Paul Rummell's Blog :: Main Page

I have a great example of using Software as a Service (SAAS) from my own day-to-day experience. One of the complexities that I have faced in doing consulting work has been the coordination between my desktop PC (which is used for most of my industrial-strength analysis and report writing), my laptop (which I travel with), and my Blackberry (which is with me all the time, much to the chagrin of my partner).

For the last few years, I have been using ISPs and getting my mail via POP services. Using an ISP with a POP service has been prone to breakdowns in getting my mail. For several years, I used Plaxo to synchronize between my desktop and laptop with limited success. Plaxo required me to synchronize my contacts, tasks and notes when I was back at the office through cradling my Blackberry. Normally I made changes to my schedule ‘on the fly’ and would not often get back to my office to do the necessary resynchronization between my Blackberry, desktop and laptop. So managing this whole thing was a real pain! Changes have to be done in real time across my desktop and mobile device to ensure reliable control over my activities.

Recently, I spent some time looking at other solutions: Google calendars, IMAP and other services. None of these approaches really meet the bill for me, particularly with the now-basic requirement to have real-time synchronization with my Blackberry, reliability and extreme ease of operation. None of those solutions offered real-time updates between my three work tools.

Well, I’ve finally found a solution that meets the bill in the coordination between my technologies that I use in my far flung and frenetic advisory work – a hosted exchange server.

Microsoft announced recently that it is launching into hosted exchange server services (reference http://www.microsoft.com/online/exchange-online.mspx). Microsoft Exchange Online is a hosted enterprise messaging solution that provides: “…capabilities to your users with a single sign-on, including e-mail, shared calendaring, and contacts. And it works with Active Directory to ensure that information is synchronized between your local and online directories, allowing your IT department to support a mix of hosted services and on-premise software. Additionally, Exchange Online supports business continuity and disaster recovery with cloud-based antivirus and spam filtering and high data center security standards.”

But the service does not offer a connection to my Blackberry. So after looking at this offering, I did not choose the Microsoft service and elected to go through one of their partners who provide services not only for hosted exchange, but also for BES (Blackberry enterprise server) (http://na.blackberry.com/eng/solutions/types/enterprise/ ).

There are a number of excellent service providers that deliver hosted exchange for a very low price with integration with Blackberry and all the security, backup and support needed. In addition, you can use services from these best-of-breed providers for SharePoint and other software services. Suggested vendors include 123Together, Intermedia and Rogers.

I have been very pleased with this switch from the problematic use of a POP3 and the constant hassle of trying to synchronize, many times unsuccessfully, between my own work and personal technology. One of the really great things is that it is a no-hassle solution at a reasonable price! Basic price is $9.95 per month for 500 MB of storage. For a small additional fee, I get full integration with my Blackberry.

This is a real boom for the SME sector. Individuals or small or medium-sized companies, who are contemplating using an exchange server and setting up a BES server should seriously think about using a hosted Exchange solution. It makes working on the fly economically possible.

Posted on March 20th, 2008 by Paul E. Rummell - ITWorld Canada

Leave Comment | Permanent Link | Cosmos

Sunday, March 9

Feeling the Heat

by Paul Rummell on Sun 09 Mar 2008 08:37 PM EDT

Predictions are that the IT security situation in Canada will worsen

‘Canadian companies are over-confident and lax when it comes to their IT security. Business leaders aren't taking it seriously and IT leaders aren't providing best practices’. This is a recent stunning comment from Vito Mabrucco who is responsible for managing IDC's U.S. based global consulting. In an uncertain world, there is bound to be an unexpected event or failure that will bring it back to ‘top-of-mind’ status for IT and business executives for 2008. I predict a sudden surge in growth managed security services because the security function can now be outsourced. IDC also sees this potential for growth. (Source: http://www.itbusiness.ca/it/client/en/home/News.asp?id=46737&PageMem=2)

Why this hesitancy to evolve security strategy? Why are business leaders not taking security seriously? In Canada, legislation has not yet mandated security as a governance issue, except obliquely through privacy legislation. The same holds true in the US. We have Bill C-198 that has legislated reporting compliance for the private sector and has set the tone for quasi-public organizations in reporting, operational, and financial controls. These rules (except for privacy legislation and some security policies) do not apply to the public sector.

Leaders have not woken up to the fact that their organizations use their systems as the backbone for these reporting and control processes. Any major breaches and damage to their IT operations will taint the integrity of their organizations. Many ill informed executives are building walls around their organizations as an afterthought rather than building security throughout all of their procedures, databases and processing.

Should security be outsourced if not properly done in house or if there is a lack of confidence in IT by senior management? The answer is yes! Boards of Directors, Executives IT leaders and auditors must assess the competence of their teams to be absolutely sure they are effectively managing a rapidly changing landscape of IT security. If they cannot afford or do not have a team that can protect them they need to go outside and hire some real talent to manage their IT security. Managed security service providers are a real answer.

What criteria should be used to select a managed security provider:

Does the IT security managed services vendor understand your business and all its’ risks?
Are they ‘on top of their game’ to proactively protect and manage you environment?
Are they cost effective?
Can they work with your executives and team?
Do they have offerings that will fit into all of your environments and be proactive in averting all reasonable treats?
Do they have a good range of products and services?
Can they communicate well on what they are doing and what counter measures they are taking?
Can they lead you and your organization through appropriate transitions and changes to make this effective not just around your systems and process, but embed proper security in all that all you and your organization ode?
What are their best practices for the security domain?
How are they evolving on a day-to-day basis to protect the information assets of their client organizations and their vital information assets?

Who are the up and coming managed security providers? The telecommunications carriers are now offering good managed IT security offerings. These are telecommunications companies, like Bell, Telus, Allsteam , SIs, ISPs, ASPs, security software companies like CA, Symantec, HP, IBM, CISCO, the big 4, offshore providers and specialty IT security firms.

IT security is a high stakes game. Zero day threats require immediate action and there must be constant monitoring of the external and internal environments to be sure there are no intrusions. It is now a fact we have to manage our information assets like ‘Fort Knox’. If it is not done properly you could have huge operational, reputation and financial losses.

Posted on ITWorld Enterprise Insights, March 3, 2008

Comments (1) | Permanent Link | Cosmos