers of IT as well as for their resellers and suppliers, and the increasing number of options for how businesses approach purchasing and using information technology makes it unlikely that the process will become as simple as some suggest.

jmbunnyfeetMake Sense?

J