1. You get the latest version of Exchange 2010 not Exchange 2007.
2. We provide free copies of Outlook 2007 not just the trial version.
3. Completely customizable mobile device policies for Blackberry and ActiveSync for iPhone and Windows Mobile devices.  The BlackBerry license is included.
4. Higher availability – 99.999% vs. 99.9%
5. Better support – average hold time less than one minute.
6.  Zero data loss!  We backup your data in our redundant data centers.
7.  Custom control panel making administration easier and less time consuming.
8.  Message disclaimer feature – ability to add HTML or text disclaimers to e-mail messages.
9.  Your data resides in our SAS 70 Type II Data Center.
10.  You get a dedicated Account Manager heading our support team to work with you every step of the way!

Common Scenario: I’m called in to consult with a company looking for IT support. My meeting is with…let’s call him “Andy.” Said company has the “latest and greatest” security devices already in place:

1. Firewalls with content filtering, intrusion detection and gateway security.
2. Upgraded servers running Windows 2008 with Windows 7 (or at least Vista) desktops.
3. Anti-virus, malware software, anti-spam and a variety of other network security services are in place.

So I ask, “What can I do for you today?”

The usual reply? “Well we’ve recently had an issue with (insert issue here). Which should never have happened since we’re so up-to-date.”

The “issue” is often viruses, spyware, concerns about employee surfing habits, safeguarding intellectual property, etc. At this point I ask if I may be permitted to review their documentation on the issue. The predictable blank stare is all the answer I need.

First, it’s important to state that Andy’s predictable blank stare is not an incorrect response. It’s understandable. He’s busy running his core business. His day-to-day does not, and should not, involve IT issue documentation! Additionally, it is a classic misconception of the traditional IT user that a suite of security products insures security.

The reality? Security is not solved by products alone, but rather the continual management of these devices and expert interpretation of monitored data. I explain to Andy that security threats are lurking everywhere. Hackers are continually looking to beat the very hardware and software built to keep them at bay. But, there is a solution!

At Fandotech we provide managed services that shift the responsibility of your environment’s security to us. We perform the on-going tasks necessary to support the hardware investment. Ultimately, we are the crucial “add-on” to the hardware and software; providing the checks and balances to secure your company’s most valuable asset, your data.

I assure Andy that Fandotech can provide:

1. Active monitoring of all IT assets for fault and performance issues which could potentially affect the computing environment.
2. Email defense services that stop threats before they enter your environment by eliminating them at our data center, not yours.
3. Management of backups, log files and all running services; providing scripts to automatically restart critical services in the event of a failure and alert our Technical Assistance Center (TAC) to any failed backup jobs.
4. Anti-virus services to insure all virus definitions are up-to-date alerting the TAC in the event of a virus intrusion for remediation and follow up.
5. Firewall management including intrusion alerting and response.
6. Monitoring of web surfing habits of internal users.
7. Scheduled firewall penetration testing and firewall vulnerability assessments.
8. Microsoft patch management.
9. Monthly and on-demand reporting of all subscribed services and trend reporting data.

Andy responds, “Wow. That would sure give me peace of mind!”

“At the end of the day, ‘peace of mind’ is kind of our core business,” I say.

Brian Doyle

I remember the first time I read in the Wall Street Journal (1999) that “doing wireless was like putting an RJ-45 Ethernet jack in your parking lot.” The implication was that the company’s most sensitive information would be readily accessible if someone simply drove into the parking lot and had a wireless card. The presence of wireless would allow a would-be hacker to spend the night draining your company of its valuable information. We were clearly forewarned. And it did in fact happen – over and over again!

When I was asked how to prevent security leaks for a Fortune 500 company, the first question to answer was, “who are we protecting ourselves from?” We identified several classes of potential threats and determined their relative ability to penetrate our security from lowest (1) to highest (5): 1. Hackers, 2. Corporate Espionage, 3. Disgruntled employees, 4. Careless employees, 5. Domestic and Foreign Governments.

It is true, that wireless link into the parking lot is a high risk element in your security and the same is true for the Internet access. But there are many affordable techniques that are readily deployed to ward off the Hacker trying to penetrate these defendable portals. They are typically looking for easy targets and do not waste much time trying hardened sites.

The Corporate Espionage motivated hacker has more staying power. They have an identified motive and it requires various levels of monitoring to warn you when this type of person is working overtime to get into your records.

The Disgruntled Employee has gotten a lot of attention over the years and is clearly a challenging threat that needs to be managed. And trying to defend against National Agencies is a topic of growing concern and topic for another day.

It’s the Careless Employee that generally poses the highest threat where the typical corporation can improve security without breaking the bank. We have determined that access to information from anywhere is more important than the risk. Our managers, employees and officers all have laptops and home computers with “secure” access to routinely download all the corporate spreadsheets, customer lists and contracts, update these and upload them back again. This is done in virtually every company in the technology enabled world. The result of this style of information management is that your most critical information is now everywhere. Copies are on home computers, laptops and traversing the unsecured Internet. In most cases, if a copy of a document went out to a remote laptop, we do not have a clear record.

We only need listen to the local news for a clear example. Healthnet, a Shelton CT company, lost a USB disk drive. It took them over six months to determine that it contained the health records of nearly 460,000 customers. Now that’s not only embarrassing, it’s criminal.

So most reading this article will say, “But that’s the only way we can be productive. Isn’t there a reasonable way to continue the productivity without the risk?”

The answer is yes, we can minimize the risk. The key is to follow a philosophy we are promoting at Fandotech. Instead of using the Internet to distribute your critical information “to everywhere” make centrally controlled and stored information available “from anywhere”.

We now have cost effective technologies that allow us to design access to your information from anywhere without actually sending the files out. Products like XenAPP from Citrix can be configured so the trusted user can log into an audited port and be granted the ability to view and edit appropriate documents without moving the document out of the data center control. This provides clear custody and control mechanisms for the integrity of the document. The Citrix remote access technologies also allow for the download of information when truly required, but requires a “sign out” and “sign in” that deletes the remote copy of the document and makes an audited record of who, when and where the documents went.

Now information is version controlled, backed up and audited centrally. Think of the cost savings potential and restful nights of sleep knowing your data is more secure!

Information everywhere is a weak link in the security of your information. People are people and they will lose things or they will steal things. Centralized information management that is auditable will minimize embarrassing events and minimize your risk.

John Boyd

Every company should be asking itself if it’s ready for the unthinkable. Do you have a strategy, a Disaster Recovery Plan or even better, a Business Continuance Plan?

Where do you even start? Start by thinking of the worst case scenario. Now, think of how your business would fare in this scenario. Do you have a plan? If so, do you know it will work?

The reality is that we almost never get it right. We plan for what we see as a “realistic” foreseeable scenario and something completely different and unexpected happens that doesn’t fit our mold. These short-lived, unpredictable and uncontrollable events usually inflict the greatest monetary pain.

Just a few weeks ago, we had a real-life example of “the uncontrollable event”. Relive it with me…Twenty miles from our facilities, very early in the morning, a water main breaks and floods I-91 North of Hartford, CT. This has absolutely no effect on our facilities and their ability to operate for our clients. That is until our workforce for the shift change, who live on the other side of this incident, are delayed in interminable traffic and cannot arrive for work at their primary office location.

I see dollar signs. This would cost the company six person-days of labor, production commitments would be delayed for our clients, and our Technical Assistance Center (TAC) would be covered with management answering the phone?! Most companies would have simply fumbled through the day and made due.

That would have been our fate but for the fact that we had created a virtual office and setup TAC resources in our West Springfield, MA location. All we had to do was simply re-route our six people there to work and answer phones for the day. They had complete access to their required resources. Catastrophe averted!

How did we do it? Technology, properly engineered and implemented before the unexpected occurred, allowed us to use VoIP and virtual desktops to “hot seat” our team without re-configuring our network or impacting our customers’ schedules.

As an industry we are nearly always wrong when we plan for a specific failure scenario. The Event surprises us in its nature and it often takes too long to make the decision to declare “an Event” and set the wheels in motion. The fear is always that the Event will be over before the alternate site is even operational. But when we set up an infrastructure that allows for the normal workings of our company from virtual facilities… well then, we can ease the pain of those uncontrollable situations.

John W. Boyd, Jr.