As a technology leader, I am responsible for ensuring that my team has a healthy workload. As a result, I strive to create as much breathing room as possible for the team – this keeps morale high and fosters innovation. I find that as I work, I repeatedly ask myself two basic questions:

Can this be automated?

Can this be outsourced?

As a company grows, inefficiency builds. This is natural – tasks and procedures are added and changed. We press on to get the job done, but after a while we seem to get bogged down with these extra tasks. It’s a great idea to step back regularly and ask, “what are we doing that isn’t efficient?” Every inefficient task is a potential waste of time and money. That doesn’t mean that these tasks should be eliminated completely, but it does mean that there might be a better way to do it. Asking the two questions above is a great way to streamline work and create more breathing room.

The first question - “Can this be automated?” - is becoming easier with custom workflow software, automated information systems and even free web apps (one of my favorites is ifttt.com, a free service that automates dozens of tasks). The more that can be done without human involvement, the less work needs to be done. Even eliminating the quickest and easiest tasks will make a difference over time.

The second question - “Can this be outsourced?” - is equally important. I’ll admit that I am a staunch advocate of keeping core business functions and support services in-house wherever possible, but sometimes it just isn’t possible, especially in the current economic climate. Outsourcing functions that have nothing to do with core business functions (such as office admin support, technology, and resources for temporary projects) will certainly free up full-time resources. In many cases, outsourced service providers are very good at managing themselves, so the amount of supervision needed is minimal (a huge productivity boost for managers).

Give it a try. In my office, I have a piece of paper with these two questions taped to the top of my monitor. They remind me to stop and think. I invite you to come back and post comments on your experience!

Google announced this effort back in 2010 as part of a larget effort to become an Internet Service Provider (ISP). Earlier this year, it broke ground on a high-speed network (Google Fiber) in Kansas City and at Stanford University.

Speculation is mounting on the types of services Google could offer on this network. For example, would it create packages that rival Comcast’s “Triple Play” or AT&T “U-Verse”? Would it offer premium channels that run on YouTube technology?

I think that what we’re actually seeing is the beginning of a new type of television experience. Even with today’s capabilities of “on-demand” programming, Apple TV and other interactive entertainment services, Google is poised to take this effort to the next level. Instead of live broadcasting, could Google’s Cable TV platform be entirely personalized with on-demand content such as on YouTube or Hulu? Instead of tuning into NBC each week for the “Thursday-night comedy lineup,” perhaps I’ll be able to build my own series of comedy shows from multiple networks and watch them all in one sitting, once per week. Or, instead of tuning into Good Morning America each morning, I could access a subscription of my favorite video blogs, ready to go and accessible from my television when I wake up. Add Twitter, Facebook and other social networks to the mix and now we’re having a real discussion.

There’s no doubt that the capabilities I’ve mentioned above already exist in technology – the question is if Google’s new service is willing to change the model and focus it’s product toward on-demand, personalized entertainment.

We’d love to hear your thoughts on this topic. Our security experts at Etnacom will also contribute to the discussion. Let’s get some thoughts rolling!

• Why are businesses are neglecting simple security controls to protect their data?
• What do you think should be a business’ first line of defense?
• What do you think businesses (both small and large) should do to protect their data?
• As a business owner, have you ever had security experts come in and assess your network and data protection?

We know that having security experts on staff is not always feasible, especially when running a small business. Nevertheless, it’s important protect against data breaches. At Etnacom, we can provide you with a free consultation to let you know how to stay protected and avoid becoming a statistic.

I know every security professional is wondering about connection security; VMware claims that the connection is secure to virtual machines no matter if via Wi-Fi or 3G.

Check out the app and let us know your thoughts. We will post our thoughts as we test and use the app ourselves.

First, the basics. It’s no secret that Google’s services are extremely compatible with the iPad. Not only does Google offer multiple iPad apps for its services, but many Google browser sites have customized views specifically for the iPad. Enough said.

When it comes to the core Google Apps services (e-mail, calendar and contacts), there are actually two different ways to go. One method of implementation is to utilize web browser functionality – this means accessing the service from Safari on the iPad. Google provides a superior interface for iPad users, allowing you to utilize many native features such as labels and archiving. However, this browser view is only available while your device is connected to the Internet. The other option is to use Google Sync, which will allow you to use the native iPad applications for e-mail, contacts and calendar. An ActiveSync connection will keep everything synchronized between the device and the server. On one hand, you won’t be using the Google interface anymore, but on the other hand you’ll have full access to your data while you’re not connected to the Internet.

Obviously, choosing which way to go depends on your preferences. Personally, I like using the native iPad apps with ActiveSync. However, if you are used to the Google web interfaces and don’t spend much time off-network, using the browser is very reliable.

Also, in case you haven’t heard, you can now view and edit Google Docs on our iPad. This is a great alternative if you don’t want to shell out the $10 or so for Pages!

Having just purchased an

1. Work that can be done on the iPad in the same or less time than on the computer (i.e. e-mail, researching websites, some technical tasks)
2. Work that can be done on the iPad, but would be easier/quicker if I just got them done on a computer (i.e. multi-tasking, some technical tasks)
3. Work that can’t be done on the iPad at all (i.e. working with files extensively, complex technical tasks)

To help my small business colleagues be able to access this information without having to buy the device first, I’ve decided to start a blog series on using the iPad for business – it’ll go on for as long as there is interest and/or topics for me to write about. Each post will cover using an iPad to accomplish a particular business function or task. I already have a few ideas:

• E-Mail, Contacts and Calendar with the iPad (not just using the built-in features)
• Project Management with the iPad
• Server Administration with the iPad
• Business Finance with the iPad

Stay tuned to see blog posts on these topics and more in the next few weeks. In the meantime, I am also soliciting your input; what iPad-related blog posts would you like to see? Additionally, if there is a particular App or productivity issue you’d like to get an independent review or assessment of, let us know, and I can either post it here or do a customized report for you. Feel free to post them as comments to this post, on our Twitter / Facebook pages, or by e-mail. I’ll take the best suggestions and write about them.

In the article Tech Insight: Throwing a Net Around Data Exfiltration, John Sawyer talks about how the majority of presentations at ShmooCon this year were linked to data exfiltration. To be honest, I do not see how this is different from any other year. The major hackers are always trying to get into your network (whether through stealthy measures or “smash ‘n grab” methods) and take your data. Yes, there are some that concentrate on the defacement of websites and denial of service attacks, but the most significant threat is a hacker getting into your system and stealing your data.

The mitigation tactic here is an increase in network perimeter (outside and inside) protection. This means using the right sensors to trigger alerts of potential intrusions, not just the intrusions themselves.  The idea is to have your monitoring system detect suspicious activity so it can be isolated before an intrusion occurs. That’s the important piece that most companies are still neglecting, and thus putting their critical data at risk.

I couldn’t agree more with what Mandiant consultant Sean Coyne says: “Not nearly enough emphasis is placed on internal network traffic monitoring.” Companies need to pick the right people to defend and monitor their networks. Etnacom has the knowledge and experience to understand how hackers think. We are ready and willing to help you build, secure and monitor your network. We can provide you the tools that you need to keep unwanted exfiltration from occurring.

Here is an excerpt from the email:

Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that your password has been compromised. But, what we definitely don’t want is to find out in 2 months that passwords were compromised and we didn’t take action.

They went on to reset all SourceForge account passwords, making each user log in and change their password. Personally, I cannot blame them. In fact, let’s all follow SoucreForge’s lead…reset your password to your Bank of America account, Facebook, Twitter and even your email account. I am not a fan of statistics but I would be willing to bet that more than half of us use the same password for numerous accounts. So, take 15 minutes out of your day and change your passwords. You will definitely make yourself more secure on the Internet in the long run.

This trial comes at a crucial time in the history of the Internet. According to NetworkWorld, less than 5% of the world’s IPv4 space remains unallocated, and experts predict that there will be no more space to allocate by the end of the year. Once IPv4 addresses are depleted, Internet hosts will need to either support IPv6 or techniques such as Network Address Translation (NAT) to communicate. As a result, some companies, such as Yahoo!, are planning on moving their entire infrastructures to IPv6 by the end of 2011. Others, such as Google, are already partially using it.

Now is a great time for Network Operators and Website Owners to test their readiness for IPv6. If not ready, implement it! Etnacom can help – whether it is taking the lead for your transition or simply advising and supporting your infrastructure changes, we are equipped with the expertise and experience necessary to help.

This is a very dangerous scenario for any organization, and unfortunately one that occurs too often. If the person managing the security system doesn’t know why it is configured (or at least be able to track it against a higher-level policy) the configuration will eventually slip, leading to a myriad of vulnerabilities. Therefore, it is imperative to deploy business-level rules alongside technical configurations in order to track and maintain a particular security scheme.

Let’s look at a simple example of how business rules can make a firewall configuration much more relevant. Say your firewall rule set looks something like this:

ACCEPT 		SRC ALL ALL 			DST 192.168.1.100 TCP/80
ACCEPT		SRC 192.168.2.0/24 ALL		DST 192.168.1.101 TCP/53
ACCEPT		SRC 192.168.2.0/24 ALL		DST 192.168.1.101 UDP/53

There are three rules in this particular configuration. The first is easy – it looks like a web server will accept traffic from any source. What about the next two? Port 53 is DNS, and the firewall is configured to accept DNS traffic only from a certain network. In this case, that network is the address space that VPN users are placed into when they connect from outside. If those rules aren’t documented properly in English, an inexperienced system administrator might one day be confused and make changes in haste, leading to one of two scenarios:

1. The sysadmin doesn’t understand why there is a rule for port 53 only from one particular network and changes it to allow connections from any network. If this is an internal-only DNS server, this is a big problem as that service is now available to the entire network!
2. The sysadmin doesn’t understand why the rule is there in the first place and deletes it altogether, causing a serious service outage for VPN users.

I’ve seen many system administrators simply place the “business rule” in a comment in the firewall’s configuration file. While this isn’t a bad idea, it shouldn’t be the only form of “business documentation”. Remember, there are usually others involved in security policy management that aren’t firewall administrators, and they will need a reference point as well. Instead, use a completely separate database or special software to catalog these rules. If you need a low-budget solution, create an internal wiki page or word document with a list of business rules and assign an ID number to each one. Put comments in your firewall configuration file next to each rule, matching it to a particular ID number.

Remember, security is a process, not a product. Ensuring that you have an appropriate method to catalog and manage firewall rules against business rules is a great way to improve and sustain any network security program.