1300 378 676 |
[email protected]

What are Software Audits?

By

What Is a Software Audit?

A software audit is a formal review of an organisation’s software suite which can be limited to one manufacturer (for example, a Microsoft or Adobe-specific audit), or open to all operating software within a business.

In a lot of cases, audits will be conducted by specific manufacturers (or parties acting for those manufacturers) who are interested exclusively in their own products. However, businesses may have a partnering company who can do a complete audit on their entire software suite.

The purpose of a software audit is to determine the nature of a software product, software process, or set of software processes to assess compliance with specifications, standards, contractual agreements, or other criteria. The manufacturer is then permitted to conduct an audit at their leisure to ensure that the agreement has been adhered to. Note that “Agreed to Terms” may be implied if you are simply using their software.

The Difference Between Manufacturer & Preparatory Audits

Manufacturer audits

A manufacturer will conduct an audit to ensure their IP and relevant agreement are being protected. The audit may detect, amongst other things, the use of pirated, expired,
or unauthorised software. Typically, a manufacturers audit will result in compliance, or, the business being required to take immediate action to prevent further legal or nancial penalties.

Preparatory audits

Preparatory audits are audits conducted by a business itself or by a partnering organisation such as eStorm. A preparatory audit can examine the compliance of all software within an environment, and can reallocate licenses that aren’t being used, saving the organisation money. Feasible and potentially more economical strategies can then be devised to address potential non-compliance issues.

Common Non-compliance Issues

Software not evolving with changes in IT systems or hardware may conflict with your licensing structure or agreement. Some software license contracts may be aligned with certain technologies and once these technologies are replaced or upgraded, the license agreement you were operating under may be unintentionally compromised.

Not conducting regular internal software audits. Regular internal software audits can save businesses a lot of trouble. They can be executed any which way a business chooses – by acquiring a partnering business to examine the environment, or by walking around the of ce with a clipboard and pen. Whichever method a business chooses will help avoid compliance issues should an external audit be thrust upon your company.

An unclear software licensing policy inside an organisation can catch them unaware of potential licensing breaches. Multiple license types – open licensing, OEM, per device, per user, volume licensing, upgrade licensing etc, can make it decidedly tricky to understand what can and cannot be done with particular licenses.

Example: A business may buy 100 per-device licenses. If they “ghost” (or replicate) an image of one PC to create a standardised desktop, a new license will be required for each new system that the replicated image is loaded on to. The new system will still work without a new license, however “sharing” a license could be in breach of the original agreement.

Not establishing and enforcing software installation and usage policies can complicate software licensing issues from day one. Installation and usage policies are critical to outlining how software is to be utilised, shared, or acquired within a business. The usage policy will outline what is acceptable (or legal) and what is not. The consequences of breaching these policies also need to be communicated.

Not dedicating the responsibility of compliance to an internal team or business partner will hinder a businesses ability to stay on top of their software licenses. Whilst allocating responsibility to one person inside a business creates bottlenecks and redundancy issues, an internal team or external business partner can strategise ways to ensure your organisations software is compliant by conducting regular preparatory audits as part of their regular business-as-usual activities.

 

What Could Possibly Go Wrong?

During the 2013 calendar year, 58% of 1800 executives surveyed from Australia, the USA and Europe said they had been audited by one major manufacturer of software, whilst 20-30% acknowledged that they had been audited by at least four other major software brands. Of those who were audited, more than 20% incurred “true-up” costs of more than $1M, while the majority of respondents incurred costs of around $100K.

Ensure your business is protected from Software auditing and speak to an eStorm Managed Services representative today.

eStorm at EduTECH!

By

IMG_1591EduTECH is the largest Education event in Asia-Pac and the Southern Hemisphere, and eStorm were happy to be a part of it in 2016!

We had the opportunity to meet a lot of interesting people, and it was great to hear the different ways that learning institutions are using technology.  There were some really interesting technologies on display also, and a few things we can’t wait to sink our teeth in to and show our clients.

Our competition that saw guests try and replicate the Mona Lisa using the all new iPad Pro and Apple Pencil was a great success.  Some people just had fun with it… some others were truly impressive though they swear they were not art teachers.  We will be announcing the winner of that competition next week.

We spoke to a lot of institutions about our online portal that we customise for schools.  This gives teachers, parents, and students a place they can log IMG_1589on to and access great pricing for devices that have been chosen for their institution.

We also spoke to several places about Mobile Device Management and what eStorm does to manage mobile devices on these networks.

We were excited to demo Apple Classrooms to a lot of people, and it was great to see the mostly positive feedback for this long awaited utility.

There was also a lot of interest around our Moodle customisation and hosting with many people excited to know that their Moodle can be improved.

We answered a lot of questions around our PD too.  Making all of this work, and work well of course depends on teachers using this equipment to its fullest potential.  Our PD people make sure that happens.

If you have any questions on any of this, or simply want some more information, please reach out to the eStorm team on 1800 ESTORM.

Ransomware – Just how much of a threat is it?

By

cryptoman
RANSOMWARE ACTIVITY IS INCREASING THROUGHOUT 2016
Ransomware is becoming quite a common method of cyber extortion for financial gain.  This is a type of malware that prevents users from accessing their files, applications or systems until a ransom is paid, usually using an anonymous currency such as Bitcoin. While individual computer users have long been targets of ransomware, over the last couple of years, the threat has expanded. Ransomware has been in mainstream media of late due to attacks against organisations such as hospitals.

It’s important to note that not all ransomware operates the same way. The file-encrypting type is probably the most dangerous.  Not only have you lost access to your own files, but this data often contains confidential material, and the perpetrators technically do have full access.  The issue is made worse however because paying the ransom offers no guarantee that the files will be unlocked.  Ultimately, making frequent backups is by far the best defence against ransomware.

Since the average figure demanded is relatively low, usually only a few hundred dollars, the attackers tend to spread the attack quite far, and just randomly to maximise their potential gains.  These are usually in the form of emails with malicious attachments, or links to malicious websites.

Ransomware Variants

CryptolockerThrough this increase in ransomware activity from mid-2015 to early 2016, there has been a myriad new variants of the attack.

Common Ransomware Families

We continue to see sustained distribution of many well-established ransomware families used in mass infection campaigns. In many cases these renowned variants, such as CryptoWall and TorrentLocker, spawned updated versions with improved encryption capabilities and obfuscation techniques. These established attacks will continue to be a significant threat to global enterprises as malware functionality, encryption techniques, and counter-mitigation measures are adapted and introduced into new versions. Examples include:

  • TorrentLocker: Throughout 2015, we’ve seen the continued distribution of TorrentLocker, a ransomware attack based on both CryptoLocker and CryptoWall. TorrentLocker has been active since at least early 2014 and is most often used in geographically-specific spam campaigns.
  • CTB-Locker: CTB-Locker – a name that represents the key elements of the ransomware, Curve (for Elliptic Curve Cryptography), Tor and Bitcoin, was first reported around mid-2014 and remained steadily active throughout 2015. During this time, we saw many campaigns spreading CTB-Locker and its variants, including CTB-Locker distributors capitalising on the free upgrade to Windows 10.  They did this by sending out emails masquerading as Microsoft emails offering the upgrade.

We have also seen several new ransomware variants that use a range of new tactics.  Based on increased growth, we expect ransomware developers to continue developing variants with novel features in order to expand their targets

  • Chimera: The operators behind the Chimera ransomware used the malware to encrypt victims’ files, but also threatened to publish the encrypted data if victims refused to pay the ransom. The attackers targeted German-based small and mid-sized businesses in mid-September 2015.
  • Ransom32: Ransom32 was first publicly reported in late December 2015. It was one of the first ransomware variants based entirely on JavaScript.  This potentially allowed for compatibility with not only Windows, but also Linux and Mac OS.
  • LowLevel04: Operators of LowLevel04 purportedly spread their ransomware using the less commonapproach of exploiting Remote Desktop and Terminal Services.
  • Linux.Encoder.1:Linux.Encoder.1 debuted in late 2015 as one of the first ransomware variants targeting Linux web-based servers. While the encryption capabilities in the early versions proved to be suspect, many reports alleged faults in its predictable encryption key.  The targeting associated with this branch of malware family is far from more traditional Windows-based attacks.
Where to from here?

We expected to see the ransomware threat landscape increase from levels observed in 2015, and sadly we have been right. Cyber extortion has gained notoriety and momentum, with huge profits from highly publicised campaigns spreading among cyber criminals. Recent campaigns in which victims paid the ransom reinforce the success and popularity of this particular attack method.

One of the most worrying threats is the deployment of ransomware after the attackers have already had access to the network. In these cases, attackerscould conceivably conduct reconnaissance and even disable or delete backups, or identify systems that are most critical to an organisation’s operations before deploying the ransomware.  To increase the difficulty of such an attack, enterprises are encouraged to properly segment networks and implement strong access controls. In addition, companies should evaluate backup strategies regularly, and test those backups to ensure that recovery is successful.  As always, “offline” copies of backups should be stored offsite in case onsite backups are targeted.

Overall, the best way to stay protected is through education.  Emails that insist you change settings so you can read them, or ask you to follow a links to access information should be heavily scrutinised.  Do you know the sender?  Is it likely that person would be trying to share files with you that require you accessing a website to get them?  Commonly we say the malicious emails appear from a courier company, or Australia Post telling you a package is waiting for you, and click here fore details etc.  Also we have seen emails claiming to be from the Australian Federal Police (AFP) asking you to appear in court.  We have also seen others appearing to come from your local council and is referring to parking fines and things like that.

Make your staff aware of the real risks of an infection like this, and encourage them to not take the risk opening those Heavy chain with a padlock around a laptopattachments.
As soon as you notice the infection, shutdown your PC.  If you are on a network and you leave the system running, these infections will spread to the server rendering that data useless.  The sooner the infected machine is switched off, the less impact it will have.

If you do find yourself a victim of one of these attacks, contact the team at eStorm immediately so we can get you back on track. In saying that, prevention is always better than a cure, so call us so we can make sure your backup strategy is comprehensive enough to minimise the impact of an attack like this.

Solid State Drives vs Traditional Hard Drives. Which is right for you?

By


  Gone are the days of simply choosing the drive that had the largest capacity that your budget could afford. Solid-state drives have made huge advances in recent years and have started to become affordable for the average consumer. So which should you choose?

 

hard_drive_western_digital_sataHard-Disk Drives

These are the traditional type of computer storage and have been around for decades with minor changes under the hood. Due to there age, they’re a mature technology and considered by many as the default storage medium. Basically they are rotating magnetic platters and with read/write heads that move across the surface to access the data. These drives are called “mechanical” because of the moving parts, and are susceptible to failure from time to time… usually at the least convenient time.

They are available in several speeds that are measured by how fast the platters spin.  Most drives in desktop PC’s are 7,200 RPM, but in laptops you may find 5,400 RPM.  Occasionally in servers or higher end storage you will find 10,000 RPM.  The faster they are, the more expensive they are.  You can increase performance and speed by using other technology such as RAID, but that’s another article.

Modern drives are readily available in up to 8TB these days, with 2 or 3TB being considered pretty standard.

In summary. HDDs are best used when you need to store a lot of data, and high performance is not essential. As a result, HDDs are the norm for a desktop computer, and every day home consumer.

ssdSolid-State Drives

Solid-state drives essentially perform the same role as a HDD. But rather than using mechanical moving parts, they use NAND flash memory. This means they are far more robust than traditional hard drives, and offer significantly greater performance.

Solid state drives normally connect using the same SATA interface as a HDD, but a few can use PCI for very high performance applications. Data access is typically a fraction of a millisecond and data transfer can be in excess of 500MB per second.

With those fast data access speeds, your operating system usually boots within a few seconds.

So far this all sounds pretty good!  So where’s the catch?  As always, it comes down to money.  This performance, when compared to HDDs, does not come cheap. If you want to spend the same money as you would on a HDD, but you want the performance of SSD, expect to be dealing with a much smaller capacity. The capacity of SSDs range from about 60GB to 2TB with the larger cost around $1300. In most cases, this is above the budget of the average consumer. It is however becoming popular to buy a smaller SSD for installing applications and your operating system, and then a larger traditional HDD for storing your data such as photos, music and movies.  Be warned though, HDDs would often give warning signs of imminent failure… SSDs will tend to simply go from working perfectly, to being completely dead in the blink of an eye.  BACKUP BACKUP BACKUP!

 

momentus-100021850-largeHybrid

 

A hybrid hard drive is a mixture of a traditional HDD drive and a small solid-state/flash drive in a single package. The drive monitors the usage of data being read and keeps a copy of the most frequently accessed data on the flash memory as a cache. This results in SSD like performance at a fraction of the cost. They cost slightly more than traditional hard drives but nowhere near as much as solid state drives. They can often make an ideal cost effective solution.

 

All in all, I’m a fan of SSD.  And for me, if it’s in the budget, I will always get, and always recommend SSD.

Cloud Accounting with Xero – Is it right for you?

By

computer-1149148_640

‘Working in the Cloud’, ‘Cloud Computing’, ‘Cloud Accounting’… All terms we are hearing more and more. Momentum is growing for all businesses from SMB to Major Enterprise as people gain a better understanding of the true benefits of Cloud.

Not sure what ‘The Cloud’ is?

Put simply, cloud computing refers to applications and services being made available over the internet. Essentially this means they are available on demand where ever you are, without you having to install applications and servers.

Could ‘Live Accounting’ benefit you and your business? Here are some advantages to consider.

  • Available 24/7 from anywhere in the world provided you have an internet connection.
  • You get a ‘Real-time’ view of your cashflow and bank balances.
  • Automated Bank Feeds can minimise manual and cumbersome data entry.
  • Collaborate with your accountant in ‘Real-time’… no more sending data files back and forth.
  • No hardware or server installations, no manual back-ups, maintenance or support costs.
  • System upgrades occur while you’re offline, minimising your downtime.
  • No longer do you need to send your MYOB or QuickBooks files to your accountant leaving you unable to edit your own file while they work.
  • Fixed monthly costs that are cashflow friendly.

Do you want to know more about Xero?

xero-authorised-integrator-logo-RGB

Industry Standards: How does your IT provider compare?

By


If you’re a non-techie who has been left to look after the IT department of your workplace, you may be wondering exactly how your IT provider stacks up in comparison to the industry standards of others in the country.




The following review will give you a break down of the industry standards across four categories: client satisfaction, service deliverability, IT spend and managed services cost.

1. Client Satisfaction


In August 2015, Client Heartbeat surveyed the clients of Australian IT providers to determine how happy they were with their IT provider. The survey asked clients to rate their IT provider on a scale of 1 to 10 across 5 areas: promptness, accuracy, partnership, advice and overall performance.




Here are their findings:




Promptness: 8.3/10

Accuracy: 8.3/10

Partnership: 8.4/10

Advice: 8.6/10

Overall: 8.4/10


2. Service Deliverability

Pink Elephant (the company who initiated this survey) collects, analyses and presents IT management metrics benchmarks. Between 2010 and 2012 a survey was taken by IT managers across the globe to measure the standards for incident, problem and change-management metrics.




Here are some of the standout findings:




Incident management


The report found that the number of incidents an organisation experiences is influenced by the organisation’s size, number of users and the number of years that the company has had an incident management practice in place. The numbers below represent an average of the total incidents per month during the survey period unless otherwise indicated.




First contact resolution: 74%

Incident maximum priority: 6%

Incident resolution within expected interval: 82%



Problem management


Problems with known errors: 48.8%

Problems Assigned Highest Priority: 8%

Problem / known error age at closure: 4.4 months (average of entire survey period)

Problems without known errors: 42%



Change management


Requests for change with no issues: 87%

Requests for change / right the first time: 90%



Among the several interesting metrics is an average 90% Change Executed Right First Time (no rollback or cancelation, and as scheduled). This appears to indicate that 10% of all Changes fail in at least 1 of the 3 ways, which is quite a disappointing benchmark.

3. IT Spend

According to research compiled by software security company Trend Micro, Australian small businesses spend an average of $52,100 per year on IT related expenses.




In the last year, small businesses with between five and 25 employees spent an average of $25,200 per year, while businesses with between 26 and 50 staff spent $20,600 and businesses with 51 to 100 employees spent, on average, $77,300 on IT.




The survey of 300 businesses found the way in which IT was managed across a business depended heavily on the size of the business, with smaller businesses more likely to manage IT simply on an ad hoc basis, and those with more employees more likely to have dedicated IT support.




Nearly one quarter of businesses surveyed said they had external technology consultants and channel partners provide their IT support, a figure much larger than other countries around the world.




Mark Sinclair, head of small and medium business at Trend Micro, said if small business owners have to manage IT themselves it can lead to inefficiencies and increased security incidents.




As a rule of thumb, if you’re spending less than 5% on IT, you should consider how important it is to your organisation’s success and how you can increase spending to at least 5% to take advantage of tools and services that will help you operate more efficiently.

4. Managed Services Cost

Kaseya surveyed 700 managed IT service providers to determine a few industry standards for pricing. Here’s what they found (in AUD):




Average hourly rate: $92 (level 1), $120 (level 2), $171 (level 3)

Average desktop support and maintenance charge: $51-65

Average server support and maintenance charge: $160-195

Average billing fee per user: 39% charge, between $65-130 per user

Average size of managed service contract: between $1300-6500

Conclusion

These industry standards should be referred when reviewing your current IT provider. Consider, are they meeting your business needs at a reasonable cost?




If you would like to speak with us about how we can effectively and efficiently manage your businesses IT, contact the eStorm office today.