Security and Healthcare IT: A HIPAA Compliance Questionnaire

Healthcare Security

As an MSP in the modern market you’ve likely heard the acronym “HIPAA” thrown about. If any of your customers are healthcare providers, clearinghouses, or businesses that deal with electronic protected health information (ePHI) then you have almost certainly heard of HIPAA compliance.

HIPAA, or the Health Insurance Portability and Accountability Act, is a set of regulations in the United States which apply to all people who have access to the data and or networks which contain ePHI. If you only manage a network for a client who handles ePHI, and even if you never access the information, you will still count as a “business associate” under the act, are legally required to be compliant with the act, and can be held liable in the event of a data breach.

This means that if you do, or intend to, support clients in the field of healthcare, then you need to be HIPAA compliant. Even though HIPAA is a piece of U.S. legislation, many countries have similar pieces of legislation with similar requirements.

This leaves us with a key question: What does HIPAA compliance require when it comes to IT security, identity, and access management?

Fortunately, I’ve boiled the answers to this question down into a list of simple yes or no questions you can ask your client. If the answer is no, consider that a bad sign.

Security Policies and Procedures

Policies must be established to handle and manage all security violations. You can ask your clients questions like:

  • Are your employees aware of the penalties that will ensue from security violations?
  • Are internal penalties in place for employees who violate security procedures?
  • Do all your users know what to do in the event of security incidents or issues?
  • Is there a process in place to document, track, and address security issues or incidents?
  • Is there someone tasked with checking all security logs, reports, and records?
  • Do you have a security official in charge of a password and smart security policy?
  • Have you ever undertaken a risk analysis?

Access Management

Access to ePHI must be restricted to those who have permission to access it. You can ask your clients questions like:

  • Do you have measures in place to authorize or supervise access to ePHI?
  • Are there processes for determining the validity of access to ePHI?
  • In the event of employee termination, is their access to ePHI blocked?

Security Awareness Training

HIPAA requires that a security awareness training program must be established for all staff. You can ask your clients questions like:

  • Are employees regularly reminded about security concerns?
  • Do you hold meetings about the importance of password, software, and IT security?
  • Are your employees aware of the process surrounding malicious software?
  • Do you have procedures for regular review of login attempts?
  • Do those procedures check for any discrepancies or issues?
  • Have you established procedures to monitor, manage, and protect passwords?

The Worst Case Scenario

There should be a plan in place for the protection and use of ePHI in the event of an emergency or disaster. You should ask your clients questions like:

  • Are there tested and revised plans in place for an emergency?
  • Have the applications and data needed for these emergency plans been analyzed?
  • In the event of a disaster (I.T.E.O.A.D.), can copies of ePHI be made or retrieved?
  • I.T.E.O.A.D… Can all ePHI be restored or recovered?>
  • I.T.E.O.A.D… Will your ePHI be protected?
  • I.T.E.O.A.D… Can critical ePHI related business functions be completed?

Contracts for Business Associate

Business associate contracts are critical for both ITSPs and MSPs involved who work in the healthcare setting. While not signing an agreement can provide a slight amount of protection from being liable under the law, detailing and signing off on your agreed-upon duties and liabilities can provide significantly more protection in the event of an investigation, audit, or breach. Documentation is key when it comes to protecting yourself.

Technological and Physical Protection

Procedures that limit physical access to facilities and equipment that house ePHI data need to be in place. Additionally, it is just as critical that procedures must ensure all ePHI is only accessible to employees who have permission to do so.

As someone working from an it position, it is your responsibility to ensure that access to applications and data containing ePHI is limited only to authorized users. This is where authentication becomes critical.

One method you can discuss with your client is known as multi-factor authentication (MFA). With MFA, users log in with a password as well as an additional security factor like a fingerprint scan or one-time use code from a secure mobile app. MFAs advanced level of security also allows businesses to explore other productivity and security solutions like single sign-on (SSO), which allows for a single credential to provide access to others. For many businesses which are required to comply with HIPAA regulations, multi-factor authentication and single sign-on are both convenient and practical solutions to many of their compliancy woes.

For a helpful HIPAA security checklist: Click Here
For more information on Multi-Factor Authentication: Click Here
For more information on Single Sign-On: Click Here

Author: Harrison Depner

Kaseya Acquires Scorpion Software for Identity and Access Management

Scorpion Software

Last week Russian criminals stole 1.2 billion Internet user names and passwords, amassing what could be the largest collection of stolen digital credentials in history- CNNMoney. The credentials gathered appear to be from over 420,000 websites — both small and large. Which specific websites were impacted is yet to be disclosed but it’s likely that some “household names” are on the list and will have to deal with the resulting publicity.

Today, companies need to manage access to a growing number of websites and applications. Unauthorized access to sensitive information can cause financial losses, reputation damage, and expose companies to regulatory penalties for privacy violations. According to the Ponemon Institute Research Finding, the US per record cost of a data breach is $201. Multiply the 1.2 billion records stolen by the Russian criminals by the $201 and it is a shockingly high number. A Washington think tank has estimated the likely annual cost of cybercrime and economic espionage to the world economy at more than $445 billion — this represents a tax by criminals of almost 1 percent on global incomes.

To reduce these exposures, protecting access with the highest levels of security is crucial for IT organizations. But developing strong security requires a balance between making access difficult for hackers and easy to comply with and use for bona fide users. According to Verizon’s Data Breach Investigations Report, “The easiest and least detectable way to gain unauthorized access is to leverage someone’s authorized access”, which means passwords need to be properly managed and protected. Accordingly, IT organizations are faced with several challenges:

  • Recognizing the relentless attempts to acquire security credentials through hacking, phishing and other techniques, preventing unauthorized system access requires more than just password-based access.
  • Passwords are easily shared, guessed and stolen. Managing password access is challenging for employees and IT organizations as the number of systems requiring password access grows.
  • Managing passwords and system access requires significant IT time and resources, so a highly efficient and easy to use administration solution is necessary.
  • Solutions chosen must comply with all prevailing industry standards.

Today, Kaseya took an important step to help its customers address these challenges, with its acquisition of Scorpion Software. The Scorpion Software AuthAnvil product set provides an important addition to the Kaseya IT management solution, offering two factor authentication, single sign-on and password management capabilities.

The solution provides IT groups with:

  • An advanced multi-factor authentication solution which provides a level of security which passwords alone cannot deliver.
  • An effective single sign-on solution with easy access to all systems for employees which avoids the need for sharing or writing down of passwords.
  • Powerful and easy-to-use password management capabilities to drive efficiencies in administering password access.
  • Support for industry standards compliance and auditing including PCI, HIPPA, SOX, CJIS and other standards.

These capabilities are aimed directly at the security and efficiency challenges above, and are essential for MSPs and IT organizations to be able to effectively manage secure access to applications and ensure standards compliance.

Scorpion Software is a longtime partner of Kaseya and has already implemented an integration with Kaseya Virtual System Administrator (VSA), making it easy for existing Kaseya customers to add Scorpion Software’s unique security capabilities to their solutions. Kaseya VSA is an integrated IT Systems Management platform that is used across IT disciplines to streamline and automate IT services, and the integration of Kaseya with Scorpion Software’s AuthAnvil technologies creates an IT management and security solution unmatched in the industry.

Scorpion Software’s AuthAnvil is currently in use by over 500 MSPs around the globe, and is the only identity and access solution to provide two factor user authentication integrated with password management and single sign-on. It allows IT organizations and MSPs to quickly and easily enable and manage secure access to all applications, delivering the highest levels of security and efficiency.

With the acquisition of Scorpion Software, Kaseya continues its work to deliver a complete, integrated IT management and security solution for MSPs and mid-sized enterprises around the world. The combined solution will help IT organizations:

  • Command Centrally: See and manage everything from a single integrated dashboard.
  • Manage Remotely: Discover, manage, and secure widely distributed environments.
  • Automate Everything: Deploy software, manage patches, manage passwords, and proactively remediate issues across your entire environment with the push of a button.

I know that many Kaseya customers who are reading this blog are already Scorpion Software customers. For those who are not, I invite you to visit the Scorpion Software website to learn more and see the product for yourself at www.scorpionsoft.com. Also, for more information, don’t hesitate to reach out to your Kaseya sales representative or email AuthAnvilSales@Kaseya.com.

Author: Tom Hayes

 

Optimizing Mid-Market Virtualized Environments for Performance and ROI

Like their larger enterprise counterparts mid-market organizations have taken extensive advantage of virtualization and server consolidation. Yet despite their increasing investment in virtual server, storage and networking capabilities, they frequently fail to invest in the tools needed to truly optimize their virtualized environments for performance and ROI.

200315512-001

Many mid-market IT operations groups find that optimizing their infrastructure to get the best returns on their investments, while simultaneously maximizing availability, is a significant challenge. Most have implemented virtualization over the past few years to reduce the number of physical servers they need, along with the associated office space, energy usage and IT staff resources. However, they frequently underutilize the virtual machines (VMs) created to avoid overloading the hosts*.

Tool sophistication and coverage

The problem doesn’t seem to be a lack of tools but rather a lack of tool sophistication and coverage. Each hypervisor, storage and network vendor offers tools for managing and optimizing the capabilities of their own technologies. While these tools provide real-time monitoring, they are not usually able to correlate information across different domains, cannot filter derivative conditions effectively and provide little information about expected norms and predictable variations. This leaves manpower strapped IT organizations the task of manually reviewing and evaluating monitoring results in order to do configuration design, capacity planning or to determine the root-cause of performance issues.

The complexity of today’s hybrid-cloud IT environments and the ever increasing demands placed on IT make it difficult for small IT teams to dedicate sufficient time to monitoring and managing activities. So despite the underutilization of server capacity, agreed to service levels are hard to maintain and IT, in fact, relies on end-users for poor performance notification! The net result for many groups is a lower virtualization ROI than anticipated, lower IT service availability and sometimes, a less than stellar IT reputation.

Advanced application monitoring

One approach to dealing with this issue is to adopt a more advanced service level monitoring solution. By aggregating individual managed elements into collections of applications, VMs, storage, networking devices and rules that represent complete IT services, it becomes possible to take a more holistic approach to performance management and ROI improvement. Such monitoring solutions not only monitor the individual components and their associated parameters, they also correlate data from all of the service components as a whole and are able to undertake trending and baselining to help proactively identify forthcoming issues as well as to eliminate predictable parameter variations as causes of concern.

By monitoring applications through virtualized servers or from cloud services while keeping track of network, storage and other infrastructure components, advanced service level monitoring solutions are also far better at preventing those complex performance issues where nothing seems to be broken, no alerts have been sent, yet users are complaining. The wide and deep purview of such solutions also allows a more comprehensive approach to root-cause analysis. Here five areas where advanced service level monitoring tools can take the hard work out of monitoring virtualized environments and help improve both performance and ROI.

  • Server over utilization and/or underutilization. Time constraints often limit the ability of mid-market IT services groups to monitor virtual and physical server utilization and the associated storage and networking resources. Examining utilization even on a weekly basis can be totally inadequate. What’s needed is a continuous monitoring capability that correlates results between different VMs running on the same server so that CPU capacity-related performance issues can be diagnosed. Application performance can also be affected by networking and storage constraints, which in turn may be caused by applications running on adjacent VMs. Server and performance optimization requires understanding not simply the peak load requirements of individual applications but also workload patterns and system demands created by multiple applications. Reports can be viewed on a weekly basis, but data should be collected continuously and saved for later analysis and review.
  • Server versus infrastructure optimization. Monitoring server compute and storage capacity is very important but performance issues are frequently associated with the volume of network traffic or of data to be processed. Typically there are trends and patterns around these that, if identified proactively, can be used to overcome performance issues before they have impact. Identifying such trends can signal the need for additional network bandwidth, improved internet connectivity, greater or faster storage capacity, more processing power etc. – investments that are far easier to justify when related to their impact on service level agreements.
  • Static versus dynamic workloads. Another challenge is to track business application performance across dynamic server environments. When system applications such as VMware’s vMotion or Storage vMotion are used, VMs can migrate dynamically from one physical server to another without service interruption, for example when DRS or maintenance modes are enabled. In simple environments it may be easy to determine where VMs (and hence applications) have migrated but in more complex environments this becomes problematic. The advantage of vMotion is that when activated it automatically preserves virtual machine network identities and network connections, updating routers to ensure they are aware of new VM locations. The challenge from the perspective of application end-to-end performance is to know which physical server is now hosting the application – particularly as the address hasn’t changed. Advanced monitoring solutions follow these migrations and, by containerizing all the infrastructure elements that make up a particular IT service, can take account of the dynamic changes occurring in hosting, storage and networking components.
  • Cyclical, erratic and variable workloads and traffic patterns. Optimizing server consolidation is relatively straightforward when application workloads are consistent over time. However many applications place highly variable, cyclical or erratic demands on server, storage and networking components making it more likely that resources are sub-optimized in favor of simplicity and time. Advanced service level monitoring solutions are able to analyze the patters of usage and baseline the results to provide a more granular view which can be used to better take advantage of available resources and avoid unnecessary alerts. For example, a payroll application that requires significant resources prior to the end of each pay period might be pared with a finance application that needs to run after orders have been taken at the end of each month. Similarly it may make sense to pair development related activities with test activities, assuming that development and testing are done in series not in parallel. Advanced monitoring can help identify not only the processing capacity requirements and patterns but also those of storage and bandwidth so that all factors can be taken into account when optimizing resource allocation and setting thresholds.

200470224-001

  • Root-cause analytics and meeting/reporting on SLAs. Optimization is an important goal to maximize the virtualization ROI but what most users care about is IT service availability and performance. As with all things complex, problems will occur. The challenge is to be able to resolve them as quickly as possible. Advanced service level monitoring solutions help because they are able to pin-point problem areas and then drill-down, through dashboard screens, to rapidly identify root-causes. Because they are able to look across every element of the infrastructure, they can identify interactions between different components to determine cause in ways that discrete management systems cannot. In addition, the ability to track and trend parameters of components that make up each IT service provides a proactive mechanism able to predict likely performance issues or SLA violations in advance. This provides IT Ops with reports that can be shared with management and users to justify any changes or additional investments needed.

Advanced service level performance management tools have affordable starting prices and offer significant ROI themselves by increasing the return from virtualization and allowing SLAs to be met and maintained. Add speeding mean time to problem resolution and freeing IT resources to undertake more productive activities and their value is very significant.

By helping the IT departments of mid-sized companies optimize their virtualized environments, Kaseya’s advanced monitoring solution, Traverse, supports SLA mandates and frees in-house IT staff to better respond to business requests. It also provides detailed intelligence that IT can use to add strong value in conversations regarding business innovation.

Learn more about how Kaseya technology can help. Read our whitepaper, Solving the Virtualized Infrastructure and Private Cloud Monitoring Challenge.

References:

* Expand Your Virtual Infrastructure With Confidence And Control

Author: Ray Wright

IT Automation: Basic, Advanced, and Downright Creative

Automation Graphic

My last blog post discussed IT complexity and new challenges from cloud, mobility and big data which are key drivers of IT Automation. These new challenges make it hard for IT administrators to do their jobs, without increasing the level of automation. The post identified the key requirements for an automation solution, from out-of-the box functionality to policy-based management to community sharing of innovative implementations, noting that not all automaton solutions are created equal. To help crystalize the differences and the possibilities, this post provides a set of examples of each type provided by Ben Lavalley, our automation expert here at Kaseya.

Basic Automation:

In a strong automation tool, basic automation capabilities should come out-of-the-box ready to deploy. IT administrators can obtain immediate time saving and efficiency with little configuration effort. Examples include:

  • Automate actions based on monitoring of specific workstations. Monitor and create a dashboard view to identify workstations and their status. Then apply policy management to automate routine maintenance. Maintenance may include disk defrag, disk cleanup, browser history cleaning, and other actions.
  • Automate patch management with server/workstation policies for Windows patching. Configure automated patch approval and reboot settings for servers and workstations, using policy management for set-and-forget patching.
  • Automate third party application updates. Configure application deploy and update policies to keep third party applications up-to-date. IT administrators don’t need to create scripts to update Adobe, browsers, etc.
  • Automate Auditing. Run reports on machines with low memory, or open network file shares, or other characteristics, so that corrective action can be taken.

Advanced Automation:

IT administrators can deploy more advanced automation based on common agent and other procedures. Examples include:

  • Configure Service Desk for automated remediation of monitoring alerts. Run service or machine restarts to try to resolve a reported issue. In addition, collect diagnostic information from the offending system and add the results of the diagnosis directly into the notes of the ticket, so technicians have the valuable information they need to address the root cause of the problem more quickly.
  • Use policy-based automation for select servers. Audit server roles, e.g., Exchange, Sequel, Controller, etc., with dashboard views that have been filtered for location and server type, then create a policy (using policy management) that applies on-going monitoring and reporting based on system attributes.
  • Automate the end-user portal. Customize and automate the end-user portal (via the management agent), to help end users deal with basic issues. Publish bulletins, “how-to” information, etc., and provide procedures for end-users to run on their own machines for self-help.
  • Establish policy-based automation for application management. Set a policy for applications that start-up automatically, then detect for non-compliance to policy. Non-compliant applications can also be removed automatically, if desired, to improve workstation performance and remove potential security issues.

Creative Automation:

Talented IT administrators like to get creative, and good automation solutions provide the tools to do so. Creative solutions are usually built using some combination of out-of-the-box capabilities along with light scripting. Examples include:

  • Stolen laptop recovery. Automate the capture of desktop screenshots and even pinpoint the geographic location of the laptop with wireless network collection (using Google location APIs). It can result in a very surprised thief being apprehended in a coffee shop, for example.
  • Automate email, e.g., Exchange server, Quality of Service (QoS) monitoring. Run a regular email test to proactively test that a mail server can send and/or receive mail.
  • Clean up the “bloatware”. Establish an approved workstation configuration, detect deviations, and automatically clean-up the “bloatware”. Patrick Magee, from Howard Hughes Corporation, has reduced help desk tickets by 50% with this automation solution.

Regardless of the size of your business, you can improve operational efficiency and productivity through IT automation. Moreover, reducing human involvement wherever possible frees up the IT team to deal with the new challenges posed by cloud, mobility and big data. In harnessing these new technologies, the IT team becomes a partner to the organization, helping to drive business success.

For more information on Kaseya automation capabilities, visit our IT Automation website: http://www.kaseya.com/features/kaseya-platform/it-automation.

Authors:

Tom Hayes, VP Product Marketing, Kaseya

Ben Lavalley, Product Management, Kaseya

Does the Math for BYOD Add Up?

BYOD and ROI Graphic

The Bring-Your-Own-Device (BYOD) program has several benefits from an IT administration and general business perspective, such as improving employee job satisfaction and productivity, costs savings on company owned devices, and increasing employee availability across the company

But CompTIA’s recent survey suggests that 51 percent of large enterprise firms have not jumped on to the BYOD bandwagon – only three percent of medium and large firms and nine percent of small firms have adopted a full BYOD policy. According to the survey respondents, in addition to security concerns, the math for BYOD investment apparently fails due to hidden indirect costs such as the complexity of supporting a wide array of devices, investments in building the mobility management skills of IT staff and the overhead of balancing the needs of end users and IT. Make no mistake, all these enterprises have also acknowledged the growing importance of mobility management and are making investments in that direction. They seem to be more comfortable with the idea of having complete control of the devices – just like they do on employees’ laptops and PCs. The natural tendency to extend this deep entrenched IT management philosophy to mobile devices and that is precisely the reason why many BYOD initiatives fail.

The math for BYOD adds up if you adopt a simple philosophy in your BYOD mobile strategy: Manage Data Not the Device. With this philosophy you can realize the value of BYOD program that enables your employees to use their personal devices securely for work.

Now let’s address the challenges that can potentially drain the savings from BYOD program. Note that the capabilities discussed below aren’t theoretical. They are currently provided by some of the robust BYOD management solutions available in the market.

  • Security: BYOD programs amplify security concerns owing to the rapid proliferation of mobile endpoints accessing corporate network and assets. Instead of the entrenched IT view of controlling device features and capabilities, a viable and practical alternative is to ensure complete protection of company data at rest (on the device) as well as in flight (during transmission), and not worry about the device itself. For this, the BYOD management solution must provide robust encryption, on top of SSL, and isolate corporate data from the rest of the mobile device using “encrypted containerized apps” to deliver business data, documents and applications on personal devices. The solution should also enable pin locks on these apps independent of device pin lock, protecting the data in the apps against casual perusal.
  • Integrating a wide array of diverse devices: From 2012 to 2013, the number of distinct Android devices grew from 3,997 to 11,868. This is an overwhelming growth of devices for IT admins to support on their company network. A robust BYOD management solution will keep all the mobile devices outside the network and process the mobile requests using an intermediary “gateway-behind-a-firewall” that makes only outgoing connections to exchange data with the devices. Using this gateway, IT admins can further control what company resources are accessible on these personal mobile devices. Such solution architecture ensures virtually no changes to network VPN and firewall settings.
  • Balancing the needs of end users and IT: A successful BYOD implementation is all about striking the happy balance between corporate data protection and employee’s personal freedom. This is possible by the use of “containerized” apps for accessing company emails, documents and intranet sites. When required, the IT admins can just remote wipe the data within these “containerized” apps without impacting the personal data on the device.
  • Determining ROI: The benefits of a BYOD program are clear: employee flexibility, savings on company-owned device costs, productivity gains, higher employee availability, and competitive differentiation. Some of these benefits can be easily quantified such as savings on device costs. But the qualitative benefits such as employee productivity gains and greater employee availability are more difficult to quantify. Additionally, to realize these qualitative benefits, you will have to look for opportunities throughout your workforce and business applications to identify where mobility could drive substantial efficiency and innovation. Determining the ROI of a BYOD management solution is possible with thorough internal review of processes, building activity-based costing and identifying potential areas of savings and additional revenues.
  • Enforcing mobility policy: IT organizations have painstakingly developed IT policies for their companies, keeping laptops, desktops and servers in mind. Mobile devices, by the very nature of their design and use cases, have greater exposure to vulnerabilities. A BYOD management solution should allow IT admins to easily extend existing IT policies and authentication systems to the mobile devices with further refinement to what information can be accessed on the mobile devices by specific users. The aforementioned gateway-based architecture that integrates with existing security and authentication systems enables single sign-on to back-end systems with NTLM.
  • Building mobility management skills of IT staff: IT staffs have to be knowledgeable about mobile technologies in order to support mobile business users. This need is accentuated in company-owned device scenarios where the IT staff needs to be able to troubleshoot the devices that they control and manage. BYOD management solutions typically use a suite of apps to deliver emails, documents and business applications, which rarely differ from device to device. These apps may only vary between mobile platforms like iOS, Android and Windows 8. So the focus of IT staff’s training, in a BYOD context, is the suite of apps on a handful of mobile platforms instead of features and capabilities of numerous devices.

In conclusion, the BYOD trend is compelling and inevitable. It is, however, not devoid of challenges. Often these challenges are exacerbated by IT admins adopting traditional methods to manage and control devices in a BYOD context, which is a misfit. BYOD has tangible benefits of which some are easy to quantify while others require more detailed analysis. If one focuses on managing just corporate data in BYOD scenario, using a comprehensive mobility management solution, the BYOD challenges can be easily addressed without compromising security. This helps to minimize indirect costs and increase the ROI from your BYOD investment, making the math for BYOD add up.

Author: Varun Taware

The Future Role of the IT Organization in Mid-Market Companies

“Big Data” has been on most IT folks’ radar screens for some time but new data suggests the time has come for mid-market companies to do some serious thinking about the implications.

It’s over 400 years since Galileo, hearing of the invention of the telescope, rushed to create his own version to sell to the commanders of the Venetian navy. He immediately understood the value of being able to more quickly recognize distant ships coming into harbor or gain advance information about the capabilities of enemy craft at sea.

Galileo's Map

The desire to gain advantage by acquiring and processing information more quickly has arguably been one of the biggest drivers behind the evolution of “IT” throughout the time since Galileo’s first x10 telescope. Obviously a significant business or military advantage comes from having better knowledge and insight than your adversaries. Knowing what your customer’s want and being able to more quickly satisfy them also creates competitive advantage. Processing orders, handling inventory, raw materials purchasing, invoicing and payments…..all garner greater benefit by being done faster.

Why is this important to today’s mid-market IT organizations? And what’s it got to do with “big data”? The latest research from EMA* suggests that the early adopters of big data technologies are moving their projects into production – over half of the projects studied are either in a full or pilot production phase. Survey respondents are finding that big data programs are able to aid real-time decision making. Big data is enabling these companies to mine information from previously hard to analyze data sets (like ships a long way off at sea) and to use it for better outcomes and, ultimately, competitive advantage.

One example is the healthcare organization that analyzed patient medical records in real time to reduce the risk of prescribing harmful medications to inpatients, based on their histories and current symptoms. Another is the restaurant loyalty and rewards program operator who provides real-time program analysis data to restaurant chain customers so they can replicate successful marketing programs quickly and identify poorly performing restaurant locations at the earliest juncture.

The list of industries and use cases for big data is large and growing and the days of pure experimentation are beginning to wane. The inference is that big data will be the next wave of competitive development that speeds the availability of critical business data, disrupts business models and changes the competitive landscape.

The implications for mid-market IT organizations are immense. A key imperative in resource constrained businesses is to free up time to allow for the necessary big data discussions, explorations and innovations. Big data projects cannot be defined or driven by IT alone. It’ll take extra time to develop the business knowledge and relationships required for success. IT must find ways to reduce the time spent on day-to-day operations in order to deliver on both operational excellence and business innovation expectations. To succeed IT must:

  • Look to third parties to help with basic tasks and cloud-based services.
  • Reduce the number of different tools and systems used – pick the best and most comprehensive – to reduce the burden of dealing with multiple vendors, upgrades, trainings and support efforts.
  • Optimize for business growth not just around the IT budget.

navigation

Here are 6 responsibilities that tomorrow’s IT department must make time for:
  1. Identifying opportunities. In the EMA study over 40% of funding came from finance, sales and marketing. The finance department was a major sponsor in the retail, healthcare and manufacturing segments while IT was the largest sponsor in the Public Services sector. Discussions with other functions will help identify key big data opportunities.
  2. Obtaining funding. Obtaining funding means developing an implementable strategy and cost effective plan that leverages current infrastructure investments and outside capabilities. Funding for projects that truly have a strong business impact will likely come from senior management as well as other functions.
  3. Defining and developing applications. Big Data initiatives require complex processing. To derive the most from large volumes of “unstructured” or “incomplete” data requires more complex rules and advanced predictive analytics, possibly even the use of natural language processing. In addition, analytical results will need to be built in to existing processes and workloads in order to meet the requirement for speedier decision making and competitive advantage.
  4. Manage pilot programs. Despite the fact that big data approaches are maturing, for those who have yet to start, the challenges are considerable. Early adopters spent more time on data management issues than analytics and adjusting existing business processes. Later adoptees may be able to learn from the early experience and move more quickly by piloting in unfamiliar areas.
  5. Design “big data” architecture. Adding new data to a traditional structured database is quite simple in comparison to creating an architecture that enables consistent real-time analysis of data from multiple sources, each potentially with a different structure, format, update frequency etc. Ultimately IT will need to redesign the current IT infrastructure. Regardless of where the resultant systems reside, big data represents a major activity for IT going forward.
  6. Prepare to take a leadership role. As has been indicated big data programs are complex. Opportunities might be identified from across the organization but it’s clear that IT needs to take the leadership role when it comes to strategy, planning, design, development and implementation.

Just as the telescope had a profound impact on the speed with which information became available when it first appeared, big data is starting to have a similar, if not greater, impact. And while large enterprises may have deeper pockets to leverage the capabilities it is mid-sized businesses that are at greater risk, if they ignore the possibilities.

By helping the IT departments of mid-sized companies meet their SLA mandates, Kaseya’s advanced monitoring solution, Traverse, helps free in-house IT staff to better respond to business requests and provides detailed intelligence that IT can use to add strong value in conversations regarding business innovation.

Learn more about how Kaseya technology can help. Read our whitepaper, Solving the Virtualized Infrastructure and Private Cloud Monitoring Challenge.

References:

Operationalizing the Buzz: Big Data 2013

Author: Ray Wright

IT Automation: For the Harried Yet Innovative IT Administrator

Are you a harried, yet innovative IT Administrator? With increased IT complexity, driven by cloud, mobility, and big data, it is no wonder that IT administrators are working harder than ever, but still having trouble keeping up. Yet, I hear story after story about the creative, innovative approaches that IT admins are taking to address these new challenges. Usually these approaches involve automation. In fact, IT automation needs to be part of every MSP and IT organizations’ plans to deal with the increased IT complexity, greater workloads, and flat budgets faced by every organization in every industry, in every part of the world.

But I still encounter resistance to IT automation by those who feel that IT automation is a path to “I don’t have a job.” Many IT administrators have become expert at maintaining systems with SW updates, patches, new security releases, etc., and some believe the automation of these functions would negatively impact their job. In reality, automation frees up good IT administrators to attack new, challenging, high impact opportunities to help support the business.

Others look at IT automation as a replacement for homegrown scripts, created to automate certain functions. These home grown scripts are a source of pride and job security. Unfortunately, they are usually not well documented, need regular maintenance and only cover a subset of the many functions that could and should be automated. It is hard to implement extensive automation of the many repetitive, manual IT tasks, by creating script after script.

Fortunately, there are solutions today that provide out-of-the-box automation for the many routine, repetitive, manual core functions that most IT administrators would gladly stop doing, while at the same time provide the flexibility, interfaces and tools needed for more creative and innovative IT automation. A simple search will reveal the key vendors, however, not all automation solutions are created equally. When evaluating these automation solutions, there are five key items you should consider:

1. Out-of-the-box

Tasks such as scheduled backups, software deployments, patches and security updates are automation capabilities that should be ready to go straight out-of-the-box.  Experienced vendors will have distilled these built-in capabilities from years of working with IT service providers and corporate IT departments to understand good practice areas such as routine maintenance, software deployment, security and compliance.

2. Policy-based

Ensuring that every user and every system is being managed consistently is critical. However, with thousands of systems logging onto and off various networks in multiple—sometimes global—networks, it isn’t feasible for the IT department to manually touch every machine, ensuring it is in compliance with all of the organization’s IT policies. With policy-based automation, IT administrators can define, manage, apply and enforce IT policies across groups of machines without human intervention.

3. Flexibility and Interfaces to be Creative

Once the core, “out-of-the-box” automation has been implemented, IT administrators can now differentiate themselves and their MSP businesses or IT organizations with creative, innovative automation capabilities. Examples I have seen include problem remediation, isolation of viruses, and stolen laptop recovery. In all cases, the automation solution provided easy-to-use, flexible tools to allow the creative IT administrator to be creative.

4. Proven

Look for a solution with proven automation capabilities, which have been implemented successfully in a large number of customers. Successful implementation of both core and innovative automation solutions across many customers (ideally thousands), will mean that IT administrators in your organization will likely be successful as well. But be sure to speak to a few references.

5. Community

A broad customer base with an active community who share automation use cases and implementations is very helpful. Look at the vendor’s community, see how it functions, and talk to community leaders to understand how the community works. IT administrators generally like to have “community” ties, and a strong community can enhance the work environment and speed automation results.

IT automation is a must for any MSP or IT organization trying to keep up with the complexity and challenges posed by cloud, mobility and big data. Choosing a proven solution with the right capabilities and community support can make the move to automation much easier, especially for the harried, but innovative IT administrator.

For more information on Kaseya automation capabilities, visit our IT Automation website: http://www.kaseya.com/features/kaseya-platform/it-automation

IT Best Practice: Driving Innovation in the Mid-Market

Kaseya Driving Innovation

According to CIO magazine’s 2014 State of the CIO Survey* results over two thirds of CIO’s have a hard time balancing the time and resources needed to drive both business innovation and operational excellence. Of course, for many mid-sized businesses this is not even an issue. They simply do not have spare IT resources and instead rely on business leadership to drive innovation. Yet, as the National center for the Middle Market – Blueprint for Growth** shows, higher growth mid-market companies do have a strong innovation focus. The Blueprint indicates that companies in this segment can increase growth incrementally by developing a strong company-wide growth strategy.

The challenge for IT services teams in mid-sized firms is that there is already too much to do! Maintaining existing operational effectiveness takes a significant portion of the available resources. Add to that new IT projects and upgrades, to increase organizational effectiveness and satisfy the needs of business and functional groups, and the ability to participate in business innovation efforts begins to dwindle. Throw supporting new technologies such as cloud services, mobile device management and BYOD as well as the ever present security threats into the mix and it quickly becomes clear why it’s hard to find any balance between operational excellence and innovation.

Budget and resource optimization is an ongoing discipline and not a one-off exercise but IT must also address the continuously growing demand for IT services. On top of that, it’s vital to retain existing staff by providing challenging work and good career opportunities. IT skill shortages are likely to get worse as the economy rebounds and replacing skilled and knowledgeable team members with new recruits will be not be easy or efficient.

One approach to addressing the myriad issues caused by tight budgets is to create a business growth strategy in which IT can take a leading role. With growth, budgets are more likely to expand. Growth also creates individual opportunities. Yet with constrained resources is it realistic to suppose that IT can take a leadership role on business innovation? Do IT team members know enough about the business?

Here are 5 best practice factors that mid-market CIOs need to consider before taking on innovation responsibilities.

  1. Innovation is a process not an event. Look at any growing start-up and you’ll find an innovation process. Successful start-ups invest in innovation by funding both customer research and engineering teams. At a minimum they have product management resources to focus on customer needs and project management and design and development resources that focus on product creation. For new business innovation strategies to work senior management must similarly resource and finance them. Boot-strapping from existing budgets is unlikely to deliver the focus needed for success. Innovation participants will come from existing functions, such as IT, but they must be able to dedicate an appropriate portion of their time without impacting their other duties.
  1. Success requires an innovation strategy. Occasionally new ideas are created in a single “Eurika!” moment, but that’s rare. More likely ideas come from an unbiased examination of existing approaches which may become inadequate or uncompetitive as customer needs evolve, new technologies emerge or the marketplace environment changes, such as when competitors with new approaches or business models appear. Like other company processes, innovation needs careful management to foster continuous improvement, focus, rigor and success. Process management is an area where IT can play a leading role.
  1. Innovation requires a team approach. In today’s complex business world it’s unlikely that a single person or function can provide all the knowledge necessary for success, certainly in any sizeable endeavor. Many innovation ideas are generated by marketing and sales or by business functions themselves. But IT has a wealth of knowledge to contribute too. Security, integration, compliance, education, support, project and vendor management, risk management, usability, information quality and management….the list goes on. By making positive contributions about how innovations can be successfully developed, introduced and managed, IT can play a significant role.
  1. Be innovative about innovation! According to PWC’s 2013 Innovation Survey*** the most innovative companies go well beyond thinking simply about new products and services. They look for breakthrough ideas that can set them apart from competition or create new markets or new business models with new and different dynamics. In this kind of environment IT management’s broad understanding of business processes across the organization together with its nonpartisan view of the business can be distinct advantages. Getting to know more about the competition and the customers – from the data that IT stewards – might be more valuable than seeking expertise in how the business currently functions.
  1. Optimize for growth. It goes without saying that IT is good at resource optimization. However, many of the actions that IT takes – standardization, protection, limitation – are made precisely because of resource constraints and can be a drag on innovation and growth potential. Start-ups favor lean development approaches where agility, flexibility and nimbleness are key. IT must both support and enable similar approaches. In addition, The IT team should review its own operations to identify where changes can free-up human resources to participate in growth and innovation strategy work. For example by:
    • Investing in fewer more robust and comprehensive management tools versus a myriad of discrete point products
    • Developing self-service cloud options and/or using public cloud services
    • Leveraging 3rd party resources to off-load routine tasks such as upgrades.

IT budgets in mid-size enterprises will likely always be constrained but continuous innovation is necessary for long term viability and survival and IT has a key role to play. CIOs can help drive innovation strategies and can use their teams to enable success.

By helping the IT departments of mid-sized companies meet their SLA mandates, Kaseya’s advanced monitoring solution Traverse helps free in-house IT staff to better respond to business requests and provides detailed intelligence that IT can use to add strong value in conversations regarding business innovation.

Learn more about how Kaseya technology can help. Read our whitepaper, Solving the Virtualized Infrastructure and Private Cloud Monitoring Challenge.

References:

* State of the CIO Survey 2014, CIO Magazine – slides in InfoWorld

** Blueprint for Growth: Middle Market Growth Champions Reveal a Framework for Success

*** Breakthrough innovation and growth, PWC Innovation Survey, 2013-2014

What strategies does IT adopt in your organization to bolster innovation?

Author: Ray Wright

Leveraging Policy Management for Device Compliance

Policy Management

Kaseya Professional Services Consultant, one of the most common questions I hear is “What are the best practices for agent machine configuration with respect to device/machine monitoring, Microsoft patch management, access and security and many other areas?” Within Kaseya Virtual System Administrator (VSA) end-point device management is achieved via a software “agent” that is installed on each managed device. My usual answer to the agent configuration question is to ask what policies are in place in these areas and what software and versions must be deployed? During these conversations we come to realize that agreeing on a best practice is a task in itself!

In the process of managing end-point devices there are numerous configuration steps and modifications that span multiple modules within VSA – for example, patch management, security, performance monitoring and so on. Making and adjusting configurations manually, via each of these modules, can be time consuming, and manual configuration is definitely error prone. Consequently, after changes are made, it’s important to run reports on all devices to locate any deficiencies. Before troubleshooting and remediating any subsequent issues we need to ensure we have a level playing field. That is, uniformity of configuration and compliance with organization policies across all devices. Running reports can be time consuming especially when you support a number of organizations or departments. In larger organizations this becomes a monumental task.

What’s needed is a tool that can configure settings all in one place. In Kaseya VSA the IT Policy Management module plays this role and can be a vital capability when creating an efficient working environment. The VSA Policy Management module greatly simplifies the task of managing user desktops for compliance to a set of policies. Compliance policies can include which software is allowed to run on the machine, which version, which software configurations, who has authorized access – to name just a few.

The VSA Policy Management module controls all agent configuration settings under a single pane of glass. The VSA Policy Management can be used to create:

  1. A uniform set of agent configurations across the infrastructure
  2. Policies that target specific functions of agent configuration, i.e. Monitoring, Patch Management, Maintenance, Software Deployment, etc…
  3. Policies for different operating systems and applications
  4. Policies for different organizations and group of machines

Policy Management Module: Policies are applied hierarchically.

Policies Applied

Once policy rules are defined, the next step is to apply them to the associated devices via the installed agents. Policies can be applied:

  1. Manually, using the Apply Policy functions under “Policies” – used when policies are stable and not constantly modified.
  2. Automatically, by setting the deployment interval under “Settings” – remember to set the deployment interval to 30 minutes or higher to ensure settings are fully deployed before the next deployment interval is started.

Leveraging policy management in this way is very powerful. It not only provides a single location to manage your configuration compliance, it also greatly assists automation processes and saves time and effort when you need to check configurations.

If you’d like to learn more please review the Kaseya VSA documentation on Policy Assignment Rules.

(http://help.kaseya.com/WebHelp/EN/KPM/1010000/index.asp#8140.htm)

Author: Wilki Budiwarman

How Remote Management Turns IT Professionals into Heroes

Kaseya Remote ManagementOr be prepared for “Planes, Trains and Automobiles.”

Two days before Thanksgiving, marketing consultant Neal Page (Steve Martin) races to catch a plane home to Chicago, only to find that his flight has been delayed. Hours later, he boards the plane and ends up next to an eternally optimistic, overly talkative, and clumsy shower curtain ring salesman, Del Griffith (the late, great John Candy). When the flight is detoured to Wichita, the mismatched pair is forced to find their own way to Chicago, by any means necessary. A must-see movie, loaded with many funny lines and situations; the “Those aren’t pillows!” line is a classic.

“Planes, Trains, and Automobiles” was produced over 25 years ago, and though travel may have improved (yes, it is debatable), what we do while traveling has changed dramatically. Today, most people on planes, trains or automobiles (assuming you are NOT flying, conducting or driving!), want to be connected to send texts, do email, play “Words with Friends” (though I think Alec Baldwin has stopped doing this), or if you are a pig, check your Geico app. And they want to be connected using any device – laptop, tablet, phone, anything with any kind of a connection. When they have issues, IT managers are given the opportunity to become “heroes,” stepping in to resolve the problem, often times by remotely accessing the offending device. This leads to our “IT hero” story.

A few weeks ago, I was presenting a webinar on IT challenges and how companies are addressing these with innovative solutions. Patrick Magee, Manager of IT Infrastructure and Desktop Support for The Howard Hughes Corporation, was our guest speaker. The Howard Hughes Corporation, a major real estate development and management company which was founded by Howard Hughes, is headquartered in Dallas, TX. But at the time of the story Patrick was working from the Café Du Monde in New Orleans (I know, sounds like tough duty).

Kaseya Remote Management

The Howard Hughes CEO was in the air trying to complete critical work for an upcoming meeting, when he encountered an issue. The issue was such that Patrick could not simply send a command or walk the CEO through a series of configuration steps. The only way Patrick could resolve the issue was to take control of the device. Patrick was able to set up a remote control session from his location in the New Orleans café to the laptop on the plane, and in a few short minutes, Patrick had his CEO working again. Instantly Patrick became an IT hero. As Patrick says, the “anytime, anywhere” technology to establish the remote control session was crucial; without it, it is unlikely he could have resolved the issue.

The remote control example is just one of many insightful stories Patrick told during the webinar. He talked about the challenges of managing new cloud services, mobility and big data. Howard Hughes Corporation is taking advantage of all of these, and Patrick needs to ensure that these new services deliver as promised. For example, Howard Hughes is now using cloud apps for expense reporting, travel, and HR. With their increased comfort in security, reduced TCO, and access to broader, richer cloud applications, cloud-based applications has become the first option for Howard Hughes.

Patrick also talked about his integrated management solution to centrally command his IT environment. He is able to see and manage all of his IT assets from a single dashboard (network, servers, clients, applications), and knows that any issue will be presented in this one place, normally before any of the Howard Hughes’ 1000+ employees notice a problem. From the same dashboard, he is then able to take immediate action to keep them all working and productive.

Finally, Patrick talked about automation and how he is using it to substantially improve efficiency. Only with IT automation is he able to support company growth, and address new IT challenges with existing IT staff. He uses client clean-up (bloatware removal) as an example, which has reduced helpdesk calls by 50%!

As you might have suspected, Patrick is using the Kaseya IT management solution to achieve these excellent results. The Kaseya solution is helping many MSPs and IT organizations such as Patrick’s deliver improved services to their users and do more with their existing staff. Kaseya is helping them to:

  • Command Centrally: See and manage everything from a single integrated dashboard, to ensure the availability, performance, and security of the entire IT environment – on-premise, cloud, and mobile.
  • Manage Remotely: Discover, manage, and control widely distributed environments, extending management reach, and maximizing efficiency and service-level performance.
  • Automate Everything: Deploy policy-based automation with proactive remediation, to increase productivity and do more with existing staff.

Listen to Patrick share his insights directly in the webinar: “How to Dramatically Improve IT Efficiency and Exceed Service Level Expectations”

Other material you may find useful:

Managing the Complexity of Today’s Hybrid Cloud Environments

Seconds Matter: Resolve Issues Quickly with the World’s Fastest Remote Desktop Management

3 Keys to Managing Today’s Complex IT Infrastructures

Author: Tom Hayes

Page 1 of 4412345»102030...Last »