Category: IT Management

Posted on

The Cloud and the Business Desktop

Cloud computing is here – no longer is it considered to be temporary or just a fad.  Even though there are many businesses in the country without access to high quality high-speed Internet connectivity, the levels of investment and revenue surrounding cloud and mobile computing solutions and technologies has proven that mobility and managed service matter to those who are connected. What’s interesting is that the popularity of the cloud and the emergence of cloud-based applications and services haven’t really put much of a dent in the need for the desktop, which remains as the business workhorse and – connected or not – represents the foundation for business productivity and getting work done.

Some years ago, business applications began to emerge in SaaS (software-as-a-service) format, meaning a customer could simply subscribe to an application on the web rather than purchasing and installing software.  This option clearly resounded with many business customers and ushered in an era of online application services oriented specifically toward mobile users. Yet the desktop remains as the place where online solutions meet productivity (export any online data to an Excel spreadsheet recently?) and where accounting and finance connect with the rest of the operation.

Believing too much of the marketing-speak around cloud computing, many business users believe that they can only remotely access business software solutions if they are “cloud” and subscription model applications, and that the desktop products they know and have invested in cannot be available to them in a fully managed online model.  In fact, a large number of the business owners I speak with that actually use hosted desktop services somehow believe that the software they are using is something special and different from that which would be installed to their PCs. The fact is that the software is not different, regardless of what they may think. More often than not, the hosted applications are EXACTLY what the customer had previously installed (or would have installed) to their own computers had they not been working with a hosting provider.  Whether they are hosted or not… the desktop products generally function with all the features and capability designed into them because they are hosted on platforms they were designed to run on (like Microsoft Windows, for example).

Customers of the QuickBooks hosting companies often refer to their systems as “QuickBooks cloud, but not the online one”, not really understanding that it is simply the full desktop application that is being hosted for them.

Regardless of how many online application services emerge, and even if (IF) web-based versions of our favorite word processing and spreadsheet software become as useful as the installed kind, there will still be a need for the desktop if for no other reason than to make it easier to use and work with a variety of solutions at the same time.  Perhaps this is why remote desktop computing and hosted application services are becoming increasingly popular approaches to cloud and managed computing services.  The user benefits from having the feature-rich applications they need and a single place to access them and make them work together (the desktop value proposition), yet is able to have remote and mobile access, comprehensive system management and maintenance, data protection, helpdesk support and affordable monthly payments (the cloud value proposition).  In many ways, application hosting models represent the best of both worlds for the business.

JJoanie Mann Bunny Feet

Make Sense?

Consider how beneficial it would be to businesses who want the advantage of remote desktop and mobile access to applications to be able to run their QuickBooks (feature-rich desktop QuickBooks) and/or other business applications in an anytime, anywhere sort of environment. Businesses can obtain hosting services for QuickBooks Pro, Premier, and Enterprise – allowing organizations to have their QuickBooks financial applications managed, protected, secured, and made available to users all the time and from any location. Some hosting services may also support integrations and extensions for QuickBooks – for both desktop and Web-based applications and services. When the host can provide authorized subscription licensing for Microsoft Office, a business can have a complete, outsourced IT solution and pay only monthly service fees to get it. No installation or system management to worry about: the QuickBooks financials, the productivity, the operational systems and plugged-in applications can all be hosted in the cloud.

Posted on

Run Your [New, Small, Growing] Business from Anywhere

The office for a small business used to be where all the work got done.  The hub of activity and productivity for a small business, the office was where you could connect with team members and co-workers and generally keep on the same page with what was going on in the business.  Customer orders are taken, those orders are fulfilled, and bills are paid – all from the small business office.  Yet today’s small business isn’t tied to the office location any longer.fishingpoles

Mobility and the cloud now provide businesses with mobile office options that allow users to get their jobs done no matter where they happen to be.  Business moves at a fast pace, and mobility and remote access solutions help companies be more nimble.  Collaborating while on the go and exchanging ideas and concepts quickly helps businesses be more agile and better-able to meet changing customer needs.  Successful small business owners leverage mobility and action to beat the competition.

The cloud and Internet-based computing lets small businesses access and benefit from IT solutions that were previously only available to enterprise organizations.  Better IT means being more competitive, giving smaller businesses a leg up and positioning them among even the largest of competitors. For the business owner, the freedom of being able to manage the entire business from anywhere delivers a freedom and flexibility previously unimagined.

Here are some ways hosted and cloud-based IT can help small businesses overcome everyday business challenges:

Reduce or Eliminate the Need for a Physical Office

Starting a business is tough, and many small business owners decide to use their own homes as a business location rather than forking over a bunch of lease money to a commercial realtor.  Using hosting application services and cloud technologies can help keep team members and co-workers working together, no matter where they are located.  Many businesses are able to get off the ground and operating successfully without ever having an established office.

Work when it Works for You

Remote desktops and hosted applications deliver functionality to users no matter where or when they need to work.  With ready access to everything needed to get the job done, workers are able to be productive even when they’re not at a desk (or even a computer!).  Smartphone and tablet apps can make working from a mobile device highly effective, extending productivity and capability to workers whenever and wherever it is required.

Keep Everyone on the Same Page

When systems are centrally located and accessed, it is easy to keep everyone on the same version, the same edition, and the same page.  No matter where users are located, documents and application data are kept in sync, ensuring that everyone is working on the most current information available.  Mobile access to applications and data keeps information from being distributed to various devices, making revision control easier and providing better protection for valuable business information.

Mobile computing and the cloud make it easy for small businesses to have better IT that enhances productivity and supports growth.  Reducing capital costs and exchanging large technology investments with affordable monthly subscription service gives small businesses the boost they need to implement the solutions and services which will develop and improve collaboration, streamline workflows, and reduce overhead costs while enabling a fast-paced and agile business ready to meet any challenge.

jmbunnyfeetMake Sense?

J

Posted on

Securing Business Data When Mobility is the Target

driving1-ANIMATIONToday’s workforce is a mobile workforce. Technology has enabled businesses to allow their employees to reach beyond the office walls, doing business and operating effectively from just about any location.  SaaS, online access to business data, and smart phone technologies have brought flexibility in working models previously only imagined by the workforce tethered to business locations and office computers. Yet this flexibility comes at a price if the business is to keep up with securing and protecting data assets as readily as it extends access to them.  The bad guys are well aware that mobile computing and remote access working models are growing in adoption with businesses, and are finding ways to take ever-greater advantage of the situation.

Teleworking, which is not quite the same thing as telecommuting, is on the rise and it doesn’t look to be a trend that will slow down any time soon. According to GlobalWorkplaceanalytics.com, “telework is defined as the substitution of technology for travel”.  Those who work sometimes from an office, but sometimes not, are teleworkers. Working at the office during the day and then taking work home at night makes you a teleworker. The primary tool of the teleworkforce is the smart phone – the mobile computer with built-in connectivity and enough processing power to handle many basic office workloads.

  • 50% of the US workforce holds a job that is compatible with at least partial telework and approximately 20-25% of the workforce teleworks at some frequency
  • 80% to 90% of the US workforce says they would like to telework at least part-time. Two to three days a week seems to be the sweet spot that allows for a balance of concentrative work (at home) and collaborative work (at the office).
  • Fortune 1000 companies around the globe are entirely revamping their space around the fact that employees are already mobile. Studies repeatedly show they are not at their desk 50-60% of the time.  http://globalworkplaceanalytics.com/telecommuting-statistics

The number of teleworking employees is on the rise, and so is the variety of devices used to facilitate mobile working.  Smartphones, tablets and phablets and, of course, laptop computers are used by mobile workers – often in addition to the company-supplied desktop in the office. The variety and number of computing devices per user is growing. Knowing this, businesses must take increasingly expansive steps to strengthen and secure remote access systems and business data, yet many organizations are just beginning to fully realize that the mobility they extend to their users is part of the reason for the increasing number of data breaches and attacks against business information systems.

Cybercriminals and their crafty programs are often able to steal important information or access a network by first infecting computers and devices used for telework.  Many of the devices available to the attackers are not company-owned, but are introduced to the system by contractors, vendors and employees (BYOD or bring-your-own-device users).

Even if the device isn’t a vehicle delivering a nasty payload into the network, data breaches may still occur when business information is stored on an improperly secured device. Most people who work with computers have some recognition of the potential for virus attacks and malware, but far fewer recognize the threat potential of attacks against mobile devices such as phones and tablets, and even fewer may implement meaningful protections on those devices.

“To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices,” said Murugiah Souppaya, a NIST computer scientist. [1]

Providing guidance and information to the public on such topics, NIST (National Institute of Standards and Technology) is revising its publications on telework to cover growing use of BYOD and how contractor and vendor devices are increasingly used to access company information resources.  Two new publications – one for organizations and one for users – are now available for review and comment.  You can find them here.

“As one of the major research components of the National Institute of Standards and Technology, the Information Technology Laboratory (ITL) has the broad mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology, mathematics, and statistics.”  [NIST Information Technology Laboratory Mission]

The rising number of threats, attacks and breaches caused by compromised devices used for teleworking is nothing to take lightly, and protecting against them shouldn’t be approached as a merely perfunctory obligation. Organizations must create and consistently update policies and requirements relating to protecting information accessible by remote workers if they intend to reduce business risk and provide assurances to stakeholders and customers that the information is adequately guarded.  But it doesn’t stop with the policy; businesses must also make an effort to properly educate their users (employees, contractors, vendors, etc.) on those policies, ensuring that all parties involved understand the responsibilities and requirements and strictly adhere to them.

jmbunnyfeetMake Sense?

J

[1] http://www.nist.gov/itl/csd/attackers-honing-in-on-teleworkers-how-organizations-can-secure-their-datata.cfm
Posted on

Mobilizing QuickBooks Desktops

 Hosted QuickBooks for Remote and Mobile Access

There was a time not too long ago when the “thought leaders” in information technology said that the desktop is dead, and all software will be accessed via the web. (Note: I put “thought leaders” in quotes because industry thought leaders are often those with the greatest media influence.  After all, you can’t lead them if you can’t reach them, right?). The whole no software thing is a dramatic oversimplification of what is happening with computer software, but one thing is kind of coming true: nobody wants to be tied to their desktop.  It’s not that the desktop is dead… it’s just not all there is. For users of the desktop editions of Intuit QuickBooks software, the question really isn’t whether they intend to give up their familiar and trusted software to use a different, online solution. The question is how to use the QuickBooks desktop software they want in the cloud so they can use it on desktops that aren’t the primary desktop computer, or on mobile devices.

Computing technology has finally reached a level of accessibility that was previously only imagined in science fiction stories.  Communicating instantaneously with anyone anywhere around the world; accessing extensive (limitless?) libraries of information, art and music with a simple handheld device – these are the things that people do every day without a second thought.  Business users may even be able to access their business documents, email, contacts and appointments etc. from mobile devices, enabling a productive and functional mobile workforce.
desktop-appsYet the desktop remains as the primary workhorse for most business users. This is where the productivity applications live, where large spreadsheets and full-screen applications are run, and where keyboarders and production data entry users operate.  Tablets, touchscreens and mobile devices just don’t provide the same capabilities unless you tether them to full size monitors and keyboards.  Even then they may not because they might not run the same OS as the desktop.  The point is that the desktop hasn’t gone away and isn’t likely to any time soon.  Users may use more mobile apps and devices, but this isn’t diminishing use on the desktop as much as it augmenting it.  This is what fuels the interest in application hosting and virtual desktop computing models – the desire to mobilize desktop and network applications and working environments.

Hosting applications and data gives businesses the flexibility of working in desktop applications and accessing data just as if they were in the office, yet users may be located anywhere there is Internet connectivity. When the applications and the associated data are managed in the datacenter, businesses are able to centralize their information assets and manage them more effectively than if the data were distributed among multiple computers.  While most sync and share solutions require files to be downloaded to local computers in order to open and edit, a hosted application service with virtual desktops and file sharing provides a security model which keeps business data secure yet available for user access without compromising security by downloading information to the user device.

A hosted solution approach can make license utilization more efficient and compliance easier to maintain, too.  By enabling access to applications on a centralized platform and eliminating the installation and maintenance of software on individual computers, businesses reduce the reliance on local IT personnel to install and update applications and user accounts, and improve their ability to control application assignments and usage.

Hosting helps businesses take advantage of technology that would otherwise be unaffordable, and delivers the mobility and centralized management required to boost productivity and contain costs.  There is a high cost to managing a business network, and creating secure mobile access to that network can represent an exponential increase in IT spending (just to initially set up, not to mention ongoing costs for security management, monitoring and support). Rather than taking on the entire burden of service management and delivery directly, businesses electing to work with hosting providers find that they are able to focus more on business operation, strategy and growth – and spend less time worrying about the IT supporting them.  Costs are reduced, workers are empowered, and capabilities are increased while knowledge and process investments are preserved.  When it comes to mobilizing business applications like QuickBooks desktop editions, it all starts with a hosted approach.

Joanie Mann Bunny FeetMake Sense?

J

Posted on

Payment Card Roll Call: “Not Present” fraud likely to increase as EMV takes hold

Payment Card Roll Call: “Not Present” fraud likely to increase as EMV takes hold

rollingballNo retailer wants to become the next Target (pun intended).  Payment card fraud costs businesses and consumers billions of dollars every year.  What’s even more frightening, many of the breaches in the news are the result of innocent participants inadvertently granting access to the bad guys.  The Target breach in 2013 exposed the data of 110 million payment cards.  Hackers got into the network using perfectly good credentials of the HVAC company.  Sometimes password security just isn’t enough, which might bring in to question the security of all those SaaS subscriptions and online shopping sites folks use these days.

EMV chip technology, the standard around the world which has just recently become a standard in the United States, has done a lot to stem the tide of credit card fraud in other countries.  As it was implemented in various countries, guess where it pushed the fraudsters?  Where the anti-fraud technology wasn’t, of course! The United States was among the laggards in requiring EMV chip technology for payment cards, opening the door for bad guys and turning the US into a veritable haven for credit card fraud, “accounting for nearly 50% of global fraud losses, according to the Nilson Report[1]”.

EMV chip (or chip and pin) technology will go a long way to prevent credit card fraud for businesses accepting payment cards… in-person and counterfeit card fraud, anyway. Online retail, on the other hand, not so much.  A chip on the card doesn’t really help when the transaction is completed with the card not present (CNP).  Some industry analysts suggest that CNP fraud losses will exceed $6 billion within the next few years, making e-commerce and online payment security a high stakes game for even the smallest of retailers.  As it gets more difficult to hack the payment system when the card is presented, bad guys will fall back in even greater numbers to the card-not-present model to find their victims.

Online retailers and service providers must take additional steps to secure their systems and protect customers and business partners, and face the challenge with the understanding that effort must be ongoing as new threats emerge. Tokenization is a prime method of layering the system with security, making the merchant system somewhat less of a worthy target by not storing the card data in the system.  Even if the system becomes compromised, the bad guys wouldn’t find customer payment card information.  There are numerous other steps a business can take to secure the CNP sales, including applying behavioral analytics which might identify rogue activities, or using 3D Secure to authenticate a cardholder’s identity at the time of purchase.   The point is that CNP fraud is likely to spike as EMV technology takes a firm hold in the US.

Card fraud is already escalating rapidly for ecommerce retailers and other card not present channels – it didn’t take EMV to start on that roll but it will surely give it a push.  Paperless payment systems, SaaS subscription services and online application service usage are increasing dramatically and there’s no chip to get in the way of these transactions.  Sellers of any and every service utilizing online payments need to now pay particular attention to system and information security.  The risk has always been there, and EMV chips and other shifts in pay card technology simply give it a push.

jmbunnyfeetMake Sense?

J

 

[1] Chipping away at Credit Card Fraud with EMV; Information Week Tech Digest powered by Dark Reading, Nov 2015; NilsonReport http://www.nilsonreport.com/publication_newsletter_archive_issue.php?issue=1071

Posted on

Mobile Device Security is a Moving Target

Mobile Device Security is a Moving Target

mobile-devicesAs businesses mobilize their workforces and processes the volume and variety of sensitive data passing through and sitting on mobile devices increases dramatically.  Even though the business owner or IT manager may recognize the importance of mobile data and device security, doing something useful about it is altogether another issue.  New considerations enter into the picture frequently, turning mobile security into a moving target. Protecting the business – the organization, its employees and its customers – requires adopting mobile security strategies that cover a broad range of issues.

First of all, is there any means of monitoring the activities of the connected or mobile devices?  Knowing which devices are interacting with your information would seem to be an essential part of business information security, yet smartphones and tablet devices often fall under the proverbial radar of IT or business management.  Actually, business management is likely among the base of users with the very mobile devices in question.

Are there ways to limit what information is accessible via these mobile devices, and is that data encrypted?  Consider also that data is sometimes at rest (like when it is just sitting on a hard drive) and sometimes in transit (like being uploaded/downloaded/transmitted over the wire).  In either state, the data should be encrypted in order to be more secure.

Is there a standard set of apps or services that users can enable, or is it pretty much personal choice?  Too often a user will innocently install a malicious app on their device, exposing the business to a variety of potential threats.  Creating strict policies around app selection and use is a really good idea, and finding a way to actually enforce them is even better.

The big issue is separation of work and personal apps and content.  Especially in small businesses where personal devices are the norm (well, not just in small business… Hey Hillary!) it is quite a challenge to create any useful separation between personal and business use.  The mobile device is often adopted as a personal choice of the user – who elects to invest their personal mobile device in their work – so exacting any real level of control in how the device is used is tough.  The security of the information is only as good as the security of the device, meaning that it is usually up to the device owner to decide if a password or pin is required.  Unfortunately and for the sake of convenience, there is often little or no real security on the device meaning there is no real security around the information on the device in the event that it becomes lost, stolen or compromised.

There are a lot of things that the business can do in order to improve the security of their business data in a mobile device environment.  Here are a few of the basics:

  1. Have defined procedures for what happens when a device is lost or stolen; make sure they’re followed
  2. Have a way to do a remote wipe of the device
  3. Make sure all devices lock after a period of inactivity, and that they have password or pin protection
  4. Have a mobile device use policy, and make sure all employees understand why it matters and agree to it.

jmbunnyfeetMake Sense?

J