Most organizations have developed cyber security measures for battling today’s mounting threats, yet many admit their businesses remain seriously at risk.
That’s according to new research published last week by NetEnrich, an IT infrastructure and operations management services provider. NetEnrich collected data for its study in October, polling 150 IT professionals on their companies’ cyber security measures for handling potential strikes. While the study revealed 82% of the companies have a plan for handling attacks, about a third of the surveyed respondents noted critical vulnerabilities in their hardware and software systems.
“I always say, ‘Security is not a sprint; it is a marathon,'” said Vikram Chabra, solution architect at NetEnrich, based in San Jose, Calif.
Although NetEnrich found that cybersecurity readiness plans were prevalent among respondents, the objectives of these plans varied. Half of the respondents said attack prevention was the main goal of the plan, while the other half cited a mixture of recovery of loss from attacks, organizational response to attacks and business continuity throughout attacks.
The research findings also highlighted that companies are trying to safeguard their organizations against multiple threat sources. The most likely instigators of cyberattacks were employees, rogue or otherwise, according to 53% of respondents. Additionally, 18% cited non-employees working as part of a “group” as a likely source of cyberattacks, while 15% pointed to non-employees working alone. Four percent indicated state-sponsored organizations as potential threats.
In addition, more than 40% of respondents said they have been victims of a cyberattack, a finding that Chabra said stood out.
The causes behind these breaches were wide-ranging. The top three causes that respondents indicated were stolen or weak passwords, cited by 26%; followed by testing and monitoring systems failure (21%) and advanced persistent threats (15%). Respondents also attributed breaches to employee error, cited by 14%, and lost equipment such as laptops and mobile devices, by 7%.
When NetEnrich asked respondents if the attacks could have been avoided, respondents identified a few different measures they would have taken. Forty-three percent said a better cyber security policy would have thwarted the attack, while 37% cited better tools and methods for testing and monitoring. Twenty-one percent believed they could have prevented the attacks if they had better communicated security policies to their employees.
One of the drivers compelling organizations to adopt cyber security measures, the study suggested, may be the high costs of falling victim to cybercrime. The majority of the survey-takers said the average cost of a breach today is between $50,000 and $100,000.
Other findings of the NetEnrich study included that 66% of organizations contract with third-party consultants or managed security service providers to develop or implement security plans. Sixty-nine percent said the services were “very helpful.”
Chabra noted that companies may have some cyber security measures for managing attacks but many aren’t thinking beyond prevention. Companies should increasingly focus on continual monitoring and detection, he said.
Additionally, he advised that all channel partners, whether value-added resellers or IT service providers, ensure they include security capabilities in all their offerings.
The rise of software turned out to be a key theme at last week’s Cisco Partner Summit 2016.
Indeed, software is at the center of Cisco’s push to virtualize traditionally hardware-based functions and provide more complete offerings through its channel partners. Offerings such as the Cisco ONE Software licensing program bundle a range of capabilities that customers can switch on as needed. Channel partners can consult with customers on Cisco ONE’s software components and deployment. Other Cisco software moves include cultivating relationships with ISVs and encouraging developers through its DevNet program. Coverage of those developments is available here.
But that’s not the entirety of Cisco’s software gambit. Antone Gonsalves, news director for TechTarget’s Networking Media Group, covered a different software angle in his Cisco Partner Summit coverage: network automation tools. The article, Cisco pledges a quicker rollout of network automation tools, discusses Cisco’s bid to have software absorb the day-to-day networking chores that many companies currently undertake manually on hardware. Continued »
Cisco is changing up its professional services delivery, a move company executives said will give partners more selling options and lessen the potential for channel conflict.
The company’s Cisco Services organization provides a range of offerings, including optimization, advisory and support services. Cisco partners can sell those services to their end customers.
Joe Cozzolino was named senior vice president of services in June 2015 and has been restructuring the group since then. “There’s been a lot of work [and] lots of changes,” he told attendees at Cisco Partner Summit 2016.
Those changes include an updated roster of optimization services. To wit, Cisco has built upon its well-established network optimization services to now include security, data center and collaboration optimization services. That expansion puts more items “in the bag for everyone to sell,” Cozzolino said.
In another expansion, Cisco has increased the number of solution support SKUs offered via Cisco Services from 12 to 22.
But while Cisco adds services, it is has also decided what service businesses it doesn’t want to pursue. Cozzolino said a decision was made about a year ago to not participate in the business process consulting space and emphasize technical advisory services instead.
Overall, Cisco Services has modified its approach to professional services and will refrain from “going everywhere” with its services, Cozzolino added.
“My goal is not to be a systems integrator or a large managed service provider,” he said.
Instead, Cisco Services will focus on providing specialized capabilities around its architecture, while looking to scale through its channel partners.
And to keep everyone on the same partnering page, Cisco is in the process of updating its partner engagement policy for its sales force. Cisco officials suggested that’s a timely step, given the integration of Cisco service and product sales in the field.
“This is really to educate our sellers on those policies and give a clear governance path,” said Wendy Bahr, senior vice president of Cisco’s Global Partner Organization.
The revised partner engagement policy will be out by the end of November, Bahr said.
Alibaba Cloud, the cloud service arm of China’s Alibaba Group Holding Ltd., rolled out a wide-ranging partnering initiative in 2015. The ins and outs of partnering with Amazon Web Services, Microsoft Azure, Google and other U.S.-based cloud providers are well documented. But what is it like to work with the cloud operation of China’s e-commerce giant?
Jason Singh, head of marketing, APAC, at Datapipe, a managed service provider (MSP) and cloud services provider based in Jersey City, N.J., can shed some light on that question. Datapipe recently announced that it is an Alibaba Cloud Managed Service Provider partner. The MSP said it will plan, build and operate cloud environment for Alibaba Cloud customers, tapping into AliCloud’s computing, storage, database, big data and content distribution network assets. Continued »
Facebook last week launched its Workplace Partner Program to back its newly released social and collaboration platform for the enterprise.
So far, we know the program involves 13 service partners that Facebook says will guide customers “every step of the way to bring Workplace” to their organizations. CSC, Deloitte Digital and SADA Systems are among the IT services providers and professional services firms participating on the service partner side.
The Workplace Partner Program also includes a tier of “Identity Providers” that integrate with Workplace. Those partners are G Suite, Microsoft Azure Active Directory, Okta, OneLogin and Ping Identity. Continued »
IT documentation, explored recently in contributor Esther Shein’s feature, has proven to be a vital yet sometimes neglected aspect of running a managed services business.
For Jonathan Broyles, senior systems engineer at CisCom Solutions, a managed services provider (MSP) based in Louisville, Ky., maintaining documentation is as crucial to MSPs as backups. “If you don’t have a good backup or if you don’t have good documentation and the customer calls you because of a disaster in the middle of the night, you’re in [trouble] right there,” he said. “It’s not a place where I ever want to find myself.”
That being said, Broyles has seen MSP environments that range from having little or no IT documentation to excessive documentation “in some form or fashion.” IT documentation is “one of the things I think everyone in the industry probably realizes [they need], and they preach about how important the documentation is. But do they practice it? I couldn’t tell you that.”
CisCom, which has about 30 employees, adopted IT Glue’s documentation software shortly after Broyles joined the company in June 2015. At the time, the MSP had minimal documentation, Broyles noted, adding that he had had to shoulder-tap managers and co-workers for the information he needed, such as passwords to log into customer networks. “There wasn’t really a lot of documentation at that point in time. So [we] identified we needed a documentation solution, and we then investigated IT Glue and [several other products].”
Broyles said CisCom was interested in finding an IT documentation product that would integrate with ConnectWise, its professional services automation software, and LabTech Software, which CisCom uses for remote monitoring and management (RMM). “[IT Glue] allowed us to start having a unified platform … that is going to be pulling in information from … our RMM and ticketing system and then … create more customized documentation that fits a particular need,” he said.
While ConnectWise provides similar functions, IT Glue has more powerful features, he added, including a “pretty sophisticated tagging system.” Techs can use the software to pull up customer-specific information from one page, “which really has power for existing technicians as well as technicians on their first day.”
Deploying and setting up the IT Glue software was easy, particularly because CisCom had no IT documentation system to migrate from. Building a culture around documentation presented more of a challenge. CisCom, however, had a compelling rationale for getting its staff to adopt a new documentation culture: If a staff member was “run over by a bus tomorrow,” what knowledge do they have that would have to be either recovered or recreated? “Granted it’s a morbid way of looking at it, but it has allowed us to build this culture of, ‘Hey, things change. Now we’ve got to update documentation,'” he said.
Since adopting IT Glue, CisCom has created roughly 10,000 pieces of documentation, “all of which has significant value to us,” Broyles said. Its employees use the software “pretty much by default” now.
The benefits of having IT documentation software like IT Glue may not instantly be apparent to MSPs, said Phill Claxton, COO of IT Glue, based in Vancouver, but over time, MSPs will realize time savings, efficiency gains and the security of having a depository of important information – all of which enables MSPs to scale their businesses.
Claxton also pointed to one of IT Glue’s capabilities for inviting customers into the tool to share information, which he said offers a way for MSPs to differentiate themselves from competitors. Broyles, who is now a member of IT Glue’s partner advisory council, said these capabilities have allowed CisCom to save time by providing customers with step-by-step instructions for resolving minor issues on their own. “Sometimes there are incidents … where it would be great to be able to send a customer a piece of documentation that is step-by-step with photos and words and all that jazz to help them work on their own time to be able to solve the issues,” he said.
Claxton also said IT Glue will roll out a gamification feature in its software in the near future.
Managed service providers rely on automation to deliver services profitably, but they can’t maintain client relationships entirely on a remote basis.
Indeed, Mark Shaw, president of StoredTech, an IT service and support company based in the Glens Falls, N.Y. area, advises service providers to schedule regular client review meetings with customers. While MSPs may argue clients pay them so they don’t have to see them, Shaw contends that face-to-face account meetings are a must.
Here’s a cybersecurity niche that channel partners may not have considered: providing IT security assessment services as part of the merger-and-acquisition due diligence process.
Strategic buyers and private equity firms scrutinize an M&A target’s financial numbers before doing a deal, but they are now exploring the acquisition candidate’s security posture as well. According to West Monroe Partners, a business and technology consulting firm based in Chicago, executives engaged in M&A activities put considerable weight on cybersecurity as an investment criterion.
West Monroe retained Mergermarket, a company that focuses on M&A research, to interview 30 senior M&A practitioners based in North America, representing the healthcare, manufacturing and distribution, banking, and high-tech sectors. The study reveals that 80% of the respondents cited cybersecurity issues as highly important in the due diligence process, while 20% rated cybersecurity as somewhat important. In addition, 77% of those polled said the importance of IT security issues at M&A targets had increased significantly over the past 24 months. Continued »
With Windows 10 having celebrated in July its first year on the market, service provider Softchoice has found a scant presence of the OS within its client base.
Softchoice’s recent study of its clients’ IT environments, which looked at more than 400,000 Windows-based devices at 169 North American organizations, revealed only 0.75% of the devices run on Windows 10. The study was the latest of several analyses the company has conducted using data drawn from its client base — the bulk of which is enterprise sized with 500-plus seats. Many of the company’s clients are recurring, allowing the company to obtain insight into clients’ changing environments over time, noted David Brisbois, senior manager of assessment and technology deployment services consulting at Softchoice, based in Toronto.
Brisbois wasn’t surprised by Windows 10’s low adoption rate. “The newest OSes are never widely adopted in the commercial space,” he said. “In most cases, there were a fair number of organizations that had a Windows 10 device or a couple Windows 10 devices, but it was less than a percentage. So it wasn’t really material to the study.”
While he cited upgraded security as one of the major reasons to move to Windows 10, he said the OS’s focus on touch-enabled interfaces hasn’t lured many customers. “I think a lot of the perception today around Windows 10 is that it’s geared toward touch interfaces. It doesn’t take long to walk around any of our clients’ sites to notice a lot of them still have monitors and laptops that are not touch enabled. So the whole idea of Windows 8 or Windows 10, which are both very small deployment numbers, isn’t very overly appealing, because [customers are] not looking at it from a security perspective.”
Another factor Brisbois attributed the lagging Windows 10 adoption is the use of web-based applications. “The OS isn’t as important in [software as a service] scenarios because you get the same functionality.”
Windows 7, meanwhile, dominated Softchoice’s client environments, with 91% of scanned devices running on the operating system, an increase from 18% in 2015.
Most organizations have standardized on Windows 7, Brisbois said, partly due to the phasing out of Windows XP. The study found Windows XP has “pretty much disappeared,” with only 5% of devices on the unsupported OS, down from 20% last year. Computers today that run Windows XP tend to be legacy terminals used for specific functions where “there’s just no need to break what’s working,” he said. Larger clients with over 5,000 seats tended to have the most Windows XP operating systems in use, while organizations between 1,000 and 5,000 seats had less. The smaller, more agile organizations were “the ones that got rid of Windows XP the fastest and [adopted] Windows 7 the quickest.”
The results of the study didn’t impact Softchoice’s current direction as a company, Brisbois said. “Personally, I don’t think there’s this huge need to get people onto [the Windows 10] OS. … I’d say our biggest opportunity that we focus on as an organization is definitely on cloud adoption, Office 365 [and] Azure. That’s where we put our effort,” he explained. “Azure’s been a great opportunity for us, and we’re going to continue to zero in on the Azure piece.”
Many channel partners run the rule over technology vendors in the course of doing business.
Trace3, an IT solutions provider and consulting firm, has taken the next step and made tech research a part of its business strategy. The company, based in Irvine, Calif., has been growing its Innovation Research Team over the past couple of years. The group’s charter is to provide a bi-directional conduit between the venture capital (VC) community and the startup world, on the one hand, and enterprise customers and CIOs, on the other.
Trace3 president Chad Cardenas says the purpose of the Innovation Research program is to provide CIO clients and prospects with early access to the next game-changing, disruptive technologies. Cardenas said Trace3’s innovation research model, which he called a pioneering effort, helps IT buyers “make much more informed purchasing decisions.” Continued »