Archive

Archive for the ‘Management’ Category

Encrypted E-mail Solutions

Here is some information on setting up secure e-mail encryption with outside parties. There are basically two options available. Prices can vary based on the selected vendor and the information provided is for very general planning purposes and we would need to formally quote these before going forward. The major difference is how widely you intend on sending encrypted e-mail, and cost.

S/MIME:

This method is the simplest form of transmitting data between two trusted partners or individuals.

  • Pros: This security is built directly into Microsoft Outlook and it’s use is seamless for the sender and receiver. Meets HIPPA requirements for PHI. Best solution for a small number of users. Fastest method to receive encrypted e-mail. Lowest start up costs for a small number of users.
  • Cons: This requires a Digital Certificate to be purchased, renewed periodically and installed on both the sender and receiver systems. There is a degree of configuration required for all parties. Apex can provide support to other business with their permission and for an additional cost. E-mail is only encrypted when sent to recipients with Digital Certificates, you can accidentally send PHI or confidential information to the wrong person. Both users need to be configured before you can send encrypted e-mail.
  • Best Fit: When you’re exchanging secure e-mail with a well defined set of outside businesses and individuals which will not subject to change frequently.
  • Costs: $100 per user who will be receiving encrypted e-mail (reoccurring every 3 years); and $200 per user at an outside company who will be receiving encrypted e-mail (reoccurring costs every 3 years) – price include the rough estimate for labor and the Digital Certificate.

E-Mail Gateway:

This method will use a set of rules defined on the server to automatically determine PHI, such as sender/receipient/subject/content/etc. The system will automatically convert those e-mails into an encrypted format and send them to the recepient. There is no special software or configuration requirements for the sender or recipient.

  • Pros: This is good when the list of senders or recpients is not well define or may include home users. Automatically protects all PHI to avoid accidentally sending PHI in an unencrypted format, regardless of the recpient. On-the-fly encryption to anyone, which doesn’t require pre-configuration. 
  • Cons: It may require the recipient to go to a website to download the attachment, which makes frequent use of this method a slower method. Additional server hardware, software and maintenance is required.
  • Best Fit: If you’re exchanging e-mail with a diverse group of not-well-defined individuals, who may not have the ability or knowledge to work with Digital Certificates.
  • Costs: Around $3,000 per three year term, plus hardware around $1000 and installation labor and ongoing support. Pricing is subject to change, this was based on old pricing before Symantec Acquired the product from PGP. Another solution is the Cisco IronPort E-mail Security Appliance.

Hosted E-Mail Gateway:

Basically the same as the E-Mail Gateway from a security standpoint, with the only difference of the costs of implementation. The hosted solution doesn’t require a server nor the related hardware, software and support costs. However, it does have a higher ongoing service fee.

  • Pro/Con/Fit is the same as “E-Mail Gateway” above.
  • Costs: McAfee Email Encryption is $4,930 for a three year term for 100 users (again we need to do the entire company); or one year for $2,055.00 Other providers are McAfee/MXLogic Hosted Solution
Advertisements

IT Services Policy: Billable Hour

This is to help define what activity is billable versus non-billable activity under a typical Managed Services Agreement (MSA/MSP). Beyond the obvious that activity which is for the direct benefit of a client, and that activity relates to either an hourly billable event and/or counts against a contract – that activity is considered billable. However here are some additional examples of each:

Billable

  • Company internal work which is assigned a ticket from the IT Manager
  • Client work (ticket & project) which is assigned a ticket from the IT Manager
  • On-site, remote and bench work which is billable to the client
  • In-office prep time for billable on-site time (pulling equipment for install, etc)
  • Warranty work for “completed” tickets performed by someone else
  • Travel time to/from clients, except for before/after work/lunch periods.
  • Design & Implementation meetings for clients – “here is how we are going to go about backup”.

Non-Billable

  • Training, education, conferences, etc.
  • Corporate meetings, one-to-ones, etc.
  • Warranty work for “completed” tickets performed by yourself.
  • Client “touches”: stats updates, “hi”, proposals
  • Training meetings regarding clients – “here is how you….”

Technology Policies/User Passwords

It is the general policy that the IT staff does not need to know the individual user passwords and will take every effort to ensure that we do not keep this information. As a result, whenever we need access to a users account, we will generally choose one of two options:

  1. Have the user (if available) enter in their password; or
  2. Change their password on the server, and when completed, set the password to “require change on reboot”.

It is important that after a users password has been reset, that the following process be followed to notify them of their new password:

  • A note (preferably type written) explaining that work has been completed on their system and to check their voicemail for their new password.
  • On their voicemail, leave them their password (repeat slowly twice) and inform them that they will be prompted to change it when they next log on. Additionally, if they have questions to contact the office.

Technology Policies/Network Printers

Network Assignment

To properly configure network printers initially on a windows network:

  1. Leave printers setup in DHCP
  2. Check DHCP server and use the MAC address information to establish a DHCP reservation. Remember to set the reservation in ‘all’ DHCP servers.
  3. Restart the network printer as necessary
  4. Add printer on server via TCP/IP address
  5. Deploy via Group Policy

Color Network Printers

  • Configure default color setting as “black & white” which will force the end users to choose color only when the want it.
Rationale: From experience, users will not elect to go through the extra steps required to select black & white when printing and e-mail or website, even when color is not necessary. However, these extra color pages can contribute significantly toward the number of annual color pages.
  • Color printing access: depending on the printer/MFP device, along with its drivers, there are several options to restrict color printing.
  1. Use the printer configuration for access control lists within the printer itself, which will then require a “code/password” on each client’s workstation to be setup.
  2. Create two different shared printers on the server, one of which is black & white only (color disabled) and then use windows ACL to determine who has access to which features

Technology Policies/Guest Users

We’re starting a new series on Monday called “Policy Monday” to help share common technology policies. This week we’ll start with Adding Guest Accounts to the Network.

The following is a general guideline for creating guest user accounts on Active Directory based Windows network.

  1. Create a new Guest Organizational Unit
  2. Create the guest account:
    1. If it is a role account (several temps performing the same job) then create a “role based” username
    2. If it is restricted to a single user for a short period of time, then create a “real name” based username
  3. Set the account expiry to something reasonable
  4. Set the change password on next logon and assist the user with their first logon to the desktop.
Tags: , , , ,

U.S. To Train 3,000 Offshore IT Workers

Federally-backed program aims to help outsourcers in South Asia become more fluent in areas like Java programming—and the English language.By Paul McDougall, InformationWeek
Aug. 3, 2010
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=226500202

 
Despite President Obama’s pledge to retain more hi-tech jobs in the U.S., a federal agency run by a hand-picked Obama appointee has launched a $36 million program to train workers, including 3,000 specialists in IT and related functions, in South Asia. 

UPDATE: InformationWeek has learned that USAID just launched a similar campaign in Armenia. 

Following their training, the tech workers will be placed with outsourcing vendors in the region that provide offshore IT and business services to American companies looking to take advantage of the Asian subcontinent’s low labor costs.

Under director Rajiv Shah, the United States Agency for International Development will partner with private outsourcers in Sri Lanka to teach workers there advanced IT skills like Enterprise Java (Java EE) programming, as well as skills in business process outsourcing and call center support. USAID will also help the trainees brush up on their English language proficiency.

USAID is contributing about $10 million to the effort, while its private partners are investing roughly $26 million.

“To help fill workforce gaps in BPO and IT, USAID is teaming up with leading BPO and IT/English language training companies to establish professional IT and English skills development training centers,” the U.S. Embassy in Colombo, Sri Lanka, said in a statement posted Friday on its Web site.

“Courses in Business Process Outsourcing, Enterprise Java, and English Language Skills will be offered at no charge to over 3,000 under- and unemployed students who will then participate in on-the-job training schemes with private firms,” the embassy said.

USAID is also partnering with Sri Lankan companies in other industries, including construction and garment manufacturing, to help create 10,000 new jobs in the country, which is still recovering from a 30-year civil war that ended in 2009.

But it’s the outsourcing program that’s sure to draw the most fire from critics. While Obama acknowledged that occupations such as garment making don’t add much value to the U.S. economy, he argued relentlessly during his presidential run that lawmakers needed to do more to keep hi-tech jobs in IT, biological sciences, and green energy in the country.

He also accused the Bush administration of creating tax loopholes that made it easier for U.S. companies to place work offshore in low-cost countries.

As recently as Monday, Obama, speaking at a Democratic fundraiser in Atlanta, boasted about his efforts to reduce offshoring. The President said he’s implemented “a plan that’s focused on making our middle class more secure and our country more competitive in the long run — so that the jobs and industries of the future aren’t all going to China and India, but are being created right here in the United States of America.”

Obama in January tapped Shah to head USAID. At the time of his appointment, Shah—whose experience in the development community included senior positions at the Bill & Melinda Gates Foundation—said the organization needed to focus more on helping developing nations build technology-based economies. “We need to develop new capabilities to pursue innovation, science, and technology,” said Shah, during his swearing in ceremony.

Sri Lanka’s outsourcing industry is nascent, but growing as it begins to scoop up work from neighboring India.

In addition to homegrown firms, it’s attracting investment from Indian outsourcers looking to expand beyond increasingly expensive tech hubs like Bangalore, Hyderabad, and Mumbai. In 2007, consultants at A.T. Kearney listed the country as 29th on their list of the top 50 global outsourcing destinations.

 

10 Tips for Hiring a Computer Consultant

As business-related technology becomes increasingly sophisticated and complex, many business owners, office managers and systems operators are turning to independent computer consultants to develop high tech business solutions that keep a company ahead of the competition and ensure their operation has the tools and training needed to run smoothly and efficiently. But how do you go about finding and hiring a qualified consultant who understands your business needs?

The Independent Computer Consultants Association (ICCA), a national not-for-profit organization which promotes ethical professionalism within the industry, offers these 10 tips for choosing a consultant:

Read more…