3 Questions Answered about IT Modernization in Government

Government-Mobility2014 marked the beginning of the Infrastructure Revolution for several industries, many of which are following in the pre-emptive footsteps of the national government.

In February 2010, the Department of Defense created the Federal Data Center Consolidation Initiative (FDCCI) to reverse the historic growth of Federal data centers. The FDCCI has been seeking to curb this unsustainable increase by reducing the cost of data center hardware, software, and operations; shifting IT investments to more efficient computing platforms; promoting the use of Green IT by reducing the overall energy and real estate footprint of government data centers; and increasing the IT security posture of the government.

Since then, the government has launched an IT modernization effort across departments which includes acquisition and deployment of more secure, collaborative, and mobile technologies—along with their associated skill sets and capabilities—to replace legacy environments.

By shutting down and consolidating under-performing technologies in the Federal inventory, taxpayers stand to save billions of dollars because of curbed spending on underutilized infrastructure. The smartest enterprises will follow suit, carefully architecting their path to modernization, leveraging key partners and modern technology architectures to create a more agile, secure IT environment.

What opportunities does modernization offer?

Legacy networking, communications and applications have become a significant IT and business problem in most industry IT departments. Not only do they require consistent maintenance from someone with a skill set that fewer and fewer people possess, they also carry a high cost of ownership and are difficult to modify when meeting ongoing business demands. Worse, with little leverage across these technologies, they are often forced to remain siloed instances, providing separate benefits to converging infrastructures.

IT modernization represents an opportunity for the evolution of government organizations’ (and others as well) existing application and infrastructure software, the goal being to align IT with forward-looking business strategies.

What are the immediate benefits of modernization?

While the government is actively modernizing its IT infrastructure, they will begin to find that they can react more quickly to the ever-changing environments (business, economic, political, etc). There are many results the public sector can expect from the process of modernizing. Namely:

  1. Intelligence – with converged infrastructures, including SDNs, virtualization, and distributed applications, leading to complete software-defined data centers with virtualization from desktop-to-network-to-applications.
  2. Agility – via improved standards for infrastructure programmability, data structure interoperability and fast infrastructure provisioning, leading to a more agile IT organization
  3. Alignment – by enabling IT practices that are more in line with business objectives.
  4. Responsiveness – as business changes create flux in organization size, location, and performance, IT is continually challenged to adapt at the speed of your business—a modern infrastructure puts IT in good stead to align with these changes.
  5. Flexibility and resilience – with systems that adapt automatically and recover from failure more quickly.
  6. Energy efficienciency – with technology and systems designed to reduce energy consumption.

To get the maximum strategic benefit from modernization, it is important to base your improved system on an architecture that is built on open standards and deployed on open systems. Just as important, is seeking holistic architectural thinking among your vendor suppliers that help you consider how a converged infrastructure can benefit your business.

What are the long-term benefits of modernization?

The success or failure of a consolidation/modernization initiative achieving long-term ROI depends on each organization’s goals. For many public sector businesses, long-term goals include: enhanced security, consolidating the infrastructure, and enhancing mobility.

Enhanced Security

Streamlining IT processes creates an agile IT infrastructure more capable of leveraging existing organizational vehicles for rapid delivery of tasks/orders. But none of this matters without a strong security platform that can withstand the stresses of and better respond to today’s cybersecurity threats.

A modernized IT platform must be hardened and able to detect, respond to, and report information security incidents, as well as developing situational awareness, utilizing authentication, reinforcing reciprocity, and leveraging automated assessments.

Infrastructure Consolidation

Today’s workforce demands applications that are always accessible and work consistently from any device.  Public-sector organizations that consolidate their enterprise networks—ultimately standardizing IT platforms, consolidating data and network operations centers, and optimizing architectures—create an infrastructure that is easier to manage and more secure in order to help support active user involvement.

Mobility Enhancement

As with most other industries, there is a significant push for both central and local government and associated not-for-profit agencies to move towards more flexible modes of working. Providing location agnostic access to data is a hot topic for the public sector as is the desire to provide better standards of service to employees and customers. Transparent communication has the potential to accelerate productivity and help realize mission requirements—provided it can be achieved in the face of the escalating austerity of ever-changing security measures.

Modernizing and consolidating IT infrastructures helps address unique resource challenges surrounding public sector enterprise mobility. Consolidation also enables government agencies to implement scalable enterprise mobile management solutions that extend to users, devices, applications, content, data, email and networks.

JITC Certified Unified Communications

Defense agencies are under increasing pressure to bring their disparate web technologies together.  That’s why the DoD has created the Joint Interoperability Test Command (JITC) certification, so all IT investments—including collaborative communications solutions—can be protected.

NEC’s UNIVERGE®3C solution has been thoroughly vetted by the JITC against the highest government standards, and has been added to the Defense Information Systems Agency’s Session Controller Approved Products List (APL) for Unified Capabilities.

The APL is a single, consolidated list of products that have been certified and approved for use in DoD networks to provide end-to-end unified capabilities. UNIVERGE 3C is certified as a Local Session Controller, referred to by NEC as Unified Capabilities Session Controller (UC SC).

The JITC evaluation process is highly respected by commercial organizations because JITC testing meets and frequently exceeds enterprise security levels. With Security Officers confident in the solution, the deployment process can be accelerated.

JITC certification requires compliance with hundreds of security measures as well as the ability to withstand extreme attacks on the software. Being JITC accredited means that we fully meet US DoD requirements and often surpass the security best practices of global commercial customers.

Visit us at Enterprise Connect booth 1121 to learn more about NEC’s JITC-Certified UNIVERGE 3C solution.

How to Choose a Cloud or SaaS Vendor

2015-02-26_1113Choosing a cloud and SaaS vendor can be tricky for SMBs with small IT organizations and larger corporations looking to lower operating costs. There are many benefits to choosing cloud or SaaS over on-premises but the route to those benefits is not always risk-free.

Difficulty vetting cloud or SaaS vendors is a common problem in today’s IT world. We see many organizations that continue to sweat older assets, having used on-premises software for many years. Irwin Lazar, of Nemertes Research, has pointed out, however, that more than 90 percent of businesses are starting to employ these technologies on some scale.

Vetting cloud or SaaS vendors can be very easy if you take the right approach. Rather than simply taking trusting the vendor’s qualifications or what you’ve read/heard, you should validate each claim the vendor makes to ensure that they don’t overstate their capabilities.

Verification is the key to success when choosing a cloud or SaaS vendor. Here are our tips to help you make the comprehensive assessments needed to make the right choice.

Vetting the Business

You wouldn’t buy a car from a manufacturer you knew nothing about. The same should be said of a cloud or SaaS solution. When your business is thinking about adopting a new cloud or SaaS technology, its imperative that you vet the vendors’ businesses as well as their technology.

You need to ensure that their leadership is strong, their business model is sound, and that the firm has the financial stability to survive the stressors of the current economy. This stage is the time to ask the tough questions, and get real, specific responses in return. Keep pressing until you get a real answer, one that’s supported by policies and procedures. Questions like these can help you determine the viability of the business at large:

  • Do you have a burn rate where you are making less than you are spending? If so, how long is the runway where you can survive at this pace without new partners investing?
  • Is your leadership rounded and truly qualified? Do you have a technologist at the helm, and has he surrounded himself with the operational, financial and sales expertise to keep turning out great products and services?
  • How do you maintain accountability for your administrative staff in regard to the control and management of customer data within/and outside of your application? What security challenges might we face if we give you direct control over our sensitive or compliance-relevant data?
  • How do you address government regulations?
  • Can we adjust our services as the business evolves?
  • Where does my support come from (vendor, support partner, etc.)?
  • What will I really pay?

Vetting the Technology

Just like with the manufacturer situation stated above, you probably wouldn’t buy a car you hadn’t test driven or looked under the hood of either. In order to determine whether the products/services you’re vetting work properly, you’re going to need to get your hands dirty and test each cloud or SaaS product/service for yourself. Does the product/service have known glitches/issues? Will it fit into the environment(s) as expected? Will it work with all of your platforms and impacted software products?

Now is the time to get the engineers involved to assess the technologies behind the vendor and ensure that they are ready for your purposes. Again, specific instances and case studies will help provide proof points to the vendor’s claims. Questions like these can help determine the efficiency, security, and usability of the technology itself:

  • What role does customer input play when your company plans updates and enhancements?
  • Can I see the software/technology’s R&D roadmap? What other changes are planning for performance and usability? Is this investment actually future proof?
  • Can you describe your data center?
  • How do you define uptime and downtime?
  • How frequently do you test your disaster recovery procedures?
  • Do you have a Service Level Agreement (SLA)?
  • How different is our current infrastructure from yours?
  • Can I move existing apps/services from my private cloud to your public cloud without massive reconfiguration?
  • How do you support my workforce’s mobility requirements?
  • How are my apps and data protected from other users on the same cloud servers?

Vetting their Customer Service

Let’s hit the car analogy one more time. You wouldn’t buy any car from any manufacturer if you weren’t going to get service and support to help you maintain the car over the course of its life.

So when vetting vendors, you need to ask point-blank if they are ready to handle you as a client. The only question that need to be asked during this phase is, “Can I speak with some of your customers?” Current customers are the best resources when it comes to determining whether the vendor’s product/service is on par with what you are expecting.

Don’t settle for the few they give you either. Look at trade shows and vendor events for customers that aren’t raving fans. Looking for non-specific issues can save you a lot of headaches in the future. Be skeptical, but open-minded. Knowing the issues that could arise will help you prepare for them in the future.

Vetting cloud or SaaS vendors can take up to 200 man-hours and could require some policy changes on your part. To do it right, though, you do need to assess more than the technology—you need to look at everything; the vendor’s business, technology, security, service, and employees. While it might seem like a bit of an undertaking, spending more time up front will save you headache and frustration in the end.

SaaS and Cloud in Perspective: UCaaS

Let’s take a quick look at a unique cloud and SaaS perspective: UCaaS.

Let’s say you aren’t ready for a full cloud deployment. You still have some reservations about the public cloud, and you have on-premises assets you want to continue to use. Research is actually beginning to show that “Hybrid Cloud UC Demands Unified Platform Management”. This is one of many cases where UCaaS makes sense.

The market for UCaaS is growing pretty rapidly. Among IT pros responding to a 2014 Spiceworks survey, 11% had adopted UCaaS. However, another 12% indicated they are planning to adopt it in the next year, more than doubling the number of people using UCaaS today.

Some suggest that growing confidence in hosted solutions in general is the impetus for the projected dramatic increase in adoption. Much of that confidence is due to the service providers’ dedication to security improvements.

We are excited about the opportunities UCaaS presents to the cloud and SaaS Markets.

Fear of vetting vendors shouldn’t hold you back from learning more. Check out the Reducing UC Costs and Increasing Business Performance whitepaper to take a deeper dive into the advantages of UCaaS, market drivers, concerns, and what to look for in a provider.

file-2544274833

How Secure is the Cloud? Your Questions Answered

nec-cloud-security-unified-communications--as-a-service-ucaasCloud security is a hot discussion topic these days. Security is one of the main reasons that many business leaders have been slow to adapt to the cloud. Keeping data on premises makes business and IT leaders feel more secure.

But lately there seems to be a shift—the cloud tipping point has arrived, and more companies are moving to the cloud to replace various on-premises technologies and services.

The truth is that the cloud offers many of its own security advantages—many of which are the same as on-premises storage technologies. Before you assume that the cloud isn’t safe, it’s worth taking a look at what’s available to you and evaluating the risks associated with moving to the cloud—particularly when doing so could provide serious benefits.

According to Corey Louie, the Head of Trust, Safety, and Security at Dropbox, the best solutions will serve as an extension of the network and security infrastructure that you already have in place. When deployed properly, cloud solutions can help SMBs and Enterprises achieve more agility and can help with cost savings.

If we specifically look at one cloud service—let’s take Unified-Communications-as-a-Service (UCaaS), one of the fastest growing markets in communications, the cloud can enable companies to:

  • Offload equipment costs
  • Shift certain budgeting from a CAPEX to an OPEX model
  • Simplify management and cost tracking
  • Increase scalability
  • Increase IT speed and agility
  • Improve disaster recovery and business continuity

There are still those who hesitate when choosing the cloud, which is why it is important to understand what the security threats are, and how to approach security for a cloud-based technology or solution.

What are the risks?

In 2013, the Cloud Security Alliance (CSA) identified “The Notorious Nine,” the top nine cloud computing threats. The report reflects a consensus among industry experts surveyed by CSA, focusing on threats specifically related to the shared, on-demand nature of cloud computing.

These nine threats include:

  • Data Theft/Breaches
  • Data Loss
  • Account/Service Traffic Hijacking
  • Insecure Interfaces/APIs
  • Denial of Service
  • Malicious Insiders
  • Cloud Abuse
  • Insufficient Due Diligence

Physical theft, employee mistakes (like lost devices), and insider threats are responsible for 42.7% of 2013 data breaches in the United States, according to Privacy Rights Clearinghouse. In another 29.6% of data breaches, hackers broke into data owned by companies and government agencies. Big tech companies, major retailers, and airlines were some among many 2013 victims.

Each year, Alert Logic, an IT services provider, publishes a semi-annual State of Cloud Security report, surveying their customers to understand from where security threats are coming.

The results are interesting:

  • An enterprise data center (EDC) is 4x more likely to suffer a malware/bot attack than a cloud hosting provider (CHP).
  • EDCs and CHPs are equally vulnerable to a “vulnerability scan” and a “brute force” hack.
  • EDCs are 3x times more likely to suffer a recon attack and 4x an app attack.

Cloud providers are 40% more likely to suffer a web app attack and 10% more prone to vulnerability scan weakness than an enterprise data center. In recons, malware, bot, and app attacks, the cloud seems to have less risk than most on-premises technologies.

According to Louie, the takeaway is not that cloud is better but that the risks are manageable. No one—regardless of their resources—is 100% secure.

What are the benefits?

Cloud-based technologies and services are not without their own security advantages. For many cloud service providers, there is a deep commitment to security—perhaps deeper than the media typically portrays. This commitment means a few, quite significant, things:

You get enterprise hardware for a small business price.

With cloud computing, your data is stored on enterprise-grade hardware, equipment that is typically unaffordable for most small and mid-sized businesses. By using the cloud for your business, you are upgrading to safer equipment.

You get more focused security.

For cloud vendors to succeed they need to focus on securing their service. This means that instead of attempting to prevent a variety of more general threats (as your in-house model would require) cloud vendors are free to (and great at) securing the one thing you want protected: your data online.

You get flexibility and agility.

Many IT organizations are stretched thin and struggle to balance day-to-day operations with strategic projects. One of the advantages of cloud services is the speed of deployment. Businesses have the flexibility to rollout cloud services without the IT time, and resource commitments typically associated with a legacy deployment model.

You get professional management.

Using the cloud to store data means that you get trained professionals managing your patch updates and keeping the server’s software up-to-date. Maintenance and support time are reduced since there is no longer a need to plan and implement system updates, and you can redeploy IT resources to more strategic initiatives to help advance the organization.

You get well-funded security.

Investing in top-level security features adds value to individual cloud service providers’ businesses. Investing in this way is a necessity for success. Businesses adopting cloud services gain the opportunity to put someone else’s financial resources to work, which can help take the sting out of security spending.

That deep commitment to security means that cloud service providers have to invest far more in scalable infrastructure and information security than do most organizations. Those investments are quite significant, and service providers will bear that burden for you. They can create economies of scale and efficiencies that benefit you.

Think about it like this: services like Dropbox go above and beyond to protect your data — so that you don’t have to invest heavily in secure systems and servers, constantly consider network and product security threats, submit to in-depth compliance reviews and audits, undergo regular testing against attacks, set up complex logical access controls, and assure data centers have advanced physical, environmental, and operational security measures.

The Cloud in Perspective: UCaaS

Hopefully, it’s clear why the cloud has some real advantages. Let’s take a quick look at UCaaS for a perspective on a unique cloud service.

The market for UCaaS is growing pretty rapidly. Among IT pros responding to a 2014 Spiceworks survey, 11% had adopted UCaaS. However, another 12% indicated they are planning to adopt it in the next year, more than doubling the number of people using UCaaS today.

This projected growth tracks consistently with the expectations of UCaaS market growth reported in 2013 by researchers at MarketsandMarkets. Their report on UCaaS projects that the global market will grow from $2.52 billion in 2013 to $7.62 billion by 2018, at an estimated CAGR of 24.8%.

Some suggest that developing confidence in hosted solutions in general is the impetus for the projected dramatic increase in adoption. Irwin Lazar, of Nemertes Research, has pointed out, “…more than 90% of companies now use software as a service (SaaS) applications.” Much of that confidence is due to the service providers’ dedication to security improvements.

Are you excited by the opportunities UCaaS presents to the communications market?

Security concerns shouldn’t hold you back from learning more. Check out the Reducing UC Costs and Increasing Business Performance whitepaper to take a deeper dive into the advantages of UCaaS, market drivers, concerns, and what to look for in a provider.

NEC-Spiceworks-Unified-Communications-UCaaS-survey

IT Convergence: Key Technology Trends that are driving Smart Enterprises to Modernize towards converged IT infrastructure

Modernizing IT infrastructure and becoming a Smarter Enterprise

nec-smart-enterprise-it-convergenceThe need for modernization among IT departments is a trend that is becoming increasingly relevant as IT departments are constantly faced with generational shifts in technology. The pressures of modern business require that IT departments close the gap between yesterday’s IT implementations and tomorrow’s demands.

Organizations that fail to modernize will rapidly lose their ability to respond to changing customer needs. They will weaken their competitive positions in the marketplace. And most importantly, the gap between where they are and need to be will only widen, leading to an expensive and uncertain future.

With most businesses facing incredibly tight or shrinking IT budgets, taking the appropriate steps toward modernization will seem expensive. With a modernized platform, however, organizations can add new capabilities and enhance overall employee performance while reducing their electronic footprint, leading to increased savings over time.

What is a Smart Enterprise?

Smart enterprises leverage more converged IT technologies to optimize business practices, drive workforce engagement, and create a competitive edge. Merely leveraging a converged IT framework in your IT department means that you are on your way to operating a smarter, more efficient business. IT organizations can utilize four key areas of value and then assess their plan against:

1: Business Agility

Today, most workforces are mobile. As such, your applications and enterprise architecture should empower these mobile workforces. Creating a more adaptive and more programmable infrastructure will enable IT to be more responsive to your organization. Businesses in today’s world are always on, and as a result, you need to consider how your most critical services can adapt more naturally and automatically to the mobile and always-on workforce.

2: Cloud Delivery

Modern businesses need to be incredibly efficient. Cloud delivery provides businesses with the opportunity to flexibly deploy services and software more consistently across converged premises, cloud, or hybrid infrastructures. An enterprise IT business plan should consider how and when to deploy certain services in the cloud, when to operate them on-premises, and when to purchase them as-a-service.

3: Collaborative Communities

Today’s growing workforce demands rich Internet-style applications that are easy to access from anywhere and work consistently from any device.  Organizations who have built collaborative communities by providing powerful tools that deliver consistent and intuitive user experiences, converged applications, and distributed architectures are able to adapt dynamically to change and empower employees to their fullest extent.

4: Assured Services

Securing business information—protecting your company’s intellectual properties and digital assets—falls squarely on the shoulders of IT.  Add security with the need to assure business continuity, and you get a business that must consider greater infrastructure planning, high availability at multiple layers, a consistent and aligned security credential methodology, and which must validate automated archival methods.

Steps to Modernization

Competing in today’s business environment is about meeting challenges, making decisions, and innovating rapidly—using the best and most current technologies, tools and information.

Cloud services, mobile integration, real-time collaboration, and high availability are becoming essential ingredients for the smart and secure enterprise. They are part of a rapidly evolving technology foundation by means of which the best solution providers enable new approaches to how your businesses IT services are delivered and managed, allowing you new opportunities for growth.

Want to know more about IT Modernization?

In an upcoming post we will discuss Enterprise IT Modernization Strategies and their benefits. And, if you’re going to Enterprise Connect this year, be sure to come see us.  Our solution experts will be happy to discuss how our IT solutions can help empower your smart enterprise.

NEC-Smart-Enterprise-trends-UC-CTA

Secure Your Data, Not Your Devices

nec-byod-secure-dataThe increasing prevalence of mobile data has resulted in great security concerns for enterprises operating on multi-device systems, or with a Bring Your Own Device (BYOD) policy in place. It is challenging for businesses to decide whether the greatest value is in securing the devices that data is delivered to, or securing the data itself through methods such as Mobile Device Management (MDM). Mobile devices usage is highly favorable to end users in terms of access and convenience, but IT managers and CIOs cringe at the thought of the security risks associated with mobility and allowing sensitive data to be retrieved from virtually anywhere, any time. According to the Cibecs/IDG Connect 2012 Business Data Loss Survey, 60% of IT and executive management professionals do not feel their data is completely secure. Whereas existing security measures may suffice for company-owned and controlled devices, it is in the company’s best interests to implement new levels of control on employee devices not controlled by IT to ensure maximum data protection as opposed to device protection.

If you’ve heard that securely controlling data transmission is not possible without enterprise ownership of the device, we’d like to show you otherwise. The following examples of mobile data security best practices can give you an idea of what protocol to follow in securing data across your network and devices.

Thin Client

Thin client policies apply to both smartphones as well as tablets, and include OS streaming, hosted desktop virtualization and workplace virtualization. Sensitive information is processed centrally and remote devices can access this data through thin-client terminal applications using network access only. A major benefit of thin-client operation is that information does not leave the server and can only be accessed by an authorized end user. If the authorized user becomes restricted for any reason, access is immediately revoked, with the potential for a remote wipe of the entire device if company policy dictates. This strategy can ensure further security by implementing strong authentication policies, which limit actions such as host copy-and-paste operations and screen capture in addition to controlling data and file transfers. Internal and client contact data may not always be considered eligible for company security policies. In cases such as this, a thin-client data source with applied security is an ideal solution, as it ensures a contact database stays with the company rather than the phone when the end-user leaves the organization.

Mobile Thin Client Management

Mobile thin client management allows users to control which devices are permissible for company use, thereby restricting data access points. Perhaps the most beneficial feature of this strategy is that thin devices can be remotely wiped. Smartphones and similar devices may have limiting features, such as size, processing power and storage capacity, whereby only restricted data processing can occur. Where thin devices can only keep limited amounts of data, they have the unique capability to replicate data and store master copies within specified datacenters.

When implementing the thin device strategy, companies can still control security of these devices by employing mobile device platforms or other management applications, enabling security policies regarding backup and compulsory data encryption.

Protected Data

The aforementioned strategies focus on protecting data processing environments, but how can you protect your data directly? The Protected Data method guards the data at the source rather than the endpoint, ensuring the safety of data regardless of its location. Enterprise rights management and other such technologies directly embed access rules into documents by way of cryptography. With this method, the rules are applicable to documents regardless of location or device, allowing effective security measures for multi device environments.

This pattern also allows for “detecting, logging, and blocking” data that leaves enterprise premises. Having the capability to follow the transmission of sensitive data provides the benefit of understanding the speed and direction of information transfer and flow.

In addition to applying these strategies to mobile device environments, make sure users are aware of potential security threats and how to avoid them. In addition to securing information, users should be sure to secure the many popular applications that smartphones have. Educating users and emphasizing the security risks on their personal mobile devices can make corporate policies much more effective; by demonstrating that there is a significant and known threat to users’ personal information as well as company information, users are more likely to adhere to corporate controls. This provides a win-win scenario, protecting users’ personal info while also protecting your corporate data.