Challenges: Ease of Use vs. Security

Dropbox and Evernote are very easy to use and have enjoyed fairly broad market adoption.

Two issues we have with Dropbox are their security (all customer files were left open for several hours in Summer 2011 for anyone to see) and their Privacy Policy, which enables Dropbox to share your files with third-parties who provide support services to Dropbox.

Evernote’s Terms of Service have you granting Evernote a license to all of your Content that you post there. Similar to Dropbox, Evernote’s Privacy Policy also allows them to share your data with third parties. Worse, Evernote will drop cookies and tracking pixels on your devices.

For corporations in regulated industries (e.g. healthcare, financial services), employees who use such services for data covered by, say, HIPAA, may have created a defacto violation – Neither Dropbox nor Evernote to our knowledge execute Business Associate Agreements.

In unregulated industries, much corporate data is highly sensitive, so why would you want to allow a service provider to share it with third parties?

Solution: Zimbra Briefcase and CyberDuck

Zimbra already has a robust file-sharing, Google Docs-like offering in the form of the Briefcase. Until Zimbra releases Project Octupus in version 8, what is lacking in Zimbra now is the ability to synchronize easily the files in your Zimbra Briefcase with the files on your computer.

That functionality however is easily provided by a handy utility called Cyberduck, available for download at http://cyberduck.ch/. Historically, Cyberduck (and Filezilla, another favorite tool of ours) have been used for FTP transfers. As insecure plain-text FTP gave way to FTPS and SFTP, both Filezilla and Cyberduck expanded the number of transfer protocols supported.

But Cyberduck didn’t stop there. They saw that the future was in Cloud Storage, so they added even more secure transfer protocols to enable users to transfer files to Amazon S3 and indeed any storage repository which supports WebDAV over http — like Zimbra’s Briefcase.

So what we do ourselves and have configured for clients needing this functionality but are concerned about Dropbox’s past data breach history and Evernote’s content licensing, is to configure Cyberduck to talk directly to Zimbra’s Briefcase. Cyberduck you see, does Remote-Local Syncing of whole folders trees, so it’s a snap to keep your Zimbra Briefcase and your computer repositories in sync.

In the screenshot below, you can see in the upper right the Cyberduck window, looking at my Zimbra Briefcase.  In the upper left is the normal Zimbra web interface.  In the lower left is a local folder on my Mac, and in the lower right is the Cyberduck sync windoready to sync all of my Briefcase folders.

The sync process to be fair takes two mouse clicks; you have to remember to actually do it.  But if you need to keep all your corporate documents on your corporate Zimbra system and your corporate laptops, the combination of Zimbra and Cyberduck is a win-win until Zimbra’s Project Octopus comes along later this year.

Hope that helps,

Mark

The wonderful standard “Take the A Train” is a terrific example of early social media marketing.  Although originally crafted as a result of directions Duke Ellington gave Billy Strayhorn to get to his house in Harlem, the song was later heavily promoted by The Cotton Club, also located in Harlem, and accessible by… the A train.  What better than to have a popular song let your prospective patrons know how to get to your club, long before such things like Google Maps or Siri were around?

Now that insurance companies and other payers have cottoned on (yes, pun intended, sorry!) to the fact that preventative medicine lowers health care costs, primary care and other specialty providers are starting to dip their toes in the waters of better managing their patient acquisition methodologies.  Practices whose revenues rely more on elective procedures have traditionally been leaders in the medical marketing space, and as we all know, the Internet is where marketing lives these days.

In that regard, I was very pleased to be invited to speak at the upcoming Medical Internet Marketing Symposium being held in Boston on October 29-30.  Their website is http://www.mims2010.com.

The symposium addresses not only core Internet marketing challenges, but also is intended to help attendees with related issues and opportunities: e.g. how iPad usage in medical practices creates tremendous efficiencies; what to look for when evaluating patient portals; Google’s perspectives on patients’ use of medical information; good website design; computer security and data breaches, and more.

Targeted specifically for medical practices, the attendees already registered comprise a mix of physicians, practice managers and other senior, non-technical medical executive staff.  So, while many of the presentations cover technical topics, the goal is to empower attendees to plan and execute an Internet marketing strategy appropriate for their practice, and not how to code middleware between Centricity and a third-party web portal (although we can certainly do that for you if you need us to).

I hope you will consider joining us at MIMS 2010 later this month!  (You can register directly on the site.)

All the best,
Mark
CIO

P.S. Please feel free to contact me directly if you have any questions about this conference.

BP’s oil spill is horrific of course, but there are a number of “lessons learned” which are very applicable to the way technology is managed.

Documentation. We are all guilty of a sick laugh over the oil companies’ collective safety plans essentially being carbon copies of each other, with an emphasis on protecting non-existent walruses from spills in the Gulf.  But… when there is a disaster in IT, the written Disaster Recovery and Business Continuity plan is where everyone looks for salvation.  If that Plan isn’t kept up to date nor reviewed objectively periodically, when an IT disaster strikes (note I said “when”, not “if”…) that disaster will almost assuredly be of longer duration and more costly than it would have otherwise been.  Keeping Disaster Recovery and Business Continuity plans up to date in our experience is pretty cheap insurance, and while we understand completely that this activity generally gets deferred to accommodate more pressing matters, we consider it our responsibility to prod clients constructively on this front.

Testing Backups. All Disaster Recovery and Business Continuity plans rely on having good, accessible backups.  You can be the best at rotating tapes off site, but if the office burns down you’ll need to get another tape backup device just to do the restores.  And who knows if the tapes are any good?  This is one good reason why we are in most cases migrating clients away from expensive tape backups to less expensive, easily verifiable, encrypted off site disk storage.  We often muse why it’s called “Backup software” when all anyone really cares about are the restores.  Unless you periodically test your backups for their restore capabilities, the best Disaster Recovery and Business Continuity plan is pretty worthless — with or without walruses.

Single Points of Failure. The news media has harped considerable coverage on the several “single points of failure” in the blowout preventer.  In IT, eliminating all single points of failure is very, very expensive.  But eliminating many common single points of failure is surprisingly inexpensive.  For example, disk drives are dirt cheap nowadays, so having a fast RAID10 (versus a slower RAID5 or RAID6 system) doesn’t cost all that much more.  Similarly, SonicWall for example sells the second unit of a failover pair of firewalls at a considerable discount over the primary unit.  We generally recommend that once our clients have a good understanding of what an hour of downtime really costs them, that they consider making “insurance” technology hardware/software investments appropriate for their risk tolerance and lost revenues from downtime.  If you can eliminate one four-hour outage every three years for a few thousand dollars when an hour of downtime costs you a few thousand dollars, isn’t that a good return on investment?

In the same way that “every author benefits from a good editor”, we work collaboratively with our clients to help ensure their documentation, backups and level of technology investments are uniquely appropriate and cost-effective.

If you think your company could benefit from a “fresh set of eyes” on your Disaster Recovery and Business Continuity plan, backups and/or levels of IT spend, please give us a call at (207) 772-5678.  Remember, we are intentionally not a reseller, so we have no incentive to suggest you buy anything you don’t really need.

All the best,

Mark

CIO

I confess I was a bit frugal even before we moved to Maine seven years ago, but I’d like to think of myself as “value conscious” and not “price sensitive.” So when it came time to think about replacing my trusty, but four year old, IBM R52 laptop (which boots Linux and which also runs a Windows 7 virtual machine if you must know), I naturally gravitated toward the new core i5 15″ MacBook Pro with the hi-res anti-glare screen. Kitted out to last four-to-five years with few compromises, the price came in at more than $3,000. At $3K though, how can anyone not be “price sensitive”?! Time to re-evaluate…

The problem was that a few of the more popular keys on my laptop’s keyboard were becoming unpredictable, and the hard drive was getting noisier, meaning a hard drive failure in the near future was more likely than not — especially as I have been using this machine hard pretty much every working day (all seven every week…) for the past four-plus years.

After a bit of research, I decided instead of buying a new laptop to try an experiment: I got a new replacement keyboard for $60 and a new all-digital (no moving parts!) fast SSD hard disk for $240. After about 45 minutes of careful screwdriver work and a 2-hour wait for the hard disk cloning to complete, I found I had a “new” laptop about as fast as a MacBook Pro (prior to their update this week). Boot times are down from 1:20 to about 20 seconds and everything loads in about 1/4 of the time it used to.

Essentially, for $300 I can now get another year or two out of my trusty IBM R52 laptop. If circumstances dictate I need a truly new laptop some months down the road, I can choose the most optimal model at that time. How “value conscious” is that, eh?

But that’s for me. The overwhelming majority of my work is disk- and network-intensive, not processor intensive, so running a 1.6GHz Centrino processor is not a bottleneck for me. “Old ‘n Busted” is plenty good enough…

One of my partners, Chris Falk, spends a lot of time prototyping new client deployments using virtualization on his laptop. Where I will have only one virtual machine, perhaps two, running at any one time, Chris can often have four or more. Chris’s four-year-old MacBook Pro was keeping up with the workload, but wheezing, and impeding Chris’s productivity.

So yesterday, Chris bought a brand new 15″ MacBook Pro, and by being smart about the feature set, kept the price under $3K. “New Hotness” was the right choice for Chris.

If you are trying to get a handle on life cycling your company’s workstations, laptops and servers, please give us a call at (207) 772-5678. Remember, we are intentionally not a reseller for any hardware or software, so whether or not you buy new hardware doesn’t impact our bottom line one iota.

Hope that helps!

All the best,
Mark, CIO

For more than seven years, SCO and Novell (and IBM, and a number of other companies) have been in court trying to decide who owns the copyrights to UNIX. The jury has decided in favor of Novell, and we think this is good for the industry as it promotes competition, which we believe results in better-quality products at more attractive prices.

During this action, SCO threatened every Linux user with claims that Linux violated SCO’s intellectual property. Microsoft-friendly entities invested in SCO apparently to help SCO continue the litigation and, it is alleged, arm-twist risk-averse customers away from Linux and back towards using Microsoft products. Microsoft too has alleged that Linux infringes on its intellectual property as well.

A few years back, Novell made a bold move, and did a deal with Microsoft to indemnify Novell Linux users from any follow-on claims. Microsoft in turn agreed to improve interoperability with Novell’s Linux server systems, which resulted in Microsoft’s Hyper-V virtualization software being able to host Novell SuSE Linux Enterprise Server guests, among other customer benefits.

Novell was roundly trounced for doing that deal with Microsoft; “selling out” was frequently heard at the time. But we thought the deal was very shrewd on Novell’s part, for two reasons. First, Microsoft paid Novell ~$350 million, which gave Novell some extra cash to see the SCO litigation through to completion. Second, a number of our risk-averse clients who were on the fence about using Linux over Microsoft Server products could now choose between the two without worrying about any legal exposure. We ourselves continued to use Novell’s SuSE Linux server products in favor over other Linux distributions, including RedHat, in part because of this legal protection.

SCO can certainly appeal the decision, and given their history of tenacity, they might indeed do so. But yesterday’s ruling casts a long shadow protecting Linux users everywhere. And if that increasing competition spurs Microsoft towards greater innovation, then everyone benefits.

The full history of this fascinating case, and other related actions, can be found at http://www.groklaw.net.

If you need help understanding how to choose between Linux and Windows (and Macs, too!), we actively support all three platforms and would welcome the opportunity to help. Call us at (207) 772-5678.

Mark
CIO

P.S. If you’d like to subscribe to our blog, you can do so by linking to http://feeds.feedburner.com/ReliableNetworks

(“Borks” is a technical term meaning “really messed up” in somewhat less polite terms…)

A recent Microsoft patch MS10-015, which requires a reboot to complete the install, is reported to be causing a number of Microsoft servers and workstations to fail to reboot at all; the reboot ends with the infamous “Blue Screen of Death” and renders the system unusable.

Putting aside for a moment that this patch fixes a security hole Microsoft has known about for seventeen years, we think this incident highlights the need for a multi-layered approach to security in the first instance.

Microsoft is claiming that a number of systems experiencing the Blue Screen of Death are doing so because the systems were already compromised. So, right away, that tells you that even applying patches quickly isn’t enough to keep systems safe.

Further, the risk with applying patches immediately when they are released is that you will bork your system. It doesn’t happen often, but when you consider how expensive downtime really is, even once every few years is very expensive. (As I write this post, I see that Microsoft has pulled the patch to avoid borking additional systems.)

Solid network perimeter protection has been a staple of our best practices for years. Smaller clients sometimes balk initially at spending hundreds of dollars for an enterprise-grade firewall, but these devices represent cheap insurance at worst and in many cases generate a positive return on investment.

End-user education and “safe-browsing” policies are also required to avoid security breaches. Malware these days (as we have blogged previously) is increasingly sophisticated and insidious. Firewalls and anti-virus/malware software will always be a few steps behind.

So, when you have good perimeter protection and careful, educated end-users, you have the luxury of time in which to evaluate new patches as they are issued. The benefits are you stay safer all the time, and reduce the risk of borking your production systems.

If you need help with your company’s patch management and security posture, please give us a call at (207) 772-5678.

Hope that helps,
Mark
CIO

Before we get started, if you would like to subscribe to our blog posts via an RSS feed, just click here.

Now back to our regularly scheduled programming…

Zimbra 6 includes a number of document features already in Gmail and Google Docs, providing spreadsheet and Word-like document features.  Considering the price of Microsoft Office these days, Zimbra 6 and Gmail/Google Docs can be very cost-effective alternatives.

Unless of course the spreadsheets and documents you are creating you want to keep private.

You see, the Google Terms of Service give Google a perpetual and irrevocable right to use all of your Content pretty much any way they want, including republishing rights (It’s all in Section 11, here).  Sure, those same terms of service allow you to retain the copyrights in your works, but so what if Google can repurpose your content at will.

So, if you are using Gmail or Google Docs for anything confidential, well… it’s not.  If you are a bank, doctor, attorney, accountant or any other kind of professional with a fiduciary, regulatory or contractual responsibility to protect information and you have put any of that information in Gmail or Google Docs, you probably ought to speak with an attorney–fast.

Zimbra 6 on the other hand, has no such content licensing terms.  Nor do we (we are a Zimbra Premiere Hosting provider BTW); you not only retain full ownership of your data, you grant no Google-like licensing to us nor to Zimbra when you use Zimbra.

So if you are looking to avoid an expensive company-wide upgrade to Microsoft Office and/or Microsoft Exchange, while Gmail and Google Docs may look like good value for money, you’ll get what you pay for.  Talk to us about Zimbra (our system is very secure and  HIPAA-compliant out of the box.)

And the next time you speak to your own attorney, accountant or health professional, ask them if they are using Gmail or Google Docs, and if they answer yes, you may want to find a different attorney, accountant or health professional…

Mark Stone,

CIO

Microsoft Office is pretty ubiquitous, but most of our clients in the past few years have been complaining that each new version offered little reason to upgrade except that without the new version, you couldn’t open documents others created with the new version. Not really good value for money there, especially when each copy can cost several hundred dollars…

Since we are ourselves somewhat frugal, we have been using OpenOffice instead of Microsoft Office for several years now. Sure, we still have a few copies of Microsoft Office around when needed, but propeller heads like us get a big discount from Microsoft so the pain to our wallets has been minimal. (FWIW, Typically we exchange documents with others in Adobe Acrobat format, not Microsoft Office. OpenOffice includes a free pdf generator with a one-button click.)

Being open source, OpenOffice is both free and readily customizable by anyone who cares to. Novell (SuSE Linux), offers a version called Go Office which includes bits not included in the version available from OpenOffice.org, like better WordPerfect and Microsoft Office import filters. Sun offers a paid, supported version of OpenOffice and IBM’s Lotus division has a free, supported version of OpenOffice called Lotus Symphony.

Not widely reported, back in the Spring IBM made a decision that the OpenDocument format (a world standard supported by OpenOffice) would be the document interchange standard within IBM. The deadline for all 360,000 IBM’ers to start using Symphony (OpenOffice) instead of Microsoft Office is September 22. Already, 330,000 IBM’ers are using Symphony, according to Linux Magazine (http://www.linux-magazine.com/Online/News/IBM-Throws-Out-Microsoft-Office).

Of course, this doesn’t mean the end of Microsoft Office, but it is a nice reminder that we all do have choices, and that if IBM can cut the cord, then maybe we can do it too.

If you would like to learn if OpenOffice is for you (because it isn’t for everybody), call us at (207) 772-5678.

Mark Stone
CIO

Welcome to the Reliable Networks blog! Here you will find informative articles on network best practices, network security, news on cutting edge networking technologies, and much more. These articles will be written by experienced network engineers who will pass on their own experiences to you. Check back soon for more!

Click here to subscribe to our RSS feed