Friday, July 31, 2009

Open Services - The Only New Idea

Gone are the days that the DEC computer in the sales department won’t talk to the IBM in finance. Computers can talk to each other. But pulling an RSS feed into a system on a different server can still take time (and cost money).

What if applications talked to each other so easily, that you could expand your software by plugging on new pieces? Modern software design takes the first two foundations of scalability (open communication, robust expansion) and combines them.

The revolution in enterprise software has come from expanding complex systems, by developing task-specific pieces, which communicate easily. To grow, you develop applications to perform a particular service, or you buy them, and then someone plugs them in and they work.

Written by Keith Mitchell, Senior Developer at NSKinc

Enterprise and Architecture: Scalable Software

"Scalable software doesn’t blink when you add 10 users, doesn’t slow when you add 200,000 records, and won’t crash when you request from NSK 20 more features than it is currently doing."

Sometimes, “enterprise” software is simply software that has enough features for a large business. Microsoft SQL Server Enterprise is feature-filled. An average developer, faced with the challenge of writing a complex application, may believe “enterprise” means complex. But to a good developer, “enterprise” simply means “scalable”. Software which scales, expands as it is required to do so.

Enterprise means that when you program good user security on a database in accounting, and then put a similar database in another department, the two will be able to talk to one another, while still using that good security (instead of, in spite of that security).

Enterprise means that “3/14/2008” means “March 14” in New York, yet won’t crash a server in London because there’s no third day of the 14th month. Truly Enterprise software requires very high quality architecture—it needs a careful design, which is documented, and which has been well considered. Software which is architected, or designed, to be scalable, has three very important features.

Scalable software can talk to other software easily. Scalable software can be expanded easily. And scalable software is faster than it needs to be, or as fast as is presently possible with technology. Almost all the big buzzwords in business technology have to do with scalability.

Written by Keith Mitchell, Senior Developer at NSKinc

Corporate Technology Buzzwords

Let’s examine some of today’s corporate technology buzzwords, to discover any
common principles for corporate software development. We’ll provide guidelines for investing in custom development of business tools.

To do this, we’ll take apart Enterprise Architecture, Enterprise Portals, Open Source and Open Architecture, Service Oriented Architecture (SOA), and Web Services. We’ll clarify Web 2.0, XML, SOAP, AJAX, and SQL. We’ll see if Microsoft’s got anything new which may make our decisions easier. We’ll unravel .NET and the “Windows vs. Web” dilemma. We’ll briefly explain Apache, Perl, PHP, Python, and Ruby on Rails, and then we’ll talk about what has happened to Java, J2EE, and Oracle, and what is happening to tools such as Delphi and 4D.

Lastly, we’ll describe NSK's internal goals for long term software investment, and we’ll explain why our total cost of maintenance on a software application is low, only when our client’s total cost of ownership is low. We’ll show you how business buzzwords happen.

Written by Keith Mitchell, Senior Developer at NSKinc

Wednesday, July 29, 2009

Small Business IT

Make IT Work for You

Utilizing information technology at your company shouldn’t be a burden on you. It should help you run your business more efficiently. Although this is the way things should be, some implement information technology and are unsure how to use it to make it work for their business.

Some dwell over and fear IT with the preconceived notion that its complexity will ruin their business, so they fail to adopt any IT system. So often people let their fear blind them of the wonders that IT can work for their businesses.

IT is great for communications and cost effectiveness. It gives you a competitive edge, especially if you’re in an industry that doesn’t use IT as a crucial part of daily operations.

A few examples of how you can use IT even if you own a very small business:

Manage your supply chain, and keep track of when your orders are shipped

  • This enables you to make sure the vendors you use are providing you with the best service possible, so you can have new inventory in on time to best serve your customers. This also makes it easy for you to keep track of what you’re personally shipping from your business.

It allows you to keep business going after office and store hours end

  • Having a website that enables customers to browse and place orders when your business closes for the day or even when they are unable to make the trip in person can make a significant difference in your profitability.

Measure Your Business’ Performance

  • Record sales into databases and use performance metrics to indicate how well your business is doing over difference time periods. This also helps analyze trends during promotional campaigns and business changes to help you understand why business is picking up or slowing down.

Customer Relationship Management

  • Use CRM to retain contact information and customer preferences to maintain relationships. This makes searching for addresses and phone numbers much easier, as well as sending out newsletters, e-mails, updates and promotions.

Written by Melissa Cocks

Monday, July 27, 2009

Compliance for 201 CMR 17.00 is going to take a little time... We have written out a Guideline for your Timeline!

201 CMR 17.00: Standards for the Protection of Personal information of Residents of the Commonwealth of Massachusetts

"This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts." (Purpose MGL c 93H)

Designate an Information Security Officer - You will need to designate at least 1 person at your place of business who will maintain the comprehensive information security program. Finding that person now, will help get the rest of the items in line for when they need to be done. You can get a compliance checklist at: 201 CMR 17.00 Compliance Checklist


Start Assessing Your Information:

  1. Identify the paper, electronic and other type records, including storage media, laptops and portable devices that contain personal information.**

  2. Check all anti-virus and security patches on all computer systems and servers -- make sure they are up to date.**
    a. Check that you have reasonably up-to-date versions of system security agent software (including malware protection)**

  3. Identify what "personal information" moves around your business and out of your office including:**

    a. healthcare/insurance information

    b. benefits/401K information

    c. Accounting/Tax information

    d. Employment and Credit Applications

    e. Checks and credit card information

  4. Identify persons who need to see the "personal information" and those who do not.

  5. Identify where encryption for personal information is needed.**

  6. Identify what third-party service providers your business may use that have access to personal information.

  7. Identify reasonably foreseeable internal and external risks to paper and electronic records containing personal information.**

  8. Identify any systems that are connected to the Internet and make sure the firewall protection for files containing personal information are up-to-date.**


Purchase any hardware or software upgrades that are needed**

  • Get control of user IDS and other identifiers**

  • Come up with a reasonably secure method of assigning/selecting passwords for users**

  • Start developing your WISP (Written Information Security Program) making sure that you include:

    a. Administrative, technical and physical safeguards for Personal information protection

    b. Make sure that your WISP is applicable to all records containing personal information
    about a resident of the Commonwealth of Massachusetts

    c. Any identified and reasonably foreseeable internal and external risks to paper and electronic records

    d. Regular and ongoing employee training, and procedures for monitoring employee compliance

    e. Disciplinary measures for violators

    f. Policies and procedures for when and how records containing personal information should be kept, accessed or transported off your business premises

    g. Processes for blocking terminated employees physical and electronic access to personal information, including deactivating their passwords and user names

    h. Steps taken to verify third party service providers access

    i. The length of time that you are storing records containing personal information.

    j. Specifically the manner in which physical access to personal information records is to be restricted

    k. Whether you are storing your records and data in locked facilities, storage areas or containers and the security measures taken to keep these areas secure

    l. Actions and documenting that is taken in connection with any breach of security

  • November

    1. Install all hardware and software upgrades**

    2. Test policies that have been written

    3. Start Training Employees on new policies

    4. Finalize WISP


    1. Finish Training Employees
    2. Send out WISP Policy to all Employees and get signatures from all, verifying they understand and will comply

    January 1, 2010 and beyond

    1. Continue monitoring your systems and procedures**

    2. Continue providing training to new and existing employees

    3. Update policies as required

    4. Assure all computers and servers remain up-to-date with patches and anti-virus software**

    **There are many intricate requirements and rules involved with this law that have left many companies in Massachusetts with questions. NSK Inc. has formed a knowledgeable team to better assist with clarifying this law. If you have questions please fill out this form or contact:Danielle Carroll at 617.303.0480

    Thursday, July 23, 2009

    Massachusetts Businesses: Are you in Compliance?


    Do you have all the information you need to become compliant with the new Massachusetts Regulation 201 CMR 17.00?

    This regulation is inherent to Massachusetts General Law 93H (MGL 93H). This law was written to define the security breaches and regulations for safeguarding the personal information of any Commonwealth of Massachusetts resident. This regulation implements the provisions of the law and describes what you need to have in place in your company in order to be compliant.

    Why was 93H Created? Why 201 CMR 17.00

    The Department of Consumer Affairs and Business Regluations issued this law and these regulations in response to the following data breaches occurred: ·TJ Max (TJX ) January 17, 2007 -Affected about 100 million account numbers Hacked several different ways - through wireless connections and kiosks ·Hannaford Supermarkets - between Dec. 7, 2007 and Mar 10, 2008 -More than 4 million card numbers were exposed, and by the time Hannaford publicly announced the breach, on March 17, 2008, about 1,800 fraudulent charges had been made. ·Other Security Threats
    -Malware, viruses In response, M.G.L. c 93H was enacted in November, 2007. Within the first 10 months after enactment of M.G.L. c 93H, the office of Consumer Affairs and Business Regulation received 318 notifications of security breaches.

    • 10 involved data that was encrypted
    • 69 involved data that was password protected
    • Total MA residents affected was 625,365

    60% were due to stolen laptops or hard-drives and 40% were employee error or sloppy internal handling.
    75% were in the financial services sector.

    Massachusetts then took the lead in passing a new regulation -- 201 CMR 17.00 -- that required companies to implement a comprehensive data security plan that incuded encryption of all computer systems with personal information of a Massachusetts resident.

    What Does This Mean to Your Business

    It means that the Commonwealth of Massachusetts is setting minimum starndards for the protection of personal information, whether that information is stored in electronic or paper format. It means that if your company owns, licenses, stores or maintains personal information about a Massachusetts resident You MUST take steps to comply with this new regulation.

    What is Personal Information

    According to 201 CRM 17.00, personal information is defined as the First Name or First Initial, Last Name and any one or more of the following information:Social Security Number Credit Card or Debit Card Number State ID Card Bank or Financial Account Number Drivers Licence Number If you accept credit cards, you have the imprint of the card or the data from the magnetic strip.. This information falls in the above catagory. You MUST take steps to comply. If you are a business located in Massachusetts or you have employees who reside in Massachusetts and you have copies of driver's licences', employment applications, personnell files or payroll information on those employees You MUST take steps to comply.

    What Do You Need To Do?

    Establish and Maintain a security program to all who have access to personal information with the following Elements:

    Computer System Security Requirements **

    1. Control of user IDs and passwords
    2. Secure method of assigning and selecting passwords
    3. Assign unique identifications plus passwords which are not default passwords
    4. Block access after multiple unsuccessful attempts to computers and servers holding the personal information
    5. Restrict access to inactive accounts
    6. Restrict access to files, to those that need acces to perform their job duties

    Transmission of Personal Information**

    1. Encryption of all transmitted rocords and files containing personal information that travels across public networks
    2. Encryption of all wireless networks

    Encryption of portable devices**

    1. Personal information stored on laptops and other portable devices must be encrypted

    Staying Up-To-Date**

    Make sure all computer and servers that hold personal information stay up to date on:

    1. Operating system patches
    2. Firewall software
    3. Antivirus software set to receive most current updates on a regular basis
    4. Antivirus software must include malware protection

    Training and Monitoring

    1. Education and training of employees on the proper use of the computer security system and the importance of personal information security
    2. Reasonable monitoring of systems for unauthorized use or access to personal information

    Written Information Security Program (WISP)

    1. Designate 1 or more persons to maintain the program
    2. Identify risks and evaluate safegaurds
    3. Develop security posicies for employees that work outside the office
    4. Impose disciplinary measures for program violations
    5. Prevent terminated employees from accessing personal information
    6. Make sure that third-party service providers have an information Security program that is compliant
    7. Limit the amount of personal information collected, the time it is retained and access to it
    8. Identify system used to store personal information
    9. Restrict physical access to records
    10. Regularly monitor the program once it is in place
    11. Review the scope of security measures at least annually or when there is a change in business practices
    12. Document responsive actions taken in a security breach incident

    **There are many intricate requirements and rules involved with this law that have left many companies in Massachusetts with questions. NSK Inc. has formed a knowledgeable team to better assist with clarifying this law. If you have questions please fill out this form or contact:
    Danielle Carroll at 617.303.0480

    Tuesday, July 21, 2009

    Outsourced IT vs. In-House IT

    At some point during the growth of your business, you may start to wonder if a different system would work in your favor. Right now is a time during which you may especially feel the need to budget more carefully. There are different areas in which you can cut costs in your business, and you might be considering your IT department as an appropriate department in which to do so. Many firms are downsizing their IT staff and looking to outsource to save money. Before you decide on one definite solution, let’s outline the differences.

    Outsourced IT:
    When you outsource, you hire IT experts from an outside firm that typically tend to several different businesses. Depending on the IT firm, your relationship with your outsourced IT people can be very personal or impersonal. It is important to many businesses that they keep a close relationship with their outsourced IT specialists. This may mean that a single person or even two people are assigned to service your company so that there is a consistent knowledge of your IT history and problems. This is something you should probably consider as most important when evaluating your options. This way, during each new visit you don’t have to recap every IT problem you have had and what the status was during your last IT visit with a different person. Also, you get the convenience of having one person who has a broad spectrum of knowledge about all areas of IT.

    In-House IT:
    Many businesses have several IT professionals in-house. For example, one person may be used for IT management, the other for systems engineering, and another for general support. The problem many businesses run into with this is each person might not be fully utilized for the amount they are paid in salary. You may actually use only a portion of each person’s skills, and only when something goes wrong. Also, some businesses that have a single IT person in-house may not get that broad spectrum of knowledge because it is hard to come by someone who is trained in all areas. On the other hand, you may be content with having IT people at the desk next to you as opposed to picking up the phone or logging into an online helpdesk.

    Outsourced IT/In-House Combination: Some businesses prefer having both an IT professional staffed in-house and an outside IT team. This gives some businesses the comfort of having someone constantly on-site while having outside experts who are highly-skilled in many areas a phone call away.

    Written by Melissa Cocks