Category Archives: Uncategorized

Business Continuity Vs. BDR

Understanding and implementing a business data backup plan based on RTO (recovery time objective) and RPO (recovery point objective) is the key difference between standard BDR (backup and disaster recovery) and true business continuity.

Simply put, BDR refers to the recovery of business data from a previously archived source in the case of a loss or catastrophic event (disaster). A catastrophic event does not necessarily mean a natural disaster or other force of nature, but most often refers back to hardware failure or human error. For example, if your hard drive stopped working or you accidentally deleted a file, you could implement your backup and disaster recovery plan and if a successful backup is available, recover the single file, or in the case of the failed hard drive, the complete volume of data that was lost. It really is that simple.

The problem with having only a BDR plan, however, is that while waiting to recover the missing data, you’re company will be experiencing what is referred to in the world of data loss prevention, downtime. In the case of the single missing file, this may not be a huge loss, but without proper planning and the correct solutions in place, servers or workstations that are vital to the operation of a business could be down for hours, if not days or even weeks. While the business’s data may be ultimately safe, long periods of downtime could lead to the loss of revenue, damaged client relationships, or even the closing of the business.

Which leads to the importance of RTO and RPO. RTO, recovery time objective, refers to the amount of downtime a business can endure before being negatively effected. RPO, recovery point objective, refers to the amount of data a business can afford to permanently lose in the case of a catastrophic event or failure.

Let’s start with RPO. If a business’s backup and disaster recovery plan is set to backup data every Friday night at 10 PM, and the server hosting that data experiences a catastrophic power surge at 9 PM on a Friday night, just one hour before the weeks backup is set to happen, an entire weeks worth of work will be lost. However, if backups are set to happen every night at 10 PM, in the same scenario, only one days worth of work will be lost. When it comes to RPO, each business is different. For a manufacturing company, losing a weeks worth of data may not be the end of the world, especially when compared to the added cost of data storage for the extra backups. However, for the engineering firm that designs the widgets manufactured by the first company, losing a weeks worth of data could result in the permanent closure of the business.

Just as a business must consider how much data they can afford to lose, how much downtime they can afford to endure must be considered too. RTO refers to how long a business can afford to be down before becoming negatively affected. Referring back to our previous example, the manufacturing company can probably keep right on churning out widgets for a week, maybe even two, while they order a replacement server and get things back up and running. The widget design company, however, may not be able to go even a day before they are missing deadlines and negatively impacting client relationships because they can’t access the tools they need to design new widgets.

In a perfect world, every business would back up their data as it is created and have the tools resources to be up and running instantly in the case of a failure. However, data storage is expensive, as are BDR servers, spare workstations, and off-site virtualization solutions, to name just a few of the tools that can be used to quickly recover from a disaster. Every business must choose a balance between cost and a quick RTO and comfortable RPO. If you would like help choosing yours, contact us today.

Regulatory Compliance and Why You Should Care

Many of the clients we work with are bound by some sort of compliance standard. One of the most prevalent is HIPPA or the Health Insurance Portability and Accountability Act of 1996.

From the Department of Health’s website: “The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.”

All Health Care Providers, Health Care Clearinghouses and Health Plans must comply with HIPPA.

That sounds great, right?  Now it gets complicated.

The Information Security piece of HIPPA has a guide for implementation that can be found here: www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/nist80066.pdf

That guide is 117 pages long. I hope you have some time on your hands for a little light reading.

Companies found to be in violation of the HIPPA compliance have paid anywhere from $50,000 to $4.3 Million to settle the cases.

To help our clients with this ordeal, we purchased a piece of auditing software that can find all the issues on your network that would be uncovered in a HIPPA audit.

We decided to be our own guinea pig and run it on our own network. I don’t want to startle you, but we didn’t pass the audit. Our issues were mostly cosmetic and required a lot of help and study from some of our software and hardware vendors to resolve. We WERE able to resolve all of our issues though and passed our most recent self-audit with flying colors.

We can do the same for you.

We can find the issues, and perform remediation before you get an audit. An ounce of prevention . . .

Call IntegrativeIT today to schedule your HIPPA compliance audit. We can also run audits for most any regulatory compliance including ITIL, ISO, COBIT, NIST, SOX and more.

 

Successfully Managing Your IT Office Move

When moving to a new office location, your technology must be in place and running smoothly before you’re move is finished. If it’s not, the unexpected downtime can have a costly and disastrous effect on your business. Making sure you understand all aspects of the migration process before you even sign a lease can lead to a smooth transition.

To start, here’s a few of things you should consider when moving your office.

Are there sufficient bandwidth options available in the new building?

You might assume that all of the major internet service providers in your area have high speed internet options in any building you are considering, but if you find out after signing a lease that the building you are moving into only has copper wire coming into the building, you could be left with insufficient internet bandwidth. Worse, you could end up waiting months and months, while paying as much as fifty thousand dollars to have sufficient service brought into the building from the street. Work with your IT services provider to ensure that you can get the bandwidth you need when you move in to your new location.

Is the existing cabling sufficient for your needs and is it actually functional?

This is a big mistake many people make when they walk through an office. Just because you see Ethernet jacks in the walls, doesn’t mean they work, are labeled correctly, or are sufficient for your needs. It is not uncommon for the wall jacks to not have cables attached to them, or for them to have been cut off above the ceiling because someone considered them “unnecessary.” Even if they do work, it is important to make sure that they will support the necessary bandwidth speeds for your business. Most modern businesses require gigabyte network speeds, and if your new location is cabled with Cat5 instead of Cat5e or Cat6, you’ll be out of luck. Have your IT vendor help you figure out how many Ethernet ports you will need at each location within the office, and have them test the existing ports for functionality. If any cabling will need to be done, your IT service provider can give you a cost estimate before you sign the lease and are committed to handing over money you didn’t want to spend.

What other types of specialized work will your move require?

Best practices call for most types of servers to run on their own 30 amp circuit. If you host your own servers, you will need ensure the proper circuits are in place and if not, you will need to know whether or not you can upgrade the electrical circuits to meet your needs. Another thing to consider is whether or not you will need power to odd places throughout the office. Does your business host technology dependent presentations on large screens for your clients in your conference room? Cords hanging down from the wall look sloppy and you may want to have custom outlets placed high in the wall in recesses behind the screen. These types of customization will add to the time and cost of your move. It’s better to know what to plan appropriately than to find out after the fact that your conference room will be down or that you can’t turn your servers on because your electrician is booked out for two months after your move.

What other specialists will need to be involved in your move? A good IT service provider can help you think about these types of things. You may need more than just a low-voltage wiring contractor or an electrician. In the conference room example above, you will also need a person who specializes in hanging large televisions or monitors. Unless they specialize solely in custom office moves or audio/visual setups, this type of specialist probably isn’t something your IT service provider will have on staff. More than likely, they will sub-contract this part of the move out, which adds another element to the planning and budgeting. It is, however, a worthwhile part of the budget. The last thing you need is for thousands of dollars worth of cameras and monitors to come crashing to the floor during an important presentation!

Thirty days is not enough lead-time for your Internet Service Provider/Telecom carrier to schedule your move.

You need to allow 75 days to plan your move with your ISP/Telecom carrier in order to avoid rush fees and other nasty surprises. The more complicated your needs, the more time you’ll want to allow for the move.

Never assume third parties such as ISP’s and Telecom companies will execute on time and as promised.

All logic dictates that this is the ONE thing that you should be able to count on during your move, right? Wrong. What’s more, the larger the vendor, the more you can count on them messing things up.

Whenever possible, order overlapping services and request installation dates well ahead of your actual move. This will give you time to reschedule the installation when your ISP sends out a technician who is only certified to install copper-over-Ethernet when you ordered fiber. I wish I was joking when I say that this or similar problems, have actually happened on every single office migration I have been a part of. Unfortunately, I am not.

Back it up. Twice.

Another bad office move assumption is that all of your equipment that you powered down and boxed up at old office will automatically power back up and run smoothly at your new office. Remember, accidents happen. Equipment can be dropped, bumped, or accidentally jostled, during transit. Having a current backup can make these worst-case scenarios less impactful. Best practices dictate that you have two separate backups

While you’re at it, make sure that you either write down (on an actual piece of paper) or have a copy of all your important login credentials on a device such as your smart phone or tablet. Your servers and workstations won’t be powered on, making it difficult to get this information if you need it.

Review your infrastructure requirements and your IT/Telecom service agreements.

Best practices state that an office move is the perfect time to upgrade any legacy hardware, as well as review and makes changes to your IT related service contracts.

Many people feel that managing their office migration is something they can do on their own, and the fact that you’re reading this article is a good indicator that you might be one of those people that can pull it off. That being said, the technology portion of your move is something worth having your IT service provider do for you. It’s their job to think of all the little details that must go off without a hitch to make your move a success. Furthermore, Teleco’s and ISP’s can tell when professional project management is being taken advantage of and are more likely to put their best people on your project. You wouldn’t go to court and try to talk to a judge without your lawyer, right? You don’t want to try and talk to your ISP without your IT professional, either.

If you have any questions about how to accomplish any of your office move related goals, contact one of our account representatives today.

What Anthem’s Security Breach Means to Your Business

In early February, US health insurer, Anthem Inc. made public that they were the victim of one of the largest cyber attacks in history. Hackers were able to make off with tens of millions of records from a database with as many as 80 million records. These records contained personal information of both current and past customers, as well as Anthem staff members. Even CEO Joseph Swedish had his personal data compromised.

This attack affected several of Anthem’s subsidiaries, including Anthem Blue Cross and Blue Shield, Empire Blue Cross and Blue Shield, Amerigroup, Healthlink, and Caremore.

According to Anthem’s website, it’s affiliated companies server nearly 69 million people. The company is the second largest health insurer in the US and one out of every nine American’s has healthcare coverage through one of Anthem’s subsidiaries, if not through Anthem directly.

In addition to informing the Federal Bureau of Investigation, who is investigating the attack, Anthem also hired the cyber security firm Mandiant to aid in the investigation. Mandiant will be helping to evaluate Anthem’s computer systems, as well as fix any other vulnerabilities.

Anthem is offering identity theft repair and credit monitoring services to their customers who were affected by this breech. If you are a customer of Anthem or any of its affiliates, and you believe that your personal data may have been compromised, you can sign-up for these services here.

Why Hackers Want to Steal Your Data

Anthem stated that the hackers had “obtained [personally identifiable information (PII)] from current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses, and employment information, including income data.” They also stated that there was no evidence that credit card or medical information was stolen. However, even without credit card information, hackers can still do a huge amount of damage.

PII can be used to commit such crimes as stealing tax refunds or breaking into bank accounts. It can even be used to obtain medical treatment or secure loans and new credit card accounts in the names of the victims.

As you can see, identiy theft can cause far more serious problems than the simple loss of a credit card number. A credit card number can be quickly canceled but identity theft can cause life altering problems. According to Reuters, the black market value of stolen health credentials is 10 to 20 times higher than that of stolen credit card numbers.

In an attempt to capitalize on the Anthem breach, other hackers are already sending out phishing emails, trying to scam individuals into sending them their PII by claiming to be Anthem representatives in charge of rectifying the breech. These hackers are not believed to be the same hackers that compromised Anthem’s computer systems. As you can see from the example above, hackers can make a lot of money from phishing attacks, even if very few individuals take the bait.

What You Should Do to Protect Your Company

In 2014, hackers stole large amounts of data from several organizations, including Home Depot, Target, Staples, JP Morgan Chase, Sony, Community Health Services, and even the US Postal Service. With such major players suffering from attacks to their data networks, it is safe to assume that blindly following the reactive security practices of large organizations will only lead to trouble. Small companies must take a more proactive approach.

Probably the most important approach small companies can take to cyber security is to educate their employees about the variety of hacking techniques out there, as well as how to spot fake emails and other scams. Having a strong relationship with their IT service provider can be an additional asset to a securing your company’s computer network.

It is just as important to choose an IT service provider that specializes in security and who can provide insight into data backup, disaster recovery, encryption, regulatory compliance, and more.

A good disaster recovery program is key to data security. IT service providers should be able to provide the solutions and education necessary for companies to protect themselves from data loss and to help them create the right processes to recover data quickly in the event of a breech or failure.

At Integrative IT, we use specialized tools to scan and fix security threats and regulatory compliance issues on our customers networks. To learn more, contact us today.