WinShock: are you protected?

We’ve already blogged on some of the recent highly publicised security threats to computer systems, such asHeartbleed and Shellshock.

One thing that brought security breaches like Heartbleed to widespread attention was the fact that they were just as potent a threat to Macs as to Windows PCs.It’s easy to panic in the face of these stories, but many of these bugs have only limited impact. Others can be potentially serious, but for a variety of reasons there are only limited opportunities to exploit them.

Now it’s Windows’ turn again; a new vulnerability has come to light which does appear to warrant pre-emptive action, and it affects many functions across Windows. Located in a fundamental component of Windows called sChannel, this new security weakness can affect both workstations and servers. There is a patch, but it has to be installed, and without it PCs remain highly vulnerable. The significant points raised in the linked article are the ‘attack surface’, which covers pretty much any unpatched Windows computer, and the proofs of exploit that have been published by web security giants BeyondTrust and IT Immunity.

Because of this, at Modalit we have decided to ensure that all of our customers’ servers are completely up to date. We started last week and we hope to be finished by the end of next week; all the work is being done out of hours. There is a small risk that the updating process will cause problems on some servers, which is something that can happen any time – but in this case the benefits outweigh any difficulties that might arise. We are taking every care to minimise any disruption.

At the same time, we strongly suggest that everybody reading this checks their Windows PCs over the next few weeks, to make sure everything is up-to-date. It appears from our monitoring that PCs are updating automatically, but this should be verified by checking manually. To do this, check Windows Update:
• Go to Start > Control panel and select Windows Update
• Click on Check for Updates and install any updates that are marked as important or critical.
• Restart the computer and repeat to make sure.

We advise our clients to get in touch if they need any help you need any assistance with this.

Stand to work: a not-so-radical solution

When you work in IT designing systems for other people to use, you are either very aware of the physical side of the experience or not at all. Becoming increasingly aware of research that blames computer use for the health problems caused by excessive sitting, our Director Iain Stewart has applied some of this awareness to his own working day, by installing a sit/stand desk.

In case you haven’t been reading the same articles, this is an adjustable desk that allows you to stand up for some of the time, and sit down when you need to. They are slowly filtering into the mainstream, and are said to reduce the risk of heart disease, contribute to the body’s need for exercise – which most of us are not getting nearly enough of – and even help to control our blood sugar levels. And it’s not a new-fangled idea: devotees of working standing up have apparently included Winston Churchill, Ernest Hemingway and Ben Franklin. Iain made his desk by buying a sit/stand stand, and fixing the top of his old sedentary desk to it.

Iain says:

The motivation to try it came from feeling it couldn’t be good to sit for the best part of eight, ten, or even 12 hours a day. Reading about it, most people who were using sit-stand sounded very happy with the change. They report being more energised, more focused. Physical improvements like reduced back pain, better posture and even reduction of chronic pain were cited frequently.

I had always felt comfortable reading the newspaper or using a laptop while standing at a bench, for example in cafes, and had often thought about introducing this to my work space. Earlier this autumn I decided I had to try it.

After quite a bit of research I decided on the Conset 501-49 frame – I already had a desk top that I liked, and this would fit it perfectly. It took me about an hour to assemble my new desk. It’s motorised, so I can go from sitting to standing at the touch of a switch. But I find I’m not using the switch very often – after six weeks of standing and never sitting, I am converted.

What’s different?  Overall I work better. I’m more focused, less tired, and much fitter. For the first couple of weeks I was a more tired by the end of the day, but that wore off quickly. Fortunately I have never suffered from significant back pain, but I have noticed that even the niggling aches have subsided, including a dodgy knee which I thought might impede my plan to stand. Also, I once read somewhere that the habit of sitting with your legs crossed is genetic, so if like me you are cross-bred, you might find this helps you kick the habit. I’m finding that the inability to spend large amounts of time in this position feels like a real positive.

If any of this makes you curious, I can only suggest try it if you possibly can. Here are some places to start:

The Cloud: part 1

1: Getting to know the Cloud

One of the most common questions we get asked by our clients is: ‘Do I need to be on the Cloud?’ When we ask them why they’re asking, it turns out that ‘the Cloud’ is a bit of a cloudy concept. We’ve all heard of it but no one’s ever seen it. As it happens, you may not have to choose whether to ‘go on the cloud’, because the Cloud is coming towards you. This blog post is part one of our introduction to the Cloud.

First, it’s not as mysterious – or as fluffy – as it sounds. The term ‘cloud’ comes from those network diagrams where the internet is depicted as a big cloud in the middle of a system of networks and computers – and this is a good way to understand how Cloud computing works, too.

Faster internet speeds and more affordable hardware are making it much more feasible for companies to use the internet to deliver services that used to take the form of boxed software or even hardware.  (Remember those CD-Rom encyclopaedias?) The internet has enabled much greater functionality, like file sharing, and syncing across devices (or subscribers). This is one of the things that is, for example, driving the trend towards more people working from home.

‘The Cloud’ includes services that lots of us use at home, like Dropbox or Google Drive for file storage, or Office 365 which includes internet access to software, or apps like Evernote – essentially a multi-media notepad, which syncs across all your devices. Most of these include a free ‘basic’ version of a service, offering simple functionality or small usage, and a business service. But what does all this mean for your business? Is it just a trend?

One feature most Cloud services will offer is the ability to share documents, folders or workflow features among a group of people; all your documents are stored in remote servers (and possibly also on your machine, so you can work offline; it syncs with the main document when you get back online). This is driving real change in how businesses work. We have clients whose staff are based in several locations and who rely on these types of services to run their businesses.

But the Cloud is also heading towards single-office-based enterprises. That annual accounting package purchase, for example, is now a flexible monthly subscription that gets automatically updated for the new financial year. Other ‘hard’ business functions are also increasingly based on the cloud – data protection, security, IP-based telephony, and synced email services are just a few.

As more providers move over to offering their services in this form, it will become less possible for a business not to be on the cloud at all; it will be more about learning how it works and what your particular needs are. More on that in our next post.

The Cloud: part 2

The Cloud: what’s in it for me?

Part 2 of our Introduction to the Cloud (see part 1 here).

Cloud computing is here to stay, at least for the duration, and with the internet getting faster, the Cloud is still getting bigger. To make the best decisions about what this means for your business, you need to understand what’s on offer and how it works. There are three main cloud service areas:

Software-as-a-service (Saas)
Instead of purchasing boxed software and licenses, you sign up for online access to it and pay a subscription based on usage or the number of users. This bit of the Cloud is making a big impact on small and medium-sized businesses – most services of this kind let you increase or decrease your package month by month, so they offer real flexibility when compared to buying extra licenses or upgrades.

Infrastructure-as-a-service (Iaas)
Rather than making a capital investment in servers and network equipment, you can subscribe to a service and pay according to the amount of resources your network consumes. The scale and cost of this kind of Iaas services make it more useful for large enterprises, but many small business are tapping into Iaas through their website hosting arrangements.

Platform-as-a-service (Paas)
This covers the operating systems, software, and anything else needed to run (for example) web, database or email services. Pricing models vary, but many are subscription-based. CRM software packages like and SageCRM are good examples of platform-as-a-service, as is IP telephony (VOIP).

There are obvious advantages to a lot of this, but before deciding to migrate any of your business process to the Cloud, it’s a good idea to understand what you have at present, what you need, and what’s out there. You’ll want to assess potential pitfalls as well as potential advantages, before making a decision.

On the plus side
On the plus side, information that’s stored remotely on a massive server is much less vulnerable in, for example, a local crash. Cloud services can be accessed any time from any computer, so long as it is connected to the internet – And with many of them you download an app so you can work locally, offline.  Lots of network technologies like Outlook Web Access and Terminal Server are already available like this; the Cloud is widening it out and putting it in reach of smaller enterprises and home users.

By working on a subscription model, cloud computing has the potential to lower capital costs – because you’re not investing in hardware – and to improve cashflow by being a predictable monthly outgoing, rather than involving expensive upgrades.

It’s also flexible. Most Cloud-based services operate on a pay-per-user-per-month basis; there is no lengthy contract to bind you something you no longer need. You can increase or upgrade services quickly and temporarily, so you can be completely responsive as your business expands or contracts. For small enterprises this can make project-based work more profitable, or even possible.

But on the other hand…
Cloud computing cannot work without the internet. If your internet connection fails, or if a Cloud-based provider goes down, you will be left with no access to files unless they’re also stored locally. You still have to back up, and have a contingency plan.

With the massive expansion of the web and its functions, new security holes open up all the time. Keeping users’ information safe is a massive priority for reputable providers, but it still pays to ask: how vulnerable is your data to being ‘mined’ or otherwise inappropriately accessed? How much data are cloud companies collecting, and how might that information be used?

Once you decide to stop a Cloud-based service, who actually owns and controls your data? Is it being stored in compliance with UK data protection laws? Can you get it back? How can you be certain that the service provider will destroy your data (after you’ve retrieved it, of course) once you’ve canceled the service? It’s important to read the small print.

In short, with the Cloud as with everything else, it’s important to do your homework before making any changes to your service provision. Some services may look good, but your business may not really need them. Think about how you work, what your actual problems are, and what’s working great just as it is. Weigh up the pros and cons of each service and decide what will work best for your business.

Migrating your functions to the Cloud is not all or nothing proposition.  Some services may change so they only exist as cloud-based options, but for others there will be alternatives. Moving everything – becoming completely cloud-based – probably won’t be the most practical step, either strategically or economically. Many small businesses take advantage of Cloud computing selectively, for example, by moving anti-virus and backup to the Cloud, or by subscribing to a cloud software service instead of buying a boxed software upgrade.

If you find that some aspect or aspects of your business will work better in the Cloud, make it as strategic a change as any other change. Make sure you have a transition plan, ensure that everything is backed up and that you have full access to your information, and have a Plan B in case it turns out not to be what your business needs.