The Tech Break

In 2015, according to the IDG Cloud Computing Study, 90% of businesses have moved some portion of their applications to the cloud. 90%! And what is holding back the other 10%? 61% of those organizations that have not moved to the cloud stated that security was holding them back.

It makes sense. If the one reason why you haven’t moved to the cloud was because you had concerns about the security of your applications and data, we can’t blame you! For many organizations security takes precedent in IT and it doesn’t make sense to willingly open yourself up to risk. 

But there is a reason why so many have migrated to the cloud. The numbers do not lie! According to IRMS 360, 84% of CIOs report they have cut their application costs and 74% of companies have begun to reinvest savings back into their business after moving to the cloud.

Thankfully, vendors understand the value of the cloud as well as the value of your data. One big reason security has been a hot topic in the cloud is because visibility is extremely challenging. As more devices are added to your network, corporate or personal, and more applications are used like Dropbox, Microsoft 365, Salesforce, Facebook, Twitter, etc., visibility becomes nonexistent. Over70% of all data breaches have occurred from insiders whether it was unintentional misuse or malicious behavior. These breaches could have been prevented with cloud application visibility.

So, what is the Secret? Netskope.

Netskope is the leading Cloud Access Security Broker and use their Active Platform to provide visibility, enforce sophisticated policies, and protect your data in cloud applications. Using it’s extremely user friendly interface, Netskope Active Platform allows you to see the specifics and set granular policy. For example, Netskope will tell you, in real time, who is using/accessing PCI, on what device, and what they are doing with that information. You are then able to set policy by saying you only want to allow User X and User Y to be able to access PCI information and control their behavior by only allowing uploads to your one finance sanctioned app.

Repeat this type of granular visibility and policy for all your apps in the cloud. Next perform an audit on your cloud activity. Again this can be performed for all your apps and allows you to create an audit trail on user activity. Say User Dave is leaving your organization and downloaded confidential information from a sanctioned cloud app and then uploaded that information to a personal app, and shared it with your competitor. You are able to set up alerts when that behavior occurs or you can use this feature as a standard practice whenever an employee leaves your organization.

Say you want to be more proactive about cloud security. The Netskope Active Platform allows you to detect anomalies that may be a threat to your data. This detection can help you indicate if credentials have been compromised, user behavior is out-of-line, or malware. You can then prioritize these anomalies based on their risk level. Next coach up your users. Set alerts and notifications when your users are violating a policy. Use this feature to help educate your users and then be able to redirect them to apps they should be using, let them report false positives, and give them the option to justify violating activity. You make the decision on what users can proceed after a justification and which ones need approval. The Netskope Active Platform also allows you to control access to cloud applications and encrypt data on a granular level.

The reason many customers are investing in the Netskope Active Platform is to be able to gain visibility, control, and enhance security for Shadow IT. The latest trend in cloud has given other departments the freedom to deploy apps without the review and approval from your IT department. Netskope allows you to understand all the apps in your environment, how frequently they are being used and by who, set policy to those apps, and ultimately better secure your data. It is allowing you to take a proactive measure to secure your data in the cloud for the things that you had no idea were even there.

If you haven’t moved to the cloud because of security concerns or you are in the cloud and want to better protect yourself and your organization, Netskope is my number 1 recommendation. Easily and simply gain visibility, enforce policies, and protect your data in cloud applications.

If you would like to learn more and receive a demo or a cloud risk assessment call us today!

Give us a call at 858.777.1617 or email us at info@birdrockusa.com.

IT Executives are key contributors to strategic planning but with the end of the year approaching and Holiday vacation on their minds, planning IT strategy for 2016 becomes an unnerving task. Keeping in mind end of year tasks while shifting into the next year plan/strategy is a challenge and at times becomes reactive.

Proactive IT planning for the future is an integral part of supporting an organization in order for it to achieve its goals and vision. To be proactive, organizations must have up to date information on their IT including spend, technologies, talent and process. Some challenges IT Executives face when planning strategy are:

• Limited IT Documentation
• Overspending on telco services
• Understanding talents and areas of improvement for IT teams
• Current state of support contracts and end of life equipment
• Root causes of recent incidents

Wouldn’t it be nice to offload your IT strategy planning for 2016, and focus at your tasks at hand?

One solution that our customers have found to be extremely valuable, especially when closing out the year or quarter, is a Technology Road Map. A Technology Road Map enables IT executives to make informed decisions for IT spend, training, and staffing. The instant benefit of a road map is freeing up IT Executives and or teams time from having to analyze their entire IT including talent, technologies, spend, and process. The total benefit of a Technology Road Map short term and long term includes:

• Documenting the state of IT in relation to purpose, vision, and goals
• Snapshot of current physical network topology
• Improve investment planning through identification of equipment at risk, e.g. as a result of vendor end-of-life
• Save money on telco services that are not in use
• Gain a 3^rd party view from an expert team with a proven methodology
• Transferable network documentation for new hires
• Training and staffing recommendations        

When a Technology Road Map is performed, the final deliverable includes value information such as:

• High Level LAN/WAN Network diagrams
• Other network diagrams (Remote access, IP Telephony, Security, Internet, QoS, etc.)
• Needs/Gap Analysis report for IT human Resources
• Report of IT spend including hardware, software, licensing, support contracts, professional services, telco, data center, payroll, etc.
• Identify end-of-life software and equipment for budget planning
• Report current state of support contracts
• Root cause analysis of recent incident reports
• Findings, conclusions, and recommendations

Sign up for a Technology Road Map and let our experts do the work for you!Offload your IT planning and strategy, focus on closing out the end of the year, and ENJOY the Holidays.

As our motto goes “No Worries…We make I.T. Better!”

Give us a call at 858.777.1617 or email us at info@birdrockusa.com.

To put it simply, the more data we are able to collect, the more knowledge we retain. We all know the cliché “knowledge is power.” Though collecting data is an extremely valuable resource for companies across all industries, once it becomes so large we begin to open ourselves up to major security risks. These risks can be external from hackers, insider abuse whether it is malicious or unintentional, and/or risks related to compliance.

How can we confidently secure this data?

I am really driving this conversation towards your data-at-rest. How do you make sure your valuable, sensitive, at rest data is secure from hackers?

The answer is encryption. I like to think of encryption as a bank dye bag. When a robber steals a bag of money the dye bag technology explodes and covers all the bills, that bag of money is then rendered useless. This goes the same with data encryption. Although a hacker has breached your network, your encrypted data is useless to them.

You may be thinking, “Duh! I already encrypt my data.” But I say, there’s a better way!

Your encryption solutions in the past may have worked but were probably a nightmare to manage. Keeping up to date with multiple encryption solutions is not an easy task for multiple reasons such as a lack of time, an ever changing environment, skill set inefficiencies, and or employment changes. Many times these challenges yield inconsistent results, performance woes such as a bottleneck when an encryption solution is turned on, and in some cases, it is so difficult to manage that IT professionals turn off an encryption solution all together.

The solution that I have come to love is the Vormetric Data Security Platform. The platform allows your team to efficiently manage data-at-rest security across your entire organization.  Using a scalable infrastructure, the Vormetric Data Security Platform is capable of transparent file encryption, application encryption, tokenization, dynamic data masking, cloud encryption gateway, key management and vaulting, privileged user control, and access audit logging. Boy, that’s a ton of valuable capabilities!

This platform will allow you to address your security and compliance demands such as HIPAA, PCI, and FISMA, just to name a few. Easily manage the platform and mitigate advanced persistent threats (APTs), prevent your insiders from abusing data, and place persistent controls on your data even if it is in an external provider’s infrastructure. Instead of multiple point solutions to protect your data throughout your entire network, this platform takes a consistent and centralized approach. This allows your IT team to quickly and efficiently manage your data-at-rest at less cost (time and money).

Vormetric allows you to feel confident about your data security, giving you piece of mind not only in regards to breaches, insider abuse, and compliance but also for your IT budget constraints.

If you would like to learn more about Vormetric and its Data Security Platform please call us today to set up a consultation!  Call us at 858.777.1617 or email us at info@birdrockusa.com.

Also check out www.vormetric.com to learn more on your own.

As our motto goes “No worries…We make I.T. Better!”

Year after year, Bird Rock Systems pulls out the hammer and nails to hang up plaques that they have been awarded for their continued success and growth.

Well we did it again! Bird Rock Systems has found itself ranked in the 2015 Inc. 5000 Fastest Growing Private Companies at #3185. This year’s growth from the prior year boasts a 107% revenue increase! The plaque now hangs nicely next to the 4 other Inc. 5000 plaques dating back to 2011.

But this wasn’t the only award that Bird Rock had to make room for on their wall of accolades. Above the Inc. 5000 plaques, there is a similar looking row of San Diego’s 100 Fastest Growing Private Companies. This year Bird Rock ranked #64 as the 2015 Fastest Growing Private Company in San Diego! This falls in line with the 4 other plaques also dating back to 2011.

Above these plaques are the 5 CRN Fast Growth 150 awards dating back to 2010! Looks like we need a new wall with the 5 Inc. 5000, 5 San Diego Fastest Growing Private Companies, and 5 CRN fastest growth filling up all the space.                                                                                                                     

Bird Rock is doing something that the young kids refer to as “killing the game.” But for Bird Rock Systems it’s not about hanging up an award and basking in our successes.

We use these plaques as a constant reminder of our values. It was not just luck, fate, or chance that Bird Rock has placed itself where it is today. Headed by the brilliantly cool CEO, Jim Matteo, Bird Rock Systems has developed a culture of building strong relationships, being advocates for technology, holding ourselves to the utmost integrity, and giving back to our community. We can sum this up as a culture of truly genuine people that have a passion to not only make the hectic lives of IT professionals easier but to help those in need outside of our working environment.

Bird Rock Systems looks forward to continue to provide our customers with best of breed technology and impeccable customer service each and every day!

“No worries…We make I.T. better!”

Call us at 858.777.1617 or email us at info@birdrockusa.com.

According to the U.S. Bureau of Labor, IT employment is looking to raise by 22% in 2020. Although we have seen a large increase in offshoring to countries such as India, demand for IT staffing is growing every year here in the U.S.  For example, software developers are looking at an increase in demand of 28% to 32%.

What does this mean for companies in need of IT talent?

Recruiting and retaining IT talent will become increasingly challenging. As job demand for IT continues to increase top talent will be harder to find and harder to keep around. The search for finding a professional that is able to hit the ground running as well as fit into your company culture will be even more difficult.

So, what can you do?

I think the clear answer, for most IT managers or those in a position to hire, is to partner with an IT staffing agency. Let them do all the initial work. They will find candidates that may qualify, send you the resumes found, and then you can decide to interview those individuals. It sounds easy enough and pretty painless. In some cases this process works very well and in others it can be a nightmare.

Here are some of the challenges with filling a position using an IT staffing agency.

• Lack of IT knowledge (staffing agency)
• Time investment interviewing unqualified candidates (searching for key words of skill rather than actual understanding of the technology)
• Lack of understanding your business needs and objectives
• Top talent resumes sent to multiple companies using the same agency where highest bidder wins

IT Staffing agencies are filled sales people that are not technical. They claim to understand IT but the truth of the matter is they only understand IT at a very high level. Your job description may ask for networking, storage, and security expertise but maybe you just really need someone who can dive deep into your Cisco routers. IT staffing companies will send tons of resumes that include experience on your job description but do not dive deeper into real technical understanding. Consequently, IT managers spend a lot of time reviewing/interviewing people who do not qualify.

Bird Rock Systems is an IT solutions provider. Our core practice uses Advanced Managed and Professional services around these four pillars: security, mobility, collaboration, and data center. So how do we change the game? We offer IT staffing and recruiting services but we do it differently. With our expertise in IT, we are able to understand exactly who you need and then we deliver on that need. Our engineers and sales people do preliminary interviews of potential candidates and weed out all those that do not fit for your specific technical requirements. No more resume after resume just because some words match your job description. Bird Rock IT Staffing and Recruiting services can help you find the right fit for your organization whether itis project based, a retainer, or a fulltime employee.

As our motto goes “No worries…We make I.T. better!”

Call us at 858.777.1617 or email us at info@birdrockusa.com.

By Brianna Massey Junior Engineer Intern

Protection of your assets is important, including in your mobile devices. With the growing acceptance of BYOD in enterprises, companies are looking for ways to implement successful mobile security.

While mobility can be a great benefit for the company, it also opens your data up to security threats. With the right strategy, however, an enterprise can confidently secure the mobile devices accessing their sensitive data. Three steps to take while creating your mobile security strategy include recognizing the risks of adding mobile devices on your network, seeking vulnerabilities in your current network, and creating a plan to manage the risks and vulnerabilities that are found.

Before you can securely add mobility to your network you need to understand how it will be used to fulfill your business needs. Once you have this understanding you can look at the risks your resources can potentially be exposed to. Knowing these risks are vital in preventing them. If an attacker effectively gets into a mobile device on your company’s network, a great deal of damage can be done - including:

• ·         stealing corporate data
• ·         listening to meetings and conversations via microphone
• ·         taking videos or photos using the camera
• ·         tracking the device’s location
• ·         sending emails and text messages

It is important to note that “securing mobile devices” means taking different actions to different stakeholders in your enterprise environment. It is the IT manager’s responsibility to understand these differences and find a compromise that addresses everyone’s concerns while still giving employees the convenience of mobility they expect.

After considering the risks your company faces by using mobile devices, it is important to assess your own network to seek the vulnerabilities you currently have or would have if you increased mobility. There are many deployable solutions enterprises use to gain visibility and add control to mobile devices to better manage them. Although managing devices can have security benefits, you must remember that managing and securing are not synonymous. It is vital to ensure that the solutions your enterprise will deploy support the objective you have set for your mobile security strategy.

In order to stop an attack and protect your sensitive data, you must have an initiative ready to detect threats in your network and a plan to carry out to stop an attack from causing any more damage. It is important to find a mobile security solution that logs and analyzes the device, the applications it runs, and the network it is on in order to regulate behavior in real-time to determine when a vulnerability has been exploited. Regular vulnerability assessments can help an enterprise define the level of risk the organization is exposed to.

With the strong relationships we have with our partners, we strive to work with one another to provide our customers with the best security solutions for each custom infrastructure. Bird Rock Systems has helped countless businesses successfully implement mobile security into their environments. 

What is IT strategy?

When we take a look at some of the most successful businesses on the planet, they all have one thing in common, a powerful strategy. Rarely does a business take flight and make millions of dollars with a lackluster business strategy. Strategy is deliberate and proactive. It is a plan to set you forth into the future so you can track your progress, make adjustments when the plan falters, and be prepared for the unexpected. We have seen the success when CEO’s, board of directors, etc. create a business strategy. So why do we not hear the words IT strategy very often?

Historically, IT has taken a reactive approach. IT teams are lean and forced to wear multiple hats. Day to day operations and issues constantly take away from longer term projects. As the business scales, IT does the best it can do to keep up until it must make critical investments in order to keep the whole ship afloat. There is a huge reason why IT has taken a reactive approach and it boils down to many of the things that I have talked about in this blog series. Things like limited time and budget. As I mentioned in the very first blog of this series, the third challenge our customers deal with is a lack of resources. This could be a lack of time, training, budget, expertise, personnel, infrastructure, control, and the list could go on and on. Basically, a lack of resources has caused IT to become reactionary and because IT is reactionary, it is uncommon to see IT strategy.

Bird Rock Systems is changing the game here. We understand that IT security, optimization, and efficiency have become a business priority and not just an IT responsibility. We have used our expertise in security, collaboration, mobility, and data center in order to help our customers develop IT strategy. Our Advanced Managed Services give you detailed insight into your network and with that insight comes a Roadmap with recommendations that will prepare you for the future.

We use the most innovative security and monitoring tools in the industry to: relentlessly assess the posture of your data and network computing infrastructure, determine your cloud readiness, understand availability of critical resources, and ultimately, prevent costly business outages.

We can manage any device on the network, allowing you to tailor services to your business needs. Our monitoring services collect metrics related to utilization, connectivity, vulnerability, up time, disk space, process usage, and more so that you can make business-critical technical decisions based on real-time facts.

 When we talk IT strategy we have a conversation focused on Business Direction and Financial goals, overall enterprise architecture, technical migration plan, timeline, and IT budget. We throw out the reactionary processes of the past and give our customers the tools to proactively better their environment with IT strategy!

Call us at 858.777.1617 or email us at info@birdrockusa.com.

According to a study by McAfee, they record over 100,000 new malware samples a day. The reason this is important is because it tells us that no matter what Firewall or anti-virus software used, hackers are relentlessly trying to infiltrate into our networks. Hackers use this malware to bypass our security walls and breach user accounts to get control of our data. They are after unstructured data which includes emails, pdfs, documents, files, etc. that are spread out across a network. There is a second security measure we can be using in order to protect this data.

Before I talk solutions, I would like to dive a little deeper into how hackers are getting into our files.

Scenario 1: Remote User

Remote user access have helped us to optimize, become more efficient, and cut costs but by nature they have also opened us up to more security threats. While a user is at home using a company issued device, disconnected from their company network, they download movies off the internet. Shh, don’t tell anyone! The problem is that because they are off their network, they do not have the same security policies and procedures. Consequently, their device gets a virus. Now when they take their device to work the next day and connect to the network, they have unknowingly allowed a hacker into the environment. Go fish buddy!

Scenario 2: Zero Day Malware & Encrypted Channels

Second, hackers have become more elusive and are using Zero Day threats, as you saw the multitude of this earlier, to get into our networks. A lot of this malware is transferred over encrypted web traffic which prevents firewalls from picking up on them as they pass through giving a hacker easy access into the network.

Scenario 3: Spoofed Email Message with Malicious File

We also see hackers create spoofed email accounts and send messages with downloadable PDFs. These emails look legit and the moment users download and open that PDF, a process runs that opens up a vulnerability for a hacker to enter the environment.

These are a few examples of the methods hackers use to get inside. The point to understand is not how hackers get into our environments. The point is when they get into an environment, how will we fight against them?

Furthermore, how do we distinguish hacker activity from normal user activity?

The answer is User Behavior Analytics or UBA. At a very high level, UBA technology monitors the habits of your users, what applications they access, and when they are accessed. This is where inside threat prevention is developed. Understanding our users, what they access, what they can access but never use, as well as very specific things such as what day and time they access certain files or applications allows for UBA software to flag activities that are not in the norm for those specific users. Ultimately, this allows you to know where a hacker is going and what they want and then allow you to block privileges manually or automatically to prevent your data from being compromised.

Bird Rock Systems is partnered with Varonis, a leader in UBA technology. Varonis has been specializing in this type of technology since 2005 and was recently mentioned in an article by Gartner.

To understand how Gartner feels about UBA and some information on how Varonis is using this technology to prevent hackers form compromising your data, check out this ARTICLE.

If you are interested in learning more about Varonis and would like to set up a meeting with your local IT solutions provider and a Varonis Sales Rep, call us at 858.777.1617 or email us at info@birdrockusa.com.

“No worries… We Make I.T. Better!” 

Budget. Who has it and how do we make it more valuable?

A hurdle we see with our customers is a limited budget for IT such as staffing, infrastructure, security, and so on. This limitation causes IT teams to wear multiple hats managing legacy systems. This approach has its flaws. With technology evolving rapidly, staying up to date with the latest trends is an uphill battle. Because teams are running around resolving day to day issues, their ability to drive innovation is stifled.

Companies are shifting strategies in order to reduce costs and optimize the use of resources. For example, we have seen many customers move some portion of their legacy environment to the Cloud. They benefit from leveraging the latest technologies without the large capital expense. Customers are able to pay as they grow, only using what they need.

DIY - Is this really the best use of internal resources?

There are many benefits in going to the cloud, however, taking on a cloud migration project without experience has its share of risks that could break the budget. There is an inherent learning curve when going to the cloud which takes time, research and trial and error.

What is the risk of a failed migration?

There is a lot to consider when moving to the cloud such as security, reliability, availability, vendor lock in and management. So it is important to weigh the cost versus value when choosing between “doing it yourself” versus leveraging a partner.

We Can Help!

Moving to the cloud is one example of how we help customers solve challenging initiatives. Not only can we help customers go to the cloud, but we are able to provide ongoing management and quarterly health checks to make sure customers are maximizing their investment while optimizing the performance.

Bird Rock Systems Advanced Managed Services helps customers execute on an effective IT strategy allowing the in house team to focus on aligning their department with the company vision. Quarterly health checks on areas such as cloud environments, storage, virtualization, LAN switching and wireless are of great value to customers because they don’t require an expert in each discipline 24/7. There is value and savings in the periodic review of the environment to uncover issues/potential issues, make recommendations to optimize systems and even provide remediation.

If your budget has you shorthanded and you could use the expertise of Bird Rock Systems, call us today and ask about our Advanced Managed Services. We tailor our services to your business needs!

Call us at 858.777.1617 or email us at info@birdrockusa.com.

Stay Tuned for Part IV of the “We make I.T. better” a Series on Advanced Managed Services!

Are you looking at the clock and the hands seem to be spinning faster than you can get things done?

Do not worry, you are not alone. Many of our customers biggest challenge in their I.T. environment is time or lack thereof. There are many reasons why lack of time has become a large hurdle for I.T. teams to jump. I will name a few of the most common ones that we see challenging our customers. First, day to day I.T. issues need immediate attention that ultimately take away from longer term I.T. objectives. Our customer’s time is most important and those day to day issues take precedent especially if it means their customers will experience downtime.

Second, when new technologies are implemented or new engineers come aboard there is a definite learning curve. In the past, we have seen Senior Engineers leave companies for new opportunities and this creates a hurdle for any new oncoming engineer. The common obstacle here is that the new engineer must figure out how and why the previous engineer set up technologies the way they are. Well, if you go down the line of multiple engineer changes, you can see that there is probably a knowledge gap of the how and why things have been configured. These new engineers have to spend the time learning the how and why not only from the previous engineer but potentially from 5 others before them. This is an absolute time trap and we can help solve/mitigate obstacles as such.

The third common reason for a lack of time or inability to create time is along the lines of training and certifications. Similar to the previous hurdle, when new technologies are implemented engineers need to be trained on how to use those technologies. Training is not the final straw and in many cases our customers want or must have certifications for those technologies. As you know, training, whether in I.T. or not, takes up a ton of time. After receiving training one may still have to pass a test to become certified. The time spent studying for a certification as well as the risk of not passing and having to do the process all over again is another large time sink for I.T. teams.

Do you have I.T. time constraints? Bird Rock Systems can help slow down your clock!

Our Advanced Managed Services can help solve all the issues mentioned previously. Bird Rock Systems can come into your environment on a rhythmic basis. With a team of highly skilled engineers, Bird Rock can be scheduled weekly, monthly, and or quarterly to help with your specific I.T. objectives.

Let our engineer/s learn the how and why so you can focus on other objectives.

Training can be time exhaustive and certifications can break your teams working rhythm. Bird Rock can train your team, take over tasks that your team is not trained on, and our engineers are certified to work on the solutions in your environment.  

Maybe I haven’t mentioned a time issue that you may be experiencing. At Bird Rock, we customize our Advanced Managed Services in order to align with your I.T. objectives and business goals. Our objective is to make your I.T. better and we can tackle this by freeing up your time for your specific technology needs.

Give us a call today if you would like more information or could benefit from our Advanced Managed Services! 

Call us at 858.777.1617 or email at info@birdrockusa.com.

Stayed tuned for Part III of the “We make I.T. better” a Series on Advanced Managed Services!