Blog

PCI DSS 3.0 Puts Spotlight on Third-Party Security

Sometimes, securing your own network isn’t enough to guard against a data breach; your ecosystem of third-party providers can introduce a new set of risks to data as well.

The latest version of the Payment Card Industry Data Security Standard (PCI DSS 3.0) seeks to help address that issue. On Jan. 1, 2015, PCI DSS 3.0 will become mandatory save for a few provisions that will be treated as best practices before becoming full requirements in July, and businesses will now be required to pay closer attention to the security practices of their partners – a reality security experts say may make a difference.

Troy Leach, CTO of the PCI Security Standards Council, called third-party security a "weak point" for organizations that sometimes make the mistake of entrusting sensitive data to third-party vendors without verifying they have the proper security posture.

"Updates introduced with PCI DSS 3.0 and recent released Special Interest Group guidance aim to help organizations adequately address payments risks in their contracts with third parties and perform ongoing due diligence to ensure sufficient levels of card security are maintained by their business partners," he told SecurityWeek. "The guidance lays out information on monitoring the relationships with third-party service providers (TPSP). Once the agreements have been established, the ongoing monitoring and maintenance of the TPSP relationship is critical. Understanding the relationship and scope of services, maintaining documentation/evidence to verify the services of the TPSP are secure, and ongoing monitoring of the TPSP compliance status are key to ensuring the TPSP maintains their compliance for the services provided."

So far this year a number of high-profile attacks were traced to breaches at a third-party vendor, including the attacks on Lowe’s and Dairy Queen. The new rules, said Trustwave’s Jonathan Spruill, mandate that providers clearly articulate what PCI DSS controls they will address and what will be left to the business.

"There is a significant blind spot between third-party providers and businesses – although it’s not intentional," said Spruill, senior security consultant at Trustwave. "Each party assumes the other is doing its part in securing their information yet that assumption is oftentimes incorrect. For example, when retailers contract out their point-of-sale systems and maintenance, many assume the third-party provider is using a complex password. However, as noted in our 2014 Trustwave Global Security Report, weak passwords opened the door for the initial intrusion in 31 percent of compromises we investigated in 2013. Using strong passwords is a basic best security practice that is overlooked by many third-party service providers and other businesses."

The issue of remote access of third-party vendors is a thorny one for security. For example, earlier this year reports surfaced of attackers taking advantage of tools such as LogMeIn and Remote Desktop to compromise systems. In PCI DSS 3.0 however, there is a new requirement for service providers with remote access to use unique authentication credentials for each customer. This requirement will go into effect in July.

"Using unique passwords definitely helps decrease risk," said Spruill. "We also recommend businesses use two-factor authentication to add an extra layer of security in case a criminal compromises a third party provider’s password. As an overall best security practice though, businesses should limit who has access to their most critical data to only those who need it. For example, if a third party service provider needs to remotely repair an issue on a retailer’s POS system, the provider should only be able to access that system, not the business’s entire infrastructure."

The bottom line, said Sophos Security Advisor John Shier, is that third-party vendors should be held to the same or a higher standard than the company holds itself to.

"I don’t know that many smaller retailers understand that they need to," said Shier. "My guess is that they would pick a reputable vendor and trust that the vendor has done everything they need to in order to be compliant. Three hundred sixty degrees of responsibility means that you also need to audit those third-party vendors to ensure that they do comply. With limited resources, this can pose a problem for many small businesses."

Share

Posted in: Company News

Leave a Comment (0) →

Facebook Addresses Privacy Fears While Ramping Ad Targeting

SAN FRANCISCO – Facebook on Thursday made it easier for people to understand and control how their information is used at the leading social network while expanding its quest to better target ads.

The simplified data policy came as Facebook announced that work to improve targeting of ads in the United States is expanding to other countries.

Several months ago, Facebook began using information such as where people go on the Internet to help target ads.

For example, visits to an array of travel-related websites could prompt vacation ads to pop up for a person at the social network.

Feedback from a website where someone bought a stereo would raise the likelihood of them seeing ads for speakers or other accessories.

New ads come with a built-in option of people seeing why they were shown the marketing messages and allowing them to remove "interests" from advertising profiles at Facebook.

"We also wanted to make sure people could turn that off," Facebook advertising vice president Brian Boland told AFP.

"We are not changing the ways and places people opt-out, but we are going to enhance the way we apply those controls."

If a person opts out on any device, the choice will be applied no matter what smartphone, tablet, or computer they use to access Facebook, according to Boland.

"In order to apply that setting for most publishers, you would have to go into the settings on each device to limit tracking," Boland said.

"What we are doing is if we see that setting once, anywhere, we will apply it across everywhere you use Facebook."

Facebook is expanding the ad targeting update to Britain, Ireland, France, Germany, Canada, and Australia with more countries to be added in the future, he said.

Privacy Basics Spotlighted

Steps taken by Facebook on Thursday included launching a "privacy basics" education center that uses animation and video to walk people through tasks such as deleting posts or blocking unwanted viewers.

The effort by the California-based firm is in response to concerns by regulators and social network users regarding how well privacy is safeguarded online, Facebook chief privacy officer Erin Egan told AFP.

"They want information in an easily accessible format," Egan said.

"How it is collected and how it is used, in simple and precise data policies."

The education center is starting with 15 short instructional videos in more than 30 languages, and provides the option of sending links to friends so insights can be shared.

Facebook also rewrote its data policy to make it easier to understand and navigate, and to add a part regarding information collected when people use a "buy" button being tested at the social network in the United States.

Information is collected when people use Facebook services for purchases or financial transactions, like buying something on Facebook, making a purchase in a game or making donations, according to a the policy.

"We are just being more clear," Egan said about Facebook’s re-written data policy.

The advertising profile feature in new Facebook ads will reveal what, if any, targeting information came from purchases or other financial transactions, according to Egan.

Nothing was changed regarding data policies at Facebook-owned applications such as WhatsApp, the privacy officer said.

Share

Posted in: Company News

Leave a Comment (0) →

Majority of Top 100 Paid iOS, Android Apps Have Hacked Versions: Report

Report Shows Increase in Number of Hacked Mobile Apps

The third annual State of Mobile App Security report published by application protection solutions provider Arxan Technologies shows that cybercriminals have created hacked versions of most of the top Android and iOS applications.

According to the report, which is based on the analysis of 360 mobile applications, there are cloned or repackaged versions for 97% of the top 100 paid Android apps, and 87% of the top 100 paid iOS apps. In the case of iOS applications, the number of hacked programs has increased considerably compared to last year (from 56%).

Of the 20 most popular free applications, 80% of those for Android and 75% of those for iOS have been hacked, Arxan said.

When it comes to financial services applications, the study shows that a large percentage of the top 20 apps on each platform have been cloned or repackaged by malicious actors. In the case of Android applications, the percentage of hacked apps increased from 76% to 95% over the past year, while iOS app hacking increased from 30% to 70%.

Hacked Mobile ApplicationsAs far as the top 20 retail applications are concerned, only 35% of iOS apps have been hacked. However, the report shows that 90% of the top Android retail apps have been targeted by cybercriminals.

In the healthcare/medical category, researchers found that 90% of Android apps have been hacked. A worrying fact is that 22% of these applications have been approved by the United States Food and Drug Administration (FDA).

The report also contains a series of recommendations for application developers. Experts advise developers to ensure that applications with high-risk profiles are tamper-resistant and capable of detecting threats at runtime. In the case of payment applications and mobile wallets, they must be protected with app hardening and secure crypto, Arxan said.

The number of free application downloads is expected to reach 253 billion by 2017 so it’s not surprising that malicious actors are increasingly turning their attention to mobile platforms. While Apple’s iOS operating system is considered more secure than Google’s Android, it’s not completely immune to threats. A perfect example is the recently discovered WireLurker malware which is said to have infected hundreds of thousands of devices in China.

"The pursuit of greater mobile application security remains at the forefront our research and development initiatives," commented Jonathan Carter, technical director at Arxan."We continue to evolve our security innovations based on emerging threats to ensure the strongest application protection for our customers in the dynamic battlefield against hackers."

The complete State of the Mobile App Security report is available online. The research was conducted in October 2014 and is based on the analysis of applications found in unofficial app stores, app distribution sites, torrent websites, and file download services.

Share

Posted in: Company News

Leave a Comment (0) →

Research Finds 1 Percent of Online Ads Malicious

One percent does not sound like a lot, but multiple it by the right number, and it can be.

Such is the case when it comes to malicious advertising. In research recently presented at the 2014 Internet Measurement Conference in Vancouver, a team of security experts from Ruhr-University Bochum, University College London and the University of California, Santa Barbara (UCSB) examined more than 600,000 online advertisements on 40,000 websites over a three-month period and used multiple detection systems to assess whether they were good or bad. The end result: one percent of the ads were found to be involved in suspicious or malicious activity such as drive-by downloads and link hijacking.

Malvertising "While this is bad news for the advertising networks, advertisers and Internet users who are all under attack from the malware producers, the good news is there are several things available today that can stop malvertising," said Giovanni Vigna, co-founder and CTO of Lastline, one of the members of the team that worked on the research. "One of these is the use of the sandboxing attribute in iframes within HTML5. None of the 40,000 websites we observed leveraged this mechanism, even though it could stop the link-hijacking that is by far the most prevalent method by which miscreants are getting past other security measures in order to distribute malware through advertisements."

"On the ad network side — whether those be ad brokers, ad distributors, ad resellers or traditional ad networks — a similar approach can be taken to that used in our study to monitor for malvertising," he continued. "To detect malicious behavior in ads we used a composition of blacklists, reputation databases, and Wepawet, a honeyclient developed at UCSB that uses an emulated browser to capture the execution of JavaScript to identify signs of maliciousness, such as drive-by-download attacks. The research community and technology companies (including security providers as well as ad networks and ad brokers) can and should continue to study malvertising and develop new techniques and tools to detect and stop it."

Apostolis Zarras of Ruhr-University Bochum said that the smaller ad networks appear to be more prone to serving malvertisements, which he speculated could be due to less efficient filtering mechanisms compared to the larger ones. 

In the paper, the researchers also speculated that many publishers trust their advertisers to police malicious activity, and therefore do not use additional filters to protect their users. As for solutions, the researchers argued that collaboration among the ad networks can bring better results in defending against malvertisements compared to individual actions, and the existence of a common blacklist where all malicious advertisements will be submitted can prevent attackers from submitting their wares to a different network if they get rejected by another.  

"Another, more drastic, solution will be penalizing of the ad networks which are inefficient to detect the malicious code embedded in advertisements," according to the paper. "For instance, forbidding from participating in ad arbitrations for a certain amount of time, or the application of similar penalties, when an ad network is found delivering malvertisements, can boost the ad networks to invest in better detection algorithms."

"Back in time, said Zarras, "we used to have websites that were controlled by cyber-criminals and the attackers had to lure the victims to visit these websites so they can effectively infect their machines with malware. But, with the ads this is not necessary any more. An ad can exploit vulnerabilities in your browser, or your browser extensions without the need from user’s side to visit a malicious website. For instance, the incident that took place on January 2014, in which Yahoo ads exploited vulnerabilities in Java and installed malware on victims’ computers, [shows] that these attacks are actually possible and not theoretical. So, the main reason that malvertisement is more effective that traditional attacks, is that the user’s can be infected with malware even if they visit only legitimate websites."

Share

Posted in: Company News

Leave a Comment (0) →

Cyberattack Hit US Weather Service: Report

SAN FRANCISCO – Cyberattackers believed to have been working from China broke through defenses of the US weather service recently, according to a Washington Post report.

US media outlets on Wednesday said that the US National Oceanic and Atmospheric Administration (NOAA) confirmed that some of its websites had been compromised but declined to discuss who may have been responsible.

NOAA, which includes the National Weather Service, reportedly sealed off weather data relied upon for aviation, shipping, and more after security teams caught on to the breach.

Cyberattacks were "deflected," and some NOAA services were taken down temporarily for what was described at the time as "unscheduled maintenance," according to media reports.

The Washington Post quoted US Representative Frank Wolf of Virginia, a Republican, as saying that the NOAA told him "it was a hack and it was China."

The report came just two days after the US Postal Service said hackers stole sensitive personal information from its employees in a large data breach this year, and got some customer data as well.

The postal service said it "recently learned of a cybersecurity intrusion into some of our information systems" and was cooperating with law enforcement agencies in an investigation.

It said the hackers appeared to have accessed "identifiable information about employees, including names, dates of birth, social security numbers, addresses, beginning and end dates of employment, emergency contact information and other information."

A USPS spokesman said the breach affected as many as 800,000 people who are paid by the agency, including employees and private contractors.

The statement said hackers also penetrated payment systems at post offices and online where customers pay for services.

It said the customer data included "names, addresses, telephone numbers, email addresses and other information" but that there was "no evidence that any customer credit card information from retail or online purchases" had been compromised.

The Washington Post, citing unnamed sources, said Chinese hackers were suspected in the breach.

The news comes with US President Barack Obama in China for high-level talks, amid heightened concerns about cyberattacks allegedly from China.

Sent from Surface

Share

Posted in: Company News

Leave a Comment (0) →

Internet Voting Security Risks Highlighted by New Wireless Router Attack

Researchers have published a paper detailing a new attack method that can be leveraged to silently modify the digital ballots used in the Internet voting process.

In Estonia, people can vote over the Internet since 2005, but the United States has also conducted some tests over the past years. Online voting was used in Alaska in 2012 and 2014, and in New Jersey in 2012 due to the impact of the Sandy superstorm. Washington D.C. also developed a system in 2010, but the project was abandoned after it was hacked by researchers.

One of the proposed voting systems involves digital ballots in PDF format. People fill out the forms and send them via email to a specified address. The ballots are printed and counted by hand or with an optical scanner. This type of mechanism is currently used in Alaska, but it was also used in New Jersey and in Washington D.C. as a fallback system.

Attack description and implementation

Internet Voting HacksAccording to Daniel M. Zimmerman and Joseph R. Kiniry, researchers at Galois, Inc., this type of mechanism is vulnerable to several types of attacks. Malicious actors can use malware to modify or invalidate votes, and third parties can pose as the legitimate election authority or they can launch DDoS attacks against the organization to prevent votes from being cast.

However, the attack described by the researchers occurs at transport level and it involves hacking into the targeted users’ routers. The method they presented in their research paper allows the attacker to change the vote after the ballot has been sent via email to the election authority. The attack is dangerous because it’s difficult to detect by both the voter and the election authority.

In order to modify the vote casted by the user without invalidating the file, the attackers must change certain strings within the PDF. Successful tests have been conducted on several popular PDF viewer applications such as Adobe Acrobat Pro XI, Apple Preview, Google Chrome, Gmail (on all browsers), Mozilla Firefox, Safari and Skim.

The PDF documents are not tampered with while they are stored on the victim’s computer. Instead, the attack is carried out by modifying one or more TCP packets of the email attachment after it’s sent by the user’s email client and before it reaches the election authority.

Researchers have achieved this by changing the firmware on the victim’s wireless router. For their tests, they’ve selected an off-the-shelf home router.

"Nearly all such routers on the market today are based on embedded versions of the Linux operating system and therefore, in accordance with the GNU General Public License, the source code for their firmware is freely available," the researchers explained.

They have downloaded the source code for their test router’s firmware and made a small modification (less than 50 lines of code) to the part of the kernel that handles packet transmission.The new firmware looks very similar to the original one. The only differences are the slower TCP connections on standard email submission ports (25 and 587), and the fact that certain sequences of bytes sent to these ports are replaced with different sequences.

Researchers believe it would take a detailed inspection of the compiled code or a detailed analysis of the router’s traffic handling to notice that the firmware is not genuine. Performance is negatively impacted, as the TCP connections to these ports are 25% slower, but the experts argue that users don’t usually monitor the speed of their outgoing messages when using email clients.

In order to get the modified firmware on the targeted router, an attacker can leverage one of many vulnerabilities, such as the recently disclosed flaw affecting ASUS routers. Another way to install the malicious firmware is to drive around in a neighborhood and gain access to network connections and router administration interfaces by leveraging the fact that many users set easy-to-guess passwords and don’t change the default credentials, researchers said.

Mitigating attacks

The researchers have suggested three possible mitigation strategies: signing or encrypting the PDF file before it’s sent to the election authority, encrypting the connection to the SMTP server, and more secure router firmware update mechanisms.

"The overall conclusion is inescapable: unencrypted PDF ballots sent via electronic mail can be altered transparently, potentially with no obvious sign of alteration, and certainly with no way to determine where on the network any alterations took place or the extent to which votes have been corrupted. This method of vote submission is inherently unsafe, and should not be used in any meaningful election," the researcher wrote in their paper.

In Estonia, over 100,000 people used the Internet to cast their votes at the European Parliament elections in May 2014. Just two weeks before the vote, security researchers warned Estonian authorities that the system contained serious vulnerabilities which could be tempting for a state-level actor such as Russia. However, the country’s electoral commission dismissed the reports, claiming they were confident in the system’s security.

Sent from Surface

Share

Posted in: Company News

Leave a Comment (0) →

Passwords: To be or knOt2$B3? Take the Quiz!

Passwords

Do you think passwords are still important? Do you ever worry about your passwords? We’ve been kicking around computer and information security for a while now. Why don’t we have a better answer?

Personally, I have gotten a little tired of password articles and blogs. I started “logging on” in about 1976, and I kind of thought we had said pretty much everything there was to say about passwords by now. Then, I recently spoke with some people born in the 1990s and 2000s, and it seemed like they tried their best to make my brain spring through the top of my skull. From these people in their teens and 20s I heard things like, “I just use the same password for everything,” and “I’m just a student, hackers don’t want my stuff.”

As a professional security geek, my reaction was more or less “you’re kidding, right?” But it should really not be a surprise when we look at some of the recent statistics about password use. This includes analysis of compromised passwords that shows that the most commonly used passwords are things like “123456” and “password”. Or droves of surveys done over the past six or seven years which keep saying that 55-70% of people (depending on the exact survey and year) use the same password across multiple accounts. Or similar studies that say 70-80% of passwords being used online are classified as “weak”, which often means a password that is less than eight lower-case characters, or are simple dictionary words like “iloveyou”, “monkey”, “dragon”, or “ninja”.

We all know passwords are not a great solution for securing our accounts and information. But, it is what we have right now, so we might as well make the best of them, eh?

Curious on how strong your passwords are? For some empirical checking, you might try one of these sites (in general, of course, I will advise against entering your actual password):

http://askthegeek.kennyhart.com/password-meter/

https://howsecureismypassword.net/

Hopefully, using them is an eye opening experience, and not a humbling one. As a point of reference, I tested a password with a construction similar to what I use to log on to my personal machine on these two sites. HowSecureIsMyPassword, says it would take 71 quadrillion years for a desktop PC to crack the password, and askthegeek shows it as “Very Strong” with a score of 100%. But those measure the technical part of the password.

Considering all of this input, I thought it was time for a 90 second quiz (probably less than that, so relax). Unfortunately, this is a text-based article so I cannot use a quiz tool that will accumulate your score for you, but, trust me, the scoring is really straight forward (You will know immediately if it goes south on you). The only real catch is that the quiz (and scoring) is not based on some password standard, but is based on my own personal criteria. I will assert that over 38 years of computer use, and 29 years of experience in the security world gives me that right.

Points

Question

_____

+1 – If your passwords are at least eight characters.

_____

+5 – If your passwords are at least 10 characters.

_____

+1 – If you use both lower-case and upper-case in your passwords.

_____

+2 – If you include numbers in your passwords.

_____

+3 – If you include special characters (like !@#$%*) in your passwords.

_____

+1 – If you ever change your passwords.

_____

+3 – If you change your important passwords at least annually (e.g., bank, credit card).

_____

+6 – If you store passwords in a password vault, or offline.

_____

-1 – If you include any numbers of special characters only at the end of your password.

_____

-3 – If your password mystery relies on substituting numbers for letters (it is simply not that tr1cky or 3L1T3).

_____

-5 – If you include keyboard sequences in your password (like "qwerty" or "mnbvcxz" or "123456789").

_____

-20 – If you include any form of the word "password" in your password (like "password" or "pwd" or "pass").

_____

-10 – If you repeat any letter of number more than two times (like "aaaa" or "666").

_____

-15 – If your password includes any part of your name, username, any month or has anything at all to do with the site associated with the password (like having your Facebook password as “fbletmein” and your email password as “emailletmein”).

_____

-50 – If you use the same password on social media, email and private sites (like shopping and banking sites).

_____

-10 – If you have shared your personal passwords with anyone.

_____

-20 – If you keep passwords in email or in a plain text, unencrypted file.

_____

Total Score

Score

Description

Less than -50

Um. I’m not even sure why you pretend you are using passwords.

-50 to 0

Please reconsider your password habits – they are probably giving you a false sense of security.

0 to +15

In general, your password practices are not unreasonable. Check the quiz again to see how much more paranoid you are willing to get.

+15 and up

Greetings fellow paranoid security geek. Nice to know someone takes this seriously.

If you paid any attention to the scoring, you may have noticed a couple things. The positive numbers are all small, and include all of the technical parts of password construction. With a couple small exceptions, the negative numbers are more related to password usage. The technical side is the easy part – make a strong password. If any part of this is hard, it is the usage – use your password(s) wisely. It’s not like, as an industry, we consistently do either part well. But we have to do the two parts together. A strong password, used foolishly, is probably not going to help us much. At the same time, a poor password, used well, will, at best, make us think we are more secure than we really are.

Passwords are not the keys to our systems and information. At least they should not be. The purpose of a password is to help separate the wheat from the chaff, and to slow down attackers. We create good passwords, and then use them wisely for two reasons:

1. To help slow down access to our stuff, not stop it.

2. We don’t have an answer that is better than “passwords,” yet.

And, one last question for the quiz. If you have ever emailed your password to anyone you get to subtract another 200 points from your score.

Sent from Surface

Share

Posted in: Company News

Leave a Comment (0) →

How to Create a Basic Businesses Disaster Recovery Plan in 4 Steps

Loss of data is a common problem for businesses. Fortunately, it’s a problem that can easily be avoided with the correct preparation. While devastating amounts of data can be lost during catastrophes like hurricanes, terrorist attacks, fires and floods – it doesn’t take such large events to cause a business to lose important data. It can be as simple as dropping a laptop to the floor, or a power surge that results in burning out a storage device. If you don’t have your crucial data backed up, even a small situation can turn into a disaster. That’s when having a business disaster recovery plan can help.

If you still think natural disasters are the leading causes of data loss – and that the chances of it happening to you are pretty slim, take a look at the results from a study by Strategic Research Corporation of the leading causes of business continuity and disaster recovery incidents:

  • Hardware Failures (servers, switches, disk drives, etc) – 44%.
  • Human Error (mistakes in configurations, wrong commands issued, etc) 32%
  • Software Errors (operating systems, driver incompatibility, etc)14%
  • Viruses and Security Breach (unprotected systems are always at risk) 7%
  • Natural Disasters 3%

Establishing a disaster recovery plan can be done in the following four steps:

1) Take a potential risk inventory. Make a list of every potential cause of data loss and the solutions to each. Your list should include losses that won’t affect the business very much, and those that would shut the business down temporarily or permanently. Information Technology experts can assist you with creating the potential risk inventory – as they will have the knowledge and experience to identify possibilities that you are not likely to think of but need to plan for all the same. These IT experts will also be able discuss preventative solutions to guard against each type of potential data loss.

2) Rate each of your potential data loss situations. How likely is it for each of the items on your risk inventory to occur? Rating them in order of importance and likeliness to occur will help you determine where to focus your disaster recovery plan efforts.

3) Develop your disaster recovery plan. Go through each of your potential risks and their solutions, and determine how long it would take you to recover from the loss of data for each risk. Could your business be offline for 24 hours? A week? Depending on the nature of your business, being offline for even just 24 hours could result in your losing customers to your competition. Look at ways to reduce the length of time it would take you to recover from each type of data loss risk.

4) Put your disaster recovery plan to the test. Once you’ve created your plan of action for recovering lost data, you should test your solutions. A disaster recovery plan is just a plan until it can be tested and proven.

Click here to learn how Sentree Systems, Corp. can create a business disaster recovery plan for you with our Disaster Recovery and Business Continuity Services for your business in central Indiana and surrounding cities.

Share

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

How Managed IT Support Services and Cloud Computing Improve Your Business

Small business owners who are not already on board the “cloud” may be missing out on a great opportunity to improve their business operations as well as profitability. Cloud computing has changed the landscape of business dramatically in the past few years. In order to reap the most rewards from technological advances, it is important first for business owners to understand what they are dealing with and how new technologies can improve the functionality of their business.

What is Cloud Computing?

To better understand this concept you must only turn to the Internet. How the Internet is used has changed greatly over the years and in terms of business, any programs or services that you use via an Internet connection could loosely be described as a cloud service. Cloud computing allows you to utilize software and services without having to run the servers or software in house. These outside vendors run the software and servers, making it possible for you to pay attention to what is most important, running your business. Examples of cloud computing services that are commonly used by businesses today include; Salesforce.com which offers programs to aid sales staff in tracking customer information and data storage backup services such as those offered from Amazon.com.

Benefits of Cloud Computing

As more and more businesses are relying on cloud computing services you might wonder how they can benefit your business. There are many benefits including long term reduction of software and computer costs, improved data security (secure off site backup and storage) and increased functionality and customer service. As cloud computing continues to evolve and offer additional products and services, many businesses that are currently on the fence will make the decision to venture to “the cloud”.

Managed IT Support Services Can Make the Transition to Cloud Computing easier

Despite the growing popularity of cloud computing and the increased number of companies utilizing these services, not all business owners nor customers are completely convinced this is the way to go. There is little doubt that this area of technology will continue to develop and likely become main stream within a few years. With that in mind, business owners who question this technology can benefit greatly by consulting with managed service providers to help guide them through any transitions. Managed services providers are up-to-date with all new technology and can offer services that include cloud computing to improve the way your business runs as well as provide much needed assistance in the event of a man-made or natural disaster.

By working with a Managed IT Support Services Provider your business can immediately reap the rewards of cloud services while still having trained professionals in your corner to ensure your business is adequately protected and invested in this technology. Finding the right managed services provider can make the difference between your small business increasing efficiency and improving functionality versus getting left behind in the virtual dust. Working with a qualified managed services provider will eliminate much of the confusion associated with “new” technology and position your business in a place where you can compete with others in your field while reducing in-house IT costs.

Click here to learn how Sentree Systems, Corp. can help you benefit from the Cloud with our Cloud Computing Solutions for your business in central Indiana and surrounding cities.

Share

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Is the iPad Useful as a Mobile Computing Device for Businesses?

Some businesses have jumped on the iPad wagon and are finding creative ways to use the iPad as a mobile computing device. For example, the Global Mundo Tapas restaurant in Sydney, Australia uses the iPad as an interactive menu. There’s a budget airline, Jetstar Airways, using the iPad for in-flight entertainment, rented for $10 a flight. A luxury sedan by Hyundai comes with an iPad instead of a user manual. Other than these extreme cases, how can an iPad be used to increase productivity or convenience by the average business owner?

Conventions and Workshops

Do you travel to conventions and workshops for your business? Many people bring their laptop to these events. While laptops are of course very convenient compared to a desktop pc for traveling, the iPad weighs less and could be even more convenient if you’re traveling from room to room at a convention or workshop. These events are also often designed for networking – so you’re not just sitting at the table all day, glued to your laptop. The smaller, 2 pound iPad could be slipped into your purse or a small bag while you walk around the room, or even carried in your hand for easy access as needed, but without being cumbersome.

Flights and Traveling

It’s true a laptop can go on a flight with you, but even the smaller netbooks and laptops add to the weight of your carry on bags and can be frustrating when in the small seats of the plane. If you’re sitting in coach, you know every time the person next to you has to get up to use the bathroom you’re trying to balance the laptop and whatever else you happened to have out in your hands with turbulence knocking you around the aisle. The iPad could be slid into the pocket of the seat in front of you if you have to get out of the way for the passenger next to you – it’s about the size of a magazine.

The same holds true on trains, in taxi cabs, or as a passenger in someone else’s car. Just don’t try to use your iPad while driving, yourself.

Presentations & Sales

Do you travel to client offices to give presentations? How sleek would it be to whip out your iPad and give a sales presentation or demonstration? Apple reports that iPads can connect to the majority of projectors, so you could even broadcast that presentation over a large screen for a larger audience if necessary.

Replace Your Briefcase

Sure, the iPad has a word processor and spreadsheet. Those are always useful for business people. It would be much more convenient to read and edit documents on an iPad over your iPhone while on the road.

But what about the stack of magazines and newspapers you lug around with you in your briefcase? You could have all of your reading materials ready for you on the iPad and skip the briefcase. Use it as an ebook reader, newspaper subscription, and file storage and you’ve literally got everything at your fingertips. With the use of third party Apps, there’s little you can’t do with the iPad for as a mobile computing device for your business.

Click here to learn how Sentree Systems, Corp. can help you get the most out of your iPads, Smartphones and other mobile devices with our Mobile Computing Services for your business in central Indiana and surrounding cities.

Share

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 26 of 27 «...10202324252627
Real Time Web Analytics