I think it’s a pipe dream that small companies are going to really adopt cloud computing. The primary reason is that these companies are typically extremely short-handed in terms of technical talent. They’ve usually got a few overworked super sys admins fighting each day’s fires with absolutely no time to invest in learning new skills.
Bernard Golden of CIO.com

In an article titled “Cloud Computing: A Perfect Fit for Midsized Companies“, Bernard Golden, contributor to CIO.com and CEO of the consulting firm HyperStratus, makes the case for why midsized businesses may be “a cloud sweet spot.”

Golden thinks it’s a pipe dream that small companies will embrace and go in for cloud computing. Obviously he feels that midsized companies are a perfect fit, but what about large companies? What’s holding them back from the cloud?

What holds back large companies is, in a sense, their success with the previous generation of computing. Because they could invest in the old model, they’ve now got an installed base of hardware and a large, top-notch technical staff on hand.”

Golden points out 5 characteristics that midsized companies share that makes them the perfect fit for cloud computing.

ChannelPro has a nice interview with Ipswitch’s Loic Triger about Ipswitch’s partner program and news of our new “Elite” partner designation and deal registration program.

Here’s a quotes from Loic that I’d like to highlight because it truly describes how valuable our partnerships are to both Ipswitch and our customers.

“Our partners are integral to our growth, as they provide value to our customers by acting as an extension of our sales team.  The Elite-level expansion was created for those partners looking for even greater association and support from Ipswitch.”

Sales partners are an important branch of the Ipswitch File Transfer worldwide sales team.  Our partners provide our customers with ease of doing business and consultative solutions.  By continuing to invest in our partners and our partner program, our partners, our customers and Ipswitch all benefit.

Please do visit our partner webpage to find a local Distributor or Reseller, see our list of US Government and GSA resellers, or to learn more about the benefits of becoming an Ipswitch channel partner.

Do you have free time? So much time that you don’t even know what to do with it? Yea, neither do we.

However, our WhatsUp Event Rover can help with that.  You know how fast Windows® servers and workstations event logs pile up, and your Windows event log viewer doesn’t really lend itself to recalling, sorting, and quickly viewing log data in a way that makes sense to you.

WhatsUp Event Rover will help you identify problems and security threats.  With Event Rover you can accomplish much more in terms of forensics than you can with Windows Event viewer – including automatically saving local copies of log files before review and storage.

Check out our WhatsUp Event Rover Overview now.  And check back September 1st when its available as a free download!

Now you just have to figure out what to do with your free time.

Enhanced by Zemanta

A top Pentagon official has confirmed a previously classified incident that he describes as ‘the most significant breach of U.S. military computers ever,’ a 2008 episode in which a foreign intelligence agent used a flash drive to infect computers, including those used by the Central Command in overseeing combat zones in Iraq and Afghanistan.”

Brian Knowlton, in a NYTimes.com article gives us the rundown on what happened, and what this all means to the military and to the future of cyberdefense and the U.S. Cyber Command.

Deputy Secretary of Defense, William J. Lynn III, referred to the breach as “…a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary,” and he also describes it as “a digital beachhead, from which data could be transferred to servers under foreign control.”

The nightmare of this happening to the military is enough to keep you awake at night, and thinking of this closer to home doesn’t make sleep come that much sooner.

Think of your own office where USB flash drives, removable disk drives and cell phones are making it easier than ever for employees who need to transfer large files. It’s harder than ever for companies to monitor and protect sensitive information.

Portable devices are far too easily lost or stolen, and while most employees have good intentions, USBs are one of the easiest ways for insiders to compromise business-critical information. IT managers need to make it easier for people in their organization to move information securely. By decreasing reliance on transferring physical media and focusing more on easy-to-use browser-based or email plug-in solutions, information will be better governed.”
Frank Kenney, VP of Global Strategy at Ipswitch File Transfer.

Last year (2009) there was a study by the Ponemon Institute of nearly 1,000 recently terminated individuals. The study revealed that 42% of them used USB memory sticks to take business data and that 38% sent documents as attachments to personal email accounts.

Digital beachhead” is such a great way to put this, especially coming from Deputy Secretary of Defense, William J. Lynn III. The images one can conjure up of storming the “digital beach” and imagining the data security version of those first 15 minutes of “Saving Private Ryan” is truly powerful stuff and should keep us up a little later at night.

Give Knowlton’s article a read and if you’re interested in hearing more from Frank Kenney on this topic, check out his surprised reaction at a recent RSA event.

According to the Washington Post, Deputy Defense Secretary William J. Lynn III just confirmed that a classified military network was breached with a single USB drive in 2008.

http://www.washingtonpost.com/wp-dyn/content/article/2010/08/24/AR2010082406154.html

As a security expert, the fact that someone used a USB drive on the wrong machine isn’t surprising: it happens every day when people use these drives to swap files between work and home computers.

What is surprising is Lynn’s statement that: “code spread undetected on both classified and unclassified systems”.  This suggests that neither the content of the files being distributed nor the network behavior of the malicious application were being analyzed – even on a secure network.

This incident demonstrates that even the most sensitive network can be breached if there is only a single layer of defense.   With data loss prevention (DLP), intrusion detection, antivirus and integrity technology there should be multiple layers of defense seeking and listening for threats in a coordinated manner on any modern secure  network.

The government’s reaction to the incident was also interesting: ban all USB drives.  The military did it in 2008…and survived.

So what about the file transfers that needed to occur between the military’s various networks?  Managed file transfer technology is all about answering that question, and answering it with easy-to-use, scalable solutions built on the concept of defense in depth.

As you may have noticed Ipswitch maintains a robust network of qualified partners and distributors (including GSA providers) from which you can buy our technology.

There are also a number of web sites and other “grey” operations that sell old or “backup” WS_FTP products, dispensing license keys from old lists Ipswitch provided to resellers, dispensing copies of product that should be free (e.g., WS_FTP LE) or dispensing dead copies of the software.

From a technical point of view, there have always been risks from accepting these software packages, from installing software that may have been tampered with to add spyware to getting old product that may not work with Windows Vista and Windows 7 because it was developed before those OS’s existed.

However, you also take a risk against your credit history when you do business with these “grey” reseller firms, as they often use dubious financial services to convert your credit card information into cash.  Assuming these services aren’t stooping to the level of unabashed credit card harvesting, a recent security incident demonstrates why doing these transactions is still unsafe.

One of these “grey” financial services, Amsterdam-based, Russian-run Fethard, was recently reported as hacked, possibly by a rival.  This hack exposed shady internal processes and personally identifiable customer data to the entire Internet – information that criminals could use to impersonate and then draw on the credit of customers of sites that use Fethard.

Do you have any experiences with “grey” software vendors or the financial services that enable them (whether you used them for WS_FTP or not)?  If so I’d like to hear them.

Please do not send the Sept. and Oct. payment together in one wire transfer. Anything over $10,000 wired could draw too much attention.”
Alleged email written by Paul Shim Devine on October 5th, 2007

Is your business-critical information walking out the door?

A few months ago Ipswitch conducted a survey at an RSA Conference. The line of questioning regarding visibility into files moving out of organizations produced some shocking results:

  • 83% of IT executives surveyed have no idea what files are moving both internally and externally at their organizations.
  • 25% of IT professionals surveyed admitted that they used personal email accounts to send files that were proprietary to their own organizations, with the intent of using that information in their next job.

Both of those figures are frightening. Some companies have refused to seriously consider these numbers, so consider this tale as devine intervention (yes, that’s a play on Paul Shim Devine’s name.) This is the saga of one man getting caught with his hand in the cookie jar. It’s actually a perfect example of the reality and consequences of not knowing what files are moving in and out of your organization. It’s the story of a recent case involving Apple and Paul Shim Devine.

See Martyn Williams’ article for the full details, but here’s the 2 cent version. Back in April 2010 “Apple investigators discovered a Microsoft Entourage database of e-mails and a cache of Hotmail and Gmail messages on Devine’s Apple-supplied laptop. The company took a copy of the drive and began working through its contents,” and as for what they found Apple says “the e-mails contained details of payments, and the supply of confidential information that began in October 2006 with a Singaporean company called Jin Li Mould Manufacturing.”

This is happening. Employees are using private e-mail accounts to transfer confidential company information, but really, how often is this happening?

Not only is it common, but it’s startling in its frequency,” said Ipswitch’s own Hugh Garber, recently quoted in a ComputerWorld article.

Garber goes on to say that it’s not always done with bad intentions and that “of course, most of that privileged information misuse is not malicious. Many of the times, it’s your hardest-working employees just trying to get the job done.”

To Hugh’s point, that’s true. I know that in other jobs that I’ve had I’ve emailed spreadsheets or word docs home (to my Yahoo account) to work on so I wouldn’t have to schlep my laptop home.

But what about the “other” kind? How do you deal with the malicious kind?

I received your e-mail on my Apple account. Please avoid using that e-mail as Apple IT team will randomly scan e-mails for suspicious e-mail communications for forecast, cost and new model information.”
Alleged email written by Paul Shim Devine on Sept. 16, 2008.

Ok, that’s one way. Randomly scanning emails for something suspicious. Seems like a good policy to have. Do you know where your organization is in terms of these kinds of policies?

With hundreds of data breaches over the past five years resulting in multi-million-dollar consequences, it’s hard to believe that organizations still don’t have the right solutions in the right places to protect sensitive information,” said Frank Kenney, VP of Global Strategy at Ipswitch File Transfer. “You may be investing heavily on business applications and their inherent security requirements but if you’re not monitoring and enforcing policies with respect to the information moving both internally (between business applications and people) and externally (between you and your business partners and collaborators), the consequences are dire.”

You can check out more of what Frank has to say on this issue, and see what else Hugh has to offer.

And, with this issue in particular, we’d love to hear your thoughts. Do the numbers surprise you? What is your organization doing? Any crimes or misdemeanors you’d care to confess to?

We’re two months into ownership of MessageWay and leading the organization through its second acquisition integration has been fun and challenging. It’s especially nice when we can announce a milestone in the integration process, and that will be coming soon with the release of a “translation connector” existing MOVEit Central customers can use to access the translation capabilities we acquired in the MessageWay software.

Development on the necessary integration components has wrapped up and the package has entered QA.  If you’re interested in a sneak preview, please contact your sales representative for a demonstration.  The screenshot below is from one such demo…

I’ve been asked at least a dozen times over the last month “What are the benefits of a cloud-based hosted subscription versus an on-premises software deployment?”.

“Though this be madness, yet there is method in’t.” ~ Hamlet

There are many benefits of going SaaS, just like there are benefits of deploying on-premises.  It all comes down to the problems you are trying to solve, budgeting preferences, and IT resource availability and expertise.  Here are some benefits of going the hosted route.

  • Fast and easy deployment:  SaaS solutions are often available instantly, providing an amazingly fast time-to-value.  You don’t need to install any software/hardware yourself and there are no complicated firewall or security configurations to work through.
  • Budgeting flexibility & lower up front cost:  Hosted subscriptions are treated as an “operating expense” with no capital investment spent on software/hardware.  Pay-as-you-go subscription plans often lead to quicker purchase decisions because there is no need to get CapEx budget sign-off.
  • Less taxing on your IT resources:  SaaS solutions require significantly less effort to deploy and maintain.  There are no ongoing software upgrades, patches or backups for you to worry about, and no complex security/compliance configurations to be responsible for internally.  Plus, there is no underlying infrastructure to assemble and maintain.
  • Built-in scalability:  The elasticity and high bandwidth of SaaS solutions easily handles spikes in usage and grows as organizational needs expand.
  • Near perfect uptime:  Hosted services are often run in a highly available, load-balanced, automatic failover configuration to ensure even the strictest network and application uptime requirements and SLAs are met.

I’d like to also quickly mention that we’ve had numerous customers initially deploy our MOVEit DMZ Hosted Service as a way to get their Managed File Transfer solution up and running quickly, while they continue to work towards an on-premises deployment.

The growth of SaaS can’t be denied…. The question is, whether ’tis SaaS right for your organization?

Reports are appearing this morning about a major security hole in iTunes accounts linked to PayPal. At least one group of scammers has found a way to charge thousands of dollars to iTunes accounts through PayPal.”

Erick Schonfeld, on TechCrunch.com, gives us this breaking news on the latest iTunes security breach: “Fraudsters Drain PayPal Accounts Through iTunes“.

We just dealt with something similar back in July.

So, what is Apple doing about it?

In a related article by Dennis Rockstroh on MercuryNews.com, Rockstroh reports that Jason Roth, an Apple spokesman, has said:

Among other new security measures iTunes now requires more frequent re-entry of a customer’s credit card security code. But if your credit card or iTunes password is stolen and used on iTunes, we recommend that you contact your financial institution and inquire about canceling the card and issuing a charge-back for any unauthorized transactions. We also recommend that you change your iTunes account password immediately.”

As we asked back in July, we’d love to hear your thoughts on this and I hate to be the one to say it, but it seems that this summer has been … Apple picking season.

On July 28, Ipswitch’s Network Management Division announced its earnings for the first half of 2010. Given the lousy economy, one thing came as a surprise: North American government sales had already exceeded its combined 2009 revenue.

Ennio Carboni, president, Ipswitch Network Management Division, expressed his faith in the WhatsUp Gold and WhatUp Event Log Management suite of IT management software, “Unlike our competitors, we are showing no signs of a decrease in government purchasing, as evidenced by our record-breaking first half of 2010 and our growing funnel of government proposals and opportunities.”

With a new Director of Government Sales, Tom D’Errico, and an aggressive go-to-market strategy, WhatsUp Gold was able to succeed in this sector. As part of this strategy, communications focused on reducing network downtime; managing network configurations, ensuring compliance through log management; and an affordable licensing model that improved overall staff efficiency.

This targeted strategy paid off as Whatsup Gold Network Management and Whatsup Event Log Management solutions were both awarded the Certificate of Networthiness (CoN) by the U.S. Army Network Enterprise Technology Command. In addition WhatsUp Gold 14 Premium was approved as a member of the U.S. Department of Navy’s Application and Database Management System (DADMS) list.

Deals were closed across government organizations in the U.S. and Canada including both countries’ defense departments, every branch of the U.S. military, the Executive Office of the President of the United States, the Federal Reserve, and multiple state and local governments.

Enhanced by Zemanta

Did you kill the web?

Let’s check your alibi. Think of how you spent your morning. Normally, I’d share my morning with you here, what websites I’ve visited and what apps I’ve used, but my boss reads my blog posts, and if she knew how much time I spent on … well, let’s let Chris Anderson illustrate the point I’m trying to make:

You wake up and check your email on your bedside iPad — that’s one app. During breakfast you browse Facebook, Twitter, and The New York Times  — three more apps. On the way to the office, you listen to a podcast on your smartphone. Another app. At work, you scroll through RSS feeds in a reader and have Skype and IM conversations. More apps. At the end of the day, you come home, make dinner while listening to Pandora, play some games on Xbox Live, and watch a movie on Netflix’s streaming service. You’ve spent the day on the Internet — but not on the Web. And you are not alone.”

Chris Anderson and Michael Wolff, in an article on Wired.com titled “The Web Is Dead. Long Live the Internet“, present a compelling argument for the demise of the World Wide Web and how “simpler, sleeker services“, like apps, “are less about the searching and more about the getting.”

Peer to peer file transfers are among the suspects at the crime scene:

The applications that account for more of the Internet’s traffic include peer-to-peer file transfers, email, company VPNs, the machine-to-machine communications of APIs, Skype calls, World of Warcraft and other online games, Xbox Live, iTunes, voice-over-IP phones, iChat, and Netflix movie streaming. Many of the newer Net applications are closed, often proprietary, networks.”

This is one of the most interesting articles I’ve read in a while, give it a read and feel free to share your thoughts and whether or not you’re placing any yellow crime scene tape over your PC.