SDN: Software Defined Networking. This new technology is a sweeping change that organizations, such as yours, need to consider as a future direction. It is game changing and so simple.

You’ll save money, alleviate a lot of networking issues, increase security, and more.

At the very least, suggest that your IT professional, professionals, and/or third party firm look into this technology.

If you want to learn more, here is a short story intended to introduce the technology in plain English:

Meet the star of the story: Paul the pilot. He flies the newest passenger jets of your favorite airline.

Now, you become a part of the story. Imagine you paying an IT Professional to build a modern airport for your company using the latest technology. Think of Atlanta, DFW, Chicago, or the airport of your choice. The IT Pro creates a network of runways and taxiways for you.

When Paul lands safely at your airport, like at all airports, he uses the runways and taxiways to travel a dot-to-dot path from the runway to the terminal.

The way things work now: Imagine taking all the air-traffic controllers and placing them at intersections around the airport’s field. Then take away everybody’s radios and add fog so thick that nobody can see each other. There is your network! A disaster that is happening!

With this system, imagine this: A plane lands and then, at the end of the runway, there
is an aircraft controller standing on the runway that asks, “Where are you headed?”

Paul steps on the brakes, rolls down the cockpit window and says, “I need to get to Gate 23.” The controller has to think for a moment, then points to one of the taxiways and says, “Drive your plane that way!” Paul does as instructed.

After scooting down the taxiway for a while, Paul encounters another air traffic controller who reviews a table of best routes, and then points Paul towards the next step of the journey. This goes on, through all the intersections along the route, all the way to the terminal. Paul just cannot help it; he starts humming, “Do you know the way to SJO… (San Jose in the Caribbean)

Now think of dozens and dozens of aircraft moving along the taxiways and runways, slamming on the brakes, honking the airplane horns, traffic jams, and the inevitable crashes. No way, San Jose.

In this analogy, the airplanes represent packets of data. Imagine that Paul the pilot comes from (the) cloud, into your (network of) runways and taxiways, and eventually arrives at a (computer) terminal. In a similar fashion, he can leave the terminal, travel your network, and go back into the cloud, or at least into your file server.

Companies such as Cisco, D-Link, HP, Juniper, NETGEAR, etc. design, build, and sell these traffic controllers. Those switches and routers are expensive because each one has to be intelligent enough to know where next to send each data packet. They have to have good memories in order to remember where to route airplanes for best results. In addition, they are usually uncoordinated with the other devices on your network.

When a user connects to your network with their computer, an iPhone, or some other device, their information travels through your network cables of taxiways and runways to and from your servers, other computers, and the Internet cloud.

With this existing system, when someone starts listening to Internet music for peace of mind, it bogs down the whole network. Nobody notices the hacker or virus that is methodically looking for holes in your security by peeking into every computer on your network.

To top it all off, you pay lots of money for this archaic system! Drawbacks of this system, the one you use now, abound.

This is the happy conclusion: You, all the wiser after reading this story, tell your IT Pro to investigate the implementation of SDN: Software Defined Networking.

Then your wise IT Pro will move all the traffic controllers to a control tower, lift the fog so it is a bright sunny day, and provide radio communications so everybody can function as a team. Teamwork between your network devices is like striking oil! Synergy that is.

The key to all of this is the controller. The controller watches the traffic and tells the devices on the network what to do. Every step of the way, there is a signal that tells Paul where to steer next.

Faster – If Paul is carrying lots of music, then because music uses a great deal of data, he is directed to a special taxiway for music.

Prioritize Data – If a passenger is not feeling well, Paul gets priority and is expedited to the gate to provide a high quality of service (QOS).

Security – If there is an unruly passenger aboard, called a hi-hacker, Paul is directed to pull over so that the local S.W.A.T. team can storm the plane.

Save Money – Cisco, and other vendors may not like it, but your switches and routers
become inexpensive because they no longer have to be “intelligent.” They are generic, can be any brand, just as long as they listen to the controller.

Coordination – the seventh habit of successful people! Your devices now listen to an intelligent controller that has a clear view of all of the planes in the airport and can make things work right.

From an IT Pro point of view, this is perhaps oversimplified, but for an executive – I hope you found this very useful for understanding the next step in networking technology – and why you need to be planning for Software Defined Networking.

If you want to speak a little Geek, tell your IT Pros, who may already know all about this: The data pathways (the runways and taxiways) make up the Data Plane. The controller communication travels on the Control Plane using a protocol such as OpenFlow to send out instructions to the Forwarding Plane that contains routing information.

Moreover, all of those signals travel across the regular network connections that are in place now.

Are your IT Pros are aware of the emerging technology called Software Defined Networking?

Please post your comments below…

The post Know About this IT Networking Strategy Change appeared first on Foster Institute.

The Wall Street Journal released an enlightening article entitled “Six Subtle Signs You’re About to Lose Your Job – For Busy and Confident Executives, These Warnings Are Easy to Miss” by Joann S. Lublin.

Like executives, many outsourced IT firms are so incredibly busy that they do not catch the hints that they are about to lose a customer.

Many executives loathe considering the fallout of changing outsourced IT support companies. Sometimes they say, “I don’t want to fire our outsourced IT firm – it is so helpful that they’ve learned how our business works.”

Because outsourced IT firms have their finger on the jugular vein of your business, executives prefer to wait until the last possible moment, after making all the preparations, and sever the relationship without warning.

There are many wonderful outsourced IT firms out there. If you have one, keep them.

Technology is an essential component for most companies, and you must feel confident that you have excellent IT service providers. Moreover, most service providers want to be excellent. As Stephen Covey said, it is a win-win when your service providers exceed your expectations.

Next week, expect 3 questions to ask your service providers in order to see how well they are delivering.

Would you advise every executive you know to tell their outsourced IT firm what they do and do not appreciate about their experiences while working together? Please post your comments below…

The post Executives Give Clues Before Firing IT Firms appeared first on Foster Institute.

The reality is that you can have, contrary to what some people believe, both security and productivity at the same time.

Enforcing security policies that dictate strong passwords is a common problem and sometimes results in, understandably, executives responding something like, “That will make our salespeople angry and we can’t afford to slow down their workflow!  Let’s leave the passwords restrictions the way they are.”  As a result, some companies still allow two letter passwords that never have to be changed. Attackers love that!

The IT professionals are right about security being important. But the executives “have the final say.”

Sometimes the key is to discuss changes with the executives that meet two criteria:  First, the change will improve security, and second, the users may not even notice the change.

Here’s a common problem: Putting productivity too far ahead of security such that security gets nearly wiped out.

Password restrictions are a change that most users will notice. Hence, IT professionals may receive a great deal of push-back from users, including executives if the password restrictions have been lax for a long time.

However, users will never notice many, in fact the majority, of security settings.  An example may be, as long as your users aren’t  used to installing their own programs (which is a bad idea anyway), is making users “just plain users” on their own machine rather than having, (the most common way), users being something called “local administrators.”

That modification alone can make enormous improvements in security because it is more difficult for attackers to “trick users into installing viruses on their machines” since users can’t install anything on their machines anyway. And maybe the users won’t notice anyway.

The real issue: It is your role to talk with your IT professionals and ask them, “Are you implementing the protections that users won’t notice anyway?”.

Stay tuned for more about “What to ask your IT Professionals” so that you know the right questions to ask.

Please forward this to your friends and post your comments below…

The post Adding Security Makes Systems Unusable! appeared first on Foster Institute.

By the way, here is a short 2 minutes and 40 seconds video that explains this: 

Is the bank kidding? Reduce security? Really? One of the reasons you have security is to protect against attackers gaining access to your online banking!

Often, banks tell IT to disable protections so you don’t experience technical difficulties. If your security measures mistakenly identify the bank as an attacker, the online banking may not work right.

Two key points:

1. The bank is simply passing along instructions from the company that provides the electronic banking services to the bank. This isn’t the bank’s idea.
2. It isn’t just banks. Some of our customers have insurance software providers, medical applications, voice enabled tools, etc, telling our customers to reduce security on some of the customer’s machines.

So what do you do when a vendor tells your IT Pros to lower your defenses? You tell your IT person to keep security in place and to open up the bare minimum that the banking functions need in order to operate properly.

Tight restrictions are the key. Your IT Professionals know that they can still protect users when the users visit other web sites, and still set a browser exception just for the bank’s site. Your IT Professionals understand about reducing security only on source and destination locations (in this case, between your network and the bank) in order to provide more leeway during online banking communications but still restrict other communications.

Sometimes banks recommend that you set up a separate computer to use only for banking. See: Should Executives Buy a Second Computer for Banking?

There is a chance your IT Professional may elect to configure a “virtual computer” inside one of the workstations so you don’t need to buy another machine. The same posting, Should Executives Buy a Second Computer for Banking?, includes information about a third strategy too.

In a perfect world, 100% of the companies that provide software applications to banks (and elsewhere) will invest the time to make their applications function properly with strong security still in place.

But vendors are incentivized to produce “inexpensive” software. Things will get better when enough Executives, like you, start understanding this problem, and demanding better service!

If you haven’t already, ask your IT professionals if your banking applications mandated any kind of reduced security settings. Your IT Pros will be happy you started this discussion. They want to keep your network secure and sometimes don’t want to interrupt you and respect your dedication to your own tasks.

Please forward this to your friends and post your comments below…

The post The Bank Tells Us To Disable Security! appeared first on Foster Institute.

Firewalls are still important—be sure to keep them!

Most of you know that https:// sites use encryption to protect your information from snoopers during transmission.

What will happen when one or more of your users receive an “urgent” e-mail that does its best to compel them to click on an https:// link inside the e-mail? Maybe most of your users would recognize the danger; however it only takes one user to click.

When the user clicks on the link, malicious code could be installed on the user’s machine and, consequently, possibly reach your servers and entire network.

Normal perimeter defenses, such as basic firewalls, cannot read the encrypted traffic to watch for that malicious code.

You could configure a firewall to disallow all https:// encrypted traffic; however, no one in your organization could easily access https:// web sites, such as banking sites.

Some people would argue that the best firewalls these days are firewalls that can examine even encrypted data—sometimes known as proxy or application firewalls or Layer 7 (no, that is not a brand name) firewalls.

Keep your firewalls, but don’t count on them too much.

Please post your comments on this blog.

The post Firewalls offer less protection than you think appeared first on Foster Institute.

One effective way to disable USB ports is to fill them with epoxy glue—although this ruins the port. New ports can be purchased and added in the future unless the machine is a laptop.

Or, your qualified IT professional may be able to disable the USB ports in the system BIOS of the computer and then set a password for the BIOS so the user cannot re-enable the ports.

Using Windows, it is fairly simple in Group Policy Objects (GPO) to disable the “autoplay / autorun” feature. If you want to stop the USB from working completely, your qualified IT professional will use GPO settings to disable USB devices already installed and prevent users from installing more. For more information your qualified IT professional can visit  http://support.microsoft.com/kb/823732

Also, many anti-virus suites and even VPN clients offer some form of endpoint security that include the ability to lock down your USB ports. Your anti-virus or VPN solution may have that capability.

There are also third party tools that allow you to control USB devices such as Device Lock or ScriptLogic Desktop Authority.

Another method is using shared published desktops, application virtualization and streaming, or virtual desktops to deploy applications and then users cannot access the drives while using the applications you provide. Combined with GPO’s, your qualified IT professional can really lock users down.

Then, to allow users to use USB and reduce the chances of a lasting infection, and especially for public access terminals, these tools can reset the computer back to “square one” every time it is rebooted: Microsoft Steady State can be difficult to set up but it is free. There is also Returnil, which is free for some users, and Faronics Deep Freeze.

Please post your comments on this blog.

The post Disable USB ports appeared first on Foster Institute.

This company, like many, had separate networks for e-commerce and for administration. The IT professional had been telling his CEO that the organization was “compliant” based on the security of the office administration network—not the IT systems that actually process, store, and transmit credit card information.  He pretended to be shocked that he needed to secure the computers and network that actually handle the credit card data.

As IT professionals, it is important to know what we are talking about when we answer a CEO’s question. Especially if a wrong answer could lead to the CEO facing fines, lawsuits, and even the failure of a business. If we don’t know, the proper response is, “I do not know but I will find out.”

As a C-level executive, business owner, and as a manager, it is important to understand that, unfortunately, some IT professionals will tell you that you are compliant with specific regulations when they really don’t know.

I want to extend my gratitude to the IT professionals who do act responsibly!

Please post your comments on this blog.

The post Can you trust your IT professional’s answer? appeared first on Foster Institute.

I recently had a shocking conversation with an IT professional working as the sole IT professional at a company in the US. I encouraged him to apply patches to his network and his response was, “I do not need to patch the operating system or applications—I have anti-virus and that protects the network from all security risks.”

At first, I thought he was joking with me. He wasn’t! I asked, “What if a user writes the password on a sticky note and the cleaning crew logs in as them to access secure files—does anti-virus prevent that?” The IT pro said yes he was protected.  Several of his “IT advisors” told him anti-virus was all he needed.

I attempted to get through to him for almost 10 minutes with other examples, sent him links to articles on news sites showing reality, and he kept going back to “his trusted advisors told him not to worry about it.” I asked who the “trusted advisors” were and he didn’t want to divulge their identities but assured me “they are really smart.” I even offered to have a conference call with the IT professional and his advisors, but he felt that wasn’t necessary.

This poor IT professional totally believes his reality. He probably will until something bad happens—and at what expense?

I experience this to varying degrees fairly often with “IT professionals,” and frankly I find it unsettling because executives trust their IT professionals with the safety of their business. Executives need to trust their IT professionals.

Executives please make sure your IT department’s advisors are trustworthy as well!

The post Does bug spray stop viruses? appeared first on Foster Institute.

Executives at companies who have never experienced a breach are the ones who feel they cannot enforce their policies.

After a breach or a lawsuit, I see the executive iron fist slam down and things start happening like:

• Forcing employees to sign an acceptable usage policy that forces them to agree to safe data practices.
• Training for employees on security training.
• Technology protection like web site filtering, data loss prevention, and computers that force users to follow the rules by restricting unauthorized behavior as much as possible.

Isn’t it sad that many companies have to go through the “bad thing happening” before they take action?

The post Executives say it is hard to enforce IT policies appeared first on Foster Institute.

The IT professionals can use tools like anti-virus, firewalls, application and OS patches, etc. Many IT professionals are not using the tools as effectively as they could, and frequently aren’t using them at all on one or more computers. None of the tools are “set and forget”—all of them have to be monitored.

I feel the executive’s real challenge is, “I don’t know how to help my IT professional fight viruses.”

Responsible executives:

• Provide enough uninterrupted time for the IT professionals so the IT professionals can get their work done.
• Allow ongoing training for the IT professionals to keep up with ever changing technology.
• Hold the IT department accountable for fixing issues discovered during an audit.
• Provide managerial support for policies that support security—such as forcing computer screen savers to lock after a period of inactivity.

The post Executives say their challenge is fighting viruses appeared first on Foster Institute.