Exchange

Jul 16 2008   3:14PM GMT

Green is mean and lean but is it the ticket to prosperity? SAS70

Posted by: sas70expert
Security management, Third-party services, Security, Identity & Access Management, Management, Security Program Management, Compliance, Risk management, Auditing, Access control, Network Management Systems, CIO, DataCenter, Exchange, power systems, SAS 70, TrendMirco

Exchange Servers are increasingly being added to the electric grid and increasing the world’s energy consumption, carbon emissions and stream wastes. A recent report stated that “U.S. server electricity consumption has doubled in the past five years and now equals that of color TV’s. SAS70 audits review logical and network related controls for servers, but they don’t consider the energy consumption or quality of company environmental efforts.

 

All kinds of new energy saving ideas are being developed, including air-compressed backup generators. Greenpeace has developed a “Guide to Greener Electronics.” The guide ranks the 18 top manufacturers of personal computers, mobile phones, TV’s and games consoles according to their policies on toxic chemicals and recycling.

I think that this is great, but is it sustainable considering our populations demand for service NOW!? In an electronic age, where I can practically order anything, see any tv show, or buy any music at the touch of a button on my i-Phone, can we expect businesses to  choose green over a quick dollar? As datacenter demand grows and the need for servers bandwidth is required – will you stop and say  “No, I want my children to enjoy clean air, and clean water.” Or will you push forward with a browner (less green) alternative computing solution? Should SAS70 audits evaluate environmental and energy efforts?  sas70expert at gamil.com

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 30 2008   3:19AM GMT

DataCenters that go Green! – SAS70

Posted by: sas70expert
Third-party services, Networking, Network security, Network monitoring, Strategic Enterprise Management, Microsoft Windows, Management, Database Management Systems, Industry Solutions, Data center operations, Network Management Systems, Blackberry, Data center design, CIO, Mobile, DataCenter, DataManagement, CEO, CFO, storage arrays, cooling systems, Exchange, power systems, SAS 70, CSO, Rack systems

Can we believe all the hype? Is there a green revolution afoot? From cars to energy to datacenters, everyone is going green. Datacenters have become very complex, with so many interactions among processors, rack systems, power and cooling systems, storage arrays, networks, and communications channels - that they can be regarded as unique virtual environments that consume large amounts of energy. Our need to have access to the internet anywhere and everywhere, requires more capacity and increasing speeds of datacenter components. What steps are you taking to become Green?   

Jun 28 2008   1:33AM GMT

Are you ready to make decisions as CSO or CIO? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Networking, Security, Strategic Enterprise Management, Microsoft Windows, Information risk management, Career development, Management, Security Program Management, Compliance, Risk management, human factors, business/IT alignment, Auditing, Monitoring, Financials, Data center operations, CIO, DataCenter, DataManagement, CEO, management software, CFO, Email, Exchange, SAS 70, CSO

As you complete that CISSP or CISA designation and move up the corporate ladder, do you have the right skills to begin making the decisions as CSO or CIO? Even if you have a great understanding of IT operations(networking, disaster recovery, datacenter management), compliance(SAS70, Webtrust, Systrust, SOX), and leadership(Project management, financial budgeting and administration), if you don’t communicate effectively you will not make the list. IT leaders can write, speak until they are red in the face; however, if they are unable to speak general business language, the business audience will not support their IT objectives or provide funding. Some of the more important skills to have as CSO or CIO are:

• Communicate effectively
• Lead during a disaster
• Provide an IT strategy

 What are the important skills that a CSO or CIO must have to be a success? As a team leader? To build Board support? To be an effective information technology project manager/business leader? To build another Google, Microsoft Windows, or Email Exchange?

SAS70ExPERT@gmail.com

 

Jun 25 2008   11:21AM GMT

Data Exchange and SAS70

Posted by: sas70expert
Third-party services, Networking, Security, Identity & Access Management, routers, Compliance, Encryption, business/IT alignment, Auditing, Monitoring, Access control, CIO, DataCenter, DataManagement, CEO, FTP, instant messaging, CFO, Email, Exchange, SAS 70, CSO

Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods, suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. What data transfer method are you using and is it secure,manageable and auditable?

 

The types of data transfer continue to evolve and a variety of people with whom companies exchange data is also changing. For example, many companies outsource processes that they used to perform in-house. Furthermore, some even are processed overseas, especially in India. How much control do you have on your outsourced vendor? How do you know that their process to transfer data is secure and managed appropriately?  Trackback URL

Jun 19 2008   2:28PM GMT

Which search engine owns you? Identity management is owned by whom? – SAS70

Posted by: sas70expert
Third-party services, Active Directory, Security, Microsoft Windows, Identity & Access Management, Compliance, Auditing, Access, Access control, CIO, DataCenter, DataManagement, Single sign-on, Exchange, SAS 70, CSO

 Is it Yahoo? Or Google? Or? Shouldn’t it be the individual consumer? Every time you register on a website to download a movie or order a box of nuts, that information is being recorded. Some websites don’t keep this information confidential; it becomes entrenched in the search engine optimization techniques used by search engines and your name, address, and phone number may be appearing in random searches by someone in the Antarctic.

 

Without additional privacy legislation and SAS70 audits, your personal information may not be so personal anymore. Currently, if your personal information is leaked to the public, Companies only have to inform you of the data breach, and get you a credit monitoring service. Does this  seem fair? Should you have a single signon that is secure and corruption is preventable?

 

 

 

Jun 16 2008   4:46AM GMT

CIO, CEO, CFO’s role in future Information Technology(IT) - SAS70

Posted by: sas70expert
Disaster Recovery, Networking, Storage, Security, Microsoft Windows, Career development, Compliance, business/IT alignment, Auditing, CIO, DataCenter, DataManagement, CFO, Email, Exchange, SAS 70, budget, bugeting, CSO

When I was with the big four, we couldn’t just be auditors, we were risk management consultants. Today, it seems that IT job titles and roles are in a similar transition.As a consultant/auditor, I am always discussing with the client the value that I bring to their organization as an experienced SAS70 auditor. Because of my expertise my audit will be much more in-depth, more efficient and effective with their time, resources, and revenue.

According to Computerworld, the below job titles are examples of the kinds you’ll see cropping up in IT in the not-too-distant future. IT job titles with any hint of computers, databases, software development languages or data network will disappear.

· Product Architect

· Chief Delivery Officer

· Chief Process Officer

Why? It’s a direct result of IT becoming integrated into the business strategy and being considered a partner in the business instead of a service provider who has no effect on revenue.

Xcel Energy, a $10 billion electric power and natural gas utility in Minneapolis, is changing the way it looks at IT. The company expects its data managers to be able to look at data and figure out answers to questions, such as where money is being lost. In other words, the company wants someone to put data in a business context.

The outsourcing of ping, power, and pipe is common to third party vendors. Even management of the application is increasing outsourced; however, companies still need IT to manage the flow of data in/out of the application, the relationship with the outsourced vendor, and assist in performing data analysis.

The focus more on life-cycle management, vendor management and data analysis has raised the expertise requirements of IT functions and is requiring more business management decisions to be made by IT. Moving IT management away from technology management doesn’t take them out of the picture, it will make them more critical to the survival of the business and elevate their ability to make a difference within their companies strategic direction.

How do you think your role is changing? Are you being elevated? Or just asked to do more with less?

SAS70ExPERT@gmail. com

Jun 14 2008   6:39AM GMT

CIO - Are you sitting on your DataCenter assets or using them?

Posted by: sas70expert
Networking, Storage, Security, Microsoft Windows, Career development, Compliance, business/IT alignment, Auditing, CIO, DataCenter, DataManagement, CEO, CFO, Email, Exchange, SAS 70, budget, bugeting, CSO

Are you sitting on your DataCenter assets or using them? CIO/SAS70

 

As the economy continues to be unsteady, what are your priorities as CIO? As CEO’s continue to be fired, CIO’s should use the uncertainty to prioritize there IT efforts, strengthen their information security within their DataCenters, and improve communication to the business of IT efforts.

 

IT project funds are shrinking. Are you concentrating in the area that will return results to the bottom line of the business and keep your paycheck coming? Re-evaluate your priorities now – concentrate on those projects that will improve revenue; that will make you a superstar in the eyes of your management, and will solidify your job.

 

Prioritize and communicate to get the most value from all the hard work that you do. According to survey results, only 10% of CIO’s say that they did an excellent job of communicating the value of their IT assets to their bosses. If you performed a SAS70 audit, not only tell your customers, but make your internal management aware of it, as it should strengthen your network security internal controls. CIO’s should form an alliance with CFO’s to communicate the business value of the core IT assets and the projects completed within the year. Make efforts to let the Board, Management and other stakeholders aware of your hardwork and that are critical to survival of the business and quantity the net return that these IT projects bring to the organization. Scorecards work best to quickly identify areas of accomplishments, areas in process, and future plans. I use a similar technique to communicate to the audited the SAS70 audit process, results, issues and deadlines. What other methods do you use? Do you plan on cutting or adding to your IT budget for 2008 an 2009?

 

TAGs: DataCenter, Budgeting, Business/IT alignment, Career development, CIO,

 

Jun 12 2008   8:51PM GMT

iPhone’s and data security

Posted by: sas70expert
Networking, Security, Servers, Compliance, Viruses, Auditing, CIO, Mobile, DataManagement, Email, Exchange, SAS 70

What about the new iPhone? It has an abundance of new features and new headaches? With the latest push of emails to your iPhone, how many more network issues will this create? 

With the iPhone, you can download, pictures, music, and applications – how many of these will have undetected viruses or Trojan horses? As executives demand more technology, do you have enough security in place to prevent such disasters to your network? How much downtime can you afford? 

In a SAS70 audit, wireless networks and the related controls are normally tested. Testing of phone connectivity to internal networks and the related hazards are not normal considerations. 

I would recommend standardization of cell phones. Chose a cell phone that meets business needs and provides basic communication access for employees. Enact most security features to prevent rogue viruses from attacking your network. The phones should only sync with your business Exchange server and not the employee’s personal contacts or emails.

 

Jun 11 2008   12:47AM GMT

Exchange and Email

Posted by: sas70expert
Disaster Recovery, Auditing, Email, Backup & recovery, Exchange, Backup, SAS 70

SAS70 audits do not require disaster recovery to be audited; however, backups of email can be critical to survival of a Company should they be sued.

The process to back up emails can be expensive and time-consuming. I tried clustering Exchange servers. It was a mistake from the start – it became too complicated, I had to add 3 additional staff, hardware and don’t forget the licensing costs.

There are some appliances that make it easier to replicate to Exchange and other major mail servers. What appliances worked best for you? Or are there other techniques you can recommend to expedite the email backup process?