Wednesday, April 27, 2011

Using Managed Services and SaaS in your Information Security Strategy Makes Sense.

Over the last several weeks we’ve seen how big corporations have been hit by security incidents. Those who made the news were often because of incidents related to Data Loss, such as WikiLeaks or Episilon events. They show the need for security professionals in the enterprise is increasing. And there are other areas of concern like the current landscape of advance threats, internal threats from disgruntled employees or insider trading, or increase in usage of services like Dropbox, Skype, and mobile devices among others. And when solid Information Security vendors such as RSA and Ashampoo experience data security breaches, I just wonder if there is hope for the rest of us? I believe there is and it may not be inside your organization.

When it comes to information security I believe that you must hire the best resources that you can. Whether internal or outsourced this group must have the skills, knowledge and access to do what they need in order to preserve your company’s data, which should be one of the most valuable assets of the organization. And hiring partners in the form of SaaS and Managed Service Providers, MSP, makes sense because hiring your own resources with those skills will certenly be very costly.

We are a small team of two and half that is responsible for Network Infrastructure and Security for an eight offices, 400 employees law firm. None of us is a full time Security Professional dedicated to the area and that is why I have been making strategic alliances with our Security Vendors that can help us built a strong security team. For years we have partnered with DELL SecureWorks, one of the world’s strongest Security MSPs. Although all of us are very good security engineers with security certifications and strong skills, we just don’t have the manpower to dedicate a FTE to be watching firewall logs and alert us of possible incidents. The superior work that SecureWorks does led me to grow our relationship by also outsourcing two areas that are important to any security program, especially when regulations like HIPAA for example, are part of the conversation, such as IDS/IPS and Log Retention. They add value to our team by tackling the biggest challenges that these technologies present: keeping up with the logs and alerting when suspicious behavior is present. We still have to do our part, which is reacting to the alerts and mitigating the threat, but we have been able to react and pull machines out of the network or close a whole within minutes. Even if we had a dedicated resource for this area, I don’t think that we would be able to react and take action that quickly.

We’ve also hire SaaS companies to help us secure other areas of our network perimeter, specifically email spam, malware, and DLP filtering, and also Web Content Filter. We are currently transitioning our email edge security to Proofpoint, which has immediately added value to our security program with its very strong DLP engine. There are two things I like in particular about this vendor; one is that we don’t have to maintain the DLP dictionaries, something that most vendors would defer to you. The other one is that the appliances which are not in our premises, would attempt to make a TLS connection to the peer email server(s) and if it can’t and there is sensitive information, then it would send a secure message to the recipient. We still need some folks to look through logs and take some actions but less is required from our team. This setup is becoming kind of the standard on today’s email security practice.

At the web browsing edge we have merged from a complex in-house solution composed of three different vendors to another SaaS solution with ZScaler. Since merging to it, the Malware infection in our machines has decreased by 60%. We filter through many gateways in Zscaler’s private cloud by putting a PAC file in the machine’s web browser and the user then filters through the closest gateway to her. This is generally kind of pre-set when the user is in the office because we would always hit the closet gateway to our data center, and will fail over to the next closest one if the one goes down. Now we also have the ability to protect our laptop users when they are outside our offices. In that case, the Zscaler’s Geo-Location feature kicks in and the user browses through the closest node to her, whether she’s in her house, California, or Europe she will always hit the closest gateway available and proper security policies will be applied. The only time when we get involved is when a website is blocked and it someone needs access for business reasons. Many other capabilities are available with this engine, such as throttling bandwidth for media streaming or file transfer, which we use, DLP, which we are testing, or ability to prevent users from posting to media sites such as Facebook or Twitter. It can also block web access from pre-determined browsers, such as old IE, or Firefox for example.

Our team is still responsible for managing areas such as Anti-Virus and Malware, securing network gear, Server and Workstation patching, some areas of physical security and soon HDD and Media encryption, which are all candidates for outsourcing as well. However, we are much more effective by working with trusted MSPs and Security SaaS vendors than if we did it all in-house because. First of all, proper staffing to achieve the same goals would be costly and today is simply out of reach, and second, they can help us keep up with the ever changing and developing threat landscape while reacting to real attacks in a much faster and effective way. In addition, I can now concentrate in developing Policies and Procedures, Incident Response, as well as the other operation areas that me and my team are responsible for. It just makes sense to go this route as opposed to investing on in-house skills.

Monday, April 18, 2011

ILTA Conference 2011. Server Ops and Security, and Tech Ops Teams will deliver great content

2011 rev-elation Conference is approaching and our Server Ops and Security PG is bringing great educational content to it. Our fabulous Steering Committee team, led by Bob DuBois, and completed by myself, Tom Crowe, Mark Brophy, Nate Smith, Dave Nevala, and Toni Brester has done a great job developing sessions around topics often seen in the discussion boards around different technologies that support our demanding law firms. But first, a quick overview of the Conference Team.

The journey began on Friday August 27th of 2010 while many of us where returning from the fantastic 2010 Strategic Unity in Las Vegas. Right then, our awesome Co-Chairs two-year veteran, Meredith Williams, first-year Co-Chair Kathy Lentini, BoD Liaison, Eric Anderson, along with ILTA’s TJ Johnson and Peggy Wechsler, began looking at their strategy to tackle this year’s conference. As for myself, I am on my 2nd year representing the SOSPG in the Technology Operations Track. Meredith and Kathy made a great choice by appointing Skip Lohmeyer as Tech Ops Team Leader and together they brought in an impressive group of Legal Technology Professionals that make up our team. The same is true for the other three teams that complete the whole Conference Committee, which are Information Management, Organization Management and Applications/Desktop. Together the committee has come up with almost 200 educational sessions. I thought that last year’s conference was the best that I had ever attended; today I realize that I will say that after each conference that I attend. It is just amazing how the team came up with this amazing content, and how ILTA does it every year. Last but not least, Gaylord Opryland Resort has made an impressive recovery work after being 8-10 ft. under water after the flood in Nashville last year and it is looking better than ever; what a gorgeous venue for our Conference. Oh, and they will tell us their recovery story in Conference. You can’t miss it.

I can only give you a 10K ft. view of what we are bringing to conference as a Peer Group but I am very excited about our sessions and I know you will as well. The team tried to create good balance to bring relevant content that can have an immediate impact on technologies that you are currently evaluating from a servers operations and security perspective. In addition, the whole Tech Ops Team is delivering equally well balanced and amazing advanced sessions in areas of technology infrastructure that support our computing networks. Here is a quick view:

IPv6. Yes is finally coming. And it will be at ILTA this year as well. We are teaming up with the Emerging Technologies PG to deliver two sessions that will unveil IPv6 for us and what it means to how will be running our networks soon. As a reminder, watch out for “World IPv6 Day “on June 8th. If you thought this is not relevant think again as Asia have ran out of IPv4 and Europe is next as reported by NetworkWorld here

Endpoint and Media Encryption. Three different Law Firms will tell their story on why this technology is needed, what’s available, what to watch for. There will be content for all firm sizes here.

VDI. We’ve done this one before, but never at this scale. See how two very large firms with global foot prints have delivered hundreds of Virtual Desktops effectively. An impressive session is being developed with equally impressive speakers.

Securing the Virtual Environment. You have to come see this one because traditional security no longer applies to the virtualized world.

Upgrading to Exchange 2010. How do you prepare for it? What challenges can you encounter when coming from different previous versions? Two firms and one of our great ILTA Sponsors will prepare you for it.

Technology Operations Forecast. The way we design, implement, and manage technology will not be the same. This session is part of ILTA’s Law 2020 initiative.

And there are other amazing sessions being delivered by the Tech Ops Team which include, a Disaster Recovery session where the Gaylord will tell their story after the flooding and a global firm with offices in Japan will do the same after the massive earthquake and Tsunami that hit them this year. Other Sessions include DLP, Exploring the Exchange 2010 Ecosystem, Hosted Communications (both voice and email), Securing Windows 7, Keeping Documents Secured in Mobile Devices, and Change Management Impact on Tech Ops.

Go register for this year conference, and when you get there, check out the SOSPG group and Tech Ops sessions. You don’t want to miss this year’s conference! And please join me on thanking the amazing people behind our PG and Conference Committee teams for contributing with their time and knowledge to help ILTA make this great conference happen!

About ILTA. For over three decades, the International Legal Technology Association has led the way in sharing knowledge and experience for those faced with challenges in their firms and legal departments. Through delivery of educational content and peer-networking opportunities, we provide members information resources in order to make technology work for the legal profession. Visit ILTA at

Sunday, April 3, 2011

I Shall Become a Virtual Machine

“As far as personalities are concerned, if men are from Mars and women are from Venus, then IT people are from Microsoft and their business partners are from Apple.” Susan Cram in her book 8 Things We Hate About I.T.

The statement above got me really thinking, observing, analyzing, and connecting. At the end I concluded that I wanted to become a Virtual Machine. Let’s take a look.

IT people are generally seem, rightfully so, as Geeks and according to Paul Glenn from Leading Geeks they “are more captivated by technique than application.” This next statement in the book made me think about the Apple vs. PC commercials. On the one hand we have the Geek representing PC, or really Microsoft, who needs to do so much work to get a task done. He also struggles explaining the How, but cares little about the Why. On the other hand, we have the modern guy who just gets the task done. His main concern is to efficiently do what is needed from him while also being innovative and creative.

The problem is that they constantly fail to communicate, at least effectively, which is one of the big problems between IT and business units. Business Leaders are concern with strategy, growth, revenue, profits. And they should. However, more often than not they assume that IT can deliver what they need, the way the need it, and when they need it without discussing the current business goals and strategy with IT Leaders. On the other hand, IT believes that they know what they are doing and that they are delivering value to the business. Many times we assume that we are valuable to the business because we just delivered the newest, fastest and coolest Intranet, Phone, Email, Billing or ERP Systems. But is that what the business need in order to growth, generate revenue, and profit?

Connecting Apple and Microsoft

Then I started thinking about Citrix and VMware, two major technology players today that deliver Virtualized platforms such as servers, applications and desktops. Why? I own an iPad and I absolutely love it. While I don’t consider it my primary tool to conduct my day-to-day work (yet), more and more often I use the Citrix Receiver on it to connect to my Firm’s system and do my work. Others may use VMware View client to get the same work done, and again, the common theme between those two is that they are virtual platforms that are pretty much hardware or OS agnostic. Their sole focus is to Connect you to your office so that you can do your work. While I understand that this approach may still not address the two platforms failure to communicate to each other, I do believe that it addresses the disconnection between them because I can now run a Microsoft Desktop or Application, in an Apple device (chuckling while picturing Steve Jobs laughing about it)

Becoming a Virtual Machine. Becoming a Connector

And that is why I want to become a Virtual Machine (VM). I want to be able to connect Business and IT by establishing and maintaining an effective communication bridge between the two so that IT can deliver value and operational efficiency. I want to be able to help the whole IT Organization to understand What the business is trying to achieve, Why is trying to achieve it, so that we as an organization can be part of the “How we can achieve it” discussion. I want to help the Business Units to understand what the current capabilities of the IT Organization are, and what they might be in the future. I want to be able to connect both sides to deliver services that will help us become more operationally efficient as a whole, so that Technology can be used to create innovation and competitive advantage.

So I guess I want to be a VM, and next time you see me you may call me VM.

And I leave you with a question. Who is Google then? I believe that it is the Staff in general. The Staff outside Management or Leadership of any sort, which despite getting it done is having a hard time being considered into strategic discussions, but it is kind of making its way through, at least in the most efficient organizations. Food for thought.