4 Key Elements to Consider When Searching for an Enterprise Data Security Solution

SecuritySecurity rightfully remains a top concern for tech-side executives and IT personnel, especially given recent trends towards cloud computing and big data. While these applications have created new types of external threats, organizations also need to be aware of the risks posed by insiders. Well-designed data security plans anticipate both scenarios and deliver purpose-built solutions.

It’s normal to be wary when dealing with sales agents who are pushing specific security solutions, as they often have their own agendas. Knowing the right features to look for is the key to breaking past the sales jargon and securing a data protection solution that’s right for the unique needs of an organization.

With that in mind, here are some indispensable tips for finding an effective enterprise data security solution that delivers good value:

Beware of Rock-Bottom Up-Front Costs

Some vendors push security solutions with price tags that seem too good to be true, which they justify by claiming that the solution is relatively light on software needs, allegedly accounting for its low cost. Such offers should be received with skepticism.

When it comes to costs, it’s essential to look beyond the up-front expenditures and into cumulative fees. How much will it cost, in total, to run this security package for a year, or for its expected lifetime? Will it require additional human or IT resources? Does it offer savings potential? If so, how much?

Account for the Risks Posed by Privileged Insiders

No business wants to consider the possibility that many serious security risks originate with its own employees, but this is, unfortunately, the case. Privileged insiders can compromise data knowingly or unknowingly, so it’s essential to find a solution that introduces critical checks and balances.

The best way to keep an eye on the activities of privileged insiders is to implement a security system that tracks local access to critical data. Here are some specific features to look for:

  • The ability to identify attempts of unauthorized users to access local networks
  • Controls that facilitate the blocking of users or activities that may compromise data
  • Dynamic masking features that prevent sensitive information from being distributed outside the network
  • Quarantine capabilities that identify and isolate privileged insiders who knowingly compromise company information

Read the Fine Print

When it comes to license agreements, some vendors will insist that a particular package is unlimited when, in reality, the package carries restrictions. One common example is a security solution with an “unlimited” license that allows IT teams to monitor any number of sources but has strict caps on the number of authorized collectors.

To be sure an unlimited solution is truly what it claims to be, read the fine print and follow up by questioning the vendor about anything that doesn’t seem clear.
Remember: It Only Takes One Attack

Businesses with incomplete security solutions in place shouldn’t delay in taking action. It only takes one attack to create serious complications, and the possibility of suffering costly losses is elevated the longer a business goes without a comprehensive data protection plan.

The professionals at ROI Networks specialize in helping enterprises of all sizes safeguard their data. To learn more about ROI’s advanced suite of enterprise security solutions, please contact us today.

What’s Next for Enterprise WAN

WANConsidering the increasing complexity in the realm of enterprise connectivity, WAN was a welcome solution when originally conceived. Multiple facilities across the globe were finally able to be linked together. While there was an appreciation from IT leaders for progress in networking, this fix has not been without its faults over the years and there has been a demand for refinement and additional technologies.

Familiar Issues

A number of common weaknesses are often observed in enterprises working with WAN. In addition to the extensive cost involved in managing such far-reaching networks, they may also have a tendency to be slow, suffer downtime, and lack the stability and flexibility desired by most organizations.

Questionable Alternatives

While some alternative connectivity and networking methods perform more effectively, certain factors eliminate them from consideration as an option. Multi-Protocol Label Switching (MPLS) networks, for instance, can speed up the WAN through better routing, but the price tag is substantial enough to cause tech leaders to underbuy bandwidth to conserve spending — effectively nullifying any advantage that could be gained.

Another solution is to create a VPN tunnel over common broadband connections. While this improves security and keeps costs lower, any application that could be compromised by lag may experience very spotty performance. In some cases, VPN is used jointly with a limited MPLS arrangement. Since the two cannot operate concurrently, not much usefulness is found in this solution either.

High Potential Possibilities

While other WAN management techniques have been tried and discarded, one that is quickly gaining the interest of technical leaders is Software-Defined WAN (SD-WAN). Using SD-WAN, network managers can centrally provision, terminate, optimize, and flex all of the components on the system. Data follows the most efficient route and latency is nearly eliminated. It’s made orchestrating hundreds of access points and switches much simpler, saving IT hours of expensive labor. SD-WAN also leads to cost savings, as it can use cheaper connections like broadband much more efficiently than standard WAN.

Another distinct advantage of SD-WAN is that providers can often bear the burden of management for the company. In this model, the vendor handles everything from maintenance to troubleshooting to updating. This saves the organization labor costs and ensures that the right personnel are working on the right projects rather than being caught up in mundane or non-strategic tasks.

In this world of increasing cloud service options, an SD-WAN infrastructure makes integrating new cloud providers a much more rapid activity, even when multiple company locations are involved.

It’s critical for the future of an enterprise that the network grow and develop into a more manageable tool that easily accommodates growth and flexibility requirements. SD-WAN is one option with great potential to offer in this regard. For more information on WAN evolution and managed SD-WAN technologies, contact ROI Networks today.

Enterprise E911 Adoption: Challenges and Solutions

September Blog # 4 (1)Enhanced 911 (E911) capability is a critical component of an enterprise voice system. However, design capabilities of current telephony systems can pose potential trouble for its adoption.

From 911 to E911

The 911 system was traditionally designed for a public switched telephone network (PSTN) environment and then gradually adapted to evolving telecommunications technologies. The system performs three basic functions:

  • Receive and recognize an emergency call from any phone
  • Transmit the call to the nearest Public Safety Answering Point (PSAP) based on the caller’s originating location
  • Immediately dispatch the needed responders based on the location information

However, there are situations where a 911 call may provide insufficient or confusing information on the identity and location of the caller that may lead emergency responders to the wrong location. Most enterprises today deploy some form of multi-line telephone system (MLTS) or private branch exchange (PBX) with centralized trunks.

A 911 call passes through the Automatic Number Identification (ANI) associated with the trunk used. This process allows the PSAP to know the location of the caller through the Automatic Location Information (ALI) that is often identified with the address of the trunk. The centralized trunking system can give rise to location issues when calls are made from:

  • A large building or one with multiple floors
  • Multi-building premises
  • Metropolitan or wide area networks (MAN/WAN) with several buildings having access only to centralized trunks

This is where the enhanced version comes in. The E911 capability allows the telephone system administrator to customize ANI and ALI data. This involves the assignment of a unique DID number to each user in the organization that will reside in the telephone carrier’s regional ALI database. In order to get access to the carrier’s database, companies need to purchase a Private Switch ALI (PS-ALI) from the carrier. This results in additional costs because PS-ALI service is priced per unique ANI/ALI record applied for.

Challenges to E911 Adoption

Most MLTS and PBX systems do not provide the exact location within a building or campus where the E911 call originated. When a 911 call is made from an individual user’s desk, the caller ID that reaches the PSAP often reads as the company’s MLTS or PBX ID, making it difficult for responders to pinpoint the specific location where emergency assistance is needed. In a highly critical situation, this could mean a lost opportunity to save life or property.

The Solution: PS/ALI could be integrated into the telephony system to provide additional location information, such as the individual user’s extension number, unique DID number, or exact floor or wing within the building.

VoIP systems, due to their portability, have no permanent location. This makes it difficult for the 911 routing system to locate the exact address of where response is needed.

The Solution: For fixed line users, a default physical location can be set up for every VoIP account with a dedicated extension or help desk and emergency operator to monitor 911 calls. For mobile users, some service providers offer location update functionality that enables users to update their expected location at certain times.

Beyond addressing regulation concerns, E911 aims to protect employees and members of all kinds of organizations by making emergency services available literally right at the tip of their fingers. To learn more about E911, visit us at ROI Networks.

Mobility and the Cloud: A Perfect Pair

shutterstock_132560954There’s no question that the enterprise is moving in the direction of a mobility-enabled and cloud-friendly era. While most will agree these two trends are related, it is important to understand how they work together in order to have a successful implementation.

An Inseparable Duo in the Enterprise

Embracing mobility in additional business areas, companies are simultaneously hosting more and more infrastructure in the cloud. There are two unique ways in which mobility and the cloud are moving in tandem in the workplace:

  • Pressure: The heat is on to enable employees to work from any device and from anywhere. Mobility is becoming a vital component in the formula for employee success. Similarly, executives are hungry to reap the cost savings and flexibility touted by cloud evangelists.
  • Budget: Businesses are prepared to invest in both mobile and cloud initiatives. Surveys of budget stakeholders suggest that the budget increases for mobility and for the cloud are both in the 50 percent range.

Preparing for the Shift

Given the intrinsic pairing of the cloud and mobility, how does the forward-thinking organization prepare for a side-by-side expansion? A few conscious planning and purchasing decisions will help IT stakeholders stay ahead of the curve on this trend:

  • Innovate: Where it hasn’t already been done, migrate legacy desktop apps to cloud platforms. The virtualization and Desktop as a Service (DaaS) vendor market only continues to grow so there’s an abundance of options.
  • Investigate: As the enterprise invests in the latest cloud-based platforms, it’s important for procurement teams to consider how these solutions will fit into the mobility trend. Is there a mobile app available for the solution? Is the app secure? These are key points to consider around every software purchase.
  • Manage: IT teams must think about how they will manage mobile access to cloud-hosted platforms. Whether an organization is rolling out a Bring Your Own Device (BYOD) program or managing corporate-owned devices, there are mobility management tools available that can help streamline and secure mobile access to enterprise resources.

While the enterprise will realize many benefits with the move toward cloud and mobility, the real challenge will be implementing and integrating these trends cohesively and successfully. With the right execution, the cloud-first, mobile-first era will lead to exciting growth and progress for the enterprise.

Unified Communications Upgrade Success Strategies: Managing the Old System

shutterstock_116426476Many companies are eager to embrace the technological advantages of a unified communications-friendly infrastructure, but are challenged by the need to maintain some legacy telecom system functionality throughout that migration.

The reality of unified communications (UC) adoption is that a lot of organizations are not in a position to just “rip and replace” the old system with the new tools. Most migrations are gradual and occur in a phased and well-planned manner.

 

There are several reasons that an organization may want to undertake a phased migration:

  • They’ve made significant investments in legacy PBX equipment that they aren’t ready to completely abandon.
  • The IT staff lacks adequate manpower to perform a quick migration without any loss of service.
  • There is not enough funding to simultaneously replace all handsets.
  • Employees have concerns about maintaining legacy functionality such as fax and E911.

While relevant stakeholders sort through the complications of this migration, IT departments need a way to easily manage both the old and the new systems. It’s also important to ensure that the coexistence of these two systems does not have a negative impact on enterprise telecom functionality.

One of the best ways to manage the pain points of having two systems is through a tool called a session border controller (SBC). Among other functions, an SBC acts as an intermediary between the old and new systems. SBCs serve the following purposes:

  • Transcode protocols between legacy equipment and new technologies.

    • For example, SBCs ensure that newer UC-based technologies, such as enterprise chat and presence servers, can communicate with legacy fax and telecom systems.
  • Distribute calls: SBCs recognize calls destined for both the new UC servers and the legacy system and perform the appropriate work on the backend to make sure the call goes through.
  • Support business continuity and redundancy through automatic call rerouting in the case of a failure. This requires the use of SIP trunks in addition to the SBC.

The migration to UC, while worth it, comes with several pain points. The co-maintenance of legacy systems with newer systems is one of those barriers, and fortunately, it is a challenge easily overcome with the right tools. Organizations can leverage SBCs and other solutions to help ensure a seamless migration process to a more sophisticated and feature-rich UC system.