4 Key Elements to Consider When Searching for an Enterprise Data Security Solution

SecuritySecurity rightfully remains a top concern for tech-side executives and IT personnel, especially given recent trends towards cloud computing and big data. While these applications have created new types of external threats, organizations also need to be aware of the risks posed by insiders. Well-designed data security plans anticipate both scenarios and deliver purpose-built solutions.

It’s normal to be wary when dealing with sales agents who are pushing specific security solutions, as they often have their own agendas. Knowing the right features to look for is the key to breaking past the sales jargon and securing a data protection solution that’s right for the unique needs of an organization.

With that in mind, here are some indispensable tips for finding an effective enterprise data security solution that delivers good value:

Beware of Rock-Bottom Up-Front Costs

Some vendors push security solutions with price tags that seem too good to be true, which they justify by claiming that the solution is relatively light on software needs, allegedly accounting for its low cost. Such offers should be received with skepticism.

When it comes to costs, it’s essential to look beyond the up-front expenditures and into cumulative fees. How much will it cost, in total, to run this security package for a year, or for its expected lifetime? Will it require additional human or IT resources? Does it offer savings potential? If so, how much?

Account for the Risks Posed by Privileged Insiders

No business wants to consider the possibility that many serious security risks originate with its own employees, but this is, unfortunately, the case. Privileged insiders can compromise data knowingly or unknowingly, so it’s essential to find a solution that introduces critical checks and balances.

The best way to keep an eye on the activities of privileged insiders is to implement a security system that tracks local access to critical data. Here are some specific features to look for:

  • The ability to identify attempts of unauthorized users to access local networks
  • Controls that facilitate the blocking of users or activities that may compromise data
  • Dynamic masking features that prevent sensitive information from being distributed outside the network
  • Quarantine capabilities that identify and isolate privileged insiders who knowingly compromise company information

Read the Fine Print

When it comes to license agreements, some vendors will insist that a particular package is unlimited when, in reality, the package carries restrictions. One common example is a security solution with an “unlimited” license that allows IT teams to monitor any number of sources but has strict caps on the number of authorized collectors.

To be sure an unlimited solution is truly what it claims to be, read the fine print and follow up by questioning the vendor about anything that doesn’t seem clear.
Remember: It Only Takes One Attack

Businesses with incomplete security solutions in place shouldn’t delay in taking action. It only takes one attack to create serious complications, and the possibility of suffering costly losses is elevated the longer a business goes without a comprehensive data protection plan.

The professionals at ROI Networks specialize in helping enterprises of all sizes safeguard their data. To learn more about ROI’s advanced suite of enterprise security solutions, please contact us today.

What’s Next for Enterprise WAN

WANConsidering the increasing complexity in the realm of enterprise connectivity, WAN was a welcome solution when originally conceived. Multiple facilities across the globe were finally able to be linked together. While there was an appreciation from IT leaders for progress in networking, this fix has not been without its faults over the years and there has been a demand for refinement and additional technologies.

Familiar Issues

A number of common weaknesses are often observed in enterprises working with WAN. In addition to the extensive cost involved in managing such far-reaching networks, they may also have a tendency to be slow, suffer downtime, and lack the stability and flexibility desired by most organizations.

Questionable Alternatives

While some alternative connectivity and networking methods perform more effectively, certain factors eliminate them from consideration as an option. Multi-Protocol Label Switching (MPLS) networks, for instance, can speed up the WAN through better routing, but the price tag is substantial enough to cause tech leaders to underbuy bandwidth to conserve spending — effectively nullifying any advantage that could be gained.

Another solution is to create a VPN tunnel over common broadband connections. While this improves security and keeps costs lower, any application that could be compromised by lag may experience very spotty performance. In some cases, VPN is used jointly with a limited MPLS arrangement. Since the two cannot operate concurrently, not much usefulness is found in this solution either.

High Potential Possibilities

While other WAN management techniques have been tried and discarded, one that is quickly gaining the interest of technical leaders is Software-Defined WAN (SD-WAN). Using SD-WAN, network managers can centrally provision, terminate, optimize, and flex all of the components on the system. Data follows the most efficient route and latency is nearly eliminated. It’s made orchestrating hundreds of access points and switches much simpler, saving IT hours of expensive labor. SD-WAN also leads to cost savings, as it can use cheaper connections like broadband much more efficiently than standard WAN.

Another distinct advantage of SD-WAN is that providers can often bear the burden of management for the company. In this model, the vendor handles everything from maintenance to troubleshooting to updating. This saves the organization labor costs and ensures that the right personnel are working on the right projects rather than being caught up in mundane or non-strategic tasks.

In this world of increasing cloud service options, an SD-WAN infrastructure makes integrating new cloud providers a much more rapid activity, even when multiple company locations are involved.

It’s critical for the future of an enterprise that the network grow and develop into a more manageable tool that easily accommodates growth and flexibility requirements. SD-WAN is one option with great potential to offer in this regard. For more information on WAN evolution and managed SD-WAN technologies, contact ROI Networks today.

Enterprise E911 Adoption: Challenges and Solutions

September Blog # 4 (1)Enhanced 911 (E911) capability is a critical component of an enterprise voice system. However, design capabilities of current telephony systems can pose potential trouble for its adoption.

From 911 to E911

The 911 system was traditionally designed for a public switched telephone network (PSTN) environment and then gradually adapted to evolving telecommunications technologies. The system performs three basic functions:

  • Receive and recognize an emergency call from any phone
  • Transmit the call to the nearest Public Safety Answering Point (PSAP) based on the caller’s originating location
  • Immediately dispatch the needed responders based on the location information

However, there are situations where a 911 call may provide insufficient or confusing information on the identity and location of the caller that may lead emergency responders to the wrong location. Most enterprises today deploy some form of multi-line telephone system (MLTS) or private branch exchange (PBX) with centralized trunks.

A 911 call passes through the Automatic Number Identification (ANI) associated with the trunk used. This process allows the PSAP to know the location of the caller through the Automatic Location Information (ALI) that is often identified with the address of the trunk. The centralized trunking system can give rise to location issues when calls are made from:

  • A large building or one with multiple floors
  • Multi-building premises
  • Metropolitan or wide area networks (MAN/WAN) with several buildings having access only to centralized trunks

This is where the enhanced version comes in. The E911 capability allows the telephone system administrator to customize ANI and ALI data. This involves the assignment of a unique DID number to each user in the organization that will reside in the telephone carrier’s regional ALI database. In order to get access to the carrier’s database, companies need to purchase a Private Switch ALI (PS-ALI) from the carrier. This results in additional costs because PS-ALI service is priced per unique ANI/ALI record applied for.

Challenges to E911 Adoption

Most MLTS and PBX systems do not provide the exact location within a building or campus where the E911 call originated. When a 911 call is made from an individual user’s desk, the caller ID that reaches the PSAP often reads as the company’s MLTS or PBX ID, making it difficult for responders to pinpoint the specific location where emergency assistance is needed. In a highly critical situation, this could mean a lost opportunity to save life or property.

The Solution: PS/ALI could be integrated into the telephony system to provide additional location information, such as the individual user’s extension number, unique DID number, or exact floor or wing within the building.

VoIP systems, due to their portability, have no permanent location. This makes it difficult for the 911 routing system to locate the exact address of where response is needed.

The Solution: For fixed line users, a default physical location can be set up for every VoIP account with a dedicated extension or help desk and emergency operator to monitor 911 calls. For mobile users, some service providers offer location update functionality that enables users to update their expected location at certain times.

Beyond addressing regulation concerns, E911 aims to protect employees and members of all kinds of organizations by making emergency services available literally right at the tip of their fingers. To learn more about E911, visit us at ROI Networks.