|
To
view this update as a Web page, copy this link into your
browser:
http://www.qtsnet.com/stayinformed/quiknews/quiknews
august2005.htm.
To
subscribe or unsubscribe, please follow instructions at
the bottom of this page.
Welcome to the August edition of QTS QuikNews, our
monthly e-mail newsletter. In this monthly e-mail, you
will receive an update of what's new at QTS - new
products we support, new patches and upgrades, solution
ideas and promotions to save you money, and information
about our company and our clients.
In this issue:
-
QTS and Partner News
-
Events
-
President's Corner
-
QuikSecure Tip of the Month
-
Patches and Upgrades
-
Product Support Lifecycle Watch
-
Solution Spotlight
-
Special Offers
-
Partner Spotlight
QTS AND
PARTNER NEWS
WELCOME TO NEW CUSTOMERS
QTS offers a “welcome aboard” to the following new
customers:
·
Louis Vuitton Watch &
Jewelry
·
Network Financial Printing, Inc.
·
The
Newark Group
QTS IS HIRING!
QTS is recruiting for senior level technical personnel,
as well as sales and project management personnel. If
you know anyone who might be a good fit, please have
them submit their resume to Liz Meechan, our Office
Manager. Liz can be reached at
lmeechan@QTSnet.com, or (973)984-7600 x223.
PRODUCT NOTICES AND ADVISORIES
APC POWERCHUTE BUSINESS EDITION 6.x
Customers running APC PowerChute
Business Edition version 6.x will experience problems
with loss of functionality, as well as extremely slow
server reboots, and need to upgrade to version 7.x as
soon as possible. The problem is the result of
expiration of the Sun Java Runtime Environment
certificate, and we have seen it result in servers
seeming to “hang” on reboot. For more information,
visit
http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/olh_adp.php?
ISOCountryCode=us&p_faqid=7202&p_olh=1.
TERMINAL SERVICES CAL TRADE-UP ENDING SOON
Due
to a change in the way Microsoft licenses Terminal
Services as of April 2003, customers may be eligible for
free Terminal Services Client Access Licenses (CALs).
With the release of Windows Server 2003, the “built-in”
CALs under Windows 2000 were
eliminated. However, customers owning Windows XP Pro
receive a free Terminal Services CAL for each XP
license. These licenses must be processed by 12/31/05,
however, when the transition program ends. For more
information, visit
http://www.microsoft.com/windowsserver2003/
howtobuy/licensing/tscaltransfaq.mspx.
Back
to Top
PRESS
RELEASES
QTS
WINS "WINNING CUSTOMERS" AWARD AT MICROSOFT WORLDWIDE
PARTNER CONFERENCE FOR 2ND YEAR IN A ROW
8/29/2005: QTS
and
Microsoft today announced that QTS was a US regional
winner of the Winning Customers award at the 2005
Worldwide Partner Conference. QTS'
QuikDesign Active Directory Design service was
QTS' winning submission.
Read more at
http://www.QTSnet.com/stayinformed/l3_stay_pr62.htm
QTS JOINS THE NSI SOFTWARE XCELERATE PARTNER PROGRAM
8/22/05: QTS today announced that it has joined the NSI
Software, Inc. Xcelerate
Partner Program. QTS will sell and support NSI
Software’s Double-Take® to mid-market businesses in the
NYNJ metro area looking for an industry-leading disaster
recovery solution. Double-Take provides continuous data
protection and application availability for
cost-effective high-availability, centralized backup and
disaster recovery solutions. Read more at
http://www.QTSnet.com/stayinformed/l3_stay_pr61.htm
EVENTS
No
events are presently scheduled. Stay tuned for upcoming
events in the Fall!
Back
to Top
PRESIDENT'S CORNER
The
statement “time flies when you’re having fun” certainly
comes to mind as I note that it has been nearly two
years since I wrote the two part column in the September
and October 2003 QuikNews on
“10 Steps to Secure Your Network.” Since writing this
column and consulting on security strategy are two
things I truly enjoy doing, it seems to apply here.
In
those two years, some of our clients have made
significant progress around security, particularly where
we’ve done Security and Vulnerability Assessments and
the client has been able to then develop and act on a
plan to reduce vulnerabilities. However, as I meet with
more and more businesses, I can’t help but note how
challenging (and never-ending) this process is. Yet on
the flip side, today’s climate is placing ever more
pressure on businesses of all sizes to implement
security strategies and solutions. SOX, GLB, HIPAA and
a variety of other regulatory and business pressures are
driving companies to do what in many cases they should
do anyway – amidst the challenges of trying to operate
and enhance the networks and technologies already in
place.
I’ve
done my “10 Steps” security presentation at Microsoft
events more times over these past two years than I can
begin to recount – I have to think somewhere between 30
and 50, at least. The material always gets a good
reception, with lots of note-taking and questions, and
people tend to get fired up about taking action as they
leave.
And
yet, so many businesses aren’t really making as much
progress as they should. We’re all so caught up in the
whirlwind of day to day activities that it is really
tough to break the inertial forces that pull at us and
prevent us from acting on these truly important issues.
How do we address this?
As I
look at my “10 Steps,” I see that some of them are
relatively easy, and some are very difficult. Some are
more fundamental than others. So, the question
is, what are the truly
important ones, and the best starting point at which to
begin making an impact.
The
most fundamental area of focus is antivirus. This is an
area where virtually every business would say it is
covered. And yet, why is it that in the 2005 CSI/FBI
Computer Crime and Security Survey (gocsi.com),
virus attacks were reported by nearly 80% of
respondents, and viruses were the number one cause of
financial losses – over $42 million across 639
respondents (over $65,000 per company). For this type
of impact to be the case, clearly we’re doing something
wrong. Part of this I would attribute to
spyware,
and antivirus companies are only now getting truly
serious about dealing with spyware
and adware within their
products. But some of this is inconsistent protection,
failure to keep systems and protection up to date, and
lack of defense in depth – all manageable issues. I
would propose that auditing your antivirus and anti-spyware
platforms and making appropriate changes would be the
first order of business. Spyware
in particular is a major challenge, consuming both IT
and user productivity and resources.
The
next major area is a tough one, but has major benefits,
and that is Security Policy. Most organizations still
don’t have clearly documented security policies, and of
those that do, many of them have not clearly
communicated them to the user community. Interestingly,
I’ve seen a direct correlation between
spyware problems and
security policy – companies that have policies and
restrict Internet access to business-pertinent sites
have far fewer spyware
problems than those that allow unrestricted surfing. It
is broader than this, though. Having a security policy
means that your management team has (or should have)
decided how it wants its data and computing assets
managed, and when this is properly defined and
communicated, it creates a “culture of security
awareness” as I like to call it. It also sets out clear
goals for what IT needs to do to protect those
resources, and the justification for budget to do so.
Everything gets prioritized and aligned, based on a
clear business justification.
This
directly ties to employee training and security
awareness. The policy is of no use if it is not
communicated. Conversely, organizations that have
trained employees on their policies, and set clear
guidelines on what is and isn’t acceptable, have far
fewer security issues in my experience. This is not
easy, but it is doable – it requires executive
commitment, and teamwork between IT, HR and middle
management (who ultimately enforce the policies with
their employees). But when done properly, the benefits
can be significant.
Now,
back to technology for the last two items. It is
imperative that every organization implement a patch
management strategy, for PCs and servers as well as
network devices. The window in which we can respond to
attacks keeps shrinking, as hackers get better and
better. The time between announcement of a
vulnerability and release of worms or other code that
exploit the vulnerability is now down to a week or
less. We simply cannot afford to be reactive. Patches
need to be deployed within days of release, after
testing. This can only be done via automation, and
based on clearly defined business processes.
The
other element of this is properly securing the perimeter
of the network. Most firewalls I encounter are
sub-optimally configured. It is important that
firewalls be configured to minimize open ports, both
inbound and outbound, and leverage a
DMZ architecture to create an environment where
no unauthenticated traffic can reach the internal
network. Intrusion Prevention is becoming a necessity
in environments where the business impact of downtime is
significant – which is increasingly describing most
business networks of all sizes.
These are the “big 5” that require focus first and
foremost. Once these are under control, effort can be
put into some tough issues like management of VPN
connections, review of logs, hardening of servers and
devices (a time consuming activity) and definition of
proper access rights to apply the principle of Least
Privilege (an even more time consuming activity). Plus,
if you have not had an external Security Assessment
(people-process-technology at a high level, also called
a Security Posture Analysis) and Vulnerability
Assessment, then contact us – you need to understand
where your weaknesses are in order to formulate a plan
for dealing with them. This last item is arguably as
important as the first five.
As
always, feel free to email me your comments or thoughts
at
nrosenberg@QTSnet.com. Thank you.
Neil Rosenberg
President & CEO
Quality Technology Solutions
Back
to Top
PARTNER SPOTLIGHT
This month’s QTS Partner Spotlight is on ISS Group, a
Gold Certified Microsoft Business Solutions Partner
headquartered in northern New Jersey with a remote
location in Atlanta, Georgia. ISS Group was founded in
1986 and specializes on providing Information Technology
solutions to the Wholesale Distribution and Discrete
Manufacturing communities both locally as well as
throughout the U.S.
For the first ten years of ISS Group’s operations, ISS
Group offered technology products and services for
Manufacturer’s and Distributor’s back-office operations
such as Order Processing, Billing, Purchasing,
Production Control,
Warehousing and Accounting applications. ISS Group’s
services included activities such as software
installation/configuration, program customization,
application training, process
re-engineering and project management. By performing a
complete range of solution implementation services and
business process consulting, ISS Group became experts in
satisfying the information technology requirements,
operations and business practices and processes for
Distribution and Manufacturing organizations.
In 1996, ISS Group developed an eCommerce solution
providing real-time web transaction processing such as
Order Entry, Purchase Order Maintenance, Stock Status
Inquiry, A/R Inquiry, and more for integration to
back-office ERP applications. This eCommerce solution
was developed in the very early days of the Internet,
before Al Gore’s Superhighway, and afforded ISS Group
entrée into the burgeoning eCommerce and Customer
Relationship Management business. ISS Group focused on
the eCommerce business throughout the late nineties and
in 2000 became one of Siebel’s first reseller’s to
market their CRM applications into the mid-market
Manufacturing and Distribution communities.
As fate would have it, Siebel was marketing their CRM
applications via the Great Plains product as the Great
Plains Front-office Solution, and ISS Group was selling
the Siebel applications via this sales channel. When
Microsoft decided to purchase Great Plains in 2001 and
develop their own CRM solution, the relationship between
Siebel and Great Plains was dissolved. Microsoft then
began courting the Siebel resellers who were selling via
the Great Plains channel, such as ISS Group, and
convinced ISS Group to become a Microsoft CRM reseller
while the Microsoft product was still in Beta.
ISS Group has been working with the MS CRM product since
it’s initial release back in 2002, has continued to
develop their eCommerce products and service
capabilities as well as their CRM solutions portfolio
and integration expertise with Microsoft’s BizTalk
technology, and has become one of Microsoft’s top CRM
solution providers in the U.S. ISS Group has developed a
product called iBridge which
integrates MS CRM with back-office ERP solutions, which
has been certified by Microsoft as an approved MS ISV
solution, and has completed dozens of successful CRM
implementations for Manufacturers and Distributors
across the U.S. ISS Group has also broadened their
expertise in Microsoft technologies and offers services
in SharePoint and C#
application development, Business Intelligence
solutions, and Information Worker Productivity solutions
using Microsoft Office.
For
more information on ISS Group,
please view their web site at www.issgroup.net, email
them at sales@issgroup.net, or call 973-812-9700. Or,
contact your QTS Account Manager.
Back
to Top |
