How are they doing it I asked.

And the COO replied – with no servers. NO SERVERS!! Well, that’s not entirely true, he admitted. They had one server running VmWare in their lab for testing applications and development work, he informed me.

So, how do they do it? And more importantly, why? And what I found out turned my world upside down.

Here’s why: Aurora (my company) has been in business for 20 years, selling and deploying technology solutions for SMB, Mid-Market and Public Sector customers. We have 30 employees and we run 18 production servers in house. That’s in addition to the 20+ lab servers that are virtualized. We have a team of 5 engineers who share various responsibilities in managing these servers. Our IT infrastructure management overhead is about 2x that of my 500 seat customer.

So how for V pull it off?

1. Well, they invest in new technology and applications that are 100% Cloud Ready. That’s their business model. They refuse to run any ‘old technology’. Old Technology being applications that only run in-house.
2. They invest in applications that are open to connectors, to API’s (Application Programming Interface). If the application doesn’t allow or promote API’s as a culture, they don’t evaluate it.
3. Finally, they test internally without requiring much help from external vendors. After stringent testing if the application or solution passes the test, they’re in for the long haul. If it requires a lot of help/interference from the vendor, they’ll likely not go for it.

Why does V do it?

1. They see this as their future. Small IT staff, Cloud Infrastructure
2. They themselves propagate Cloud CRM. ‘You have to live it to build it’ is their mantra.
3. They come from a culture of driving and embracing change.
4. It’s fun! It’s fun to be doing new things, on the cutting edge of technology.
5. The pure economies of scale and the speed to market, which is critical for a competitive startup. Not being slowed down by ‘old technology’ and traditional IT.
6. Fixed operations cost per employee. When an employee is hired, they know exactly how much that employee will cost per month in IT infrastructure (Email, Security, VoIP Phone, Cloud Applications, etc).
7. Culture: This is their culture. They live and breathe ‘Cloud’.

So, that’s why it shook my world. We sell Cloud solutions too. We’ve been doing it for over 5 years. But we all firmly believe that no one can and will go 100% cloud. My hardware and software sales guys and gals will still have transactions to process. Customers will still buys some servers and those servers will then need security and backup and disaster recovery, and a server room and smart IT people (engineers), etc, etc. That’s my world. I understand that world.

My first feeling was one of fear. What if all my clients went 100% cloud? It would truly be in their best interest, provided Cloud vendors and Cloud applications made themselves available.

Logic kicks in. Not everyone can embrace change and have a 100% Cloud culture like V. Some applications are just not ‘Cloud-ready’ and may not be for a long time. I firmly believe Cloud is here to stay, but I don’t believe, for the reasons mentioned above, that a lot of existing businesses will be able to pull off 100% cloud. Start-ups maybe, as Cloud is all they might know

My final thought: Why are we not a 100% Cloud company…. Stay tuned…. Time to embrace change… again.

The post To Cloud or not to Cloud appeared first on Aurora.

1. Leverage the knowledge of best practice settings and configurations. Aurora® for instance has completed over 400+ encryption deployments, some globally. With over 400+ installations and deployments of on-site full disk and laptop encryption, as well as hosted laptop encryption, your solution would be customized to your specific needs as well as configured with industry and compliance best practices derived from real-life experiences in the field.
2. Availability and scalability – With the option for clustering, and servers residing at SSAE16 Type II certified datacenters, Hosted Laptop Encryption is designed to offer maximum availability and scalability.
3. Less servers to maintain and manage – Offload your dedicated on-site server to us, along with redundant and co-location ones. Get back rack and datacenter space. Repurpose existing infrastructure. Admins will have less servers to maintain, update, and upgrade, along with fewer considerations for rack space, power consumption, cooling, hardware failures, aging, hardware updates, and redundancy.
4. Industry  Certifications and Compliance – To meet Federal, state and local regulations, hosted disk encryption practices conform to the most rigorus industry and government protocols including SSAE16 Type II and CSAE 3416 certifications.
5. No Encryption Key Server needed – Your encryption infrastructure now managed by expert PGP/Symantec certified encryption engineers, allows customers to offload encryption expertise and responsibility to encryption experts. No on-site trained engineer required any more. Resources can be repurposed to other technology areas.
6. No LDAP or AD access needed – One of the benefits of directory synchronization is single sign on (SSO). Allowing users to maintain one password to login from pre-boot to desktop. With Hosted Disk Encryption, you can have the best of both worlds. Users continue to use their own domain credentials without the worry of managing multiple passwords and admins can maintain control and security without allowing external access to your AD server. Encryption managed service is the way to go.

The post 5 Reasons for a Full Disk Laptop Encryption Hosted Service appeared first on Aurora.

FDE protects data by restricting access to the encrypted laptop, desktop or server at the BIOS level, even before the operating system runs. So in the event that someone tries to access a device with different credentials (even admin or helpdesk access), the data is encrypted. Admins and Help Desk engineers may access the system if granted specific access, but the data can still remain encrypted. FDE It also works offline on devices like USB thumb drives, Email Attachments and Data Backups

Full Disk encryption offers the following benefits:

1. Nearly everything is encrypted, that includes the swap space and the temporary files. Encrypting these files is important, as they can reveal important confidential data, possibly allowing hackers and ID Thieves to back door into a system.
2. With full disk encryption, the decision of which files to encrypt is automatic and does not need the users’ discretion or content awareness. Makes the process cost effective and fast.
3. After the initial install, the system can barely tell that encryption is running in the background.

Protecting information is more important these days. Businesses are now liable for any data breaches concerning customer’s data. Just recently California senate passed the S.B. 46 bill which enhances the previous SB1386 bill related to data breach notifications. SB46 now adds data elements like passwords, security questions and answers for all accounts, other than just financial accounts.

FDE is also available as a fully hosted, managed encryption service or as a SaaS service. This alleviates the need for in-house encryption expertise or in-house servers and management software or overhead.

The post What is full disk encryption and why businesses need it to protect data. appeared first on Aurora.

1) A SaaS service for Laptop Disk Encryption SaaS might be a security risk: Well, with Hosted Disk Encryption, there are two components involved, well 3 really. The encrypted laptop or desktop, the hosted key management encryption server & Active Directory or LDAP that maintains user groups/lists. The laptop upon reboot uses the users local network/windows password to allow the user access to their machine going forward. At no point is this network password copied or transferred to the hosted key management server. The hosted key server has recovery tokens or unique passwords that are only stored on the server and not locally on the encrypted laptop or desktop. In the event a user loses or forgets their password, an admin can generate a one-time recovery password or token on the server and use that to boot into the laptop. They then get to the window login screen. So, to boot into an encrypted laptop, an ‘admin’ would need to have access to the secure key management server AND have the encrypted laptop handy as well. No chance a rogue employee or a laptop thief would have access to both the stolen laptop AND the secure key management server at the same time.

2) Confidential Data will be stored on public servers: Hosted Disk Encryption SaaS service does not require a connection to the customer’s Active Directory. We leverage our own LDAP service per customer. No customer data in the form of emails, files, documents, or confidential content of any kind is being collected or shared by the SaaS service. No passwords are copies, or uploaded to the hosted key management servers.

3) Availability of our servers and or data is a concern: Each server is backed up and redundant, hosted at a SAS70 Type II certified secure datacenter location. Even if, for some reason, say the internet went down, and the encryption key servers were offline, all encrypted laptops and desktops would continue to be encrypted. They just wouldn’t be able to connect to the hosted server for updates or policy changes (if any). Once the service was back online, updates would flow down as well. So, in no scenario would anyone have a disruption of service.

4) I’m not a fan of Multi-Tenancy: This relates to multiple customers sharing the same server. Which is a common occurrence and practice with Cloud Offerings. With Aurora’s Hosted Disk Encryption SaaS service, each customer gets their own dedicated Key Management Server and their own LDAP server. The Key Management Server, and an LDAP server, are both backed up as well.

5) I have user changes all the time: This is not a problem either. User lists are maintained on individual/dedicated LDAP servers. Admins can upload user lists (.csv files), add or remove users, all from a GUI or web site.

6) I have Windows and some Macs: Well, the service we provide handles both Windows and Mac clients. Some of the customers only use Hosted Disk Encryption for the Mac population.

7) I am concerned about Removable Media (USB) Encryption: Well, the hosted service allows enforcement or on-demand encryption of USB devices too. Encrypted USB drives can then be shared with other encrypted laptops and desktops.

The post Myths Regarding Hosted Laptop Disk Encryption appeared first on Aurora.

That’s what Wyndham Worldwide Corp. and three subsidiaries are facing now, after U.S. regulators filed a complaint alleging that a failure to safeguard consumers’ personal information had led to more than $10 million lost to fraud.

Other major corporations have also fell victim to hackers, including Sony and Microsoft. But the Wyndham case is especially troubling because the company is a repeat offender. There was a breach in April of 2008, and two more in 2009. These attacks resulted in fraudulent charges on consumer accounts, according to the Federal Trade Commission complaint against the company.

How did they happen? The complaint alleges that Wyndham failed to take basic security measures, such as requiring strong passwords, and storing credit card information in clear, readable text. As a result, that payment card information wound up at an Internet domain address in Russia.

“Even after faulty security led to one breach… Wyndham still failed to remedy known security vulnerabilities; failed to employ reasonable measures to detect unauthorized access; and failed to follow proper incident response procedures,” the FTC said.

As a result, Wyndham has had to contact customers to let them know what is happening. Guests that might have been affected have been offered the free use of a credit monitoring service for one year. But how many of those customers will now think twice before booking a room for their next vacation? How many business travelers will choose to stay elsewhere?

Data security is essential. Is it easy? No. Not if you try to do it yourself. But if you employ the services of a company experienced in data protection, the appropriate safeguards can be implemented with little – if any – interruption in business operations. And with ongoing preventive maintenance, these safeguards will be sustained, adjusted when necessary to deal with new challenges, and upgraded as soon the technology is available.

The post Compliance Check Out Time for Wyndham Hotels appeared first on Aurora.

But after several client requests, we decided to ask our customers why they’d prefer a managed service for encryption and the answers were: 1) we’re in the healthcare or financial services business, and don’t plan to be in the encryption business 2) We’d rather invest in critical infrastructure type resources 3) we’re not getting additional head count for encryption 4) IT doesn’t want more work, and the security team isn’t responsible for maintaining solutions, just implementing them, etc.

So, if a company were to build a managed service offering for encryption, and if a client were to invest in it, the service should address the above business concerns or it would not be successful. With that in mind, the managed service for encryption would need to: Provide ongoing compliance, Improved Uptime, Reduce Maintenance Costs, Improve Efficiencies, be a recurring proactive service and be delivered by subject matter experts.

The ideal managed service for encryption would include upgrade assistance, best-practices advice, technology maintenance, strategic roadmap advice, training and knowledge transfer and maybe even documentation, which is often times a critical component to successful technology adoption.

The post Why use a Managed Service Provider for your existing Encryption deployment? appeared first on Aurora.

Additional benefits of using a cloud provider for hosted disk encryption is that the encryption management servers are constantly maintained and updated and upgraded by the encryption service provider. Flexibility in the form of different, unique packages that can be downloaded by admins depending on which policy group users belong to is an added benefit.

In most cases however, the encryption management server needs to connect to Active Directory or a LDAP server to enable deploying encryption to specific groups of users within specific departments like finance and sales for instance. Managed laptop encryption or hosted disk encryption especially comes in handy when a company may have multiple active directories running or they may have several users not on AD or LDAP altogether. A Laptop Encryption SaaS is a big benefit here, as each customer gets their own custom built cloud LDAP server which is synced with their cloud encryption management server, and customer admins can add or remove users and do basic admin on their own if they so desire.

From talking to companies that use hosted disk encryption, this seems to be the quickest and easiest way to get their laptops encrypted for users not on the corporate AD or remote employees that don’t connect to the corporate network often enough for policy updates and software upgrades. Since the encryption management server and LDAP are both in the cloud, the encrypted laptops can connect to them to download updated policies (if applicable) without needing a connection to the corporate network. All they need is to be online and they automatically download updates when available.

Finally, several organization are offloading non business-critical operations to a cloud or managed service provider due to constrained internal resources. Laptop encryption is one of those IT concerns that can easily be delivered and managed via a cloud service provider.

The post Why do companies choose Hosted Disk Encryption SaaS? appeared first on Aurora.

Aurora is the only Master Specialist partner in the United States for encryption.

“We are very proud to have achieved this elite status,” said Aurora Director of Sales and Business Development Ralph Figueiredo. “Having completed more than 400 successful national and global encryption deployments, it is an honor to have our experience and expertise validated by Symantec.”

Master Specialists are Symantec’s elite consultancy partners, and are selected for their consulting expertise, product knowledge and process discipline. They have completed extensive technical training and achieved Symantec’s highest level of technical specialist accreditation.

As a Master Specialist, Aurora receives access to exclusive consulting and technical documentation and tools that other companies cannot utilize. The company also has advanced and unlimited access to Symantec’s technical support back-line specialists, ensuring a rapid and effective response to any issue that may arise.

“While this is certainly an achievement for Aurora, the real beneficiaries will be our customers,” Figueiredo said. “When a client chooses us as their Symantec service delivery partner, they can have the utmost confidence that the consultant working with them has the experience to get the job done correctly the first time – and is backed by a team of outstanding encryption specialists.”

About Aurora:
Aurora® provides comprehensive security consulting services for mid-market and enterprise level customers. Our security assessment services are centered on Application Security, Network Security and Endpoint Security. From quick Vulnerability Assessments to deep dive Security Strategy Development, our security professionals include practical recommendations with a holistic approach to information privacy. Aurora specializes in implementing solutions that include DLP, Web Security, Email Security, Endpoint Security, Application Security and Data Encryption. Solutions are customized to the customers’ environment and preferences. We encourage deployment flexibility by providing solutions in the form of software, appliances, virtualized solutions and SaaS.

The post Aurora Becomes Symantec Master Specialist appeared first on Aurora.

Once the laptop allowed us to take our Word docs and photo albums and email accounts with us, the push toward smaller, lighter and more portable tech options has inspired the creation of smart phones and tablets. And we already have the first wearable computing options with the Sony SmartWatch.

What’s the next step? Google’s Project Glass video (http://www.youtube.com/watch?v=9c6W4CCU9M4) provides some enticing possibilities. We’re not there yet, but one analyst, Forrester’s Sarah Rotman Epps, predicts, “In three years, wearables will matter to every product strategist.” That includes Apple, Google, Microsoft, Amazon and Facebook.

As with previous breakthroughs, someone will have to step up and take the risks and rewards of being first-in, followed by the subsequent versions and adaptations that will emerge from competitors once the market has been established. Rotman expects Google to be a major player because of the open nature of its Android platform. However, given Apple’s track record of turning big ideas into practical products, we would not be surprised if the first wearable computing fashions and accessories had the Apple logo in place of the Izod crocodile.

Rotman advises developers to start cutting deals now with companies like Nike and Adidas, not to mention sunglass and eyeglass manufacturers, which should be at the forefront of this next step in high-tech devices.

One thing is for certain – the smaller we make our computers, the easier it is to lose them. Losing a laptop, or having one stolen, may not be a common occurrence – but how many of us have lost a cell phone or a pair of sunglasses? Once important personal information is uploaded into these devices, they are as vulnerable to a security breach as any desktop computer.

The post High-Tech Fashion and IT security… appeared first on Aurora.

Fast-forward to present day, and many of us may have 3, 5, or even more different usernames and passwords to access various websites. Those of us with poor memories (or who are over 40 – same thing) might not be able to keep all this data in our heads, and find ourselves repeatedly answering the “What was the name of your first dog?” question to have our password emailed to us yet again. And we worry that the use of hints or inboxes to jog our memory could be a security risk, especially with online financial transactions.

Is there a solution that offsets the login lapses triggered by diminishing brain cells? Indeed – it’s called OneID, and what this San Jose-based startup offers is a next-generation digital identity solution that allows you to move securely from site to site with just one username and password.

Think you’re happy? Imagine how this service helps online businesses, by reducing processing time and lowering their costs for authentication for each transaction, just by adding a few lines of code to their site.

Should OneID catch on, it would represent a huge infrastructure change to our online universe, one that seems inevitable if the technology backs up the claims. The fact that the company was founded by Steve Kirsch, the entrepreneur who already sold Infoseek for about $1.7 billion (give or take a couple of million) is encouraging.

However, this is a not a new idea. The catch – as it always is with identity software of any kind – is security. What price might consumers pay to have one digital identity for every site, whether accessed by a browser, mobile device or even the cloud, and have all of their payment information and form-filling requirements stored in one place?

According to the company, credit card and personal information associated with each username/password is stored on their personal devices using OneID’s software, and would not be exposed in the event of a security breach. There will also be a choice of security level for each transaction, with varying levels of convenience depending on the selection.

If nothing else, OneID has the potential to reduce multiple opportunities for personal data compromise to just one. And if that one ID is secure, the Internet may have just become a safer neighborhood. Aurora will monitor developments, and in the meantime has other security solutions to keep consumers and companies safe from a data breach. Contact us for more information.

The post Caution vs. Convenience: The Lure of OneID appeared first on Aurora.