Arraya Insights

by

How’s this for a balancing act? A company’s network must be an impenetrable fortress to the wrong people (hackers and cyber crooks) while being easily accessible and user-friendly to the right Identity targetones (employees, guests and all of their devices). That’s the security tightrope today’s IT pros must walk. However, there is a solution: Cisco’s Identity Services Engine (ISE).

ISE is a security policy management platform capable of automating and centralizing access control. This allows ISE to proactively enforce role-based access to corporate data across all possible entry points, including wired or wireless, onsite or off. The strength of this solution helped in part to propel Cisco into the Industry Leader category of the Network Access Control Magic Quadrant from Gartner.

It also comes complete with its own tool designed to help users build and release guest and self-service mobility network access portals. This tool, known as ISE Portal Builder (IPB), is available to all Cisco ISE 1.2 and 1.3 customers at no additional charge. Let’s take a deeper dive into six of the most valuable features IPB has to offer:

  1. Expert look with an easy-to-use interface. IPB provides users with numerous ways to customize the look and feel of their portal. They can change the color, size and type of the text, set their own color palette and place images to fit their needs. IPB will store all of these choices and apply them to every portal contained within a set project. However, users can choose to opt out and tailor make every individual portal.
  2. No-guesswork design process. IPB’s drag-and-drop functionality gives users a “what you see is what you get” view of their work. It eliminates the speculation that used to be inherent in the design phase. Now users will have a real-time view of how their finished project will look on platforms like laptops or smartphones.
  3. Unified image warehouse. Users can house all of the graphics, banners, ads, and more directly in IPB’s image manager. This ensures the image files they need for their portals will be close at hand should changes need to be made.
  4. Stress-free portal maintenance. IPB’s accessible interface means no expertise is required to make changes to or update a portal. Anyone on the IT team should be able to step in and refresh the look of a portal, add an announcement, etc. This makes it easier to keep a portal up-to-date and relevant to the organization’s shifting needs.
  5. Enhanced team-based methodology. This feature opens up the portal-building process. Builders can share designs with their co-workers for review and editing. They can open the doors even further and share their design with the rest of the Cisco IPB community. Builders looking for inspiration can peruse the designs others have come up with.
  6. Automated portal uploads. IPB doesn’t just make it easier to build custom portals, it makes it easier to export and configure them as well. It features a browser plug-in which can streamline the route between design and launch. This plug-in also ensures the portal IT built is exactly what users will see when they go to engage with it.

Achieve your security and access goals

Ready to bring the industry-leading power and security of ISE to your organization? Arraya Solutions can help. We are a Cisco Premier Partner and our team of Cisco experts has years of experience simplifying the complex for our customers. We work with them to select and deploy the game-changing technologies that will make the biggest difference when it comes to addressing their unique organizational needs. The end result is an IT architecture that is safe, agile and more manageable. Schedule your free security briefing today by visiting www.arrayasolutions.com/contact-us/.

To learn more about Arraya, our Cisco experience or to reach out to one of our Account Executives to schedule a meeting, visit us at: www.ArrayaSolutions.com. Follow us on Twitter, @ArrayaSolutions, to keep up with the latest company news, offers and industry updates.

by

In early August, I happened to be working on some Enterprise Mobility Suite collateral and noticed that the price of it went up about a dollar per user per month. What could account for this change?business hand shows touch screen mobile phone with streaming images Well, Advanced Threat Analytics had been added to the Enterprise Mobility Suite.

Just to recap, EMS is much more than another MDM solution. It keeps your corporate data secure on mobile devices, sure. It also manages cloud identities, provides SSO to SaaS applications, gives users self-service password reset and multi-factor authentication, protects your sensitive information at the document level and does much more.

With Advanced Threat Analytics, Microsoft is helping to protect against zero day vulnerabilities and hacks that tend to go unnoticed for months on end. What exactly does that mean?

With Advanced Threat Analytics, you can combine your IT and security logging through Active Directory and other SIEM systems and have it run through Machine Learning on an on-premises system (this isn’t Azure Machine Learning). As time goes on, it builds an Organization Security Graph that looks for anomalies and known attack patterns in the data.

Upon detection of something wrong, Advanced Threat Analytics can alert you and make recommendations on courses of action. This helps your IT staff figure out quickly what should be done.

Here’s a great analogy. Have you ever traveled, tried to use your credit card and either have it denied or received a call about an unusual charge because you were away from your home town? This is what Advanced Threat Analytics gives your business. The peace of mind to detect strange behavior and take action on it without having to sift through mountains of data.

Basically:

  • What does the user usually do?
  • What does the user not usually do?

This is the behavior analysis component. It may seem simplistic, but this has been a blind spot for a lot of businesses. Most security attacks happen at the identity level via stolen or compromised credentials. These attacks take months to execute. The machine learning in Advanced Threat Analytics can make a real difference and help your business avoid being in the headlines.

Microsoft has put a lot of effort into the alerting to avoid this ‘alert fatigue’. It not only compares a single user’s behavior to itself, but also to other users all to avoid false positives.

Behavior analysis isn’t the only way the Advanced Threat Analytics can help keep you protected. It also will look for known security issues and vulnerabilities and known malicious attacks. For example, it will keep an eye out for machines that have lost their domain trust or someone conducting a specific type of known attack methodology, such as pass-the-hash.

All of this requires no agents, drivers, or escalated privileges. Instead it uses port mirroring, taking traffic directly from the wire. This helps keep it a little more hidden from hackers.

The value of Advanced Threat Analytics is just that. Forget combing through alerts that often are ignored due to the volume. Now, you have the ability to aggregate the logs and let the server do the work. Advanced Threat Analytics saves mountains of time on something that really needs focus, but often doesn’t get it – security.

The Enterprise Mobility Suite is already protected across identities, devices,  and content. With Advanced Threat Analytics, Microsoft is giving IT an easy to manage toolset to keep security front of mind. If you would like to watch a demo of the Enterprise Mobility Suite, you can check it out here. Otherwise, Arraya’s Microsoft Practice stands ready to help! Our team has extensive experience supporting a wide range of Microsoft solutions, including EMS and Advanced Threat Analytics. A partnership with Arraya ensures customers achieve lasting, meaningful results from their technological investments.

If you’d like to learn more about Arraya, our Microsoft Practice or any of the services and solutions we specialize in, visit us at www.ArrayaSolutions.com. Also, follow us on Twitter, @ArrayaSolutions, for insights and special offers from the Arraya team.

by

Windows Server 2003’s July 14 end of life wasn’t the only deadline IT pros were keeping an eye on this past summer. Also on the radar was July 25, which was when Cisco’s Intrusion Prevention SystemDominoes falling from back on black background (IPS) was shipped for the last time. That date was just the latest in a long line of “lasts” and “ends” for IPS as Cisco begins the process of retiring the aging security system and moving customers over to a more modern set up. It came a few months after the product’s end of sale date (April 26) and well-ahead of the final support dates – April 30, 2018 for application software and April 30, 2020 for hardware.

Spring of 2018 and 2020? That leaves plenty of time to transition off of IPS, right? It absolutely does. However, it’s never too early to start making the necessary preparations for upgrading your security environment. That way when end of support does hit, you’ll be able to take it in stride, knowing that your organization has long-since been covered.

The questions remains though – Where do you go from IPS? Cisco has plenty of security options worth considering, including FirePOWER Next-Generation IPS (NGIPS).

Today’s security threats are complex and always-evolving. So the solutions organizations deploy to fend off those threats must be strong and smart as well as flexible. FirePOWER NGIPS can provide the advanced threat protection organizations need to stay safe. It’s positioned to address the entirety of what Cisco refers to as the “attack continuum,” meaning FirePOWER NGIPS can play an active role before, during and after an attack.

FirePOWER NGIPS features:

  • Real-time contextual awareness to give IT access to up-to-the-minute event data covering the full scope of its environment. This includes apps, users, devices, OSes and more. If something goes wrong, IT will know exactly what’s been affected and what’s at risk.
  • Industry-leading protection from cutting edge security hazards. FirePOWER NGIPS has been vetted and validated by independent, third-party experts and hailed by customers worldwide.
  • Intelligent security automation to reduce security spend while better equipping organizations to manage and safeguard rapidly-changing environments. As part of this, IT pros will have access to automated event impact assessments, IPS policy tuning, network behavior analysis and more.
  • High performance and scalability made possible by low-latency, single-pass appliances.
  • Optional application control, URL filtering and advanced malware protection (AMP) which work together to reduce the surface area of an attack. FirePOWER NGIPS lets IT pros regulate more than 3000 apps and hundreds of millions of URLs split up amongst 80 categories. If something does manage to elude that safety net, IT will know about it and will be able to track and block them, significantly limiting the damage that could be inflicted.

Securing your organization’s future 

If your organization utilizes IPS, the time has come to start thinking about what needs to happen next. Upgrading to FirePOWER NGIPS is a sound step, however that’s far from the only option on the table. Arraya Solutions has the security and the Cisco know-how to help you identify the solution that will best meet your company’s individual needs. Then Arraya’s experts will work with your IT team to draw up – and even execute – a migration plan that will move your organization away from legacy tools such as IPS quickly and efficiently.

Ready to get started? Visit www.arrayasolutions.com/contact-us/ to claim your completely free security architecture consultation with Arraya. This consultation can illuminate weaknesses and provide a jumping off point for transforming them into strengths.

To learn more about Arraya and the other ways we can help your IT team optimize resources while minimizing headaches, visit us at www.ArrayaSolutions.com. Be sure to follow us on Twitter, @ArrayaSolutions, to stay in the loop with all of our latest company news and special offers.

by

Extended care facilities put a lot of faith in their IT vendors to supply the advanced, secure technologies they need to ensure residents receive a high level of care and service. However, the very same vendors those facilities are counting on could inadvertently be leaving sensitive data – including resident’s protected health information (PHI) – exposed.

Organizations within the healthcare field are becoming a favorite target for hackers. It doesn’t matter if they’re a nationwide insurance provider or a local extended care organization, they could still be targeted. The financial costs associated with such an event can be extremely damaging. In fact, come 2019, breaches are projected to cost organizations across all industries a truly dizzying $2.1 trillion. The other part of the fallout from breaches, namely the loss of trust from the users whose data was impacted – be it residents, internal staffers, etc. – can be almost as detrimental.

Vendors doing more harm than good

Considering the costs, facilities need to know their IT partners are doing everything possible to keep private data private. Here are four common IT vendor mistakes healthcare organizations need to be on the watch for:

1. Issues with patches and updates.
An unpatched or out-of-date system is essentially a welcome mat for cybercrooks and hackers. However, vendors who “patch and forget” can also run into difficulties. Patches and updates don’t always work exactly as their makers intended, as a result, regular monitoring by IT vendors is a must. Otherwise, a facility could be lured into a false sense of security.

Takeaway: Arraya’s Managed Services team can take the lead on anything from minor projects like upgrades and patches up to more labor intensive cases like product roll outs and deployments. It all depends on the needs of the customer. The Arraya team has a plethora of experience working with mission-critical technologies, which helps weed out upgrade conflicts before they happen. In terms of regular monitoring, as part of every Managed Services engagement, Arraya deploys its enterprise-grade Alert monitoring platform. This service comes at no additional charge and the info it provides is used to diagnose trouble spots and conflicts much more quickly. In the event that something does go wrong with a patch, Arraya’s team will know about it right away and can get to work removing it.

2. Missing out on suspicious activity.
The length of time from when a data breach first occurs to when it’s detected and remedied can be alarming. Remember the Anthem, Inc. breach? That one potentially involved the personal info of 80 million customers and is thought to have begun in April 2014. The public didn’t find out about it until February 2015. The Premera Blue Cross breach? That attack may have affected the personal, financial and medical information of 11 million customers and it began in early May 2014. It went undetected until Jan. 29 of this year.

Takeaway: The longer they’re in a system, the better chance hackers have at getting their hands on resident’s PHI or employee financial info. This puts additional pressure on IT vendors to keep them out in the first place. One way to do this is with an in-depth knowledge of the latest and greatest security solutions on the market. The other part is having eyes on and knowledge of the availability, health, and performance of customers’ devices and applications – 24/7, 365 days a year. Arraya’s Alert platform provides round-the-clock monitoring to keep facilities off of the defensive and out in front of issues.

3. Lack of specialized industry insight.
The knowledge of most IT vendors doesn’t always extend far beyond the realm of IT. This includes issues that are unique to their customers. Every customer’s situation is distinct and every industry has its own set of rules and regulations, especially the healthcare field. For example, just because a solution or an app worked in a hospital, it could be problematic within the confines of extended care.

Takeaway: IT vendors must invest the time into learning the ins and outs of their customers’ systems. Without that knowledge, it’s possible a solution won’t perform exactly as expected, again, inviting in those who are up to no good. Arraya’s Managed Services team prides itself on seamlessly functioning as an extension of customers’ existing IT teams. Arraya recognizes the importance of learning customers’ environments and creating customized solutions for each job. This way, when something is rolled out, facilities can be confident it’s what they need.

4. Poor change control tactics.
Changes usually equate to improvements so, by their nature, they’re supposed lessen the number of headaches for organizations. Of course, this isn’t always the case. Poorly timed or planned changes can wind up causing more problems than they solve.

Takeaway: Proper planning is essential to making changes. Hassle-free maintenance is the ideal Arraya’s Managed Services team strives to achieve with every engagement. Recurring maintenance activities are scheduled and executed during off-peak periods so as to not interfer with the needs of residents or staff. On top of that, any planned changes are communicated to customers well in advance. All of this promotes changes that are actual improvements and that don’t make customers start seeing red.

Ready to learn more about Arraya’s full line of Managed Services offerings? Visit us at www.ArrayaSolutions.com. There you’ll find data sheets and testimonials from customers who’ve experienced firsthand the value of a Managed Services partnership with Arraya. You’ll also be able to reach out to schedule an appointment with one of our Account Executives to gain access to even more info.

In the meantime, be sure to follow us on Twitter, @ArrayaSolutions, to stay updated on the latest company news and special offers.

by

Windows 10 has been touted by Microsoft as the most secure operating system ever. Only time will tell whether or not this will hold true. It is certainly a visually pleasing and robust operating Laptopsystem, as is evident by the 27 million downloads that have happened through August 8th. With a lot of Enterprises skipping Windows 8, Windows 10 is starting to look like the best option to modernize.

A strong platform starts with a great deployment plan. Microsoft has made Windows 10 deployment much easier than it has been previously. Customers still have the option to reimage everything from scratch, but that is no longer the only choice. Just like over the internet, customers on Windows 7 and up can perform in place upgrades to Windows 10. A couple of caveats though – be sure to test your websites with Microsoft Edge (or the Windows 10 version of Internet Explorer 11) and test out all of your applications as well. Most should just work, but some may need to be reloaded or run in compatibility mode.

When Windows 8 came out, Enterprises shied away from the Modern Interface (a.k.a. Metro). It was too jarring for a lot of companies. Windows 10 brought back the Start Menu for familiarity’s sake, but kept other features like Live Tiles on the Start Menu. Whether your users are on Windows 7 or Windows 8, the experience should be more familiar than jumping from Windows 7 to 8.

When Bungie sold Halo to Microsoft Studios, I’m not sure anyone could have predicted Cortana’s influence on Windows 10. She sits right by the Start Menu, ready to search the web. While Microsoft’s brilliant strategy to put Bing in the foreground here probably isn’t going to help your business, there are other benefits of Cortana that will. She integrates into your Office 365 account, giving your users an ease of access into their mailbox and calendar appointments. There are two other ways she helps as well.

Cortana learns about you. While this might sound scary, it can be immensely powerful in helping to get your work done. Beyond that, Microsoft’s introduction of Cortana Analytics and the integration into Cortana on the desktop can simplify complex datasets – displaying big data sets in an easy to understand way.

Security is always foremost on everyone’s mind and Windows 10 has you covered. With Device Guard, Windows 10 and supported hardware, IT can lock down Windows to only run certain signed applications and operating systems. This is great news for Point of Sale and Healthcare devices. Imagine locking down a device to just specific tasks and running only certain applications and boot OSes (i.e., not malware). You can now deploy a solution with the confidence that your data will remain safe.

With security considerations come passwords. With Windows Hello, Windows 10 can log you in with biometrics like your face or your fingerprint (even a PIN), reducing the reliance on passwords. Windows Hello also conforms to Fast ID Online authentication, which opens up logins to other non-Microsoft applications easily.

There’s a lot to consider when deploying a new operating system in the environment. Windows 10’s look and familiarity combined with the fact that companies likely skipped Windows 8, there is a good bet Windows 10 will be coming to your business soon. A good deployment strategy and testing methodology will help ensure your deployment goes smoothly. This is where Arraya can help. We have the expertise to dig into the features of Windows 10 and develop customized strategies to roll out the specific additional features which will enable your workforce to do work more efficiently and securely.

Visit us online at www.ArrayaSolutions.com/partnership/microsoft/ to learn more about our Microsoft capabilities or click here to schedule a meeting with an Arraya Account Executive.

by

Stop. Think. Connect. Those three words are the basis of a global campaign designed to raise cyber security awareness. If end users follow along, it can go a long way towards making IT’s job of providing a safer, more secure technological environment that much easier.

The campaign began in Oct. 2010 and it’s the brainchild of a partnership of various private companies, non-profits and governmental organizations. This list includes the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG), which have worked together to help spearhead efforts since the campaign’s inception.

The campaign urges users to:

Stop: Before users access the Internet, there’s a certain baseline of knowledge they need to have. To start, they must understand their actions online will have consequences and accept that. Plus, they must also be tech-savvy enough so they can spot and avoid potential problems.

Think: Users should consider every move they make online before they make it and exactly how each could potentially impact their safety, the company’s safety, etc. It’s not just enough to know there will be consequences, they must know what those consequences could be and how far they could reach.

Connect: Security is an on-going process so these steps must become a habit. However, once users have taken the necessary precautions, they should feel confident in their ability to browse the Internet safely.

Two keys to better IT security

Two areas which Stop. Think. Connect. has highlighted recently are two-step authentication and mobile security.

Two Steps Ahead

IT pros know passwords don’t always offer much in the way of protection. That can be true even if users aren’t securing their accounts with easy-to-guess or commonplace passwords like “password” or “12345.”

The goal with the campaign’s Two Steps Ahead initiative is to increase familiarity with and use of two-factor authentication techniques. This method builds upon passwords by adding an additional layer of security. Instead of only logging in with a password and a username, users will have to provide an additional form of proof that they are who they say they are, e.g., clicking on a link or replying to a text message sent to their phone.

The campaign’s website is home to a number of resources IT can use to educate end users about the importance of two-step authentication, including videos, downloadable posters and FAQs. In addition, the campaign is currently on a multi-city tour also in support of the issue.

International Mobile Safety Tips

These tips were first released by Stop. Think. Connect. near the tail end of last year’s Cyber Security Awareness Month, however, they bear repeating. This updated set of mobility tips provides users with a set of best practices to follow while they’re utilizing mobile devices.

Highlights that can be passed along to users include:

  • Keep a Clean Machine
  • Most users understand the need to keep their desktops or laptops updated and to watch out for malware while they’re using them. This doesn’t always extend to mobile devices, although it should. Operating systems need to be kept up to date and the Stop. Think. Connect. mindset should apply regardless of device.
  • Restrict Access to the Device Mobile devices have become critical parts of a person’s home and work life and as a result they’ve also become a storehouse of confidential data. Mobile devices need to be secured with a strong passcode and kept in a safe place. Also, when an app requests access to info, users should look into what it wants and why before agreeing.
  • Connect with Care Public Wi-Fi may seem like a helpful perk, but it can be incredibly risky. If it must be used, users should limit it to low-risk activities and adjust their security settings accordingly.
  • Be Web Wise Users should try to stay current with the latest threats and security techniques. IT can only do so much. It helps to empower users and get them concerned about their own safety.

A clear path to increased IT security, mobility

Changing the way users think about security and their habits are both huge victories in the fight to keep the IT environment secure. However, it is also essential to have the infrastructure in place to support that new corporate culture, whether it’s with cutting-edge security solutions or an enterprise mobility suite.

Arraya’s team has decades of experience deploying and supporting these types of solutions and more. We leverage our relationships with industry-leading vendors to find the right solution to meet our Clients’ unique business challenges. From there, our Managed Services team can help deploy and support that solution for the entirety of its lifecycle, ensuring Clients realize the highest possible return on their initial investment.

Want to learn more about how Arraya can help? Visit us online at www.ArrayaSolutions.com to read about the services and solutions we offer, our distinct methodology or to be put in touch with one of our Account Executives. Also, follow us on Twitter, @ArrayaSolutions, to keep up with all of our latest news, updates and special offers.

by

The first half of the year saw security pros and cybercrooks locked in a veritable arms race according to Cisco’s 2015 Midyear Security Report. The brand new report explored the latest threats, gave Digital Securityupdates on some old favorites of attackers and looked at the ways in which they’re adapting their methods and tools to evade detection. In addition, the report also featured analysis and observations on the security industry and its response to the evolution of its enemy.

Here are five takeaways gleaned from Cisco’s report. This info can be an essential cog in the effort to safeguard organizations’ users and infrastructures against those who are looking to do them harm.

Users fall behind on Flash patches, attackers take advantage.

From January to May of this year, there were a total of 62 vulnerabilities for Adobe Flash Player that resulted in code execution on users’ devices. This is up from the 41 which were logged during the same period in 2014. It was also the highest figure recorded over the last several years. Researchers believe this spike is being driven by two elements:

  • Flash vulnerabilities are becoming more frequent components in widely-used exploit kits.
  • Even though Adobe frequently pumps out updates for its tools, users are rarely quick to respond to these, creating a “patching gap.”

How to stay safe: Obviously keeping up with Flash patches is ideal. Also, examining past events to look for correlations in the present day through retrospective analysis can also help identify these types of threats.

Angler is a ruthlessly effective exploit kit.

Early in 2015, Cisco identified Angler as a top threat in the exploit kit arena and so far it has lived up to that billing. More so than any other exploit kit currently operating in the wilds of the Internet, Angler is wildly adept at getting the job done. So far, 40% of visitors who land on an Angler-controlled landing page fall victim to the kit. That’s twice the success rate of other exploit kits. Part of the reason for Angler’s efficiency is the “innovative” way it takes advantage of a wide assortment of vulnerabilities, including Flash, Java and Internet Explorer.

How to stay safe: Flash isn’t the only tool that can be turned into a gateway for cybercrooks without proper patching. IT must ensure all of these possible entry points are sealed up tight by way of the latest patches and updates.

Attackers are adding classic lit to their arsenals.

Exploit kit landing pages used to be home to collections of random text which made them more obvious to security tools and end users alike. In order to get everyone to lower their guards, many attackers have begun replacing filler text with excerpts from classic novels – like Jane Austen’s Sense & Sensibility. In other cases, more modern text, nabbed from blogs or magazines, was used to dupe visitors.

How to stay safe: As attackers get better at concealing their nefarious activities from security tools, the onus often falls on users to practice smart browsing habits. Just because a site doesn’t raise any immediate red flags, it doesn’t necessarily mean it’s safe. Users must always be cautious when clicking on links or opening attachments.

Recent innovations have made ransomware even more attractive.

Currencies like bitcoin and anonymity networks such as Tor have helped make the Internet even more faceless than it was before. With the additional levels of privacy afforded to them by these innovations, attackers can be more brazen in their efforts to hold data to ransom. This means a rise in ransomware attacks could be coming.

How to stay safe: Of course, the importance of backups can’t be overstated. The same is true for the fact that those backups should be kept securely isolated to ensure their continued safety in the event of an intrusion. IT security pros should also monitor their networks for any signs of Tor communications and cross-reference that with any other clues indicating malware. Some of that Tor traffic may be legit, however, it may also be a sign something isn’t right.

Microsoft macro attacks are hip again.

Exploiting macros in Microsoft Office used to be big business for attackers, until those macros were turned off by default. However, everything comes back in style eventually and it seems exploiting macros has made its return. Attackers have found renewed success with this strategy by adding a social engineering component to it. They’ll send out an attachment which purports to be a crucial business document. Sometimes instructions are included so users know how to re-enable macros on their machines. Once that’s done, attackers may be able to gain access to a wealth of sensitive info. Another part of the trick to these new macro campaigns is that they’re short. By the time security solutions recognize a threat, the attackers have amended the email and file to help them avoid detection in future attacks.

How to stay safe: Cisco recommends a multi-tiered, defense-in-depth approach to security to combat these new incarnations of macro-attacks. This strategy can help to slow down the attack timeline, giving companies and their defenses more time to get their feet under them and properly respond.

Increased security, peace of mind

Having the latest and greatest tools is only part of the equation in today’s security climate. The remaining work includes keeping those tools tuned and updated against the fluid nature of attackers while also giving end users the know-how to handle their own roles. That wouldn’t be an easy task if it was the only thing on IT’s plate. When the full scope of what’s expected of IT is considered, it’s no wonder IT can struggle to keep pace.

That’s where having a partner like Arraya Solutions can help. Arraya has the knowledge required to match organizations with the right solution to meet their unique needs. From there, Arraya can also aid in the deployment and management of the solution throughout its lifecycle, saving IT time while still guaranteeing its peace of mind.

Have more questions? Ready to set up an appointment? Visit us at www.ArrayaSolutions.com today to get started. Also, be sure to follow us on Twitter, @ArrayaSolutions, to stay on top of the latest company and tech industry news.

by

Are you a manager in IT? Do you have a relentless stream of incidents, requests, changes and requests coming in for projects from the business? Can you even see all the work that is coming in from Analyticsall over the company? Are you struggling with managing all the work because you can’t see it all?

If you can’t see all the work that is coming, then no wonder you are struggling with managing it. Most companies have Incident, Request, Change and Project management applications, however, these applications typically are not integrated and so managers can’t tell how much work their employees are actually getting from the various demand streams. Furthermore, when it comes to Change and Project tasks, the change and project applications may not have a mechanism with which to assign tasks related to these efforts. A change task is just a blocked out period of time on a schedule or a spreadsheet. A project task is a line item in the project plan with a name next to it. To make matters worse, there may not be just one calendar, spreadsheet or project plan. There are often multiple change calendars, spreadsheets and project plans. As a manager, if you really wanted to get a handle on all that work, you’d have to check at least three different places and probably a lot more than that. Most managers don’t have the time to do this. Furthermore, managers may not have access to the most recent change calendar or project plan. Spending the time looking for where all that work is coming from is a waste of valuable time. It reduces the manager’s and the company’s efficiency and productivity.

There are other problems that are caused by the lack of integration of the incoming demand streams. Your employees are overworked, stressed and may suffer from low morale. You don’t know whether your team is even working on things that provide value to the company. Yet, you can’t do anything about it because the lack of visibility prevents you from assigning resources appropriately and prioritizing the work. Also, your team may be missing SLA’s because they are overloaded. This reflects poorly on the entire IT department. There is low customer satisfaction and IT is seen as slow and ineffective.

There is a solution. What if you only had to look in one place and instantly see all the work assigned to your employees? What if you could click on your team’s queue in one application and see all the Incident, Request, Change and Project tasks that are assigned to your group and to each individual on your team? What if you could assign and prioritize work by dragging and dropping tasks from one person to another? This is exactly the capability that ServiceNow offers. The interoperability between Incident, Request, Change and Project allows managers to see all of the work that is assigned to their teams in one place. With Visual Task Boards managers can drag and drop any type of task in seconds from one tech to another, thereby enabling them to manage their team’s tasks better. As a manager, you will be able to actually manage the work your employees are doing and consequently, be able to manage your employees.

So, ServiceNow is not just a “Service” Management tool. The interoperability of all ServiceNow’s applications, especially the ITSM and PPM suites, makes it the perfect management tool.

Service excellence is one of Arraya Solutions’ core values. We work with our customers, not for them, to create and deploy solutions and services which help them realize true business value. Our Enterprise Service Management Practice delivers on the ServiceNow promise to transform the enterprise by optimizing and simplifying, as well as standardizing and automating mission-critical business processes.

Still not sure if a ServiceNow solution would be right for your company? Want to learn more? Visit us online at www.ArrayaSolutions.com. There you can check out our approach to Enterprise Service Management, which includes ServiceNow. You can also request a meeting with an Arraya Account Executive to gather more information.

Be sure to follow us on Twitter, @ArrayaSolutions, for access to up-to-the-minute company news and updates as well as special offers.

by

A mobile, untethered workforce is becoming essential in order for extended care facilities to deliver the highest level of care possible to residents. The flexibility and freedom that are hallmarks of IT Healthcare Mobilitymobility make it easier to communicate with residents, solve and report problems as they happen and to closely monitor critical health data. Staffers are able to perform those services and tasks independent of specific locations, devices and connections.

The upsides may be plentiful, but they come with their fair share of challenges. One study, Check Point’s “The Impact of Mobile Devices on Information Security: A Survey of IT Professionals,” laid out some of the issues most commonly faced by IT leaders whose organizations are implementing mobility initiatives like Bring Your Own Device (BYOD). These include:

  • Securing corporate information (67%)
  • Tracking and controlling access to corporate and private networks (63%)
  • Managing personal devices that contain corporate and personal data and applications (59%)
  • Keeping device operating systems and applications updated (38%)
  • Finding agnostic security solutions (e.g., managing all OSes) (14%)

How is mobility endangering corporate data security? According to Check Point’s study, the biggest reason is employees losing their mobile devices either by theft or by simply misplacing them. This took the top spot, besting downloading malicious applications, connecting to unsecured Wi‐Fi and poor web-browsing habits.

That observation was supported by a separate study, the 2014 Healthcare Breach Report from Bitglass. This study found over two-thirds (68%) of all healthcare data breaches which have occurred since 2010 can be chalked up to device theft or loss. So even facilities who’ve hardened against assaults from exterior hackers could still be at risk for losing resident’s data thanks to old-fashioned criminals or forgetful staffers.

Increase flexibility without sacrificing security

In extended care, just like the rest of the healthcare field, government regulations such as HIPAA reign supreme. The security of the private medical data of residents must be of the upmost importance or else facilities could feel the sting of harsh fines – in addition to lost trust and negative publicity. This holds true whether data is stored on high-tech servers or employees’ personal devices.

A partner like Arraya Solutions can help your organization deploy a secure, scalable and powerful mobility environment. What Arraya can’t do is physically keep thieves out of your facility or stop employees from losing devices which house critical data. But there’s hope.

Arraya’s team is well-versed in solutions that can perform remote wipes. For example, some solutions allow IT to control anything corporate-related on an employee’s device, while maintaining a hands-off approach to anything personal. There are multiple ways IT can leverage this ability to its advantage, including with terminated employees. Instead of having to track a person down to wipe his/her device, IT can take care of it remotely, making everyone’s lives easier and keeping data secure.

This ability can also come in handy when – you guessed it – a device is lost or stolen. Considering the thorn this issue seems to be becoming for many in healthcare according to the studies above, being able to wipe devices remotely could prove to be invaluable. In essence, with this function, your facility will be protecting the data itself as opposed to the device or the connection.

Not only can Arraya help you implement the necessary solutions to accomplish that, it can support them for the long haul, all via its Managed Services capabilities. Arraya’s Managed Services are intended to expand on the knowledge and talents of existing IT teams. Managed Services take infrastructure, storage, network, help desk projects and more off IT’s plate, freeing personnel to work on other, more pressing, projects.

To learn more about how Arraya’s Managed Services can increase the flexibility, responsiveness and reliability of IT or about the positive impact a mobility solution can have at your extended care facility, visit us at www.ArrayaSolutions.com or reach out to an Arraya Account Executive today.

Don’t forget to follow Arraya on Twitter, @ArrayaSolutions, to keep up with all of the latest corporate and tech industry news and opinions.

by

IT teams are struggling to spot legitimate malware threats over the white noise generated by false alarms and it’s costing their employers. How much? In terms of the financial cost, the price tag comes out to $1.27 million annually. Switching gears and looking at the human element, IT teams waste an average of 395 combined team hours each week chasing down false positives. Just for reference, IT teams spend a total of 230 hours per week cleaning and fixing infected devices, work which actually delivers meaningful value to the organization, unlike chasing down false alarms. Those are the findings of a recent malware research project conducted by The Ponemon Institute and commissioned by Damballa.

What’s drumming up that white noise in the first place? Part of the problem stems from the security tools organizations have put in place to combat those malware threats. Solutions which were poorly deployed, set up and/or maintained contributed mightily to the issues uncovered in the study. Another facet of the problem comes from the IT team itself. Researchers theorized organizations lacked the skills, the experience and the staffer bandwidth needed to properly maintain those solutions and to vet and act on possible security threats.

There are also seemingly some accountability issues at play. Roughly 40% of those who participated in the survey confirmed that, at their organizations, no one person or function was chiefly responsible for malware containment.

As if the lost time and resources weren’t bad enough, there’s additional component to this which needs to be considered. The study also found companies were only able to follow up on one-in-five malware alerts that were judged to be credible threats. That means a large number of risks aren’t getting the attention they deserve. Those unaddressed risks could – in the long-term – end up costing companies even more than the $1.27 million that’s getting burned on false alarms.

Reduce white noise, lessen IT’s burden

It’s clear this situation isn’t ideal. One solution is to hire new staffers to fill the on-prem security team ranks, enabling teams to better manage monitoring tools and the rising tide of alerts. But, finding and onboarding that new talent takes time, while the organization is left open to malware. In addition, even the best new hire’s expertise and available bandwidth is limited. However, there is a solution that goes beyond expanding the size of the IT team.

Alert, Arraya’s enterprise monitoring and support service, can have eyes on corporate infrastructure and applications 24/7, 365 days a year. If something goes wrong in the IT environment, Alert will know about it, escalate it and ensure that the appropriate resources stand ready to aid in the remediation efforts.

That’s the true value of the Alert service. It can act as a bridge linking existing IT teams with Arraya’s Managed Services team. This connection allows Arraya’s team to get to know the Client’s environment more comprehensively. Arraya’s team will then use that insight (and its past experiences) to fine-tune thresholds and introduce new service checks to ensure the health, availability and security of IT infrastructures and applications.

That level of familiarity can also help the Arraya team weed out those pesky false positives which can build up to create major time and resource drains. Instead of IT being forced to sift through a flood of alerts to find the ones which will most impact the business, Arraya’s team will use its knowledge of the Client and its environment to shoulder that responsibility. This ensures the only alerts which reach the Client are ones that truly matter.

The Alert monitoring tool is easy to install and manage, eliminating the need for maintenance activities which divert attention away from high-value projects. It is also secure, ensuring private info stays private.

Imagine what on-site IT teams could do with another 395 combined hours free each week? And to think, that’s just the time saved by eliminating false positives.

Want to get started? Have more questions? Visit www.ArrayaSolutions.com/services/ to learn more about Alert, Arraya’s enterprise monitoring and support service, as well as the full line of Managed Services offerings. Click here to open the lines of communication with an Arraya Account Executive.

Follow Arraya on Twitter, @ArrayaSolutions, to keep up with all of the latest company news, updates and special offers.