geralddrakeThe heat is on!  Compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) has never been more scrutinized and highly regarded.  The push towards compliance has fueled businesses large and small to explore the options and necessary requirements of HIPAA compliance.  Specifically, any organization that meets the HIPAA definition of a covered entity or business associate is subject to and under the HIPAA compliance umbrella, regardless of how far removed they are from the point of treatment, and is subject to audit, fines, and penalties in the event of a breach.  This includes those organizations that create, receive, maintain, or transmit protected health information (PHI) on the covered entities behalf, such as business associates and their subcontractors.  Don’t tread lightly- compliance with HIPAA, specifically the Security Rule, is a daunting task that many organizations will face, either through a proactive approach, in response to an OCR audit, or in the instance of a covered entity seeking satisfactory assurances.

Every organization’s goal is to achieve compliance, but not all organizations are created equal.  With security breaches occurring at an alarming rate, covered entities are searching for the right vendors that can secure their data appropriately.  And why shouldn’t they?  Business associates provide a level of service to these covered entities, which directly translates into an immediate risk, albeit reputational in nature.  By focusing on and achieving HIPAA compliance, business associates will increase their security posture, as well as safeguard the confidentiality, integrity, and availability of the covered entity’s data.  Additionally, HIPAA-compliant business associates will reduce their risk exposure, enforce best practices, and expand consumer confidence, which cannot be undervalued.

An organization may ask itself, ‘what is the path towards compliance?’  The path towards compliance starts with performing a HIPAA Security Rule assessment, which can be performed internally or by an independent, third party assessor.  The HIPAA Security Rule is made up of Administrative, Technical, and Physical Safeguards, as well Organizational and Policy/Procedure Requirements.  Each safeguard contains specific standards and implementation specifications that must be satisfied in order to validate compliance. The resulting compliance assessment of the HIPAA Security Rule focuses on common IT general controls, such as: risk management, physical and logical access control, protection from malicious software, disaster recovery, information security policies and procedures, workstation security, and encryption of data in transit and at rest.

A risk based approach to HIPAA compliance is critical to appropriately securing data, specifically ePHI.  The benefits are both quantitative and qualitative.  Consumer confidence cannot be quantified, but rest assured, a proven HIPAA-compliant business associate gains an immediate competitive advantage over its non-compliant competition.

Don’t be left on the outside looking in.  Initiate the HIPAA compliance process because it is no longer a request, it’s required.

CIOFORUM_2I was asked recently to speak on the “What IT skills/roles should reside in the Business” panel at the Premier CIO Forum in Boston, a well-attended and engaging event supported by SIM (Society for Information Management). It was an impressive roster of IT executives from across the New England region.

“New technology is now requiring IT and the Business and to be extraordinary dancing partners” was the introduction to our panel session moderated by Sharon Kaiser, CIO for ABIOMED, Inc. My fellow panelists for analyzing the IT/Business “dance,” who should lead, the right steps to follow, the expected pace, were Matthew Ferm, Managing Partner of Harvard Partners, and Hunter Smith, former CIO of Acadian Asset Management. It was a lively discussion, with a very participative audience.  Here are the highlights:

  • Speed, flexibility and leadership are key for today’s IT. Shadow IT, where pockets of a Business go off on their own to buy, say cloud services or a product, is usually a response to when an IT department is unresponsive. The trouble with such approaches is that it also often silos IT, and many times the business will come back with a need to integrate a hastily purchased product, or even to get it to run.  The lesson is: deep partnership between IT and the Business, continually optimized, is needed. If IT is truly enabling, it will not be viewed just as a gate-keeper but as a partner.
  • For engaging well you need skills in IT and the Business that complement each other.  Thus Business Analysis (BA) as a position residing in a Business is very helpful. It ensures requirements are vetted, understood and relatively fixed, and there will be ownership for what IT will be asked to do. But, IT also needs BA skills on their side, even if it may not be a job title. Most importantly, IT must understand business processes deeply so that the value of a project is understood, and where needed, valid input can be given on process simplification where warranted. The BA role in the Business must understand technology and how IT works for this to be a true partnership.
  • Security, Disaster Recovery, responsibility for LAN/WAN/server environments and access should all reside with IT.  Some roles, such as project management (PM) can be in either IT or the Business, since good PM will be driven by data and not by persuasion or vested interest.  Some roles, such as QA/Testing need to go beyond IT testing a technology developed to meet a business need. It must say, “yes, hit the requirements” to the Business testing out the actual use cases with a process workflow, so that base assumptions and expected value are actually vetted out.

These discussions showed that regardless of company size, the audience had similar experiences: rapidly increasing need for a close, agile relationship between IT and the Business, a huge technology wave of possibilities, and opportunity for re-thinking roles and responsibilities. One must experiment and evolve, as well as establish a strong communications and shared-goal mentality with the Business. I ended by noting, “If you treat IT as a commodity that is what you will get. If you treat it as the leading edge of your Business, you will have a weapon like no other.” The audience very much agreed.

I was asked recently to speak on a panel entitled “What IT Skills/Roles Should Reside in the Business” Premier CIO Forum in Boston. The event, held earlier this week, was a well-attended and engaging event supported by SIM (Society for Information Management). There was an impressive roster of IT executives from across New England.

photo (6)
Premier CIO Forum, Boston (March 25, 2014)

New technology is now requiring IT and the Business and to be extraordinary dancing partners” said Sharon Kaiser, CIO for ABIOMED, Inc., as she opened our session as moderator. My fellow panelists were Matthew Ferm, Managing Partner of Harvard Partners, and Hunter Smith, former CIO of Acadian Asset Management. We analyzed the “Dance between IT and the Business”. Who should lead? What are the right steps to follow? What’s the expected pace? It was a lively discussion, with a very participative audience.  Here are the highlights:

  • Speed, flexibility and leadership are key for today’s IT. Shadow IT, where pockets of a Business or go off on their own to buy, say cloud services or a product, is usually acting responsively to when an IT department is being unresponsive. Shadow IT also happens when individual employees download an application right onto their machine. The trouble with Shadow IT is that it also often silos IT. Many times the business will come back with a need to integrate a hastily purchased product, or even to get it to run.  The lesson here is to have a deep partnership between IT and the rest of the business, continually optimized, is needed. If IT is truly enabling, it will not be viewed just as a gate-keeper, but as a partner.
  • For engaging well with others you need skills in IT and the Business that complement each other.  Thus Business Analysis (BA) as a position residing in a Business is very helpful. It ensures requirements are vetted, understood and relatively fixed, and there will be ownership for what IT will be asked to do. But, IT also needs BA skills on their side, even if it may not be a job title. Most importantly, IT must understand business processes deeply so that the value of a project is understood, and where needed, valid input can be given on process simplification where warranted. The BA role in the Business must understand technology and how IT works for this to be a true partnership.
  • Security, Disaster Recovery, responsibility for LAN/WAN/server environments and access should all reside with IT.  Some roles, such as project management (PM) can be in either IT or the Business, since good PM will be driven by data and not by persuasion or vested interest.  Some roles, such as QA/Testing need to go beyond IT testing a technology developed to meet a business need. It must say, “yes, hit the requirements” to the Business testing out the actual use cases with a process workflow, so that base assumptions and expected value are actually vetted out.

These discussions showed that regardless of company size, the audience had similar experiences: rapidly increasing need for a close, agile relationship between IT and the Business, a huge technology wave of possibilities, and opportunity for re-thinking roles and responsibilities. One must experiment and evolve, as well as establish a strong communications and shared-goal mentality with the Business. I ended by noting, “If you treat IT as a commodity that is what you will get. If you treat it as the leading edge of your Business, you will have a weapon like no other.” The audience very much agreed.

— Azmi Jafarey, Chief Information Officer, Ipswitch

baylor2
Taurean Prince and Ish Wainright of the Baylor Bears celebrate after defeating the Creighton Bluejays 85-55 on March 23. (Photo by Tom Pennington/Getty Images)

The 2014 March Madness games hit Sweet Sixteen this week with some of college basketball’s greatest men’s teams matched up against some of the most unlikely Cinderellas. I plan to watch Michigan State go up against Virginia at 10pm ET tonight to see how things play out. Moving along to our own March Madness games, with a network management spin, we are looking at those being played out in the Influx Region. To those in charge of network management, the introduction of new technology or a large influx of new users can produce its own kind of madness. In this game we matched ‘Introduction of New Technology’ with ‘Traffic Spikes’ to see which caused our team of experts greater angst. (If you are wondering what this is about, check here for the full Ipswitch Madness.)

Introducing new technology is always dicey, but at least you have the opportunity to test it along the way before rolling out the broader organization. Not that you always catch everything, but at least you have the opportunity to limit the damage. Traffic Spikes are a pointy fiend as they can disrupt your entire business. If your network or site goes down for too long due to an increase in traffic and you are unable to recover, it’s game over.

Therefore, Traffic Spikes are onto the Elite 8.

Our final matchup in round one pits ‘Fluctuating Number of Users’ against ‘Point-In-Time-Events’. Knowing how many people are attaching to your wireless network helps keep things running cost effectively. What doesn’t help is when you’ve got wireless network bandwidth hoarders doing things like streaming ESPN to catch up on March Madness games. But there are ways you can figure that out. At the end of the day you don’t want to overpay your ISP for bandwidth, but underestimating the need can be bad as well.

ipswitch_march_madness_bracket_3-27-14
The Influx Region (Round One): Network Management March Madness

Another other issue that can create a problem for IT is Point-In-Time events. One of the biggest examples of this phenomenon is taking place right now and was the inspiration for our March Madness exercise. According to a survey run last year, the tournament was expected to cost $134 million in lost productivity over the two workdays when the most popular games were being played (this year that’s yesterday and today). An estimated 3 million U.S. employees were expected to spend one to three hours at work watching the games, and two-thirds of all workers were expected to follow the tournament at some point during work hours.

That’s a lot of video streaming by bandwidth hoarders who are chewing up more than is allotted to them to get their jobs done, at the expense of others who experience application performance issues as a result.

For this reason, in one our tightest matchups to date, we’re moving Point-In-Time events into the final 8.

Today marks the end of the first round in our March Madness games. Stay tuned for next week’s posts when our teams will battle it out during semi-finals.

If you want to learn more about how March Madness applies to your daily work life, join us on April 9 for webinar entitled “Network Management’s Sweet 16 – Solve the Problems Competing for your Time“. Register here for the 8:00AM (US ET) tip off or here for the 2:00PM (US ET).

 

In this week’s NCAA March Madness reliability was thrown out the window with major upsets, a broken ankle, a poor showing by a star, and a surprising blow-out. No matter how smart a team you have or how good a plan is in place, the life of IT staff also includes a dose of the unexpected. Because there’s always something unanticipated to deal with. It’s critical to be able ensure reliable service so you can focus on the surprises. (If you are wondering what this is about, check this out for the full Madness.)

Ipswitch March Madness: Reliability Region
Ipswitch March Madness: Reliability Region
(CLICK TO ENLARGE)

Outages vs. Downtime

The primary charge of any IT department is to keep everything moving. An unreliable network is simply unacceptable as productivity grinds to a screeching halt. That’s what makes the match ups in our Reliability Region so intriguing. What do our experts think is the most critical issue to contend with? Our first match up has Patchwork Solutions going head-to-head with Outages and Downtime. Piecing together a network of point solutions and spare parts is asking for trouble. All the bubble gum and duct tape in the world can’t sustain the network forever. Issues are sure to arise at the most inopportune time. While Outages and Downtime are often beyond your control, nothing gets IT folks moving like the network stopping. While Patchwork Solutions have the potential to be bigger problems down the road, the nod here goes to the immediacy and frustration of Outages and Downtime.

Outages and Downtime is moving onto the Elite 8 in Network Management March Madness!ipswitch_mm_teaser

Shrinking IT Budget vs. Unresolved Problems

In our second first round match up in the Reliability Region we put the Shrinking IT Budget up against Unresolved Problems. Nearly every IT department is facing the budget crunch so this is not an issue that is unique to any one market, but it is a serious problem nonetheless. IT is expected to do more with less every day and keep the network running at peak proficiency. Add to this the number of security and compliance protocols and IT is straight out. Unresolved problems could be considered a side effect of an overworked and understaffed IT department, but is a serious problem in its own right.  We’ve all been there. We do what we need to do in order to get things working again. But it often never really solves the problem. It’s like addressing the symptoms and not the disease. These only lie in wait for a chance to take a bite out of your network when you least expect it.

It’s a close one, but in the end, the ticking time bomb of Unresolved Problems wins out and moves on to the Elite 8.

If you want to learn more about how March Madness applies to your daily work life, join us on April 9 for webinar entitled “Network Management’s Sweet 16 – Solve the Problems Competing for your Time“. Register here for the 8:00AM (US ET) tip off or here for the 2:00PM (US ET).

CLOUDWhile conventional wisdom says it’s safer and more manageable to maintain secure business processes in-house to avoid security risks in the cloud, we might have reached a tipping point. Due to exponential increases in data and increasingly stringent compliance regulations, it’s almost certain your internal team does not possess the bandwidth, expertise, or patience required to maintain a secure environment.

Given we are in tax season, let me draw a quick analogy. Perhaps as a young person with a part-time summer job and no family, you filled out the 1040-EZ tax form on your own. As years passed, you started a family, invested in property, entered into new tax brackets with new rules, etc. Soon your taxes became a burden that was much simpler to trust to a professional cloud-based service like TurboTax or H&R Block. You relied on a vendor that you know will do the job well because they do it for many customers – they’re the expert.

The same concept applies to operational security and compliant business processes. For example, the management of file transfer processes on a DIY basis is no longer viable for most organizations, given the increasingly vast amount of data transferred within mid-size to large companies. And to think about it more broadly, file transfer is just one part of the equation for a company conducting business between themselves and their partners. If they are required to show PCI Compliance for the whole chain of events, there could literally be thousands of configuration controls they would need to manage and monitor on an ongoing basis to do so. Better to work with compliant service providers, to reduce the complexity without sacrifice of safety.

If this sounds as complex as the Tax Code, it probably is. In response, an increasing number of organizations are bucking the conventional wisdom of on-premise safety, and looking to the cloud. In addition to being a lot cheaper and less-time consuming to hand off certain operational tasks to a cloud-based vendor, recent on-premise data breaches (Target) and the growing scale of securing business processes have pushed businesses processes toward a managed cloud environment.

If your organization is making the shift to the cloud (or considering it) to manage business processes, there are a few “best practices” to keep in mind:

1)     Understand the business problem you’re trying to solve and what you’re trying to achieve. This isn’t a new concept, but this will help you identify weak links in your internal management processes and understand where you need a partner.

2)     Find the right partner. Invest in partners that help you secure processes without the problem growing beyond your ability to handle it. Ensure your partner is well-equipped to manage the breadth of PCI controls, and able to provide you with the tools you need to show compliance to your auditors, for example. It’s important that no component of what you choose to solve the business problem becomes the weak link.

3)     Don’t abandon on-premise solutions entirely. Some of the enabling “fabric” that will make it possible to do business moving forward is a combination of cloud and on-premise. There’s no future where it’s all cloud or nothing, no matter what you might hear.

4)     Don’t trust anyone who says they’ll secure an entire business process for you. Security is complex, and the right partners will secure various components of your processes – not everything.

As companies begin to understand the capabilities of the cloud – and how it can meet and exceed their enterprise-grade security requirements – improving the security and compliance of your business processes becomes another task you can trust to the experts in the cloud.

With comebacks, upsets and buzzer beaters, the first full day of the 2014 NCAA tournament proves that anything can happen” (Nate Rowlings, Time).  I couldn’t say it better than Nate. March Madness went into full gear last night with 18 college basketball teams falling out of the ranks. Speaking of ranks, today I’m sharing the latest results of our own tournament, with a network management spin. (if you are wondering what this is about, check this out for the full Madness.)

Bandit_Grey Region_3-21-14
Ipswitch Network Management March Madness: The Grey Region

Enter the Grey region.

The Grey region is all about visibility. Perhaps more appropriately, a lack of it. In our third matchup Unexpected IT Issues  went up against the sluggish Slow Apps. When your users reach out in every way possible to tell you how slow their [fill in the blank] application is working, unexpected issues are not hard to miss. And they can be difficult to pinpoint in order to make them go away. We conducted a study late last year that showed the number one issue among IT pros is application performance. Why? Because it is the number one complaint they hear from their users. Application performance problems may make folks around the office slow down in terms of productivity, but they make IT pros go full speed, trying to solve the problem and bring peace to the world.

For these reasons, Slow Apps are moving on to the Elite 8 of IT problems.

In the bottom half of the Grey region bracket, Shortcuts and Quick Fixes squared off against Lack of Visibility. Quick fixes are often necessary to get things running again in IT environments. They just don’t make for great long-term solutions. Shortcuts can live long. They can lie in wait and create big problems down the road.

A Lack of Visibility in an IT environment is a big bad. You can’t fix what you can’t find. And when you don’t know it’s a downed router tucked away in your server closet or datacenter, you may end up looking in a bunch of other places before you even get close to the culprit. No one wants to fly blind. A good way to make this problem go away is to have a clear and unified view into the entire network that pinpoints the exact problem. Fine-tuned network management can help the time it takes to resolve the issue go from hours or days down to minutes. For this reason, Lack of Visibility is off to the Elite 8 to take on Slow Apps.

Check back next week to find out the results for Reliability and Influx Regions. Enjoy the Madness this weekend. I know I will.

For healthcare organization, NHS Wales, safeguarding healthcare data is of critical importance.
For healthcare organization NHS Wales, safeguarding healthcare data is of critical importance.

As many of you will know MOVEit Managed File Transfer System has been shortlisted for SC Magazine Europe’s Awards for the second straight year; but what you may not be aware of yet is that NHS Wales have also been nominated for the Best Security Team Award.

The team was nominated based on the team’s efforts to ensure authorised sharing agreements and tight controls were always adhered to when sharing confidential healthcare information with other Welsh Public Sector Organisations.

NHS Wales came to HANDD looking for a solution, and after our experts had evaluated the situation they decided that Ipswitch would be the perfect fit for them.

Needless to say everybody at Handd is extremely excited and proud of the entire team. We are also delighted to see NHS Wales be nominated as they have put in so much time, effort and hard work with us that has been duly noticed by SC Magazine.

The awards ceremony itself will occur on the 29th April during Infosecurity Europe, where I hope you will be able to come along and check out our stand. We also have a meeting room that is available if you would like to book a one-on-one meeting. If this is something you would be interested in, please contact us directly by telephone on +44 (0) 845 643 4063 or via email info@handd.co.uk.

In our first round of the Ipswitch Network Management March Madness Bracket we match Bandwidth Hoarders against the Understaffed IT department. (Yes, we jumped right over to the Sweet 16 as it seemed like overkill to start with 64.) Bandwidth hoarding and lack of people resources in IT are common to most organizations.

The network can be a fickle place and bandwidth is not unlimited. While shortages in IT  are not new (yet painful), not having the horsepower on the network when it’s needed most is an issue many network managers will face while folks catch up with the NCAA games during the work day. As a result, the Bandwidth Hoarders are moving into the Elite 8.

Bandit Region_3-19-14
Network Management March Madness: Bandit Region Results

In our second first round matchup in the Bandit region we pit Shadow IT against BYOD. BYOD has received its share and more of media attention as the average user these days carries more than three devices with them each day and onto the corporate network. This can create issues of bandwidth, security and a number of other concerns for IT. Shadow IT creates its own share of problems as the toughest problem to solve is often the one you don’t know about. By users creating their own environments and downloading programs that are not approved, the potential for network issues abound. When you look at the percentages, almost everyone has one or more personal devices whereas only a small amount embarks on their own IT strategy.

Therefore, BYOD is headed to the Elite 8 to match up against Bandwidth Hoarders.

What do you think about the outcomes of our first round matchups so far? Leave a comment below.

 

 

blog image previewAs an IT professional, this likely sounds all too familiar: Find a way(s) to keep business processes smooth and secure despite your lack of full control or visibility over the movement of files. As the type of data, threats, transfer scenarios and modes all continue to rise, you are expected to keep it all together – all while managing countless other tasks.

But it’s time to disrupt the status quo and resolve some of the pains of file transfer. Ask yourself if you are currently experiencing any of the following:

  • Inadequate security
  • Lack of control
  • Increasing complexity and time consumption when hunting down reports or missing files
  • Invisibility (not the super hero kind, but the kind when you don’t have full view into the transport of important information)

If you answered yes to any of the above, look no further – managed file transfer might be what you are looking for (and might even make you feel like a super hero*).

*Invisibility not guaranteed

Check out our new Managed File Transfer infographic here and tell us your thoughts. null

Grab the PDF of the MFT Infographic here.

One day following Selection Sunday, NCAA March Madness is off and running (or dribbling). Last Friday we threw out a teaser about our own bracket covering 16 of the top network challengers who’ll square off against one another. Today we’re revealing the 16 “teams”. (We figure 64 was overkill so we skipped right over to the Sweet Sixteen.)

Click here (or on the image itself) to check it out in full size.

ipswitch_march_madness_bracket_1_3.17 blog
CLICK TO ENLARGE
Ipswitch March Madness Bracket: Which Issues Will Cut Down the Net(work)?

Over the next two weeks we’ll cover these 16 network issues and problems more in-depth, as they battle it out on the court. In our case, the court is in the “Galactica” conference room where our own IT experts will make the call on who will advance to the next round. We’ll be tracking this with you every step of the way.

Have an opinion on who should take down their region or ultimately win out? Leave a comment below and print off the bracket to play along with us.

We realize that other bracket will get more attention this month and into next, but in the long run, we think ours has more legs.

The NCAA March Madness college basketball tournament is one of the most highly viewed online sporting events in the U.S. each year. Whether diehard or fair-weather fans, in the workforce or on campus, all eyes will be fixed on the games and the 64 team tournament bracket.

march madnessAt Ipswitch, we’re not only celebrating one of the most exciting times of the year in sports, but also honoring the IT pros who will have to make sure their networks are ready to handle the increased traffic and bandwidth to support all that live video streaming. No one wants to have their productivity limited by slow apps because their colleagues are catching up on the tournament.

Check back Monday morning after the NCAA’s Sunday Selection to see our own March Madness Bracket, with a spin on network management.