Where do you start with managing cybersecurity risk for your organisation? It’s a question organisations of all sizes are grappling with and one Managed Service Providers need to answer on behalf of clients.
Australia and New Zealand are currently lagging behind many countries from a cybersecurity standards and regulatory perspective. So First Focus have chosen the NIST Cybersecurity Framework v1.1 as our blueprint for cybersecurity.
The National Institute of Standards and Technology (NIST) is a US agency that oversees standards across many industries, including IT. The NIST Cybersecurity Framework is embedded in the US and has been adopted as a standard by countries across Europe, Asia and the Americas.
Five functions (Identify, Protect, Detect, Respond, and Recover) make up the core framework, within which there are 23 categories. More details on the NIST Cybersecurity Framework and the 23 categories can be found here.
NIST describes the framework as a consensus-based, industry-led set of standards, guidelines, best practices, methodologies, procedures and processes to cost-effectively reduce cyber risks. Importantly it:
• is relatively concise and easy to understand.
• is designed for organisations of any size, in any sector.
• maps to other standards (e.g. ISO 27001, PCI, GS007).
• is funded by the US government and has been adopted by many other countries.
First Focus have adopted NIST because few organisations are fully prepared for the current level of cyber-threats, and a review of our methodology, using best-practice guidelines, was prudent. Our Security Assessment process has since been rewritten and extended following the NIST principles.
Impact of Cybersecurity failure
Marriott announced in November 2018 that the details of 500 million customers had been compromised, which dropped their share price by over 5%. Less public are the many breaches that occur to smaller and medium sized businesses.
The impact on organisations that experience cybersecurity failures can be enormous and sustained. Some of the results from a recent survey were astounding:
• 64% of customers will end their customer relationship after they are affected by a breach
• 41% of small and medium businesses are unaware of the risks accrued with human error
• Only 22% of small and medium businesses are willing to improve their security measures from the previous year
Weighing up the cost/benefit
The NIST framework is not prescriptive. There is no one-size approach to cybersecurity and different organisations will have their own appetite for risk. However, we continue to see too many avoidable cybersecurity incidents across the industry. Offsetting cybersecurity risk through education, awareness and preventative actions has never been more important.
According to Gartner, spending on IT security as a percentage of the average total IT budget has increased from 7% in the mid-2000’s to just over 10% today. Cybersecurity costs are expected to accelerate further, increasing by a similar amount again by 2022.
Growth in IT security spending has been driven by the adoption of increasingly sophisticated counter-measures, which include Multi-Factor Authentication (MFA), disk encryption and staff security training. Previously, a small or medium business with a firewall and anti-virus would have been considered secure. Now best practise modern security solutions include access to newer services like:
• Dark web monitoring
• Intelligent threat detection
• Security Incident Event Management (SIEM)
• Security Operations Centre (SOC)
Adopting the NIST framework can help your organisation assess your risk, identify any security gaps and determine the most cost-effective strategy for your organisation.
When talking with prospective clients about their IT budget, we generally find they fit into one of two categories. Those that see IT as:
• a cost to be minimised, or
• an investment to generate a return
Surprisingly, these two different types of organisations usually spend a similar amount on IT. This is because:
• cost minimisers have more unplanned costs
• cost minimisers ‘save’ money using the salary (and time) of under-qualified internal staff
• cheaper solutions often don’t last as long, leading to more frequent implementation costs
However, the big win for investors comes from the productivity, employee happiness and the competitive advantage they can create.
Which just leaves one question. How much should your IT budget plan to spend on technology?
Plan your IT budget per user
Many businesses like to base their IT budget on a percentage of their expected revenue. However, per user budgeting provides the best guide because most IT components are able to be paid for on a scalable per user basis.
Even IT expenses that can’t be paid for per user, rise in a predictable way, e.g., internet connectivity costs will increase as more employees require extra bandwidth and a higher need for redundancy. Similarly, items that traditionally required capital expenditure can now be purchased ‘as a service’ or leased, converting the overall IT budget to a 100% annualised, scalable model.
Budget per user for each component of IT
Connectivity: $100 per month
Connectivity includes everything from the WAN to the LAN. Spending more here will reduce costs elsewhere and create opportunities to leverage technology. Successful companies prioritise employee productivity, spending up to $100 per staff member per month on connectivity to provide fast and reliable connections inside and outside of the office.
Infrastructure: $150 per month
Whether it’s public cloud, private cloud, hybrid cloud, on-premises infrastructure or a combination, it’s important to cover all bases when budgeting here. Be sure to include the cost of licensing, backups and disaster recovery. Moving applications to SaaS can help reduce costs, but these savings should be re-invested in tools like single sign-on for users and SaaS backup services. Budget $150 per staff member per month on Infrastructure unless the environment is entirely SaaS-based (in which case budget more for Applications instead).
End User Computing: $150 per month
Most staff have multiple devices including a desktop or laptop and a smartphone. And despite the paperless office being promised for many years, we still have multi-function devices for printing and scanning. To replace devices before they impact on productivity, an amount of $150 per staff member per month should be budgeted.
Communications: $150 per month
Fixed line phones, mobile phones, email, video conferencing, instant messaging, collaboration platforms, intranet, social media and perhaps even a fax number. Most companies have all of these communications methods and it’s important to understand what each is used for and how to rationalise the number of different systems. This starts with budgeting the right amount and choosing solutions that can serve multiple communication purposes. Productive organisations spend up to $150 per staff member per month ensuring the best technology is in place. The difference between spending as little as possible to best-in-class Communications can be paid back by staff being only 30 minutes more productive per month.
Applications: $200 per month
Applications represent the most variable part of the IT budget. The amount an organisation spends on their applications is a good measure of how seriously they view technology as an investment, because it’s applications that can generate the most ROI. The uses for applications are endless, including business automation, improving access to information and resources for staff, increasing client engagement, market differentiation, capacity planning, sales and marketing, business intelligence and recruitment.
Decisions about how applications can be deployed should be what 99% of the organisation’s technology discussions are about. If you concentrate on connectivity, infrastructure or what laptop someone has, you are missing the biggest opportunities. Instead, model the business case for investing in applications to improve productivity, revenue and cost savings. Spending less than $200 per staff member per month on software means it’s likely that opportunities are being missed. The best organisations spend far more.
Security: $100 per month
It’s critical to budget specifically for IT security. This involves much more than a firewall and some anti-virus software. $100 per staff member per month is a minimum and is a relatively small overhead to protect the rest of the IT spend, maintain business continuity and meet compliance requirements. Unfortunately this is where we often see businesses massively undercutting and saving costs. With organised cybercrime increasingly targeting small and mid-sized businesses with ever more sophisticated tools and techniques, IT security should not be overlooked.
IT Operations: $250 per month
The first thing that comes to mind when we talk to clients about managing their IT is the cost of support. But IT Operations also cover everything from developing the IT strategy to managing the third-parties and vendors that create an organisation’s IT environment. If the cost of IT support from a managed service provider (MSP) is significantly less than $250 per month, then someone within the organisation (who may not be an expert) needs to handle the other operational responsibilities not provided by the MSP.
Total per staff member: $1100 per month
Do these IT budgets apply to an organisation of your size?
In our experience, the size of the organisation doesn’t greatly change the overall spend per staff member. Economies of scale in some areas are replaced by increased complexity, compliance and management overhead in other areas. There are always some exceptions. Some businesses, like our own, rely heavily on software and automation, so IT costs may be higher. However as Watts S. Humphrey said 20 years ago, “Every business is a software business”. This still rings true today. If you aren’t maximising your use of appropriate technology, then your competitors are!
Interested in assessing your own spend in more detail? First Focus can assist you to identify your key IT budget priorities through to creating a complete IT strategy. For more information, contact us at email@example.com or phone 1300 556 531.
Organisations usually move to Office 365 for two main reasons; to standardise their Microsoft Office licensing and to access a cloud-based email system. Some businesses manage their data using OneDrive and SharePoint. But if you’re using Office 365 like you used the desktop Office applications, you’re missing out on the true power of Office 365.
Office 365 is much more than accessing Office applications via the cloud. Understanding the newer components within the Office 365 suite, and how they enhance the traditional applications, can substantially improve how your team works together.
For organisations looking to get more value, collaboration and compliance, below are 5 recommendations you should consider implementing.
1. Collaboration: Use Teams and Planner
File servers have typically been where most data was stored. Documents were saved in folders and it was difficult for staff and external partners to collaborate on projects or files. Microsoft Teams provides a collaborative workspace to create, save and provide feedback on documents in real-time. Documents can be worked on by multiple staff simultaneously, preventing numerous versions being created and saving confusion over which version is the latest. Online meetings can also be held and using Teams, with the sessions recorded for future viewing.
Microsoft Planner is a great tool for tracking and planning tasks and activities among your team. Planner provides a digital workspace which allows teams to create a plan, including ‘buckets’ of activities. Activities can be scheduled and tracked to different team members, allowing your business to keep track of project tasks or plans you are working on.
2. Communication: Deploy Yammer
Yammer is included in most Office 365 plans. It is similar to a social platform and provides a digital bulletin board for an organisation. With Yammer you can create different channels, add team members and communicate with each other across departments, locations or with third parties also using the Yammer system.
Within each channel, staff can post comments, news, upload documents, files and react posts. Yammer helps employees keep up to date with company news and can also be useful for new staff to see what is happening throughout the organisation.
3. Data Security: Enable Office 365 security and compliance features
Some basic security features are enabled by default ‘out of the box’ when Office 365 is first deployed. To ensure the correct policies and settings are best practice, all organisations should review their security settings with their IT team.
Combining Office 365 with Azure Active Directory Premium plans provides extra security features, such as multi-factor authentication, conditional access including by geo-location and self-service password reset.
Firms who subscribe to the Enterprise level plans can access advanced security and compliance features which can protect the organisation against data theft and loss. Features such as legal hold, data loss prevention and digital rights management all need to be configured to meet the needs of the organisation.
4. File Storage: Move files the cloud
OneDrive typically stores a user’s personal documents in the cloud. OneDrive can also be configured to store a user’s desktop, their favourites, downloads and more. This allows staff to download their files when they need a new computer. In Windows 10, OneDrive can also provide ‘on-demand’ file access, which makes it easier to access pre-selected documents when offline.
Moving old network files shares to OneDrive, Teams or SharePoint libraries can free the organisation from having a file server and old VPN technology.
5. Automate Processes: Use Microsoft Flow
Save your staff time by automating common tasks with Microsoft Flow. Flow includes a growing library of task templates, which make adding automation processes easy. For example, a company would like to save all of the attachments sent to their sales inbox. Flow provides a template to automatically save attachments from incoming emails to a OneDrive or SharePoint library.
Time for a review?
Whether you’ve already moved to Office 365 or are considering if the time is right, an Office 365 implementation should not be considered a one-off project. Regular enhancement updates require on-going reviews to make the most of your subscription.
11th annual MSP 501 survey rankings released for 2018.
MSPmentor have released their 2018 worldwide ranking of IT Managed Service Providers (MSPs), the largest most comprehensive worldwide ranking of leading IT managed service providers. First Focus jumped into the Top 100 for the first time following a year of strong organic growth, rising to position 93, up from 104 in 2017.
In 2018 a record number of MSP’s from around the world provided submissions to the annual survey, which rewards companies with forward thinking strategies and the ability to anticipate and act on IT trends.
“First Focus’ rise up the MSP501 rankings reflects the underlying strength of the business. Our success is due to the close partnerships we have with our customers and the dedication of our staff to go the extra mile,” said Philip Barton, Head of Client Services at First Focus.
The new award follows certification earlier in June ’18 when First Focus became the inaugural MSP to receive the Australian Computer Society Trust Mark.
“To be recognised as a leading MSP is a fantastic reward for the best practice systems and processes we’ve built and the business values we live by,” continued Philip.
Microsoft 365 is Microsoft’s complete solution for Business and Enterprise. Read our review to decide if it could suit your organisation.
The Modern Workplace
Modern work patterns are changing how people work and what they expect from an IT system. Work is no longer ‘a place’. IT systems must now allow people to securely communicate and collaborate from almost anywhere.
The traditional IT environment with on premise servers and local applications is not well suited for collaboration or remote access. Advanced security features can also be expensive to add.
To address this modern reality, Microsoft 365 provides a suite of cloud applications to simplify communication and protect company data. Office 365 and its family of collaboration tools have been extended with beefed up data security and mobile device protection. With specific versions available for Business (up to 300 users) and Enterprise.
Microsoft 365 is not for everyone. However, for organisations looking for a more efficient, flexible and secure environment, here are 5 reasons you should consider Microsoft 365:
1. Collaboration: Work faster and more remotely
Collaboration using legacy IT systems is often difficult and expensive, especially for businesses with geographically spread staff. Terminal servers or VPN’s provide remote access to shared data, but they do not provide a collaborative workspace. Staff can struggle to work on shared content, with multiple versions of documents creating confusion and delays.
Microsoft 365 provides a highly scalable collaborative environment. Using SharePoint, Planner and Teams, staff can work on the same documents and provide feedback on projects in real-time. OneDrive allows staff to securely share documents, even with third parties. All of these applications work via a web browser or directly from the desktop Microsoft Office applications.
2. Communication: Working better together
IT systems have traditionally included an email server with a separate telephone system. The modern workplace replaces a siloed approach with centralised communication tools such as Skype for Business and Teams.
Skype for Business allows staff to communicate using instant messaging, video calls, voice calls or within meetings. Staff can share documents and display their screen with meeting participants.
Presence is built into Microsoft 365 applications, allowing staff to see if someone is available or offline. The Office 365 applications automatically detect if a person is available, in a meeting, presenting, or away from their desk. Instead of waiting for an email or calling, staff can see if someone is online and send a quick message.
3. Data Security: Providing piece of mind
Security and protection of company data is a growing concern. Challenges include external threats to data and resources, new data protection laws, and staff connecting devices from different locations.
With Microsoft 365, the traditional domain controller is replaced with Azure Active Directory. This cloud service provides advanced security features such as conditional access, single sign-on and multi-factor authentication.
Microsoft 365 includes InTune to manage workstations, create policies and control what staff can do on company devices. InTune can reduce data leakage by containing data within protected areas. Examples include stopping a user from copying and pasting data between web applications, or downloading a file onto an untrusted device. Devices can be encrypted, with data and emails able to be remotely wiped if the device is lost or stolen.
For organisations needing advanced mobile device management, including managing application and security on IOS and Android devices, First Focus recommends Microsoft Enterprise Mobility + Security (EMS) E3. EMS provides additional security features, which include Legal Hold, to preserve data changed or deleted on mobile devices.
Legal Hold helps businesses comply with internal policies and industry regulations by retaining company data from the Office 365 system. For example, you could choose to preserve the content in the Accounts department mailboxes for seven years.
4. Integration: Connecting systems more easily
By moving to a cloud-based system, organisations can easily integrate their systems with other cloud applications within the same eco-system. Using API’s, cloud applications can seamlessly exchange data between each other without complex data mapping and middleware.
The Microsoft 365 suite can be integrated with many applications including CRM, document management and accounting packages. Seamless integration reduces errors, provides faster access to data where it’s needed and helps drive digital transformation.
5. Cost and scalability: No more infrastructure upgrades!
Traditional IT systems are expensive and not easy to scale. On-going investment in hardware and infrastructure is usually required every 3-5 years. Migrating to the cloud involves a one-time investment, however it removes the need to upgrade whenever the server infrastructure needs to be refreshed.
In the cloud, Microsoft 365 allows organisations to ‘turn on’ what they need on a per user, per month basis. This monthly cost includes the back-end platform, storage, desktop Office programs and the Windows 10 license. So you’ll always be up to date without having to keep buying software upgrades.
Is Microsoft 365 for you?
Many organisations can live the modern workplace with Microsoft 365; enjoying increased productivity and security, with reduced IT costs.
If your IT infrastructure is due for replacement, it’s an ideal time to consider Microsoft 365 instead of new hardware.
If your staff need to work more collaboratively, you may introduce parts of the Microsoft 365 or Office 365 suites.
First Focus has successfully migrated clients from their old server-based environments to a modern workplace with Microsoft 365.
For more information about whether Microsoft 365 is right for you, contact us at firstname.lastname@example.org or phone 1300 556 531.
For most businesses, winning a government contract is a big deal. Weeks and months of tender writing and meetings are about to pay off. But is a lack of cyber security putting your hard work and contract at risk? And if you win the contract, are your IT systems safe from professional hackers looking for a back-door into government systems?
The Australian Government, through the Australian Cyber Security Centre (ACSC), has warned contractors about a significant increase in cyber activity being reported by government contractors in Australia and overseas. The ACSC noted that contractors have become high priority targets for cyber activities.
One example is Australian defence shipbuilding contractor Austal, which announced in November 2018 that its Australian business had detected a breach of the company’s data management system by an unknown offender.
As more information becomes digital and is shared with third-parties, the threat to government contractors and subcontractors is increasing.
Privacy requirements for Government contractors
To help control cyber security risks, the Australian Government requires that any organisation which enters into a contract with an Australian Government agency is subject to the Privacy Act, Notifiable Data Breach scheme and the Australian Privacy Principles. Importantly, the privacy laws extend beyond contractors to subcontractors.
For most organisations with an annual turnover of $3 million or less, the Privacy Act does not usually apply. However, this is not the case when the organisation is or was a party to a Commonwealth contract.
If there is a breach of the Privacy Act, The Office of the Australian Information Commissioner has extensive powers to obtain information and to take evidence under oath. If the breach has caused irreparable damage or complaints cannot be conciliated, the Commissioner can impose a variety of penalties including financial compensation.
How do data breaches occur?
There are many ways data breaches can occur. The Office of the Australian Information Commissioner has provided a number of examples, including:
- Databases containing personal information being ‘hacked’ into or otherwise illegally accessed
- An individual deceiving an agency or organisation into improperly releasing the personal information of another person
- Lost or stolen laptops, removable storage devices, or paper records containing personal information
- Employees accessing or disclosing personal information outside the requirements or authorisation of their employment
Recommended Security Strategies
To prevent data and privacy breaches, the Australian Government has advised that contractors and subcontractors should implement the Essential Eight Strategies to Mitigate Cyber Security Incidents as a security baseline. The eight recommended strategies are:
- Restrict administrative privileges
- Use Multi-Factor Authentication
- Whitelist applications
- Harden applications against vulnerable functionality
- Patch applications for security vulnerabilities
- Patch operating systems
- Configure Microsoft Office macro settings
- Daily backups
It is important to recognise that the above strategies are a recommended minimum for data security. They should not be the only strategies used to prevent data loss and privacy breaches.
Note: Although efforts to verify the accuracy of the above article have been made, First Focus recommend that you should seek your own professional legal advice.
The Australian Computer Society (ACS) have launched their new Trust Mark program, which is designed to provide an independent quality assurance over the internal procedures and controls of IT service providers.
First Focus are excited to be the first IT Managed Service Provider to have met the accreditation benchmark.
“Recognition under the scheme represents an independent assurance that these organisations have implemented and maintained appropriate customer interfaces, competence, project management and document control as part of their commitment to understanding and meeting the service requirements of their customers,” said ACS Director of Workforce Planning & Development, Louise Smith.
Phil Barton, Head of Client Services at First Focus, spoke about the shared values the Trust Mark represents.
“The Trust Mark accreditation provides an important validation of the best practice systems and processes we have developed, as we strive to make a difference for clients through better using IT. We believe the Trust Mark will come to represent high quality organisations in our industry that Australian businesses can confidently partner with. The Trust Mark demonstrates our focus on creating repeatable management systems that are baked into the business. For customers, it’s all about how we apply our knowledge in a consistent, responsive process.”
First Focus encourages like-minded IT service providers to test themselves against the required standard and to be recognised as a quality leader.
Identity and Access Management (IAM) lets the right individuals access the right resources, at the right times, for the right reasons.
Most commonly used in the enterprise space, IAM is now being adopted by mid-size organisations to control:
- Application access through Single Sign-On and Multi-Factor Authentication
- Remote access, including from foreign countries without staff, via Geo-Gating
- Centralisation of access privileges and self-service passwords
- Improved compliance with regulatory requirements
The importance of IAM has been highlighted by the results from Australia’s Notifiable Data Breach legislation. The data has confirmed a high proportion security breaches are due to human error, while malicious attempts to gain entry e.g. phishing attacks, remain a constant threat. IAM helps mitigate these vulnerabilities within a broader security strategy.
Source of data breaches by percentage – All sectors (1)
The goal for IAM is to prevent unauthorised entry, without hindering the user’s access to their different applications, wherever the user or application may be.
Advances in Identity and Access Management systems can now achieve these competing challenges, allowing controlled access to resources across diverse technology environments and compliance with security standards, while also improving the user experience.
How IAM improves access and security
IAM addresses many of the security challenges faced by modern businesses, including:
Distributed applications such as Office 365 are now common place. One of the issues with distributed applications is users struggle to remember multiple passwords. As a result, IT departments face rising support costs from frustrated users and from managing different security methods.
IAM addresses this challenge by helping administrators consolidate, control, and simplify access privileges. Single Sign-On (SSO) can help with a single set of credentials for all applications.
SSO is often combined with Multi-Factor Authentication (MFA) to provide a single second challenge via a device controlled by the user e.g. mobile phone text message.
An increasingly mobile workforce means that security is now needed in more places, with employees working from home, mobile sales forces and ad-hoc access inside and outside of office work places.
IAM makes this possible through “geo-gating” locations. When inside the office, users can be unhindered by additional layers of security. When outside of the office network, best practice security principals such as MFA and other conditional security measures, including restricting access from selected countries, can be enforced to keep unwanted third parties out.
Poor administrative practices, human error and a lack of automation continue to affect IT departments. A common security failure stems from manual processes to revoke the user rights of former employees.
IAM centralisation, when implemented correctly, ensures that by disabling a single account, access to all systems and applications is removed once a user leaves an organisation.
Finally, with increasing regulatory compliance, IAM has a place in aligning with many compliance standards that businesses are faced with like HIPAA, PCIDSS and ISO27001.
The First Focus IDaaS solution
To identify and manage the right combination of IAM tools for an organisation requires business analytical skills and technical expertise.
First Focus are experts in IAM and we offer our customers a comprehensive managed Identity as a Service (IDaaS) for on-premise to cloud environments.
We install, embed and manage your IAM solution to ensure your business benefits from:
- Seamless access to any application from virtually any location or device
- Secure collaboration with partners and customers
- Increased IT efficiency and lower service desk costs
- Enhanced security with real-time response to advanced threats
To find out more about Identity and Access Management, contact us or call 1300 556 531.
(1) Notifiable Data Breaches Quarterly Report 1 April – 30 June 2018. oaic.gov.au
Do you ever feel like you and your Managed Service Provider (MSP) are pulling in different directions?
Most MSPs want to do what’s best for their customers and even the strongest of partnerships can come under strain. But the business models of MSPs do vary considerably, which can dramatically affect how services are provided to clients.
To put your MSP to the test, consider the following ‘best practice’ scenarios and decide for yourself.
1. Guaranteed service levels: Is there a penalty clause?
Browsing the websites of any selection of MSPs suggests they all provide ‘world class’ customer service. To tell whether your MSP is one who does from those who only promise, check if they have a penalty clause in their support agreements. A penalty clause ensures the MSP has some ‘skin in the game’ and it requires measuring service levels in real-time. In addition to measuring response and resolution times, a great MSP will also be measuring and reporting customer satisfaction.
2. Standardisation: Are your unique needs being addressed?
Standardising on processes and systems provides a clear benefit within an individual organisation. But when MSPs try to standardise their entire customer base, problems emerge for their clients. Vendors and technologies preferred by the MSP can become standard across all clients, regardless of the needs of individual organisations. MSPs benefit from standardisation because it simplifies support and reduces their costs. If your MSP suggests ‘everyone’ uses similar infrastructure, tools or applications, questions should be raised why.
3. Billable consulting: Sales in disguise or expert review?
Some MSPs have highly skilled consultants who can add a lot of value by designing technology roadmaps. If all of your MSP’s billable recommendations point to services provided by their firm, the value and impartiality of the advice might be queried. Leading MSPs do provide a wide range of services which address most core IT requirements. However, if issues in specialist areas not offered by your MSP are ignored, you may be a participant in a neatly disguised ‘paid for’ sales process.
4. Sales compensation: Commission or no commission?
There are two types of IT sales people; those who earn commission and those who don’t. Popular ‘best practice’ compensation models for MSPs require the salesperson to hit a target before earning commission. The alternative model is to employ Service Delivery Managers or Technical Account Managers, who earn fixed salaries and are typically incentivised on client retention.
To learn which of the two sales models you are dealing with, it’s fair to ask whether your MSP’s sales and account managers are on commission. In a trusted partnership you have the right to know. Another strategy is to ask what percentage of the MSP’s revenue is made up of product sales. If product sales make up more than 25% of revenue, it’s likely you are dealing with commissioned reps.
5. Fixed price support: Fixed for MSP and client?
Fixed price agreements are the basis of managed support. They enable predictable expenditure for clients and offer the IT service provider guaranteed revenue to invest in their support services. Warning bells should ring if your MSP regularly wants to increase the monthly rate due to extra support time being used, without first addressing any underlying issues. Frequent attempts to increase the monthly fee whenever usage is up means the MSP is passing their risk onto you and getting the best of both worlds.
Fairness the key to ‘customer interest’ test
Managed Service Providers intent on building lasting relationships always operate on a principle of fairness. Fairness includes clients having a say in their technology, ensuring agreements balance the benefits for both sides and providing non-commissioned, vendor agnostic sales staff.
How does your MSP measure up?
How does your IT managed service provider (MSP) secure the passwords they use to access your systems? Despite cyber-security concerns, few clients know where these passwords are stored or how often are they updated.
With IT security, it’s what the client doesn’t see, that can matter most.
First Focus, a leading MSP in Australia and New Zealand, identified that strong password management was a fundamental business priority. Over 5000 passwords for client accounts and systems were being held securely, however the process was more manual than ideal.
The Thycotic Secret Server system was chosen following in-depth trials of four centralised credential and password management systems. The key to Thycotic’s selection was its level of automation, auditing, usability and time saving capabilities.
“First Focus were one of the first MSP pioneers in Australia and New Zealand in taking security technology for privileged account management that’s used by the biggest and most secure companies in the world, and applying this to managed customer networks,“ said Kris Hansen, MSP Sales Director at Thycotic.
Dan Maker, project lead with First Focus, explains the importance of password automation.
“The other providers we looked at were very good at password storage. The big difference was Thycotic’s automation engine means we can automatically update passwords, for example every month or quarter. You don’t want to have the same password forever, you want to change it periodically and Thycotic can manage that very well.”
Removing human error
Moving all of the passwords into the new system was a major project, with further automation work planned. However, implementing Thycotic means the service desk will no longer change passwords or need to check any interdependencies manually, leaving no room for human error. Time savings for service staff and clients have been achieved through faster access to accurate, individually managed passwords.
Detailed audit reporting provides additional security, with every user action involving a password recorded, including the system and time accessed. These records provide an important protection for clients and accountability for current and former First Focus staff.
First Focus believe that one of the key differences between MSPs is the quality of the internal processes and the systems used. Those systems may not always be visible to clients, but like password management, getting it right is critical.
There is no better time than today to look at the ICT capability of your business. Over the past 5 years, the adoption of Cloud Technology across every industry has become the accepted standard with proven security, stability and flexibility to help you grow your business and stay one step ahead of your competitors.
If you have never before outsourced your IT Services to a Managed Service Provider, here are the reasons why you should be considering it now.
1. Access to Industry specialists
Let’s face it, employing IT Specialists in Australia is a very costly process and they are difficult to find due to extreme shortages in the industry. It’s often hard to justify the need at a full-time capacity unless they are multi-skilled and therefore are typically more generalist than specialist. Outsourced IT Support Providers can provide the very best IT Consultants and Technical Specialists with expertise in technologies such as Office 365, Cisco, Amazon AWS, Microsoft Azure and much more to get the job done quickly and correctly for only the hours they are actually needed.
2. Proactive IT Monitoring
Too often, businesses are reactive to issues with their IT Infrastructure, meaning that they are not taking sufficient preventative measures to avoid major incidents. Managed Service providers (MSPs) operate extensive monitoring and maintenance programs using the best tools available. They spread the costs across all their clients making these tools affordable for smaller businesses that would never have been able to justify the cost if they were implementing it in their own business.
3. Access the latest technologies and expertise to take advantage
MSPs are constantly researching the latest and greatest technologies, seeking opportunities to add value and reduce costs for their clients. Their staff are typically industry experts who understand how and when to integrate these into their service offering and which clients would get the best outcomes from implementing them.
4. Access to the full spectrum of Infrastructure services at a low cost
Moving to an outsourced IT Service model will open the doors to a wide set of options for managing IT Applications in your business. This includes private and hybrid cloud infrastructure, managed DR solutions, flexible co-location and data centre services with the ability to switch from one to the other at any time, without the investment required in your own hardware and IT specialists.
5. Continuous Hardware Refresh
Hosting your own Infrastructure hardware needs continuous maintenance and has a limited life-span, needing significant investment for replacement every few years to keep up with latest technologies and prevent risk of device failure. Whether it’s a public, private or near-cloud solution you are seeking for your managed services, the maintenance responsibilities and capital investment costs are placed on the Service Provider, with none of the risks or hassle to you, all for a low-cost fixed monthly fee.
6. 24 x 7 Support
Having access to IT support when you need it is critical for most businesses, but the cost of providing a 24 x 7 service by an Australian Help Desk , including all of the escalation points is often completely prohibitive without the use of outsourced IT providers.
7. Productivity & Efficiency
Time is money for IT Service Providers so they ensure that their staff are resolving issues as quickly and efficiently as possible which means better service and better outcomes for the customer.
8. No Training Costs
With IT Outsourcing, the responsibility lies with the Service Provider to ensure that all their staff keep up to date with certifications. However, their staff also gain extensive practical experience across every variety of situation to produce some of the best engineers in the business.
9. Compliance & Top Security
While you are sleeping, hackers are finding more and more sophisticated ways to gain access to the information they are seeking. You can rest easy, knowing that IT Service Providers employ IT Security specialists who use the best in breed of solutions to monitor and protect their clients, seeking out vulnerabilities before they can be leveraged and locking them down immediately.
10. High Quality Service Management procedures & Reporting
IT Service Providers deal with thousands of incidents every day across clients operating in every type of industry. They have defined procedures to deliver the best service to their clients and measure their success with dashboards, reporting and monitoring of customer satisfaction rates.
11. Only pay for what you use
Why pay for an entire VMWare Solution onsite with all the bells and whistles when you only need to run a handful of servers to support your business? Paying a monthly subscription for a Cloud-based environment is not only more cost-effective, it has better redundancy and the flexibility to grow as your business grows.
12. Flexible Architecture
As your needs change, you can add and remove environments, perform a cloud server migration, integrate with cloud applications, adjust your support agreements, change over devices and much more without a significant cost to your business.
13. Focus on the important stuff
Knowing that your IT environment is in safe hands allows you to focus on making strategic IT decisions to support business goals, grow your business and achieve more with the right tools for your trade.
A bit about First Focus:
First Focus are one of Australia’s fast growing and most successful IT Service Providers with offices in Sydney, Melbourne, Brisbane and Perth. If you are seeking a best of breed solution for your IT services, talk to us about how we can help you get more for your budget with minimal risk and no long term commitments. We guarantee that First Focus engineered technical solutions are designed around maximum reliability.
We strive to deliver the best customer experience, first time, all of the time. We don’t do politics and we only employ people whose goals align with ours, so you can assured that we will always have your best interests at heart in every decision and recommendation we make.
Call our Sales Team on 1300 556 531 or email us on email@example.com
Proving that Cloud is not the only option for server and storage infrastructure, First Focus has just completed another on-premise infrastructure refresh for a client in the manufacturing industry.
As a Private and Hybrid Cloud Solutions Provider we can provide our clients with multiple options for infrastructure upgrades. In this case the infrastructure needs of around 100 engineering users running CAD/CAM software led to the on premise solution being the most cost effective, and best performing alternative.
After totalling the full cost of hardware, software, and implementation services, financed over 3 years with $0 upfront, and combined with offsite Disaster recovery and 3 years unlimited “Total Support”, the client’s monthly payment was less than a comparable public cloud solution, and represented a better fit for their needs.
Our client has a high performance, scalable, reliable and secure infrastructure solution, delivered over a single weekend with no downtime and backed by 24 x 7 unlimited support. All this delivered as a cost effective monthly subscription using First Focus’ infrastructure financing facilities.
Hewlett Packard DL360 G9 Servers with HPE StoreVirtual SAN, VMWare vSphere, Windows Server 2012R2.
HPE StoreVirtual is a leader in software-defined storage and is the foundation of a composable data fabric. Optimized for virtualised VMware vSphere, Microsoft Hyper-V and Linux KVM environments, HPE StoreVirtual VSA transforms server’s internal or direct-attached storage into a scalable, shared storage array, without dedicated storage. Software-defined storage controller software enables customers to run enterprise-class storage features on the same set of hardware that also runs the application workload.
We’ve just finished cleaning up the infrastructure for our client in the engineering industry serving 150 end users.
It feels great to finish a thorough spring clean, and well done to Aaoron Clegg , Dave Jalkh, Rob Hodgkiss, and Dave Spruce for finishing this huge project on time, on budget and for delivering a massive improvement in performance, reliability, and security
Hewlett Packard DL360 G9 Servers with HPE StoreVirtual SAN, VMWare vSphere, Windows Server 2012R2, Microsoft Office 365, Skykick, Cisco ASA high Availability clustered firewalls, Storagecraft,
Our client was looking for a national solution provider that could perform all the work needed at their state head offices in NSW, Vic and WA in addition to their Brisbane head office, and who had the breadth of expertise to understand their unique application WAN and telephony environment in order to make the project a success.
First Focus has taken over comprehensive support for the environment providing unlimited on site and remote support for all users Australia wide, and we’re happy to see a huge decrease in ticket volumes as a result of a successfully executed upgrade project.
Australia’s new data breach notification law is really about IT security not just disclosure – don’t get distracted.
In February 2018 Australia’s new data breach notification law comes into effect.
If you missed the announcement, here’s a quick summary.
Organisations already covered by the Privacy Act will have a legal obligation to notify the Federal Government and the impacted parties of any data breach. Failing to do so can result in fines of up to $360,000 for individuals and $1.8 million for organisations.
The new data breach notification law describes a breach as unauthorised access or disclosure of customer information which generates a real risk of harm to the individuals concerned. The kind of information that is deemed to be potentially harmful is fairly obvious and includes credit card details, personal contact details, credit history, health records, bank accounts and tax information.
While there’s been plenty of discussion about whether or not the new data breach notification law is good, bad, effective or ineffective there hasn’t been quite as much discussion about what organisations need to do to avoid a breach in the first place. That’s really the inferred point of this new legislation.
It’s no surprise then that the best advice is, ‘Don’t make it easy for a breach to occur in the first place.’
The fact is, all organisations are being constantly menaced by a wide spectrum of cyber criminals on a daily basis and only the most naïve have poor IT security.
That said, the advent of the new law does mean extra focus needs to be brought to bear to avoid embarrassing mistakes that could lead to costly fines – even for organisations that already do a reasonable job on IT security.
The big question is, How much security is enough?
This has always been a good question when focusing on IT security because not every business needs to protect themselves like a military spy agency.
The short answer is that how much money, time and effort you put into IT security really depends on what you’re trying to protect and what will happen if that information is lost, stolen or corrupted.
Not all information is of equal value. It’s probably not going to make sense to introduce biometric scanners at a primary school computer lab.
Even so, if your organisation falls under the auspices of the new law, you definitely need to make sure all of the security gaps and holes that might exist in your organisation are closed properly and the right monitoring and reporting tools are in place to detect breaches. (And frankly, even if your organisation is unaffected by the legislation you should close those holes anyway because they are probably being exploited).
This might be accomplished with a range of off-the-shelf technologies and revamped business processes to ensure better security practices, but increasingly organisations turn to Managed Security Service Providers (MSSPs) who protect organisations from the outside.
The benefit of a Managed Service Provider, like our company, First Focus, are several.
- We focus on IT management and IT security for a living so we have to be up to speed, all the time about new threats and technologies that mitigate them
- We work across a variety of IT environments and know how to manage and protect them.
- We use sophisticated tools to actively monitor and manage networks, servers, devices and security around the clock, with both manual and automated responses to threats or critical events. Most organisations just can’t afford to buy or run these kinds of tools or maintain around the clock teams.
- We offer expertise and experience that is hard to find and fund within most organisations, and our teams scale as required to meet customer requirements.
- We can harden your IT security quickly by diverting your network traffic through our hosted security infrastructure.
If you are just getting considering how Australia’s new data breach notification law might impact your organisation and know you need to implement better security practices then consider the role an MSSP like First Focus could play in mitigating risk and helping you comply with your new obligations.
Starting with two people in 2003, last month we celebrated our 100th employee joining the First Focus IT team. One office has turned into presence across Australia and New Zealand. Basic IT support has turned into a national service desk, our own private cloud with compute, telephony and advanced private networking with business and IT consulting to complement our client’s needs. Thank you to all of our team and clients who work with us to achieve our vision of helping people use technology.
Another successful project and another happy customer.
First Focus was asked by Mutual Marketplace – a new joint venture between People’s Choice Credit Union and Credit Union Australia) to create a scalable IT infrastructure solution from the ground up.
First Focus engineer Dan Maker led the project and deployed a full suite of technologies including MPLS WAN with redundant 4G failover, managed cisco firewall and security services, a hosted Broadsoft PABX, our cloud desktop-as-a-service platform, office 365, private cloud server infrastructure, and unlimited ongoing infrastructure support. The whole solution has been deployed and fully contained within a single private network, and is fully managed and maintained by First Focus without relying on external third parties. This means our networking team can monitor every node from the desktop to the data centre, guaranteeing application and infrastructure performance. It means our service desk team can access and administer every device on the network meaning faster support response times and SLA guarantees. It also means our engineering team can extend or customise all hardware and software to meet Mutual Marketplace’s evolving needs.
“… Thank you for your support during the implementation phase of our project with Mutual Marketplace. We placed incredibly tight timelines on your team to deliver hardware and software infrastructure in two locations and we’re very pleased with the outcome. We look forward to a strong relationship with First Focus and Mutual Marketplace.”
– Nick Dinan
This combination of technology and services provides Mutual Marketplace with a fully GS007 compliant solution which is also highly reliable, scalable and cost effective. If you’re in the financial services industry and looking for a premium infrastructure solution at a cost effective price point, give First Focus a call on 1300 556 531.
The hype and buzz around cloud computing has reached business boardrooms over the last few years, but there still remains a lot of confusion around how it is used and what exactly it means.
In August 2014 several hundred private celebrity photos including nude pictures were published after hackers attacked Apple’s iCloud storage service. This kind of high profile and very public security breach has only added to the confusion around the security and safety of information in the “cloud”.
Cloud Computing essentially involves pooling servers, storage and networking resources together to offer centralised computing infrastructure that can be shared by several people or organisations. This can range from simple file storage services, or online backup services to comprehensive corporate infrastructure solutions, and these services can be made available for access by any internet connected device.
The key to most cloud services is to share computing resources across a large numbers of end users, spreading out the cost and in some cases enabling free access to a sufficiently large customer base, where revenues to the cloud provider are derived from upselling additional services, advertising or other sources. These services tend to be very easy to use, with simple security, broad accessibility, and the ability for end users to create new accounts or enable access without any special knowledge or experience.
However, when applied to a corporate environment, while there are some cases where this can work well, this approach can also cause several issues. An organisation’s data can suddenly “sprawl” across a variety of Cloud platforms, and different jurisdictions. It can be controlled by end users who may not secure their accounts well or who may even leave the organisation. Inter-departmental access controls can be difficult to regulate, and a number of backup and data integrity issues arise. There is significantly enhanced risk of data loss, and data theft.
The First Focus Smart Cloud is a private cloud service that is adapted and tailored to suit each of our customer’s needs. Like a public cloud, First Focus operates large pool of servers, storage and networking equipment available for use by our customers. However, unlike a public cloud service our infrastructure is carved into small “modules” which can be completely tailored and dedicated for use by just a single customer.
As a private cloud service, access levels can be tightly controlled, and centralised professional administration ensures that there are no security “back doors”. Our Smart Cloud provides the highest levels of management, visibility, control, security, privacy, and physical data proximity as well as the peace of mind of knowing exactly where your key business data resides at all times.
First Focus Smart Cloud can deliver custom-built private clouds and hybrid clouds from infrastructure that is locally hosted at secure data centres in Sydney and Perth and which are instantly scalable to meet your growing data requirements.
Because our modular approach simplifies ongoing management and greatly improves performance, the First Focus Smart Cloud service is available at the same price points as large multi-tenanted public cloud offerings, with the added benefits of access to First Focus’ comprehensive help desk and on-site support options. This provides a cost-competitive alternative without the public cloud’s disadvantages.
First Focus is proud to announce that we have been awarded a Platinum Award for Customer Service from Australian Customer Service Awards.
The Australian Customer Service Awards has been designed to recognise, encourage and reward small and medium-sized Australian businesses for their excellent treatment of, and positive attitude towards, their customers.
Following a recent survey of our clients, First Focus has attained a Net Promoter Score of 85. This ranking states that over 85% of our clients would recommend us to a close friend or colleague.
This, most recent, award follows a host of industry acknowledgements for First Focus including the Deloitte Technology Fast 50 and CRN’s Fast50 for 2013.
“This award is such a great acknowledgement of the effort we put in to exceeding our customers’ expectations. The two “Fast 50” awards acknowledge our business success. However this award speaks directly to why we are so successful. Our growth so far has been entirely due to our customer’s recommendations.” – Peter Paddon, Managing Director
For more information please contact First Focus at firstname.lastname@example.org
or call 1 300 556 531.
First Focus has again qualified for two top IT industry award programs; the CRN Fast 50, and the Deloitte technology Fast 50.
Reflecting both our sustained growth over several years as well as significant growth in the last year, for the fourth time in the last 5 years First Focus has been recognised as one of the fastest growing IT companies in the country, being placed on two “Fast 50” lists for 2013.
With revenue growth of 85% over the last 3 years we were recognised in the Deloitte Technology Fast 50 which looked at revenue growth in the IT sector over the period 2011-2013. Not surprisingly the Deloitte survey confirmed that pure play internet companies and cloud based software-as-a-service companies continued to gain momentum, while, more pertinently for First Focus since we have just re-launched our website with a range of new cloud and other services offerings, significant growth opportunities are to be found for managed service providers, cloud based hosting providers and infrastructure players.
First Focus was also awarded a place in CRN’s Fast50 for 2013, which uses a strictly numbers based approach on revenue when compiling their list of top resellers.
Richard Marlow, First Focus’ General Manager commented that it was “particularly pleasing to be recognised by both Deloitte and CRN thereby effectively recognising both our services and reseller business units. While comprising a significant part of our business, our reseller division is really a business unit that we operate to support our services business which has actually been our largest growth sector over the last year”.
Having just re-launched our website with a range of new cloud and other services offerings, this is a very pleasing way to be ending 2013 and we are very much looking forward to further significant growth in 2014.
For more information please contact First Focus at email@example.com or call 1 300 556 531.
We are very pleased to finally launch our new website and brand. The design process has been helped immeasurably by comments, suggestions and feedback from our staff, our clients our business partners, and friends.
Peter Paddon, First Focus’ Managing Director said:
Our new website and our brand now accurately represent who we are as an organisation; Australia’s leading provider of smart cloud, infrastructure projects and IT support solutions.
The new website offers a more comprehensive outline of the services we offer along with quick and easy access to pricing calculators for both Smart Cloud and IT Support solutions. We’ve also simplified navigation and updated the entire website look and feel.
Peter Paddon added:
Although we’re very pleased with our new website and brand, the site alone can never convey the level of customer service and support that our clients expect from First Focus.
Our clients enjoy solutions that are delivered at the highest standards, based on our gaining a detailed understanding of their needs and then designing customised infrastructure solutions to fit.
Our new website is simply the start of the conversation.
Along with the new website and brand, First Focus has released a range of new Smart Cloud hosting products and services, and we would encourage you to browse throughout the site and get in touch with one of our consultants for a chat about how we can help your organisation.
For more information, please contact First Focus at firstname.lastname@example.org or call 1300 556 531.
Australia Post subsidiary First Direct Solutions has enlisted First Focus to host the majority of its server and storage infrastructure on our new Smart Cloud platform.
The infrastructure migration is part of a long term relationship between First Focus and Australia post that has included a variety of infrastructure projects, services and support delivered over the last 5 years. Our Case Study outlines some of these services in more detail.
About the recent Smart Cloud hosting project, Australia’s Post FDS’ IT operations manager Chen Chen said:
The level of support they provide for our cloud infrastructure is second to none, which is crucial to the continued day-to-day operations of our business
First Focus continues to deliver market leading private cloud hosting solutions by combining leading infrastructure with our traditional comprehensive support services, from the data centre to the desktop. First Focus Victoria State Manager Paul Whiteoak said:
For customers like Australia Post its not just about meeting an SLA, it’s about the whole solution. We’ve consistently shown them that we’re prepared to go the extra mile and deliver solutions that combine leading infrastructure with comprehensive service and support. FDS know that our solution will deliver and that’s why they’ve trusted us with their infrastructure.
In a further demonstration of our commitment to deliver end-to-end support to our clients, First Focus has expanded our on-site support coverage into South East Asia via our partner network.
We are pleased to announce that we are now able to provide on-site support in Singapore, the Philippines, PNG and Fiji with SLAs that range from Next Business Day right up to 4 hour on-site 24 x 7 in some areas.
First Focus currently delivers on-site support to over 70 locations across Australia and New Zealand through a combination of our own full time staff in major cities, and a network of contractors in rural and regional areas.
Our contractors undergo a rigorous technical, service level, and administrative pre-qualification process and if successful, they’re then subject to ongoing SLA testing and evaluation. This enables First Focus to provide our clients with the same consistently high level of on-site support in all of the locations we cover.
First Focus Engineering manager Karl Richardson said:
IT support is increasingly becoming a remote based service, but the on-site component is still an essential piece of the puzzle for a lot of businesses. There is often no substitute for having an engineer on the ground eyeballing a problem or helping end users.
Our expanded international coverage was driven by customer demand. First Focus General Manager Richard Marlow said:
Traditionally multi-site businesses would have separate local suppliers for IT services in each site, but this creates an administrative overhead and results in inconsistent service levels and often finger pointing. Our wholesale relationships with local vendors deliver a unified solution with a consistent SLA, a single point of contact and a single bill.
For more information about First Focus regional coverage and on-site support solutions, please contact First Focus at email@example.com or call 1300 556 531.
Anyone that has experienced slow Citrix, Terminal services or VMware performance when hosting on large scale cloud infrastructure will tell you how frustrating that can be. One of the key components to delivering quality performance is the speed of the SAN (or storage area network)
SAN performance is critical for delivering high quality end user experiences particularly when combined with desktop virtualisation.
First Focus storage strategy across our Smart Cloud is just that: Smart. Instead of investing in a single large SAN, and then subscribing hundreds of customers to it (and thereby contending performance across all users), our approach leverages Hewlett Packard’s leading StoreVirtual technology, consisting of multiple smaller flexible SAN nodes joined together into several larger virtual SANs.
Each small SAN node offers 99.999% uptime reliability, and contains its own array of disks configurable in RAID/6 for capacity or RAID/10 for performance, along with its own controller pair delivering dual 2Gbit or dual 10Gbit throughput. This approach means the overall performance of our SAN increases as more customers are added, removing bottlenecks, and ensuring that the system is never over-subscribed.
This also means customers with larger SAN requirements can be allocated entire dedicated SAN nodes offering the highest performance IOPS, and dedicated 10Gbit / sec throughput, for extremely competitive prices.
It is this technology that drives our market leading CloudDESKTOP and CloudCOMPUTE products, and this is one more reason First Focus offers Australia’s leading private cloud solution.
For more information about HP’s StoreVirtual products please see http://www8.hp.com/us/en/products/data-storage/data-storage-products.html?compURI=1225885
For more information about our Smart Cloud or arrange a demonstration of our SAN performance and how it can benefit your organisation, please contact First Focus at firstname.lastname@example.org or call 1300 556 531.
At Citrix’ Synergy industry conference in LA, Citrix announced the next major release of their desktop virtualization software: Citrix XenDesktop.
First Focus customers benefit from our partnership with Citrix as we deliver the best possible suite of technologies to address their requirements. Citrix XenDesktop 7 delivers significant advantages over XenDesktop 6 in a number of ways and in particular an improved mobile user experience.
Enterprises are under mounting pressure to respond to the demands of an increasingly mobile workforce. However, most businesses use Windows apps that were never meant to be mobile. Breakthrough technologies in XenDesktop 7 enable any Windows app to function intuitively and transparently on mobile devices, providing a seamless experience on devices of any type
For more information please see http://www.citrix.com.au/news/announcements/may-2013/citrix-extends-enterprise-mobility-strategy-with-xendesktop-7.html
First Focus’ Smart Cloud continues to leverage the best technologies to deliver our clients the best private cloud solution available in Australia. We look forward to the new functionality of Citrix XenDesktop 7 due for release in June 2013.
For more information about our Smart Cloud or arrange a demonstration of XenDesktop 7 and how it can benefit your organisation, please contact First Focus at email@example.com or call 1300 556 531.