Tuesday, September 30, 2008

ICT innovation and The Credit Crunch

Now The Credit Crunch is making new victims on a daily basis it's very likely that ICT budget will be reduced. So what do you do? Off course you want to introduce these new Microsoft services that make your life and those of your colleagues better. But when your budget is cut how do your spend it correctly on servers, consultancy and licenses.

My answer? Virtualize where possible. Nowadays Microsoft Hyper-V and VMware are a good to reduce physical servers and spend more on software or consultancy.
Especially with Hyper-V in combination with Windows 2008 Enterprise licensing will give you a good value. Because one Windows 2008 Enterprise license gives you the right to install up to 4 virtual guests based on the same licenses. Very nice.

Just released is the Hyper-V 2008 server. Free to use. Except for the guest licenses of course. Another cheap way to get started with Virtualization

Things you can virtualize based on this license type are:

  • Exchange mail
  • Active Directory
  • Sharepoint
  • Webservers
  • Development

These services can be virtualized on Windows 2008 guests OS. in my own experiences with Hyper-V the only hard part is getting the right hardware.

Hyper-V has a certified server list. My experiences are with Dell Poweredge 2950 series. In combination with a lot of memory (8 GB +) and discs you can easily host up to 8 active Guests. While you busy configuring don't forget some extra NIC's (from 2 to 4). You'll thank me later.

A Dell Poweredge server with 8 GB mem and plenty of HD's is available for 3000 to 4000 euro. A Windows 2008 enterprise license for circa 2500 euro.

And with 2 dell servers and load balancing features in Hyper-V and Windows 2008 you have an excellent fast and reliable solution. At least that's how it worked out for me...

Thanks for reading. Let me know if this works for you or if I can help.

Tuesday, September 16, 2008

Compliancy, innovation and security

In this first in-dept topic I will try to cover the impact compliancy can have on security and innovation.

Many companies store customer data like privacy information such as names, email addresses, addresses, phone numbers. But that's not all companies that sell or provide online services might store purchase and payment information like credit card or bank details.

The whole process of obtaining, retrieving and storing the data can be a potential risk and needs to be conform a standard defined by a compliancy institution. Popular certifications and compliancy standards are Sarbanes Oxley, PCI DSS and ISO standards.

It's obvious that compliancy affects many employees, procedures and systems. Therefor it's important to know what is in scope and what not. In my experience I find it use full to set all Internet facing systems in scope. Threating all Internet facing systems the same way as defined by the compliancy standard is a good security practice.
Internet facing systems include mail, voip services, websites and remote access. If these systems must be compliant.

You don't want to be in the middle of a migration when the auditor is looking behind your back. So planning upgrades to new versions or introducing new services need to be between visits of auditors. At least that is what I suggest.

It might be worth to upgrade to a new version or introduce new systems before the auditor comes. If your schedule finds time for planning, deploying, testing and updating documents needed for compliancy.

Upgrades (Microsoft products) that provide better security and are mostly appreciated by auditors are:
  • Exchange servers upgraded to Exchange server 2007
  • Introducing Office Communicator 2007 and services
  • Windows XP to Windows Vista
  • Forefront client security
Exchange servers upgraded to Exchange server 2007

  1. Removes relaying options on your external SMTP server by introducing the transport role.
  2. Adds advanced anti spam functions
  3. Advanced antivirus system with forefront for exchange
  4. Improved global security with roles and rewritten services and structure

Introducing Office Communicator 2007 and services

  1. Secure voip services
  2. Encrypted instant messaging (no need for MSN, skype or other)
  3. Improved secure communication

Also a drawback which is more externally connected Internet facing IP's and services.

Windows XP to Windows Vista

With the right hardware investment Vista provides a faster and better more secure computer environment. Especially the dreaded UAC which is a really good security feature against, scripts, virus and trojans.

Forefront client security with WSUS and MOM

This gives you full control over the computers in your network.

  1. Security state assessment and alert reporting
  2. Enforced real-time antivirus scanning with daily updates
  3. WSUS for scheduled enforced centrally managed updates
  4. AD Group Policy Objects for controlling forefront protected computers
As you can see it can be a good thing to upgrade or introduce new services even if you need to be compliant and are audited. But always take great care in planning and deploying and do a security scan for computers connected to the Internet.

Thank you for reading. Let me know if this works for you.

Wednesday, September 3, 2008

ICT Innovation and Security blog

Dear Reader,

This my blog about ICT innovation and security, or is the security and innovation? Happily for me ICT innovation creates new security threats as well decreased security risks. So which one comes first and is more important? A hard question. Which I hope to answer with a series of articles. In these articles I will try to cover important aspects of new technology and how it benefits you or might have possible security concerns.

Focussing on Microsoft products, but also covering compliancy, managed services, outsourcing, servers, firewalls, switching, virtualization and applications. From A-Z from the end-user as consumer or employee to partner or client.

In these articles I will try to apply my knowledge and experience which I have gathered the last 10 years. In my position as CTO and CSO of Payvision a credit card processing company I often have to make choices regarding to security and innovation.

Credit card processing companies need to be PCI DSS compliant nowadays. A good thing which enforces security policies and best practices with companies which process MasterCard and Visa transactions. But having this compliancy obligation innovation can be postponed or not possible, because compliancy can be more important then innovation. Or not? See my next article.

I hope my articles can shed some light on today issues and technology. But feel free to request a topic which is on your mind.

Thanks for reading. write to you soon...