Tag Archives: Assistant

How Do Small Companies Outsource Infrastructure? Eight Ideas

Situation: Start-ups and early-stage enterprises are typically both resource and talent constrained. The CEO of a start-up asks how others successfully outsourced infrastructure cost effectively and when they were early-stage so that they could focus on critical success factors and improve their opportunity to succeed. How do small companies outsource infrastructure?

Advice from the CEOs:

  • In the early stages of company development, outsource everything possible and focus our efforts only on the key functions.
  • In order to focus on the most important things first, decide what must be accomplished and when. Set priorities, establish key milestones and create a timeline to measure achievement. Celebrate your successes!
  • Identify the most important strategic foci within your business model and outsource everything else.
    • For example, use outside data centers instead of developing these yourself.
    • With the increase in Cloud-based options, early stage companies can do without the IT infrastructure that they used to need. Just be careful to safeguard your intellectual property!
  • Attend relevant meetings and functions to learn about existing and available capabilities. Look for local networking opportunities relevant to your market.
  • Incubator sites have developed in a number of high tech centers. These are designed to cover infrastructure needs at a reasonable cost so that founders can focus on product and service development.
  • Hire a virtual assistant – you can find these locally using a Google search.
  • Take advantage of lower cost labor and enlist younger, less experienced labor to manage databases and clean records.
  • Set up a wiki for information. This exchange is free and you can tailor it to your needs. It is permission-based; you can find it at pbwiki.com.

What Is Changing The Game in Network Security?

Interview with Philippe Courtot, CEO, Qualys

Situation: Companies experiencing security breaches and data theft are regularly in the headlines. Those launching these attacks are increasingly well organized and very creative. What is changing the game in network security and how can you respond?

Advice from Philippe Courtot:

  • The movements from enterprise software to Software as a Service (SaaS), and from mainframes to PCs to mobile devices increase the challenges of protecting enterprise environments. Therefore, a cohesive technology platform is imperative.
  • Companies are sensitive to the possibility of attack at any time. There are three principal attack vectors: breach through web applications, breach through email and browsers, and breach by device. Between PCs, iPhones and Android devices, the PC is the most closely linked to the corporate intranet while often the most vulnerable because users are lax about updating their systems and applications.
  • Attackers often target a company executive or high level administrative assistant to access the user’s profile and passwords.  In one type of attack called spear fishing, the attacker creates emails tailored to the person targeted appearing to come from a colleague or friend. When the target clicks on the email, a small piece of code is inserted in the computer, which can give control to the attacker. Another way to gain control of a computer is through physical access. An attacker can learn about a pending vacation via Facebook or twitter, providing an opportunity for home invasion. Once the attacker has access to the computer, they can plant a control program on the system. When the user returns, the attackers can make fast, brief forays inserting additional code or taking data from the enterprise network. They may use the information themselves, or sell it to others.

Given these new realities, how does a company prevent attack?

  • First, the company must thoroughly analyze and understand their vulnerabilities which are all potential entry points for an attacker. Once vulnerabilities are mapped, work on a schedule to remediate them.
  • Second, you must educate all users about the threats. This is especially critical for any personnel who have access to secure company data.
  • Third, invest in and build additional defenses to shield all remaining vulnerabilities. Make sure that employees are drilled on the defenses and that they are used. One growing trend is the use of two factor authentication, requiring employees to carry token generation devices with them to use in addition to their password. These tokens can be delivered by smart phone.

You can contact Philippe Courtot at pcourtot@qualys.com

Key Words:  Network, Security, Breach, Data, Theft, Response, Mainframe, PC, Mobile, Enterprise, Environment, Criminal, Government, Attack, Vector, Social Network, Email, Browser, Web, Application, Device, Spear Fishing, Executive, Assistant, Profile, Password, Vulnerability, Educate, Defense, ID