Thursday, February 24, 2011

Easy Video Conferencing anytime, anywhere

A few days ago I had an email exchange with a group of industry peers started by one of them, an IT Manager of a single office Law Firm, asking about Video Conferencing vendors and strategy. He is starting a project on this area and one of the requirements is to have the ability to conduct business with clients via video. His questions got me thinking and I pointed out that he should look beyond the Conference Room, another requirement. I think that we all have to approach video conference this way nowadays and make it available to internal and external customers anytime, anywhere in order to enhace enterprise collaboration.  Yes we need good setups in conference rooms, especially in multi-office environments such as where I work, but this technology has evolved during the last two to three years in part propelled by emerging technologies and trends such as Skype, mobility or a more mobile workforce.
Is Skype changing the game?
Certainly. Whether or not your enterprise supports Skype, you are probably asked to provide access to it often. We neither support it nor allow it in our Firm’s machines for security concerns primarily, yet we still have to provide our business with tools that facilitate the way they conduct business, which has led us to both be creative and upgrade our Video Conference Equipment infrastructure (VCE), which is Cisco Tandberg.
One thing that we have done to avoid Skype is use our Webinar technology. We use AdobeConnect to provide clients with presentations and other marketing events. We have taken advantage of the software’s video and VoIP capability by creating “Video Rooms” that our attorneys and their client can access securely over the web and run meetings effectively. It has been a good work around for now but the challenge expressed by our internal customers is that they need to be accessible by clients in an ad-hoc manner like that provided by Skype and such tools.
Today, after a recent upgrade to what I call “Cisco Tandberg ecosystem” we can provide stronger alternatives to our attorneys that extend the video experience to the desktop/laptop. This means that regardless of physical location, attorneys will be able to communicate via video with both internal resources and clients or partners outside the firm.  We are introducing two different tools that we can now provide: Movi and Conference Me
Video Conference anytime, anywhere.
Movi, is a small SIP client that we can deploy internally and externally so that attorneys, staff and clients can participate in Video Conference right from their desktop regardless of whether they are inside or outside our network. The client can dial another Movi user and have video calls anytime in an ad-hoc fashion, or you can call video conference bridge that is in progress in the Codian. Now, one of the beauties of it is that we can send the executable to our clients who will now have the same capabilities as our internal customers. Attorneys and clients can now call each other regardless of where they are and have video conference meetings just like they would do with tools like Skype. Furthermore, with just one click of a button, Movi is also capable of sharing your desktop for presentations or document reviews for example, something very valuable for industries such as legal.
Another tool, Conference Me, has its place too. This tool can give internal and external customers access to video conferences held in the Codian from a web browser. We send the client the link they click on it and register to our VCS and they are in the conference room, much like we use our AdobeConnect today. This is more like a scheduled conference where everyone has to enter the bridge to communicate, but just as effective as being in the conference room. Conference Me can also be used in Streaming mode, so that attendees can watch meetings without necessarily interacting with presenters.

The Challenge: Conference Management.
Or is it? The Tandberg ecosystem also includes two management pieces, the Tandberg Management System, TMS; and Tandberg Content System, TCS. Traditionally, our Technology Department has been heavily involved with opening and tearing down these meetings which were held in pre-defined “bridges” in our Cisco MCU. However, with the addition of TMS meetings can be scheduled and dynamically started and finished by anyone with proper training. We are looking at delegating this function to our receptionists who are heavily involved with all type of video or audio conference scheduling anyway. This will eventually free up IT resources that can concentrate on other activities and only engage when troubleshooting is needed.
All of these meetings can be recorded by TCS and make accessible internally or externally to be viewed anytime. We have used this tool many times in different ways, such as regular meetings or presentations, or attorneys preparing for depositions, trials and such. And the addition of TMS will make it much easier to use as the recording piece will be scheduled just like any other endpoint.
What’s next?
Telepresence has been the next big thing in video conferencing for a while, but as you can see other, more affordable tools have emerged and in my opinion this trend will continue, beginning with enterprise video to mobile devices such as iPhones, Droids, etc. In fact, we have effectively tested a couple of H.323 apps for the iPhone which can be used to connect to our Codian conferences. I see this as big trend especially with newer video enabled tablets coming up soon. I can see how tools such as AdobeConnect could potentially be used from tablets in the same way we use them today from desktops to do presentations that incorporate VoIP and video.
Skype, and Skype-like service will continue to make their way to the enterprise and there are a few gateways that provide bridging to them today. If you are an AVAYA customer for example, they now have a gateway service that bridges telephony to Skype and they are working on video. Until Skype can be more transparent the challenge is avoiding having to run the Skype client inside your network.

Presence systems deployments, another feature of Movi, will continue to grow. We are expanding our Cisco Presence system, an Instant Messaging tool, which can now support video natively as well as IM with a click of a buttom. In fact, Cisco is incorporating Movi as its video engine and, in my opinion, will eventually phase out one of the two and give the client (CUPC) a new wacky name as they usually do.
Telepresence will eventually get there too, but that is big setup in a Conference Room, and adoption will continue to be slow until it is made more affordable and mobile. Small and mid-size business will take on Video Conference more and more as it becomes more accessible. The botton line is that we need to communicate effectively anytime anywhere, and for us Cisco Tandberg is making it possible for us.

Sunday, February 6, 2011

Technical Safeguards for Legal regarding HIPAA

In February 2010 the Legal Industry got hit with a pretty big compliance issue when the HI-TECH Act made changes affecting HIPAA Business Associates. The legal world gets directly affected by these changes because Law Firms that work with Covered Entities through their Health Care, Litigation, and perhaps other practices, become Business Associates. I will not go any further into details of the actual specifications of the law. Instead, I will focus on what you could do to implement Technical Safeguards to protect Electronic Protected Health Care Information, ePHI. Meanwhile, I will refer you to ILTA’s HIPAA Rules for Law Firms article enclosed in the Peer to Peer edition of March 2010. Notice that I am only dealing with Electronic PHI here, and hard copies of this form of data deserve attention as well.
Protecting that pesky ePHI and THE FIRM
HIPAA brings new Information Management and Information Security challenges to the legal industry and its technology practitioners but it is also a good opportunity to protect your firm as a whole, which I have been preaching since engaging in the HIPAA project because of my background on security. Any regulatory compliance requirement that your firm is going through is an opportunity for the Technology Department to build a strong security program around it. You may not need to apply specific HIPAA safeguards to the whole firm, but I can assure you that there are other regulations that you need to comply with, and if that is not the case, it is just common sense, especially with new regulations around Personal Identifiable Information around the nation.

Since we are focused on HIPAA here, let’s take care of the Health Care practice and the HR area that deals with ePHI and problem solved you may be thinking. Wrong! Expect MANY folks outside the Health Care practice to be BAs because involvement in different Matters. I encourage you to conduct a survey asking who handles any type of PHI, whether electronic or not. I bet you will be astonished with the results.
BUT WHERE IS THAT DATA? I mean, really. Do you know where all the ePHI is? If you do, then I salute you. Oh, and I know that you are thinking about your Document Management System, DMS, your Financial Systems, and your File and Print servers. Is that it? Can you probe it? How about laptops, desktops, and other servers? This is an ongoing process and the stepping stone of any implementation that follows. You can’t protect something that you are not aware of. It is important to understand that you must be able to log and audit your systems in order to probe compliance. Thus, my inclination for systems that meet that critical requirement.
Today there are tools that can scan your network and leverage built-in dictionaries and rules that help you identify compliance specific data. They are often referred as DLP tools (Data Leak/Loss Prevention tools) however, don’t rely on them completely. Talk to the data owners and users as well. I have found over the years that users are the best resource that you can use while building your security program.
We found the data, let’s build the Fort
Let’s start with Access Control. Make sure you understand your network as a whole, especially your Active Directory (AD) Security Groups and other security elements of it. I am sure that you follow industry best practices, but can you audit and probe that? Implement a strong Security Information and Event Management tool, SIEM, which goes beyond traditional Log Aggregation. Products such as TriGeo, and LogRythim have built-in “intelligence” that not only can help you log and audit, but also aid your Change Management strategy, something I am big on as stated in my last post. You will gain visibility into any changes made into your security groups. There are also AD specific auditing tools that can aid on this area and may be more accessible such as ManageEngine products.
Additionally, take a look at your Ethical Walls approach and see if you can extend it beyond your Records department. It is extremely important that there is ongoing communication and collaboration between IT and Records during this process so that you can expand your strategy to areas of IT such as DMS, and Financial systems through software like RBRO, WincWall or IntApp, in addition to Risk Management built-in features in your DMS or Financial systems.
Data in Motion is not only email
We often think of Data in Motion as email, so let’s start there. My background in Health Care taught me one thing: securing ePHI moving through your messaging system could become a nightmare if not thought thoroughly. In my experience I’ve found that the first thing to mind is TLS, which is a great encryption method, yet unmanageable in mid-size and large environments. The same applies to a Certificate based PKI approach. In both cases, the challenge is managing all those certificates and keys. Furthermore, you’ll have to deal with those smaller Health Care practices that don’t have an IT Department capable of setting up managing their end.
A third solution includes full email encryption products that deliver encrypted messages to the recipient’s inbox. Products such as Cisco’s IronPort, ProofPoint, or the very well-known in the Legal vertical Mimecast deliver messages either as encrypted attachments or with a link that will redirect you to a secure site where you can read your messages and take action on them. I highly favor this approach because they are centrally managed, more scalable, and have stronger logging and reporting capabilities. However, be prepared to provide clients with the other two alternatives. You will come across end-users that will hate having to go through an extra step to “just read an email”.
Then there is the new world of mobility, which includes Laptops in all forms, USB drives and other removable media, Smartphones, tablets and the list keeps growing.
You can address issues around laptops and removable media with Encryption tools such as those offered by Check Point, PGP, or Credant, or the free, yet extremely strong TrueCrypt. You will have to pick “your pain” when it comes to encryption. If you choose to go with a Full Disk Encryption approach then you are going to have to deal with pre-boot authentication, which can become a pain when performing trivial tasks such as troubleshooting a system that needs to be rebooted, or deploying software upgrades (in addition to the adoption opposition). If you go with just File Level Encryption only, your devices may still be exposed to Brute Force attacks. And then, there’s Credant’s interesting approach, which encrypts at the file level, yet, it protects the machine’s registry that deal with AD Security database and swap files, which protects the device against access attacks. I really like this approach.
Encryption tools also protect removable media such as USB drives and even SIM cards in Smartphones by deploying policies that can limit device access, white list them so that only approved devices are allowed, and encrypt data in a similar way as previously described. Just make sure that you are aware of what your mobile device float looks like and that you set expectations with regards to client involvement, meaning, what to do when you send data and devices to each other.
Smartphones are also a concern, and although most people think of the problem in regards to email I think that we need to look further and create a strategy that address security concerns around it as a whole, just like you handle laptops. As stated in 2010 ILTA Conference session, Strategies for Managing Disparate Devices in Your Mobile Fleet, these devices are PLATFORMS, so you must threat them as such. I will dedicate a different post to this topic, but for now, know that there are tools that can help you manage these devices by separating corporate data from personal data and in turn, encrypt and control the business data and take action such as deny access or remote wipe the firm’s data. Examples include Good Technologies, MobileIron and Zenprise. McAfee and TrendMicro among others, are also coming up with AV Software for these devices, which in my opinion, will be a must have by the end of this year.

If your firm is dealing with HIPAA, then take this an opportunity to enhance your Information Security program, which in my opinion, has been traditionally too loose in the Legal sector. I will be blogging later on Information Security Policies and Procedures, as well as Disaster Recovery, which are important areas to achieve HIPAA compliance.
What is your firm doing to protect Electronic Protected Health Care Information? Moreover, what other regulations are hitting your firm?

Wednesday, February 2, 2011

The Impact of Change Management on Technology Operations

For the last 18 months or so I have been researching and advocating for the need of having a better control of change in our environment. I strongly believe that Change Management is not “a thing for developers and project managers”.  It is widely known that many times we cause our own when we upgrade a system, or make a small change to a configuration, that triggers, sometimes not immediately, a sequence of events that can have a negative impact in our network operations and services that we provide. We have implemented a series of tools that have started to have positive impact in our Technology Operations.

Our Tools
The first tool that we introduced was DeviceExpert from ManageEngine, which added serve as our Backup tool for Network Gear and had a Change Management module that soon became popular. Because of this software, I started to understand how Change Management could help us improve troubleshooting, and operations of our network, and I started “evangelizing” about the need for a tool that took it beyond that area and covered as many systems and processes as possible

About six months our Technology Director and I started discussions around how it could help us and we soon added the rest of our Management team and we were all on board. Armed with all the input that we gave him, our Director designed and developed a Change Module that was added to our Resource Management and Systems Catalog portal which we named Techsystems. We use this module to log changes that we make to the systems and processes that we support. Granted, it is a manual process today, but it is already helping us resolve operation issues and it has great potential.

So How Does Change Management Impacts Operations?
In my opinion, one must have feature of a tool like this is the ability to create and schedule reports, and actually look at them. Both of our systems deliver reports that we review individually and then as a team during our weekly meeting. The result? Better picture of what’s happening and possible impact of changes made that were otherwise previously unknown.

I’ll now give you a couple of practical examples of how it helped our team overcome a couple of issues. One day we started receiving blank faxes from our Fax Server, which usually means that there is a communication issue somewhere.  I knew it was a missing setting in either our Cisco Unified Communications Manager or one of our routers that server a gateway to the server, but I couldn’t remember where it was. We spent the next couple of hours going over different settings in the Communications Manager and some of the routers until I finally remember that there was DeviceExpert and shouted it out! We immediately turned to it and ran a Change Management report, which showed the setting that was missing in one of the Routers. Issue resolved. Our problem was not looking at this report earlier because we had never used it. Since then, I have made this my first step to troubleshooting where it fits and I encourage our engineers to do the same. That’s where the value of the tool is. It’s just not a log that you never look at; it is a tool that can help that should be used.

Last week our Financial Systems Administrator found out that our calls had not been properly billed since January 11th. Not good in a Law Firm. He spent a couple of weeks trying to figure out what the problem was because other members of the team had been busy traveling or in projects. This past Monday we finally had time to talk about it and my first questions were to describe the situation and tell me when this started happening. With that information we went straight to Change Management and looked up the log to see what had happened around that time, and sure enough, there were some changes made in the server that host this process. Then, we were able to trace the problem back and revert to original configuration and in about 20 minutes the process was working properly.

If you change it, log it. If you log it,  look at it and share it. What are you doing that is helping you with Change Management?

Tuesday, February 1, 2011

Launching the Hands-on Technology Operations Manager Blog

Thank you for visiting my blog. My name is Carlos Rodriguez and I am very excited about my new blog. I will be blogging about topics such life of a hands-on Technology Managers, various technical subjects that I deal with in day-to-day operations of the network that I oversee, projects that I am working on with my team, and sometimes personal topics as well.

Who am I?

I’d like to tell you a little bit about me. I am originally from Venezuela and moved to The US in 1999. I have been married to my incredible wife Johanna for 11 years now and live in Columbia, SC where we settled since we moved in. We have two children.

My Experience

My career in the technology world began in 1997 in Venezuela while I was still attending school.  I obtained my BS in Computer Science degree there in 1998. I started as a Field Technician and then went on to do some Computer and Networking Sales and Consulting on my own. I then moved to The US in 1999 where I have worked in technology in industries such as Call Centers, Consulting and Legal. Throughout my career I have work as Hardware Technician, Data Processor, Systems Administrator, Help Desk Technician, and Supervisor, Network, Voice and Security Engineer. Today I work for Nexsen Pruet, LLC Law Firm, where I started as a Systems and Voice Administrator and now oversee the Network Operation of a mult-isite organization running on MPLS as the Network Manager, where I am responsible for the team that oversees the day-to-day operations in the areas of WAN, LAN, Voice, Data Center Infrastructure and Network Security, while assisting in areas of Mobility, Citrix, Servers and Virtualization.

Beyond Technology

I constantly seek personal and professional development through reading, and training. My core technology areas are Networking, Voice, Information and Network Security, and Server Operations; which has led me to seek and achieve certifications such as CCNA, CCNP, CCVP, MCSA and Security+. In addition, I will be pursuing other certifications related more to Technology Management such as Project Management Professional, and ITIL. I am very passionate about constant improvement. I believe that my mind is the best tool at my disposal and that I can create my own future through, therefore, I train it just as I train my body and my technical skills.

Leadership: My Passion

In addition, I serve as a volunteer in several organizations, including The International Legal Technology Association, ILTA, The Carolinas Cisco Users Group, CCUG and The Information Technology Council of the Greater Columbia Chamber of Commerce, ITC. I am a contributor in those organizations in areas of Leadership, Authoring having had a few articles published, and as a Speaker.

My goal with this blog is to share my experiences managing a team and network in a medium size environment, as well as creating a forum where we can discuss ideas and share practical examples so that those of us in similar environments can learn from each other and apply them in our environment when possible. I truly believe that I am not alone, and most importantly, that we can no longer isolate ourselves from those that share the same challenges. Collaboration is one of the keys to succeed in what we do. In addition, you will see a lot of posts related to the Technology Operations within the Legal Industry, which is my the vertical I work in.