My name is Greg Jankowski and I lead our online and technical support groups here at Ipswitch. In order to make a good first impression I decided to keep my first post short and sweet.

Take our brief two-minute survey and enter into a drawing to win an Apple Watch
Take our brief two-minute survey and enter into a drawing to win an Apple Watch

We are working to improve the ways we engage with our customers who use our managed file transfer products (or are just interested in the technology) and are developing an online community to serve this purpose. This yet-to-be-named community will allow folks to ask questions and comment, share content and ideas, learn best practices, and build new connections.

Before we get too far along in development, we would love to get your feedback via a brief 2 minute online community survey. As a token of our gratitude for taking the survey, we will award one lucky respondent with a shiny new Apple Watch.

>> Be sure to engage with us next month during the Ipswitch Innovate 2015 User Summit, a two-day (October 21-22) online only event for IT professionals to learn from each other, and our product experts.

Ipswitch Innovate is a two-day online only event for IT professionals to learn from each other, and our product experts. Click to learn more.
Click here to learn more about Ipswitch Innovate, and register.

 

 

 

ThinkstockPhotos-477492571
Managed file transfer automation tools, like MOVEit Central, can make automating common tasks related to file transfers in much less time.

In a recent Ipswitch IT Priorities survey of over 371 IT professionals involved in file transfer and sharing administration, about 75% said they already used or had need for file transfer automation.  Their most common scenarios were:

  • Automate batch scheduling
  • Workload automation
  • Integration to backend systems. They include financial, CRM, ERP, cloud storage, ECM, EMR or marketing automation systems.

About half said they use Powershell to upload/download data from applications and databases today. So what should you keep in mind when using Powershell to automate common file transfer activities?

  • Use Windows Managament Instrumentation (WMI) to monitor a folder for newly arriving files.
  • Use Get/Add-Content calls when making changes to a file
  • Automation of file encryption is tricky, but consider using GnuPG.  Ensure you don’t use cleartext passwords.
  • You can use WinSCP client or WS_FTP Professional to transfer the files using secure protocols like SFTP, FTPS or HTTPS.

Managed file transfer automation tools, like MOVEit Central, can make automating common tasks related to file transfers in much less time. They are built to handle commonly overlooked scripting issues. These include error handling, logging, environment changes, and security related issues like encryption key management and password protection.

Adam Bertram, Microsft MVP, shared some “how-to’s” and sample code to automate a common file transfer scenario at last week’s Spiceworks webinar “Automating File Transfers Securely”

  • Monitor a folder for arriving files
  • Make changes to a file
  • Encrypt the file
  • Transfer the file

You can access the sample code at Adam’s blog here.

 

Key regulatory compliance mandates imposed by HIPAA, SOX, FISMA, PCI, MiFID, Basel II and others require the tracking of access to scoped systems (those containing regulated data). A key question for IT managers becomes ‘what log data should I collect and how to I manage log storage, retrieval and analysis’. IT Ops teams in small to mid-sized companies should also be asking ‘how do I assure compliance without huge expenditures of budget and manpower. ThinkstockPhotos-504508487

What logs should be collected for compliance?

While the specifics are dependent on the applicable mandate (HIPAA, PCI, etc.) there are common characteristics that will help you meet audit requirements. Generally, the compliance mandate is concerned with your ability to safeguard data such as social security numbers, addresses, logins, credit card numbers, health records, investment plans and banking details. From an IT management perspective, this means we are trying to gather, store and analyze logs that might show actual or attempted scoped data breaches. As example, the following is the recommended Audit Policy for Windows for PCI DSS (Payment Card Industry Data Security Standard).

  • Account Logon Events – Success and Failure
  • Account Management Events – Success and Failure
  • Directory Service Access Events – Failure
  • Logon Events – Success and Failure
  • Object Access Events – Success and Failure
  • Policy Change Events – Success and Failure
  • Privilege Use Events – Failure
  • System Events – Success and Failure

You should also collect access logs for pertinent non-syslog applications running on scoped servers. It is recommended that you have a centralized logging system or dedicated system acting as the syslog receiver.

How long must the data be retained?

Again, the specifics depend on the standard and you should consult, or enlist the services of, a Qualified Security Auditor (QSA) to determine exact requirements but typically the required retention period is between 1year and 6 years. In the case of PCI the requirement is to store all logs for 1 year but have the last 3 months easily accessible. Keeping things in perspective for the small to mid-sized business, if you have enough storage on the centralized logging server you should then retain all logs from scoped systems for one year. If there isn’t sufficient storage available on the centralized server then maintain the last 3 months and roll anything older and less than 1 year to long term storage.

How do I manage and analyze compliance related logs cost-effectively?

Due to the number and size of the logs generated on Windows networks, it is considered best practice to use higher level Event Log Analyzers to automate aggregation and analysis. IT managers in small to mid-sized businesses should consider solutions that strike a healthy balance between functionality and cost. In considering functionality, be careful not to let feature creep influence you to invest in a tool that ‘can do everything’ when your foreseeable needs only require compliance to regulations. In considering cost be sure to add in the ongoing cost of dedicated headcount that may be needed to configure and maintain the solution.

An event log analyzer should be a key component of your infrastructure strategy. With an event log management solution like Ipswitch Log Management Suite, you can analyze logs, secure your network, reduce risks and liabilities, respond faster to security threats and network outages, and automate the administration of collecting and archiving logs.

>> If you would like to learn how to use log management software to address common security and compliance scenarios that your organization faces check out our on-demand security and compliance webinar with Ipswitch Solutions Engineer, Deb Mattson, who walks through 4 common security use-cases —  including how built-in compliance reporting using our log management software can scan Windows, Syslog or IIS/W3C event logs to allow you to create alerts and reporting on potentially non-compliant activities.

 

Most people tend to associate the Dark Ages with horrible things like war, famine, disease and Monty Python but they probably don’t associate it with network performance and availability issues. Unless that person happens to be an IT administrator.

For this group, the Dark Ages take on a whole other meaning. It’s about having difficulty addressing problems with availability and performance of their network, applications and servers. It’s about being blindsided when an issue arises, forcing them to be reactive rather than proactive. It’s about mounting user complaints with regard to slow or spotty performance. And it’s about time that changed!

If your organization depends on disparate, out-of-the box monitoring systems, you don’t have the visibility you need to get to the root cause of an issue quickly—or the ability to anticipate problems before they happen. Our latest eGuide, Escape the Dark Ages of Poor Network Performance and Low Availability, can give you some tips on how to move towards the light. In other words, how device and dependency awareness in your monitoring system can greatly improve visibility.   Escape the Dark Ages of Poor Network Performance and Low Availability

Here are some proven methods to map your networks and applications, so you can develop a comprehensive network performance dashboard that will keep you ahead of problems and help you avoid wasting time chasing down false positives.

7 Key Capabilities

You know that “slow” is the new “down.” And you also know that today’s systems are increasingly complex and interconnected. Therefore, you need a performance monitoring solution that offers a single, integrated view across your network, applications and servers. When evaluating solutions, make sure it offers these seven capabilities:

  1. Device and dependency awareness. If you want to avoid the domino effect when a problem arises (because you didn’t account for the dependencies between devices on your network) you need a map of all those interconnections. But manually creating a network map is labor-intensive. Instead, look for a solution that has dependency awareness and layer 2/3 mapping and discovery designed into it without manual effort.
  2. Real-time alerts and drill-down/historical dashboards. With threshold-based real-time alerts you get early warnings of potential problems. The right dashboard will help you to find problems quickly and spot trends.
  3. Automatic fix of known problems. Your solution should enable you to use Active Scripts, PowerShell scripts and embedded action to restart services, reboot network devices and services, and initiate malware scans—automatically—for problems you know how to correct.
  4. Endto-end integrated monitoring. With a “single version of the truth” you’ll be able to simplify IT operations—and your life!
  5. Speed to production. Make sure you can be up and running quickly with production-ready monitoring that features dependency awareness and rapid discovery and mapping.
  6. Transparent devicebased pricing. Port-based pricing can drive up your total cost of ownership. Lock in device-based pricing.
  7. An integrated system from a proven industry leader. Your small or medium business deserves enterprise capabilities from an experienced vendor.

Ready to Climb Out of the “Basic” Monitoring Pit?

To solve problems with poor network performance and low availability, you need a single, integrated solution from a well-seasoned vendor. It must go beyond “basic” monitoring to:

  • Get to the root cause quickly and easily with dependency awareness
  • Save time with rapid discovery and mapping
  • Improve visibility with layer 2/3
  • Make your users more productive
  • Be production-ready within an hour

If you’re ready to shine a light on your network and performance monitoring needs, check out Escape the Dark Ages of Poor Network Performance and Low Availability.

Dropbox IpswitchYesterday Dropbox posted an update at the end of their 10/13 blog that noted their servers were not hacked. Apparently the compromised credentials in question were stolen from a different source. At the end of the day, Dropbox isn’t to blame. The stolen credentials were used to access multiple services, including theirs.

So let’s leave the folks at Dropbox alone. Every organization that holds personally identifiable information (PII) is a target. And I agree with Dropbox’s advice to their users should use unique passwords across different sites, and when possible, add a layer of security to make things a lot safer.

Like everyone else, I just want to keep all my work and personal stuff online safe. So the Dropbox brouhaha got me thinking about how hard it is to remember and manage all my user account names and passwords. I’m a Mac guy and have found Apple iCloud Keychain to be helpful for managing my personal login credentials, but it has limitations.

Identity management in the enterprise world

IT pros who are responsible for security and compliance around managed file transfer and/or file sharing security should work with an identity management provider to evaluate solutions integrated with SAML 2.0. These vendors’ products can provide single sign-on (SSO), data loss prevention and two-factor authentication – any and all of which will add layers of security to protect personal and business information.

At the end of the day, security should be accessible to everyone in the borderless enterprise composed of employees, customers and partners.

 

openssl-logoAs you may already know, there was a recent Security Advisory about new vulnerabilities in OpenSSL released in early June. This specific flaw requires a vulnerable OpenSSL library active on both the client and server ends of the transaction. The flaw allows a savvy attacker to sit between the client and server and turn off encryption, silently exposing information exchanged between those two end points. Technologies that only use OpenSSL to accept web-browser (HTTPS) connections will be vulnerable to this flaw only when the browser is using a vulnerable version of OpenSSL. Chrome for Android is the only major browser that is currently susceptible.

Security is a top priority for Ipswitch and our customers. Since this announcement, the Ipswitch Security Team has been working to determine the impact and issue patch fixes where vulnerabilities were found.

Impacted Ipswitch products include:

  • MOVEit Mobile & Cloud
  • WS_FTP Client & Server
  • MessageWay
  • IMail
  • WhatsUpGold

Through your Customer Portal you’ll be able to access instructions to properly implement the Security Update for impacted versions as available.

As with any security advisory, we understand that our customers may have additional concerns. If you should have any questions or concerns, feel free to reach out to the appropriate technical support team:

CLOUDAt a recent CIOboston event by CIOsynergy, I met two folks from Apprenda: Chris Gaun, Senior Product Marketing Manager, and Dave Cohn who heads Northeast Sales for the company.  Apprenda is a ‘Private Platform as a Service’ company that sponsored the event with Microsoft. Both made the remark that IT needs to transition from being a cost center to being a profit center and do so by developing more customer-facing software for the business.

An intriguing concept and one that got the conversation flowing between the three of us and Al Ingram, Director of Operations in my IT department. And it got me thinking.  At Ipswitch, IT worked with R&D on our Licensing System within our products to communicate with an IT-created back-end for product fulfillment and activation. That project certainly would fit the bill. We also manage ecommerce. Plus, as one of the leaders in Salesforce implementation, we have developed many tools and processes that could be shared/sold in the Salesforce ecosystem.

But I think this view of IT and what is needed is too narrow. Traditional P&L models, with their roots in manufacturing, assign IT as a cost center. But the way out is to question whether the model needs to be updated, rather than insist that IT produce traditional products that can be sold to customers. There is a value-add to the business from today’s IT that goes beyond viewing it as a sequence of projects or as simply ‘support’ resources. There is sustained return for the business, beyond just the savings that IT may have delivered vs. doing a project using more expensive outside consultants.

Measuring the Impact IT has on Business ROI

Business ROI must have an associated IT fraction that indicates long term value that IT created – it is a shared benefit. I am not suggesting that modeling IT as a profit center will be easy.  Certainly, measuring just IT’s contribution to business productivity has been fraught with difficulty and controversy. But at a time when most IT departments can feel in their bones that they are making a difference to the business and every project is tagged as a business project rather than an IT project (as in the old days) we need these new models to evolve. Such measurement will lead to better valuation of IT: better funding, greater confidence by the business in IT spend, and expanded use of IT as a vital business leader.

AgileHow It’s Made is a popular TV show here in the States, where the viewer gets a behind-the-scenes look at how the products they use on an everyday basis are created. Sometimes it’s an episode on yellow mustard, other times it’s toothpicks and sporks, but almost every time it’s a mainstream consumer product.

Since the show’s creators are not going to air an episode on how MOVEit is made (we tried, no luck), I thought I would do the next best thing: Give you a quick look into how our file transfer products are created – and it starts and ends with the Agile methodology Scrum.

For those unfamiliar with the approach, Scrum is commonly defined as “a software development framework  based on iterative development and incremental delivery, where requirements and solutions evolve through close collaboration on self-organizing, cross-functional teams.”

In other words, Scrum is a process that adapts to change – changes in scope, in requirements, in deadlines. Hence the name, Scrum (adapted from the sport of Rugby where teams operate in very close contact.)

Those of us here at Ipswitch are strong proponents of Scrum. It provides transparency around the day-to-day activities. It accelerates the development process but not at the expense of quality. It helps us move quickly. But there is another reason why we’re such big fans of Scrum, and it’s not a reason you hear very often…

For us, this approach facilitates an egalitarian approach to software development. So often within software companies, the path of product development is done through a top-down approach, where orders are given by senior members and executed by junior members. Not so at Ipswitch. Rather, our Scrum adoption gives everyone – regardless of title or experience level – an equal say as to how the product is to evolve. Everyone has a voice, in other words (though there are occasional overriding votes as you might expect).

Great ideas can come from everywhere, something every Scrum team can attest. By eliminating the usual hierarchy and command and control culture, we’re able to receive new ideas and insights from our entire team, from the CTO to the QA engineer and everyone in between.

The result? Industry leading file transfer products from Ipswitch. Scrum has played a part in the production of every product – from WS FTP Server to MOVEit. Moreover, it played a part of each new version, as well as products that have yet to be released!

The purpose of this post was two-fold. On the one hand, we wanted to explain why we’re such strong proponents of Scrum, which hopefully we’ve done. The second purpose was to attract like-minded developers and QA engineers. So if you’re interested in this egalitarian approach to software development – if you want to contribute more to a project than just your coding and testing skills – then we’d love to hear from you. Take a look at our current list of career opportunities.

ChallengesI recently attended CIOboston, a CIOsynergy event headlined as “A New Dimension to Problem Solving Within the Office of the CIO”. We talked about paradigm shifts propelled by technologies like the cloud, the necessary new engagement models for business and IT and the changing world of expectations to name a few topics. But before getting to all this, our moderator Ty Harmon of 2THEEDGE posed the simple question to the attending 50 or so CIOs and senior IT heads: “What are your challenges?”

Here are the answers that I have assembled. I think there is value in seeing what was/is top of mind for IT leaders in raw form:

  • How do we make the right choices between capital and expense?  Service offerings are growing and additive – the spend never ends.
  • How do we integrate multiple cloud vendors to provide business value?
  • User expectations are being set by the likes of Google and Amazon for great UX, 7X24 support, etc. – but it is my IT staff that is expected to deliver all that on our budget. The business does not want to see the price tag – but they want the same experience that is available at home from these giants.
  • IT needs to run like a business but this takes a lot of doing. It matters how we talk and collaborate. We have to deliver business results that must be measurable.
  • Adoption of the cloud is a challenge. How do we assess what is out there? It is not easy to do apples-to-apples comparisons and security is a big concern.
  • How do we go from private to public cloud? Current skill sets are limited.
  • We are constrained by vendors that are not keeping up with the new technologies! One piece of critical software may want an earlier version of Internet Explorer to run; another may use an obsolete version of SQL Server, etc. This clutter prevents IT departments from moving forward.
  • Business complexity is a challenge. IT is asked to automate – but we must push back to first simplify business processes.
  • “Shadow IT” is an issue. A part of the business goes for a “shiny object” rather than focusing on what is the problem that really needs to be solved. They do so without involving IT. Then IT is expected to step in and make it all work, integrate with other software and support it.
  • Proving ROI is a challenge.
  • Balancing performance, scalability and security is tough.
  • How do you choose old vs. new, flexibility vs. security? It isn’t easy.
  • How do we support more and more devices?
  • How do you fill security holes that are in the cloud?
  • How do you manage user expectations, find the balance for supporting them when you have limited resources.

Many heads nodded as these challenges were spoken of.  But all agreed that these are exciting times and IT will push forward through them and be recognized as the true business enabler that it is. What are your thoughts—were you nodding your head at these questions?

Ipswitch TrafficNothing is more exasperating than sitting in traffic. Trust me, I have an hour and a half bumper-to-bumper commute each day! In honor of stress awareness month, Ipswitch surveyed more than 100 IT professionals to identify the level of frustration that comes along with manual file transfer processes in their organizations. We found that an overwhelming number of IT professionals were weighed down by the stress of their approach to file transfer – 61 percent equated the process to sitting in traffic, while a trip to the registry of motor vehicles was a distant second. The podium was rounded out with a tie between filing income taxes and their Xbox crashing.

Just as a traffic jam keeps drivers from getting where they need to be, manual file transfer processes limits IT professionals from managing other priority projects. For example, 22 percent noted they would be able to provide internal customer assistance more quickly and another 18 percent said they could be automating repetitive organizational tasks during this time.

IT departments’ frustration with manual file transfer operations is understandable. Not only is a manual approach inefficient, there is potential for data loss and continuous interruptions to IT projects. The resulting security concerns and lost productivity go far beyond just operator frustration. The adoption of automation into file transfer processes with a centralized managed file transfer system would eliminate many of these issues and maintain efficiency across the organization.

So, in honor of springtime, it’s time for some organizational spring cleaning – out with the old and in with the new. And the good news for IT professionals is that unlike a traffic jam, the challenges of manual file transfer can be resolved.

Ipswitch-Traffic

CIOFORUM_2I was asked recently to speak on the “What IT skills/roles should reside in the Business” panel at the Premier CIO Forum in Boston, a well-attended and engaging event supported by SIM (Society for Information Management). It was an impressive roster of IT executives from across the New England region.

“New technology is now requiring IT and the Business and to be extraordinary dancing partners” was the introduction to our panel session moderated by Sharon Kaiser, CIO for ABIOMED, Inc. My fellow panelists for analyzing the IT/Business “dance,” who should lead, the right steps to follow, the expected pace, were Matthew Ferm, Managing Partner of Harvard Partners, and Hunter Smith, former CIO of Acadian Asset Management. It was a lively discussion, with a very participative audience.  Here are the highlights:

  • Speed, flexibility and leadership are key for today’s IT. Shadow IT, where pockets of a Business go off on their own to buy, say cloud services or a product, is usually a response to when an IT department is unresponsive. The trouble with such approaches is that it also often silos IT, and many times the business will come back with a need to integrate a hastily purchased product, or even to get it to run.  The lesson is: deep partnership between IT and the Business, continually optimized, is needed. If IT is truly enabling, it will not be viewed just as a gate-keeper but as a partner.
  • For engaging well you need skills in IT and the Business that complement each other.  Thus Business Analysis (BA) as a position residing in a Business is very helpful. It ensures requirements are vetted, understood and relatively fixed, and there will be ownership for what IT will be asked to do. But, IT also needs BA skills on their side, even if it may not be a job title. Most importantly, IT must understand business processes deeply so that the value of a project is understood, and where needed, valid input can be given on process simplification where warranted. The BA role in the Business must understand technology and how IT works for this to be a true partnership.
  • Security, Disaster Recovery, responsibility for LAN/WAN/server environments and access should all reside with IT.  Some roles, such as project management (PM) can be in either IT or the Business, since good PM will be driven by data and not by persuasion or vested interest.  Some roles, such as QA/Testing need to go beyond IT testing a technology developed to meet a business need. It must say, “yes, hit the requirements” to the Business testing out the actual use cases with a process workflow, so that base assumptions and expected value are actually vetted out.

These discussions showed that regardless of company size, the audience had similar experiences: rapidly increasing need for a close, agile relationship between IT and the Business, a huge technology wave of possibilities, and opportunity for re-thinking roles and responsibilities. One must experiment and evolve, as well as establish a strong communications and shared-goal mentality with the Business. I ended by noting, “If you treat IT as a commodity that is what you will get. If you treat it as the leading edge of your Business, you will have a weapon like no other.” The audience very much agreed.

The NCAA March Madness college basketball tournament is one of the most highly viewed online sporting events in the U.S. each year. Whether diehard or fair-weather fans, in the workforce or on campus, all eyes will be fixed on the games and the 64 team tournament bracket.

march madnessAt Ipswitch, we’re not only celebrating one of the most exciting times of the year in sports, but also honoring the IT pros who will have to make sure their networks are ready to handle the increased traffic and bandwidth to support all that live video streaming. No one wants to have their productivity limited by slow apps because their colleagues are catching up on the tournament.

Check back Monday morning after the NCAA’s Sunday Selection to see our own March Madness Bracket, with a spin on network management.