Other

by Carissa Carissa No Comments

Data Center Capacity Planning

Chris Haynes[Senior Systems Consultant]

Capacity PlanningIs your data center infrastructure being used the way you intended it to? Are you in control of your organization’s IT data?  If your organization is like most, probably not as well as you would like to.

A good data center capacity planning strategy can help your business become more efficient, dynamic, and competitive, but few organizations dedicate resources to capacity management or give it any importance.  If it does exist, many times it is usually just to satisfy regulations or to check a box on a form.

The tendency of many IT departments is to play it safe by purchasing more server and storage capacity than needed, which means resources are being wasted at a time when IT departments are being asked to do even more with less.  On the flip side of the coin, some IT departments are not able to anticipate the growing IT demands of the business, and react to them in a timely manner, potentially resulting in lost business or costly reactionary purchases.

In order to proactively meet the demands of your organization’s needs, you need to develop data center capacity planning processes and procedures that will track and report on the following metrics:Capacity Planning 2

  • How much is being used?
  • Who is using it?
  • At what rate is it being used?
  • How much is left?
  • When will we run out of it?

Having the answers to these questions at any point in time allows your IT department to be proactive and take steps accordingly to stay ahead of the business’ needs.  Being able to project future needs allows your organization to budget and plan for data center growth and scalability in advance, which is almost always cheaper than unplanned emergency purchases.

Does your organization need help developing a data center capacity management strategy?  Please contact your Keller Schroeder Account Manager to see how we can help.

by Carissa Carissa No Comments

Penetration Tests – Why does your organization need one?

Chris Fortune[Security Consultant]

Penetration TestingPenetration testing helps businesses understand if their investment in security actually affords them the protection they want.  To help in your understanding, let’s start with defining some terms to make sure we are using the same vocabulary.

  • Threat – agent or actor that can cause harm
  • Vulnerability – a flaw someone can exploit to cause harm
  • Risk – Where threat and vulnerability overlap
  • Exploit – code or technique that a threat uses to take advantage of a vulnerability
  • Penetration testing  – involves modeling the techniques used by real-world computer attackers to find vulnerabilities and under controlled circumstances to exploit these flaws in a professional, safe manner according to a carefully designed scope and rules of engagement to determine business risk and potential impact.  All with the goal of helping the organization improve security.
  • Security/Vulnerability assessment – focus is on finding security vulnerabilities, which may or may not be used to get in or steal data.  These assessments are broader, and often include explicit policy and procedure review.

Now that we have a common vocabulary, you might be thinking “How is a penetration test different than a vulnerability assessment?”  The difference is action – the penetration test aims to breach the security of the business, where a vulnerability assessment is simply an evaluation of your organization’s security posture.

A penetration test can help answer the following questions:

  • Can vulnerabilities that are found be exploited to gain access or steal data?
  • Can lower-risk vulnerabilities be exploited in a way together that opens up a higher-risk vulnerability?
  • What does this mean to the business or operations if successful?
  • At what level can your business successfully detect and respond to attacks?

Other reasons a penetration test can provide value to your business:

  • Meeting compliance with regulatory standards
  • Automated network or application vulnerability scanning software can have difficulty detecting some types of vulnerabilities.
  • Provide evidence to support increased investments in security personnel and technology
  • Post security incident- to validate new security controls put in place will stop a similar attack in the future.

Security BreachPenetration tests can be scoped to your business needs from general to narrow.  On the general side of scope is a black box test.  The tester is given little to no information and tries to see if they can get access or business information.  On the narrow side of scope is a white box test.  This could be something like testing a new application with full knowledge of what it should do.  The tester in this case is given valid user accounts with different roles like a regular user and an admin user to test what each can do in the application.

If you would like to discuss penetration testing and the value it can bring to your organization, please contact your Keller Schroeder Account Manager to begin a discussion with our certified penetration testers.

by Carissa Carissa No Comments

Spotlight On…

Employee-Owner: Amanda Gries

Amanda Gries Family


Amanda Gries is the newest addition to our technical recruiting Staffing Solutions Group. Amanda has over 16 years of experience in the Human Resources field. The majority of her career has been as a recruiter for finance and manufacturing companies. She has also worked as an HR generalist and manager.

Amanda spent over ten years at Springleaf, refining her administrative and recruiting skills. She has also held HR and management positions at Berry Plastics and Toyota Boshoku Indiana.

Outside of the office, Amanda loves spending time with her family – husband Brian, stepson Payton, son Clayton, and daughter Aspyn. They are avid sprint car fans and travel all over to watch races. They also love the water and try to spend as much time at Barkley Lake as her kids’ summer sports schedules will allow.

Contact your Keller Schroeder Sr. Account Manager to learn more about Amanda and how you can leverage her experience and skills to benefit your organization.

by Carissa Carissa No Comments

Systems Team Proactive Performance Management (PPM) Services

Chris Haynes  – [Keller Schroeder Engineer]

        An ounce of prevention is worth a pound of cure. – Benjamin Franklin

Virtualization has become the norm in most data centers, but so is the expectation of zero downtime. Preventative maintenance is the best insurance against downtime and security threats in your storage/virtualization environment.SV PPM Wheel

Preventative maintenance can:

  • Prevent productivity losses due to unscheduled downtime
  • Reduce security risk
  • Increase the quality & reliability of mission-critical IT operations
  • Maximize performance & efficiency
  • Lower overall maintenance costs

Keller Schroeder’s System Team offers a Proactive Performance Management (PPM) service to perform regular preventative maintenance services and provide remedy reporting and resolution for storage/virtualization environments.

So what does our PPM service include?

  • Review system logs, alerts, & diagnose problems
  • Identify capacity & performance issues & inefficiencies
  • Perform minor upgrades & apply patches
  • Analyze/validate system configurations
  • Remediate discovered issues
  • Make recommendations for improvements or industry common practice design changes

So why use Keller Schroeder for these services?

Our Systems Team has a combined years of experience in IT of 130+ years, which is an average of about 22 years per admin. We have deep knowledge & expertise in the storage/virtualization stack, both past and present.  We carry multiple certifications in various technologies, and continuously perform new installs and upgrade existing systems in the field, so we are fresh & familiar with the latest versions, compatibility requirements, and potential pitfalls.

We already perform PPM programs for many of our clients and have developed detailed & proven install, upgrade, & patch procedures, along with health assessments & checklists, and remedy/status reports. We typically provide these PPM services on a quarterly basis, but we can build a customized plan to meet your specific needs.

A key challenge in IT is having to do more with less and dealing with a lack of resources, so let us do what we do best, so you can focus on what you do best for your business.

Please contact your Keller Schroeder Account Manager for more information.

by Carissa Carissa No Comments

Spotlight On…

Employee-Owner: Kevin DykmanKS Kevin Dykman

 

Kevin has over 34 years of experience in the Information Technology field. His extensive experience includes working in the manufacturing and distribution industries, serving in both technical and management roles. Kevin started with Keller Schroeder in 1997, and has since worked for a large variety of clients including textiles, pharmaceutical, automotive, and plastics manufacturing. He specializes in EDI and ERP integration and customization using RPG. Prior to joining Keller Schroeder, Kevin was the IT manager for a pork processing company for 13 years. Before that position, he taught at a business college. Kevin is a Business Unit Director in Keller Schroeder’s Core Services Group.

Kevin is a huge baseball fan, and has been the commissioner of a fantasy baseball league since 1995. He also enjoys spending time with his two pugs – Boogie and Ivy.

Contact your Keller Schroeder Sr. Account Manager to learn more about Kevin and how you can leverage his experience and skills to benefit your organization.

by Carissa Carissa No Comments

Spotlight On…

Employee Owners: Chris FortuneChris Fortune

 

Chris Fortune is a 20 year veteran in IT. His experience began as a co-op student on a helpdesk and quickly escalated into increasingly challenging roles in network engineering, system engineering, and telecom. Security has always been the common thread of Chris’ work with these other disciplines.  He has also had direct responsibility for security such as managing firewalls, IDS/IPS, AV, VPN, remote access, log management and forensics.  Chris has worked for manufacturing, education, service provider, financial, healthcare and utility companies, as well as being an IT consultant for these types of businesses.

Chris has a Bachelor of Science in Computer Engineering from the University of Evansville and is working on a graduate certificate in Penetration Testing & Ethical Hacking from SANS Technology Institute.

Contact the Keller Schroeder Account Team to learn more about Chris and how you can leverage his experience and skills to benefit your organization.

by Carissa Carissa No Comments

Spotlight On…

Ty Nixon

Employee Owners: Ty Nixon

 

Ty has 9 years of experience in the Information Technology field.  Prior to his role with Keller Schroeder, he designed, implemented, and maintained server, network, and cabling infrastructure for 56 locations in a post-secondary environment with over 8,000 students.  For that institution, he carried the primary responsibility for 100+ Windows Servers, Active Directory, Exchange 2013, SQL Server, Systems Center, Sharepoint Server, Hyper-V, Cisco LAN, WAN, and wireless technologies.  He also led the design and implementation for SAN solutions, and designed high-availability solutions based on clustering, multi-homing, and replication.

In addition to his Microsoft and Cisco background, Ty has experience with Symantec Backup Exec, Simpana Commvault, and Websense security products.  He also has experience with infrastructure automation through the use of Powershell.

Ty and his wife Teresa recently moved to the area from Texas.  They have two young children – a son named Flint and daughter Ela. In his spare time, Ty enjoys spending time with his family and being outdoors. He loves riding motorcycles, carpentry and woodworking, and studying theology.

Contact the Keller Schroeder Account Team to learn more about Ty and how you can leverage his experience and skills to benefit your organization.

by Carissa Carissa No Comments

Phish or Be Phished? The Choice is Yours

PhishingBrad Mathis, Senior Consultant, Information Security

It is mid-2015.  By now, we have all seen incoming emails claiming we have been bequeathed a huge sum of money from a Nigerian Prince, or we have won a foreign lottery we never entered.  Most employees have seen these scam emails long enough to know they are not real.

However,

  • What about the seemingly benign email coming in from a recognizable sender?
  • What if this legitimate looking email has an attached PDF or Word document?
  • What if it contains a seemingly real link to a web site?
  • How many of your employees would open the attachment or click on the link?
  • How many employees will assume it is safe since it made it unscathed through all of your layers of security, including email and web content filters?
  • Do your users understand the ramifications of introducing undetected malware into your environment? Do they know this malware can capture their keystrokes, turn on their web camera and microphone, and capture screen shots or data from their system and transmit this data to cyber-criminals completely undetected?

If you can answer these questions with a high degree of certainty, you are either a one-user environment, you are sitting at each user’s desk approving their every keystroke, OR, you have already identified and implemented the requirement for measurable security awareness training and the importance of recurring testing of your staff to see how Phish prone they are.

This would be a good time to stress the importance of continuing to maintain an effective defense-in-depth strategy.  What does this mean?  Defense-in-depth all comes down to remembering not one single defense mechanism will protect your environment.  It takes several layers to lower risk.  Examples of necessary defense-in-depth layers are:

  • Continuous Vulnerability Management
  • Continuous Patch Management of Applications and Operating Systems
  • System Hardening and Configuration Standards
  • Effective Next Generation Firewall Strategy
  • Intrusion Detection and Prevention
  • Malware Defenses and Content Filtering
  • Secure Perimeter and Network Security Architecture
  • Complete elimination of obsolete operating systems and applications, as well as the elimination of technologies no longer supported or considered best practice, such as RIP and WINS
  • Strengthened Controls such as Password Requirements and Rights Management
  • Policies, Procedures, and Standards

Data SecurityWon’t a strong defense-in-depth strategy prevent the introduction of cyberattacks into my network? Unfortunately, no amount of technical defenses can completely prevent the actions of a user lacking security awareness from clicking or opening something they should not.  The danger point is the window of opportunity the cyber-criminal are all too familiar with.  Cyber-criminals know there is a time lag between the time vulnerabilities are discovered and the time organizations get around to correcting the vulnerability.  The criminals know to attack swiftly while defenses are down and the chance of detection is low.

According to a recent information security study, it takes organizations an average of 176 days to remediate known vulnerabilities.  However, it only takes cyber criminals an average of 7 days to exploit known vulnerabilities.  During the 169-day delta between vulnerability remediation and cyber-criminal exploitation, your defense in depth layers may be at the mercy of your end user’s level of security awareness education.  On top of this, we have been seeing a window of several days before anti-malware providers can detect the newest malware strains.

Of the 150+ Million phishing emails being sent every single day, over 10% are making it through SPAM filters.  Of those, over 8 million are opened, and over 800,000 users are clicking on phishing links.  An average of 80,000 users a day are actually providing sensitive information to cyber-criminals because they believe the email or web link to be legitimate.  Every Day!  Are your users among the 80,000 daily victims?

Know Be 4If you haven’t figured it by now, Security Awareness Training and Effectiveness Testing is now a required layer to an effective Defense-In-Depth strategy.  Knowing this is critical, Keller Schroeder has partnered with KnowBe4 to offer effective and measurable Information Security Awareness Training, as well as perform ‘safe’ simulated phishing attacks to help determine what your current Phish-Prone percentage is and how to lower it.  For years, law enforcement learned their best crime prevention techniques from Criminals.  KnowBe4 has taken this approach, as well, with Security Awareness Training.  The training was co-developed with reformed cyber-criminal Kevin Mitnick, the Most Wanted Hacker in the World during the mid-nineties.

For more information about how Keller Schroeder and KnowBe4 solutions can help you determine and lower your Security Awareness Risk, please contact your Keller Schroeder Account Manager.

by Carissa Carissa No Comments

Microsoft to Increase CALs – Effective 8/1/15

Increased-Cost

Keller Schroeder was recently informed that Microsoft is planning to increase the cost of their Client Access Licenses (CAL). On-premise user CAL pricing will increase by approximately 13% effective on August 1st, 2015. The list price for Device CALs will not change.

 

 

Which CALs are affected?

The following User CALs will be affected:

  • Core CAL Suite
  • Enterprise CAL Suite
  • Exchange Server Standard & Enterprise CALs
  • Lync Server Standard, Enterprise, & Plus CALs
  • Project Server CAL
  • SharePoint Standard & Enterprise CAL
  • System Center Configuration Manager
  • System Center Endpoint Protection
  • System Center Client Management Suite
  • Visual Studio Team Foundation Server CAL
  • Windows Server CAL
  • Windows RDS & RMS CAL
  • Windows Multipoint CAL

As a reminder, Device CALs will not be impacted by this price change, nor will CALs for any product not listed above (SQL, Dynamics AX/CRM, etc.).

If your company is looking to upgrade your Microsoft products, contact the Keller Schroeder Account Team soon to make those changes BEFORE the increase on August 1st. We will gladly answer any questions you might have and look forward to assisting you.

by Carissa Carissa No Comments

Spotlight On…

Paul Miller

Employee Owners: Paul Miller

 

Paul’s professional experience spans over 20 years across the IT departments of industries as diverse as Healthcare, Banking, Manufacturing and Distribution, Energy, and Broadcasting. Most recently Paul was a Senior Solutions Architect/Team Lead for Baptist Health Kentucky, where he supported over 3000 servers and 25000 clients. His roles included Project Management, Citrix Configuration and Support, Exchange Administration Active Directory Implementation, Acquisitions, Executive Advisement, Mobile Device Management, Domain Migrations, Network Analysis, Client-Server Configuration Management, Internal Security, Threat Response, Identity Management, and Staff Management.

Prior to his role at Baptist, Paul worked for several Fortune 500 companies such as Stride Rite Corporation and Kindred Healthcare. Paul served as Director of IT Systems for Physicians Primary Care, and also consulted for small and medium businesses in the Louisville, KY area. In these roles he implemented everything from Radiology Systems, Robotics, Software and Hardware Certification Processes, and Managed Client Solutions. He is a Senior Systems Engineer.

Contact the Keller Schroeder Account Team to learn more about Paul and how you can leverage his experience and skills to benefit your organization.

Top