Helping clients manage their technology for over 30 years.

Essential SLA Element #1: Why specifying each service to be provided is critical

I see five essential elements that you absolutely need to pay attention to in your managed and cloud services SLAs. I’ll review each of them in my blog, starting with: Specifying each service to be provided.

This may seem obvious, and, in fact, it is. Yet too many service-level agreements are surprising vague about what exactly you’re buying.

Continue reading

Your SLA: Forgotten secret to getting the most from your cloud provider

To get the most out of your managed or cloud service, you need to invest the time in negotiating a good service-level agreement.

The SLA is a key part of the contract between you and your provider, since it describes the levels of service being provided and the metrics used to ensure your provider delivers full value. And the right SLA with the right service provider can mitigate cloud risks and help your business flourish.

Continue reading

Why a SAS 70 Type II audit matters

Since the arrival in 2002 of the Sarbanes-Oxley Act (SOX) as well as other more stringent financial accountability standards, the role of SAS 70 Type II audit and certification has grown. My company takes SAS 70 Type II audits very seriously.

That’s because both SOX and SAS 70 Type II use the same model of controls — so a SAS 70 Type II certification is the best way third parties (like our customers) can be assured of acceptable, SOX-compliant service organization controls.

Developed by the American Institute of Certified Public Accountants (AICPA), SAS 70 Type II audits mean an independent third-party has verified that a service organization’s policies and procedures were correctly designed and operating effectively enough to achieve the specified control objectives.

Continue reading

2 tricks that can deliver the right service provider treats

It’s a 21st-century truth that even small businesses need complex information technology infrastructures to thrive. Which is why so many enterprises, both large and small, depend on the expertise of independent providers of managed and cloud services.

But using managed and cloud services can be risky, too. How reliable is the service? Where’s your data? And what about security?

Continue reading

Dangerously vulnerable: 3 quick (and scary) anecdotes

How secure are the data, applications, systems, and networks your business depends on? If you’re like too many of the executives I talk to, you may believe all is well — but only because you haven’t asked the right questions.

One executive told me recently, “We’re cool; we haven’t had to touch our firewalls in three years.”

Continue reading

Employee smartphones and tablets getting to be a huge administrative hassle?

If so, I’ve got good news: Now it’s easy to optimize mobile communications functionality and security while minimizing downtime.

Quest’s new Mobile Device Management Service will secure, monitor, manage, and support 50 to 5,000 mobile devices, regardless of whether these devices are company-owned or BYOD (bring your own device). The Service is available for virtually all smartphones and tablets, including: iPhone® / iPad®, BlackBerry®, Windows® Mobile, Palm™, and Google Android™ / Android™ Tablet.

Continue reading

Protecting the value of your business

I can’t emphasize this enough: All of the technology products and services an organization devotes to securing its data, applications, systems, and networks have but one aim — to protect the value of the business.

Conversely, every data breach reduces the value of the business — and there are more data breaches every year.
Continue reading

Beware the malware pandemic

About a year ago, a routine enterprise security analysis turned up 75 gigabytes of stolen data. Thus began the discovery of the ‘Kneber botnet’, which had hijacked 74,000 computers at more than 2,500 organizations around the world.

Operating undetected for a year, the Kneber botnet’s 74,000 ‘zombies’ stole 68,000 corporate logins to e-mail accounts, online banking accounts, and a variety of public email and social networking sites. It also grabbed nearly 2,000 SSL certificate files used to secure the likes of online banking transactions.

Continue reading

Infrastructure security and coping with cloud and social media: 9 key questions to ask

Our chief technical officer, Mike Dillon, estimates that the number of infected sites is growing by 20% to 25% a year. “If your company is shifting more toward cloud services and hasn’t addressed security, you will be attacked,” he says.

So here are the (non-technical) questions you need to ask and get answered to protect your business:
Continue reading

6 security questions to ask about your data and who gets access to it

It’s easy to tumble backwards into information security, to let yourself get sidetracked into arcane, hard-to-follow discussions about the innards of technologies and products when in fact you need to be thinking through higher-level strategy and policy.

If, for instance, you don’t actually know yet whether your business would benefit from using encryption, listening to the sales pitches of competing encryption product vendors is a waste of time.

Continue reading