Wigs on the network? This is technology that will affect networks I surely couldn’t have predicted a few years ago.

Sony filed a patent application for “SmartWig“, as companies continue the tousle to lead the way in wearable technology. It says the SmartWig can be worn “in addition to natural hair”, and will be able to process data and communicate wirelessly with other external devices.

As fun as it sounds, this signifies just how seriously these technology companies feel wearable technology is becoming. Companies like Sony don’t invest this kind of money for fun, they do it for big bucks and I predict that 2014 is the year that wearable technology goes from something people snigger at to something that becomes second nature at home and within the workplace. Small strides are already being made… how many of us unwrapped the hi-Fun hi-Call, Bluetooth Gloves from John Lewis on Christmas Day? Sony-SmartWig

Sony predicts that the SmartWig will have practical uses in business. For example, it could be used in presentations where a wearer can ‘move to the next presentation slide or back to the preceding presentation slide by simply raising his/her eyebrows’. Also in the healthcare sector, collecting information such as temperature, pulse and blood pressure of the wearer and transmitting them to the server computer.

BYOD 2014

However, the question being asked by IT professionals in 2014 is how workplace networks will cope with consumer-driven wearable gadgets. If smart wigs, watches, glasses and gloves become as commonplace as an iPhone or Droid are today, the impact on corporate IT must not be underestimated.

These devices need to pair with an “original” device. They don’t replace phones, tablets and computers; they are in addition. Smart wigs, shoes, handbags and many other accessories will multiply the number of devices accessing the network. For those who found BYOD a challenge, expect the wearable technology revolution to be like BYOD x 100.

And then there are security considerations. Google Glass enables the wearer to record everything that he/she sees. Similarly, smart watches have cameras and recording facilities. Although this seems very 007, the reality is that discreetly transferring sensitive competitive information to a device outside the network could become as easy as a flick of the wrist or the scratch of an ear.

Managing Wearable Technology

A recent survey on behalf of Ipswitch asked IT professionals what their New Year Resolutions for IT network management will be for 2014. 36 percent said they wished for more time to develop BYOD policies and 31 percent wanted to focus on security policies. Being prepared will greatly mitigate against BYOD chaos. Organizations that tackle the challenges of BYOD in terms of policies, security, network management and monitoring will find themselves at a huge advantage when this technology enters the workplace.

There are three simple steps that can be embraced in 2014 that will ensure that an organization is not on the back foot:

  1. Prepare For An Increased Data Flow: The flow of data through networks will become more complex. While many of the gadgets will access networks via Wi-Fi or Bluetooth, they will typically require connection to a laptop, computer or tablet for the purposes of syncing data, which could further slow down the network. Reactive, on the fly network monitoring and intrusion detection that is not backed by tailor-made policies and infrastructure will result in a big slowdown to company networks. To avoid capacity and security issues, organisations need to start preparing carefully for these scenarios in advance. Scale out or scale up.
  2. Create Policies For Usage: If a business is going to embrace wearable technology, and many would argue it is only a matter of time until businesses are forced to, it will require clear policies determining who is allowed to bring the equipment into the workplace and connect to the network.
  3. Review Security: The two main ways wearables will impact the IT network are in the areas of access and endpoint security. Whereas many organizations find that per employee they have one to three devices accessing the network, in a matter of years this could rocket to 15 to 20 per employee. Enterprises need to prepare for the main modes of access being Wi-Fi or Bluetooth. In the case of Wi-Fi, careful attention needs to be paid to the infrastructure’s ability to cope with the influx. From a security standpoint, gaining oversight and managing the data that goes through the network will be the biggest challenge. Firstly, determining that devices accessing the network or the information being transmitted are legitimate. Secondly, the wave of different devices seeking access will leave networks vulnerable to malicious attacks in the form of viruses and other cyber threats.

Bottom line here folks: don’t wig out, but don’t let the next wave of BYOD pass you by.

When the IT Administrator at an Italian manufacturing company started his job, the IT team was manually monitoring the network on a problem-by-problem basis. It was a understandable drain on resources. And was also affecting the quality of service provided to their business users.

His team set about looking for a proactive network monitoring tool. After looking at a few options they tried out WhatsUp Gold from Ipswitch.

WhatsUp Gold

It Takes Two

High up on the list of important things to monitor were two applications they needed to be sure were running optimally. Namely,  their document management system and SAP. If these two were not in synch the IT team would suffer the wrath of unhappy users. Manually monitoring for problems after they started affecting application performance was not going to cut it.

The company’s network uses a data exchange service that transfers digital documents from their SAP system to their document management system. If the service between the two applications stops or disk space runs out, the documents don’t move. If they don’t move, users won’t have access to the latest information.

Putting this worry to rest, WhatsUp Gold lets the IT team monitor both the service and the disk space. This ensures the documents are immediately and consistently available to business users.

“An increase in server availability and uptime reduces the cost of doing business because our users are always productive,” said the IT administrator.

Interested to see what WhatsUp Gold could do to keep your big applications humming along? Download a free trial and give it a whirl for 30 days.

managed file transfer predictionsIn part one, we heard from Stewart Bond of Info-Tech Research Group on his predictions for the Managed File Transfer (MFT) market. Next up we have Terri McClure, Senior Analyst at ESG (@esganalysttmac), and her thoughts on the IT trends for 2014.

Changing Role of IT:  Over the last year there has been a notable increase in number of end users and LOB managers choosing their own work platforms, resulting from increased consumerization and BYOD trends. In addition, cloud-based solutions like online file sharing applications make it incredibly easy for employees to purchase and deploy themselves with just a few clicks over the internet.  As a result, IT is no longer a command and control role and many IT professionals are struggling with how to deal with these changes in order keep control over and secure company data. Some have tried to block unauthorized “rogue” application usage, only to find employees traveling to their local Starbucks, or using personal hotspots to bypass company VPN or networks. Now, more and more IT are embracing the change and proactively playing a more advisory role to help both employees be productive while simultaneously steering them toward a solution that will meet corporate needs around privacy and security.

Increase in Enterprise File Sharing: Corporate File sharing application usage is expanding throughout organizations and crossing organizational boundaries.  In 2012 ESG research indicated that the majority of online file sharing and collaboration application usage was limited to departmental or groups, but over the last year we’ve seen more and more organizations using sync and share applications to collaborate not only across departments, but with external users like contractors, partners, and clients as well.  To ease IT concerns around sharing corporate data, many vendors have responded by adding granular permission controls and including simple data loss prevention and digital rights management functionality.

Security: Security is still top of mind, but flexibility and the ability to integrate with existing IT systems/tools is increasingly important to IT.  Security features like end to end encryption, antivirus, and remote wipe are still among the most requested sync and share features, but as solutions mature a certain level of security is becoming table stakes for enterprise IT.  Customers are increasingly interested in the ability to integrate solutions with their existing storage solutions through hybrid or private cloud online file sharing deployments, and want increased flexibility with other existing tools (content management, backup, data analytics, mobile application management, etc.).

There is certainly not a lack of perspectives on the IT trends in the year ahead but I’m interested in what the readers think! Leave your thoughts below and feel free to keep this discussion going on Twitter with me @Cheri29.

Any large city puts its network of traffic signals to a severe test during drive-time rush hours as cars, trucks and other conveyances stream through the city. That’s why a major Canadian city came to Ipswitch for a network monitoring solution to monitor equipment installed in hundreds of traffic locations throughout its sprawling metropolis.

stock-footage-glasgow-scotland-november-timelapse-of-traffic-on-busy-highway-facing-eastThe IT team there told us that a busted or out-of-synch traffic signal can cause a traffic snarl miles long in just minutes if it isn’t handled quickly or serviced before a small performance issue becomes a major problem. And camera outages make it impossible to see traffic backups until they’ve affected hundreds or thousands of vehicles.

On this sprawling network, WhatsUp Gold now monitors 300-plus Ethernet switches at traffic intersections and their interfaces, cameras and traffic signals. As a result, managing traffic flow runs much more smoothly, especially during drive-time rush hours, without stretching personnel resources.

The IT team is now going down the right road

  • Remote monitoring saves 100s of hours a month visiting onsite locations
  • Far more helpful to determine full operability than simple ping-based testing
  • Alerts administrators to signs of equipment trouble so problems can be dealt with in advance of full-blown failures
  • Overall device reliability increased

Want to see what WhatsUp Gold can do for your organization? Download it for free, and kick the tires for a month or so.

 

managed file transfer predictionsTo kick off the year, we asked two of the leading influencers in Managed File Transfer (MFT) to share their perspectives on the year that was and give predictions on what 2014 has to hold.

Stewart Bond, Senior Research Analyst at Info-Tech Research Group (@StewartLBond), netted out the Managed File Transfer trends highlighting:

  • Cloud Deployments: MFT has traditionally been deployed behind the firewalls, used for internal and external file transfer. With the growth of the public Cloud, applications and platforms are moving outside the firewalls. If applications, data and platforms are in the Cloud, MFT vendors need to be there too. MFT grew out of the need for better security, control and management of file transfers. FTP is still prevalent, especially in the Cloud, and MFT vendors have a great opportunity to leverage their history and capabilities to make the Cloud and data pipelines to/from the Cloud more secure.
  • Mobile Access and File Transfer: Computing has gone mobile, and the need to protect corporate data assets as they move through secure and unsecure networks will be critical. MFT vendors have an opportunity to apply their technology in this space to help organizations reduce data protection risks.
  • File Transfer Acceleration: Primarily for cloud to cloud, and on-premise to cloud transfer. Where we have enjoyed fast data transfer rates on LANs and within the data center, data transfer rates over the internet are still lacking and until the infrastructure can catch up, if it ever will, software based acceleration solutions are becoming more prevalent.
  • Cloud File Sharing: We are seeing overlap between the MFT space and the Cloud file sharing space. Vendors such as Ipswitch are finding they are competing with the likes of Box, DropBox and other Cloud based file sharing solutions. MFT vendors have met the competition head on with ad-hoc file transfer capabilities. However, MFT vendors will need to make their solutions as accessible and easy to use as the Cloud based file sharing alternatives in order to compete effectively.

I’m interested in your thoughts on Stewart’s predictions—any points to expand on or debate?

owasp-footer-logoIn a previous article, I briefly talked about the Open Web Application Security Project (OWASP) and based on some recent projects, I wanted to shed some light on this incredible organization. Established in 2001, OWASP’s mission is simply to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. As a result of OWASP providing best practices, guidelines, advice and tools, web applications have become even more secure. Unlike other security organizations, OWASP’s strength lies within the open, global community independent of commercial pressures, so they can provide the most effective and innovative approaches to security. Organizations and practitioners alike can utilize the resources from OWASP to help reduce the security exposure for applications with a level of trust from an open community.

My first one-on-one interaction with OWASP was during one of my late Monday night security training courses. The class talked in detail about following the OWASP Top 10 list and using that document as a guide to making sure applications are secure. That served as a catalyst to my understanding and usage of OWASP resources. Without a doubt, the OWASP Top 10 is the most popular project in the community. Notably the PCI Council relies on it for PCI DSS along with other large companies like Microsoft, Oracle and Citrix. In addition, the U.S. Defense Information Systems Agency (DISA) recommends using the Top 10 for the DoD Information Assurance Certification and Accreditation Process (DIACAP).

“So, what is the Top 10 all about?” you might ask. The value of the Top 10 is that is serves as an awareness document that identifies risks for organizations and the 2013 edition marks the 10th anniversary of the Top 10 (last updated in 2010). It covers items like SQL injection attacks under the A1-Injection section and provides cheat sheets for engineers to prevent flaws. It should be noted that OWASP is not limited to just the Top 10 list, there are many other projects around guides, tools for both learning and work, and code as well to utilize.

Throughout the last decade I have found OWASP to be a valuable resource that I’d recommend to all security practitioners. I’m happy to say Ipswitch is now sponsoring OWASP so that the project can continue to help improve security awareness. At Ipswitch, we believe in the mission and core values and want to see the continued success of the OWASP community along with being engaged with it. I definitely recommend checking out the projects and resources at OWASP if you haven’t already.

I’m interested in hearing about any tips or recommendations based on OWASP that you may have—please share below in the comments section.

healthcare file transferIf you’re a healthcare IT professional, you’re likely losing sleep when it comes to ensuring regulatory compliance. Having the right processes and tools in place to manage the transfer of information in and out of your organization, both via people and systems, is at the heart of this issue.

To understand the latest issues and trends affecting healthcare IT professionals, we sat down with Tim Dotson, a healthcare IT consultant from Durham, NC who is well versed in the issues facing healthcare IT groups. Tim’s wide-ranging healthcare job experiences include terms as an IT director for large health systems, an informatics pharmacist, and a healthcare IT newsletter editor. He shared his insights and advice around data security and file transfers.

Zak: What are some of the overall issues you are seeing affecting healthcare IT teams? 

Tim: Healthcare IT is in the midst of change, some related to government and regulatory requirements, and some just due to the constantly changing nature of healthcare. For example, both healthcare providers and vendors are struggling to get ready for upcoming changes to the ICD-10 Procedure Coding System. At the same time, they’re dealing with ongoing requirements associated with Meaningful Use programs. These programs incent doctors to use technology to assist patients, and to make that happen, changes are needed to IT systems within healthcare organizations as well as how they’re used within organizations. These initiatives are associated with immovable deadlines. And on top of these, those in healthcare IT need to address their hospitals’ own strategic agendas.

To further complicate matters, many healthcare organizations are undergoing consolidation, whether because of mergers or because they are trying to minimize the number of IT systems and vendors they deal with.

Zak: Yet at the same time, HIPAA standards are only getting stricter, and they are not optional.

Tim: Exactly. Hospitals continue to struggle with meeting HIPAA requirements, such as the new HIPAA Omnibus Rule, which among other things makes business associates of covered entities responsible for complying with some aspects of HIPAA, and increases the associated penalties for security breaches.

“Managed File Transfer takes compliance risk off the table, and just as importantly, saves valuable resources from having to manually manage the healthcare file transfer processes.”

Compliance is complicated in an era where everybody is used to storing data on personal devices and cloud-based services such as Google, posting personal and work-related information on Facebook, and sharing information with other organizations. Penalties for being involved in a patient information breach have increased, even if the exposure was unintentional and with no evidence that anyone used the patient information.

Hospitals have to evaluate their exposure, train thousands of employees regularly, and understand how the practices of their business partners could put them at risk. New government concerns have been raised about saving and monitoring computer audit logs, not just for possible privacy violations, but to detect behavior that might indicate healthcare fraud. Breaches, investigations, and audits are almost inevitable, so hospital executives have to prepare their large, complex organizations to avoid exposure and how to respond if one occurs. It’s yet another problem that often lands in the lap of the hospital CIO.

Any ways healthcare professionals can find to deliver compliance with less effort will have a significant payoff to the IT teams. And that’s where Managed File Transfer can come into play – it’s taking compliance risk off the table, and just as importantly, saving valuable resources from having to manually manage the healthcare file transfer process or spending countless hours troubleshooting file transfer related issues.

Zak: Can you share more about what specific pressures healthcare organizations are facing when it comes to HIPAA compliance? Clearly there are some external technology trends outside of the hospitals’ control making compliance more and more of a challenge.

Tim: Many hospitals are dealing with the proliferation of devices and people demanding the ability to use them. The question isn’t whether or not devices like tablets will be used, but how hospitals will support the Bring Your Own Device (BYOD) movement.

Hospitals can’t afford to give everyone a device. But hospitals like to standardize their technology. And they certainly need to make sure data is kept private and secure. Plus healthcare IT groups need to support remote physician offices as more mergers and acquisitions occur.

There’s also a movement toward Big Data. Now hospitals can tie patient encounter data in with information about patients’ activities and characteristics outside of their environment, such as prescriptions taken, exercise and eating habits, etc. By mining this data, they can identify opportunities for improvement and develop new risk models. As healthcare organizations look to analyze all this information, files must be exchanged on a more regular basis, not just at the end of each day.

Of course, this means data security is more of an issue than ever before. Some healthcare organizations are still using unsecured email to send files. And the penalty for data breaches can be huge. Plus, the organization can lose credibility.

Zak: So with that said, how challenging is it to monitor and respond to changing data protection requirements without compromising patient confidentiality?

Tim: This is always a challenge. Security crosses several domains – infrastructure, people, and processes. Hospitals do their best to be mindful of security. But they often don’t realize how vulnerable they are until something unfortunate happens. There are so many opportunities for data to fall into the wrong hands. Every data exchange presents a risk and because there are more demands to move information around, the risk just keeps increasing. And sometimes the data protection requirements are too complicated to keep track of, especially for smaller hospitals. While these organizations have good intentions, they are often at risk because they’re not sure what to prioritize.

Zak: What are considerations or issues around balancing security and efficient file transfer?

Tim: Most times, the challenge is around the reach of communications. Many hospitals employ a large number of staff and it’s tough to get the message out about secure file transfer when you need to communicate with everyone from brain surgeons to housekeeping employees.

Many organizations are turning to automation to get around this problem. For example, they’ll set a rule to secure data in an email if it seems the information could be of a confidential nature.

Like so many things in healthcare IT, there’s not usually an obvious upside to taking these measures. It’s more about avoiding the downside, such as a penalty or negative publicity. But with increased HIPAA requirements and penalties, healthcare IT groups are paying attention to secure file transfer. It’s moved from “nice-to-have” to “must-have”.

Zak: Tim, thank you. This has been extremely insightful. One thing that’s clear from your comments is that healthcare IT professionals have a lot on their plates. For those that haven’t yet explored Managed File Transfer, it’s a way to reduce the time spent achieving HIPAA compliance, while gaining more control and visibility into the file transfer process across systems, processes and people.

To learn more about Managed File Transfer in Healthcare, visit the Healthcare section of our web site discussing Managed File Transfer Solutions for HIPAA Compliance or view one of our case studies for healthcare customers such as Rochester Hospital, VIVA Health or NHS Wales.

A major southern US city school district with more than 40,000 students reached out to the Ipswitch WhatsUp Gold team for help after a failed attempt to implement another company’s network monitoring software. Increased security concerns were driving the school system to increase investment in building and campus safety precautions. But the monitoring software wasn’t cooperating.

In testing the other company’s software, they found it:

  • Didn’t have the Level 2/3 discovery granularity. This was required to identify and monitor everything from servers to applications, to component-level information in servers. As well as switches and other devices like security cameras.
  • Couldn’t create a complete map of a network of schools stretching across the city. That would make it hard to determine what was new new and what was old so they could upgrade efficiently.
  • Couldn’t identify or monitor many SNMP-addressable devices already in place. Devices like metal detectors and the security cameras. Because it didn’t have MIBs for them in its library of devices.

CaptureddBut each area the IT director found fault with could be remedied with WhatsUp Gold, the director was promised by an Ipswitch sales engineer. “I was told it wouldn’t take more an hour,” she said. Skeptical, but intrigued, the director took the plunge and downloaded the software. Less than an hour later she was pleasantly surprised to have in hand a complete map and a detailed inventory of all the devices making up the city’s widely distributed network of schools.

Peace of Mind

Now the school district had the information they needed determine what they could keep and what they’d have to replace. This allowed them to enhance student and staff security and control vandalism of school properties. Unlike the other software, WhatsUp Gold allows administrators to add MIBs for devices not already in WhatsUp Gold’s library in just minutes.

Once the first wave of safety improvements was in place, the IT director used WhatsUp Gold to monitor the health of all the network devices. They were able to take action quickly if WhatsUp Gold detected a problem with any device. For instance, one of the high school’s metal detectors went off line late one afternoon. An automated alert and an intuitive trouble-shooting interface allowed the staff to identify the root cause in minutes and reset the system.  

“The major benefits of using WhatsUp Gold include increased peace of mind, a reduced administrative workload and higher device service levels,” the director reports.

mobile file transferIn my last post, I covered how managed file transfer (MFT) makes sure that files are kept secure and more easily integrate into processes. Specifically, I shared examples of how MFT helps ensure compliance within highly regulated industries when it comes to file transfer. In this post, I share examples of how MFT helps keep processes smooth and secure for distribution and oil & manufacturing organizations.

Distribution: Quickly and Securely Initiating Sales

mobile-iconGenerating new orders is the ultimate measure of a sales reps’ productivity and contribution to the organization. That’s why mobile devices such as cell phones and tablets have been a dream for businesses, making it possible to keep orders flowing no matter where sales reps are located. But a breach of sensitive pricing and customer information can quickly come back to haunt an organization. After all, who wants the publicity, financial penalties, and loss of customer trust and future transactions that often follow on the heels of a data breach?

By using a tablet with MFT installed, a sales rep at a customer site can securely generate and deliver an approved price quote document, initiating the process from his tablet. Once approved, the price quote is automatically and securely delivered to the customer and internal business systems are updated with information from the quote – all because of MFT. The automated process streamlines quote generation and approval, and ensures that sensitive pricing and customer information is protected during every step of the process.

Oil and Manufacturing: Bringing Processes into the 21st Century

oil-and-gasIn the past, oil and manufacturing engineers didn’t have many good choices when it came to managing their daily processes. Often working in the field, they had to carry paper copies of documents, anticipate before they departed their office which electronic documents they might need, or make a second expensive return trip to the field. And, if files needed to be modified based on information collected in the field, engineers had to wait until they returned to the office to make the updates.

With MFT in place, engineers can be anywhere in the world and securely access and edit shared large unstructured data files such as geo-physical information, equipment specifications or designs remotely on their tablets. And with advanced MFT solutions, organizations can even make sure that files automatically delete on a pre-determined expiration date.

For more information on how Ipswitch File Transfer removes critical mobile work obstacles, check out this earlier post  on MOVEit 8.0 support for mobile security.

Yesterday I read an article entitled Minutes Matter And How To Avoid Screwing Up Our Productivity posted on Project Management Tools That Work. The author of the piece works hard to point out that when automating processes it’s important to understand the effect that one or more extra clicks might have. project_management

In reference to implementing a patient records system, a doctor claims:

“If you add literally one minute per patient to my work, you’ve added 40 minutes to my day,” he says.  “If you add five minutes per patient, you have now certainly just hit me with a 20 to 30 percent productivity loss.”

Good point, and certainly something to keep in mind. On the other hand, though, the goal of a patient records system isn’t just about the physician’s and nurse’s time.

It’s also about the quality of the information gathered, and the value that information has to improving future heath care decisions and improving other downstream processes.

Achieving all of a project’s goals might include asking someone to do something that adds to their total task effort (in as efficient a manner as possible, of course). If it does add to their effort, then it is important that they understand that their task has changed and why.