Search Our Site

Our Newsletter

Our Ramblings

Scottish SME’s increasingly adopting the latest technology.

Nowadays, cloud computing, unified comms and virtualisation are the technologies most in demand but it would seem that the public sector will not be the sector who are most interested in them.

According to a recent Pearlfinders Index, which monitors trends and opinions in the IT world,virtualisation remained the most popular area for investment, and more customers were looking to move to the cloud.

But in terms of buyers of IT support the industry/manufacturing sector was followed by retail and financial services with public sector lagging well behind.

To meet the customer requirement the skills that these new adopters are looking for include an in-depth knowledge of software, hardware but also managed services and outsourcing capabilities.

When quizzed about what they hope IT to deliver the users had some specific aims with supporting growth and improving efficiency at the top of the wish list.


The attitude towards virtualisation has changed with it no longer being seen as just a route to saving money but more as an option to introduce greater flexibility.

In just the latest few months of the year the reasons for deploying virtualisation changed with cost cutting dropping down the list of priorities.

In a recent interview, one of our customers said, “The drivers behind virtualisation work have changed massively. Cost cutting is certainly not our main reason. We are more interested in looking at virtualisation as a way to improve the flexibility of our operations and enhance storage/DR infrastructure as part of a previously planned hardware refresh. Also high priority for us are reasons of sustainability.”

Another extremely intersting development is that for the first time the data back from Pearlfinders shows a stronger demand for desktop rather than server virtualisation.

One of the benefits to this technology which is no longer being seen as the new kid on the block is that smaller firms are more willing to embrace what they now percieve as a tried and tested product. The influence of Microsoft’s Hyper-V, VMware and Citrix in driving demand is also being seen across the sector.

If we look at Unified Comms the results were surprising with the public sector remaining a strong buyer for the time being.

Unified comms

A forward thinking IT manager at one of our customers said, “The growing penetration of hosted or cloud-based VoIP and UC platforms is driving uptake among SMEs and I am starting to win the battle when it comes to convincing the business that a hosted UC solution can be both cost-effective and high quality.”

The adoption of hosted VOIP is particularly interesting with a fairly significant spike in interest in Q2 2011. Reduced telephone call and line rental costs, including free
calls between all users within an implementation, the high level of business telephony functionality for all users with absolutely no maintenance and support charges, the minimal CAPEX outlays whilst moving towards a future-proof technology in which the investment is protected with free upgrades, the seamless integration of multiple locations with improved productivity and work-life balance through flexible working and finally built in business continuity with disaster recovery solutions out of the box, all conspire to present a compelling business case.

Another of the technological developments that should start coming through is the extension of video conferencing and messaging opportunities to tablets with the iPad, Samsung Galaxy and now Dell Streak all being more widely adopted by business users. The upside is that many of these services are very quickly integrated to support each others features so expect to see tight integration between the hosted VOIP proposals and the these new messaging opportunities.

The Ubiquitous Cloud

Finally, the area of high interest in the current market which will come as little surprise is cloud. Cloud is still being hyped by numerous vendors and even some of their partners including ourselves. The technology is certainly being used and deployed more widely but a debate about the preference for private rather than public clouds exists. One could argue that there is a high degree of crossover between all three of these fields of technology and where they intersect most greatly is what we call the cloud.

Some users are perhaps a bit cynical about the cloud viewing it as another name for a virtualised data centre but overall the trend towards some sort of hosted solution seems to be gathering pace. The sector which seems to have embraced the cloud most fully is the financial services sector when some large banks made the move to the hosted environment in Q4 of 2010. For the rest of the potential user base however there are still concerns that will have to be overcome. Within enterprise organisations, concerns over the security and uptime of public cloud-based solutions remain, as does nervousness over running mission-critical applications in these environments.

Another issue is the ongoing debate surrounding the use of the word ‘cloud’. It has too many definitions and we have actually found that many of our customers are reacting negatively to the word when it’s used.

The rise of the SME sector as a user of virtualisation, cloud and UC is yet another milestone in the mainstream adoption of these technologies and we at Rustyice Solutions are sure that this trend will only increase.

Web Security – The Problem

Web security has changed a lot in the past few years. It is no longer good enough to take a desktop antivirus scan engine and scan web content. URL filtering isn’t enough. It is not enough to put HTTP security on your corporate gateway.
The reason its not good enough to have a HTTP security gateway should be rather obvious. People go home. People travel. People work at client sites. People work at the Starbucks. An increasingly mobile workforce necessitates a mobile security solution.
URL filtering isn’t enough. URL filtering is reactionary and there are many new sites each day. When a legitimate site is compromised, URL filtering can categorize it as a malware serving site and block it. But how quickly will the site be rechecked after the virus is clean? Viruses are showing up on otherwise legitimate sites.

Sites can be compromised through lack of patching, through SQL Infection. In several cases advertising networks have inadvertently included malicious content. Some sites are potentially insecure by design. Web 2.0 sites accept user provided content with little controls in place. While some URL filtering solutions are better than others, it is an incomplete solution at best.

Some web security solutions are merely URL filtering combined with a desktop antivirus engine. I don’t think we need to rehash the failure of the antivirus engine. But there is better technology.

The best web security solutions (such as the Rustyice Solutions solution) include zero day protection as more than a marketing term. A web malware scanner is looking at the context of the file. The site its on. The number of requests for the file. The history.

Its then running it through heuristics in a way much more accurate than any desktop heuristic.

The web is a ready avenue of attack. Strengthened defenses against email and network attacks have left http the prime target for attackers.

Its a good time to be looking at alternative solutions. I think that SaaS web security has hit the sweet spot in what Gartner would call the hype cycle. Its at that point where you’re still on the leading edge but not on the bleeding edge.

10 reasons why a hosted phone system is good for SMEs

1) A State of the Art phone system

A Rustyice Solutions Hosted Phone System provides business customers with a leading edge phone system without the associated capital cost. From day one you will have a system that delivers all the current features plus tomorrows as they become available.

2) Future Proof

The Hosted Phone System is ‘future proof,’ as soon as we introduce new features, we roll them out to our customers, so you won’t have to worry about another large capital equipment upgrade a few years down the road.

3) Pay As You Grow

With Rustyice Solutions: Voip Providers there are no penalties to start small and then add ‘seats’ to the VoIP system as you grow, as you only pay for the seats you need on a monthly basis.

4) Reduce Trunk Lines

Renting trunk lines from carriers isn’t small change for most organisations that rely on voice for both internal communications and customer interaction. Trunk line rental is a significant part of monthly overhead cost, so why not reduce this outlay wherever and whenever possible?

5) Reduce Call Costs

While saving on calls is no longer the primary driver for adopting hosted VoIP systems, it can be a prime factor for organisations that have multiple offices requiring frequent voice communication, so not having to pay for that communication can reduce a large amount from an organisation’s operational budget.

6) Instant Communication and Collaboration

VoIP telephones improve productivity and the ability to collaborate remotely by creating direct links between teleworkers and office-based workers with the click of a mouse; this creates a workplace without borders.

7) Seamless Teleworker Connectivity

The VoIP system makes it easy to integrate teleworkers into the business telephone system through their own broadband connections. Additionally, your customers will be able to reach your teleworkers through your corporate switchboard, regardless of where the worker is physically located.

8) Respond More Quickly to Customers

With a Hosted VoIP system, companies can improve customer communication by providing them with VoIP telephones that allow them to contact your sales and service departments directly, for free.

9) Cut Move, Addition and Change Costs

Every time your company moves, adds, or changes a conventional telephone connection, it costs money. With VoIP, your network configuration is software programmable and its voice signals are carried over your business LAN – this means that you can administer the changes yourself.

10) Your Number Moves With You

Unlike traditional numbers, you can take your number with you, down the road, to another town, or even another country as the VoIP system is not dependent upon your geographic location.

How to recognise security vulnerabilities in your IT systems

As IT systems continue to extend across multiple environments, IT security threats and vulnerabilities have likewise continued to evolve.

Whether from the growing insider threat of rogue and unauthorised internal sources, or from the ever increasing number of external attacks, organisations are more susceptible than ever to crippling attacks. It’s almost become simply a matter of “when it will happen” rather than “if it will happen.”

For IT resellers, security issues have always persisted as critical to all communications for an organisation’s IT department.

However, with the increase in the levels of access to a company’s network compounded by these maturing threats, it is no longer feasible to merely recognise the existence of more simplistic, perimeter threats.

Resellers must be able to provide customers with a comprehensive risk assessment of the entirety of an organisation’s IT assets to their vulnerabilities–inclusive of both software and hardware.

This risk assessment must incorporate an understanding of external threats and internal vulnerabilities and how the two continue to merge to create increasingly susceptible IT environments.

At the most basic level, organisations and resellers alike must understand the different types of threats. Malware, a generic term for malicious software, such as trojan horses, worms, and viruses, is the most common form of attack that is originated by an external hacker. Malware attacks have persisted for years – from the infamous Morris worm to common spyware attacks – and they remain the easiest and most damaging tactic deployed by malicious hackers.

With enterprises extending to the cloud, and more organisations adopting SaaS-based applications, social media and other Web 2.0 tools, damaging malware attacks and viruses can now originate through simple SPAM messages and emails.

Internally, organisations are typically susceptible to threats from either authorised rogue users who abuse privileged accounts and identities to access sensitive information, or unauthorised users who use their knowledge of administrative credentials to subvert security systems. It is this type of vulnerability – unauthorised internal access – that has continued to emerge as the most volatile and disruptive.

To truly understand the risks involved with these “insider threats”, organisations and resellers need to understand the root of the vulnerabilities.

Most commonly, the risks lie with the use of embedded credentials, most notably hard coded passwords, a practice employed by software developers to provide access to administrators during the development process. The practice occurs frequently since application developers tend to be more focused on the development and release cycle of the application, rather than any security concerns. While it may appear harmless at first glance, it is extremely risky as it can potentially provide unauthorised users with powerful, complete access to IT systems.

To compound the matter, by hardcoding passwords to cover embedded credentials, vendors create a problem that cannot be easily fixed nor assuaged by tools such as Privileged Identity Management systems. Once embedded into an application, the passwords cannot be removed without damaging the system. At the end of the day, the passwords provide malicious outsiders with a bulls eye target – a key vulnerability to leverage to help them gain powerful access and control on a target device, and potentially throughout the entire organisation.

One of the most well known examples is the Stuxnet virus. We’ve all been blown away by the design of Stuxnet, and were surprised by the pathway the virus took in targeting SCADA systems. Reflection shows that the virus used the hard coded password vulnerability to target these systems – which should serve as a lesson for all businesses.

The existence of vulnerabilities embedded within these types of systems is not necessarily new, but the emergence of new threats continues to shed light on the ease with which they can be leveraged for an attack. While malicious outsiders and insiders have focused often on the administrative credentials on typical systems like servers, databases and the like, in reality, IT organisations need to identify every asset that has a microprocessor, memory or an application/process. From copiers to scanners, these devices all have similar embedded credentials that represent significant organisational vulnerabilities.

While steps can be taken to proactively manage embedded credentials without hardcoding them in the first place – Privileged Identity Management tools can help – the onus is on the organisation, and the reseller, to ensure that a holistic view of all vulnerabilities and risks has been taken.