September 29th, 2015

By: Dan Bremner

It’s been a big week for software releases. First, Apple released theoffice-2016 latest iPhone and iPad operating system, iOS 9, to go along with their newly introduced devices. Then Microsoft released Office 2016, with a huge focus on collaborating and making use of the shared cloud storage that comes with Office 365 subscriptions, OneDrive and SharePoint. To top it all off, Apple brought out a Microsoft exec onstage at their event, for the first time in what, 20 years?

Let’s focus on Office 2016, which as you may guess from the appearance with Apple, is finally a true cross-platform simultaneous release for the first time ever. The same version is available on Windows PCs and Apple Macs, and there are mobile versions for Windows phone, Android, and Apple devices. You can start editing a document in Word on your PC at work, pick up where you left off in Word on your Android phone on the train home, and continue on your Mac when you get home.

If you’ve collaborated with others working at the same time on a document in Google Docs, or more recently in Word Online, you’ve seen the real-time co-authoring features that are now available in Word. If you save your document in OneDrive or SharePoint, you can share that document right from within the program, and other people can open it and type in it, while you see what they type in real time. The in-app sharing works in Word, PowerPoint, and Excel, the Co-Authoring works in Word and PowerPoint, and the real-time typing works in Word only for now. OneNote has had notebook sharing and near-real-time syncing for a while now.

Recognizing that our documents keep getting bigger, and email isn’t always the best way of sharing these files (especially if multiple people need to edit, and you want to avoid version nightmares), Outlook now has the ability to “Attach” files from OneDrive or SharePoint that don’t attach the file, just a link to the shared file location. Even better, it will automatically adjust the permissions of those files so that the email recipients have read or read/write permission to the “attached” files, depending how you set it.

Speaking of collaboration, Microsoft’s acquisition of Skype is making its way into Office too. While sharing a document, you can also initiate a Skype messaging session with the document collaborators from within your document window. Skype for Business has completely supplanted Lync as Microsoft’s business messaging tool, and is making a big play to be a natural extension of your workflow with colleagues.

There are many more features to explore in Office 2016, including new chart types, new forecasting features in Excel, and integration with external web data, and lots more. To help find the feature you want to use, the Help system has been revamped with Tell Me. Start typing what you want to do, and Tell Me will get you to the feature you’re looking for, or will find help on the feature.

The connected, work-anywhere-from-any-device promises that have been hinted at for years are now starting to become reality. It’s an exciting time for businesses to take advantage of new opportunities for productivity. If you’d like us to help you get up to speed with Office 365, OneDrive, SharePoint, or the new Office 2016 suite, give us a shout. We’re glad to help!

Topic Articles
August 5th, 2015

Windows-10-logoMicrosoft’s newest incarnation of the now 30-year-old Windows brand was officially released to the computing public last week. Much of the online commentary has focused on user-interface aspects of the new OS, such as the newly redesigned (again!) Start menu, the ability to run the newer-style (Metro/Modern) apps in a window instead of full-screen, and the new virtual assistant known as Cortana. Understandable, since that’s what most users will notice and see, and that’s where Microsoft received the most Windows 8 criticism.

As business technology junkies, though, it’s hard for us to get too excited about redesigned start menus. Yes, Windows 10 feels more at home than its predecessor in the traditional keyboard and mouse desktop world that most business users still reside in. Microsoft’s attempt to bridge the desktop and tablet form factors feels less jarring than Windows 8 did, and that’s a good thing. That’s about all I’m going to say, however, about the cosmetic facelift you’ll see in Windows 10.

Instead, I’ll highlight a few things we biztech junkies are excited about – things that will end up having more impact on businesses. Some of these, we’ve been watching slowly develop and converge for the past several years. What Microsoft is doing, or rather has been doing for a few years, is laying a foundation intended to address needs that almost every business has when they look into cloud computing and how best to serve a decentralized workforce.

  • Azure Active Directory Support. If your company has started using Office 365 for email, you’re already using Azure Active Directory – it’s the cloud version of the on-premises Active Directory service we’ve all been using for years to authenticate users and computers on corporate domains. Windows 10 support for AD in the cloud will help IT departments secure company computers that aren’t connected to the company network. Remote workers “in the field” will be able to have authentication and security policies applied much like their counterparts in the office.
  • Windows Hello. Log into Windows without a password, using facial recognition? It may feel gimmicky, and in this first incarnation, maybe it is, but eventually biometrics will become an important enhancement to the now-ubiquitous standard of password-based computer security. Windows 10 Hello is laying the groundwork for that next phase of security. Presumably it would be harder to hack someone’s iris than it is to hack their password.
  • BitLocker and EFS. While not new at all, these disk- and file-encryption technologies are being given renewed attention, and one or both of them will be enabled by default in Windows 10. This will help protect your files from unauthorized access by someone who may gain access to your PC, or if your notebook is lost or stolen. Turning these on by default should help prevent a lot of data security breaches that result from hackers finding data on lost, stolen, or discarded computers and hard drives.
  • Information Rights Management. IRM is not new, and also technically not a feature of Windows 10, so why is it on this list? It’s part of the bigger picture – the integrated solution that Microsoft is offering for businesses to share and collaborate across devices and locations, while still maintaining controls and standards, and protecting company information from loss or misuse. With the introduction of Azure Rights Management, a feature built into some tiers of Office 365 and available a la carte as well, coupled with the Azure Active Directory support now built into Windows 10, the Microsoft ecosystem becomes a compelling solution for the modern business.


In this ecosystem it’s possible to set limits on who can use and open documents, how and when documents can be used, and to help with the problem of ex-employees taking company data with them when they leave the company. For example, a document might be set to only be able to open on a computer if it’s authenticated to the company domain either through the cloud, or the company network. Or allow it to open only after the user authenticates, and if a user leaves the company, they lose the ability to authenticate, which renders the document useless. All of this helps companies make information accessible anywhere it’s needed, on any platform, in any location, while protecting the valuable data each company has.

Should I go out and upgrade right now? I probably should have put this at the top of this article. After all, Windows 10 is being offered free, so what’s the downside, right? We’ve been using the previews for a few months now, and we like it. That said, our current stance is that most businesses should wait, at least a little bit. The direct cost of an operating system isn’t likely to be the largest factor in an upgrade decision. Despite the improved upgrade process and delivery through Windows Update, this is still an Operating System upgrade, and there will be some incompatibilities and some adjustment, like with any OS upgrade. For example, our management utilities are not fully compatible yet, though we expect an update to those soon.

Any across the board change like this should have some planning and preparation before implementation. There will be some adjustment to the new UI, and there may be some driver updates required after an upgrade. So our current guidance for businesses is this: Windows 10 is likely the eventual destination for most businesses. If you are buying a new PC, you should probably order it with Windows 10. If you’re currently on Windows 7 or 8/8.1, you don’t need to rush into anything. Give it a few months, let the inevitable bugs get patched, and drivers get updated, and work with us on an upgrade plan if you’re anxious to upgrade. There’s also no harm in waiting for the next PC refresh cycle to move to Windows 10, either. At home, where you’re not relying on the PC as a tool to do your job, it’s a different story. For those eager to try the latest and greatest from Microsoft, make a backup of your home PC (you are doing that anyway, aren’t you?), and have at it! Requirements are similar to Windows 7/8/8.1, and it’s a great way to get comfortable before your business is running Windows 10.

Thanks for reading. Please feel free to direct any of your Windows 10 questions to me, or to your support team.

Topic Articles
June 24th, 2015

By: Dan Bremner

Windows 10 is coming!

You may have seen some of the press, or even a “Windows 10 is coming” notification on your desktop along with an offer to “reserve your upgrade”. By the way, if you’re only half-paying attention don’t worry, you didn’t miss Windows 9. Microsoft decided to skip a version and go right from Windows 8 (and 8.1) to Windows 10.

Of course, as your IT company, we’re working with the new release so we can give you inside scoop, and be ready to support you, our customers, when you’re ready to move. All of our desktops internally are running Windows 10 Preview, and I’ll have some information in the next newsletter on what’s new and changed in Windows 10, and what to expect.

For this installment, I want to focus on a few things you should know about the rollout of Windows 10, because it’s much different than previous Windows releases. If you’re a Castema Managed IT customer, please be sure to read the recommendations at the bottom.

  • It’s Free. For all customers with Genuine installations of Windows 7, 8, or 8.1, you can upgrade for free, as long as your system meets the minimum specs. Apple started doing this a few releases ago, and Microsoft is following suit. This free upgrade is good for a year after the release date, so until July 29, 2016.
  • It’s coming through Windows Update. Previous versions of Windows have come via a CD/DVD, a separate download, or a Microsoft Store App. While those options may be available for Windows 10 also, the upgrade that was just announced is being delivered through the Windows Update mechanism. Make no mistake, though, this is still a new Operating System, and not an “update”. The installation may take an hour or so, and may require installing drivers and setting up new system preferences after it’s complete.
  • Microsoft is taking “reservations”. What does that mean? If you click the Windows notification (if you have one) in your taskbar and reserve your copy, your system will be examined to ensure it meets the specs, and then once the release date arrives, your computer will download the installation files for the new OS in the background. What happens after that isn’t specified in detail, but presumably you will be prompted to install it.
  • It’s NOT Mandatory. Being techies at heart, we are generally in favor of new stuff, especially when it improves over the old stuff. But this is your business we’re talking about, so we certainly advise a controlled rollout, and not an “every man for himself” approach to new technology. Which leads to…

Our Recommendation to our Customers

The number one recommendation is don’t click on the update on July 29th and do this yourself without first coordinating with us. Having us involved can help steer clear of “gotchas” and make sure things run smoothly – exactly why you hired us in the first place. We’ll be doing plenty of testing over the next weeks leading up to the launch, and we’ll have some best practices defined for our Windows 10 rollouts. If you already clicked on “Reserve My Copy,” don’t worry, we’ve got you. Downloading files in the background won’t do anything until you OK the prompt to install. Or you can cancel your reservation easily.

Some of you may prefer to hold off on Windows 10 until your next PC refresh, just as many have done in the past, and that’s perfectly fine. Others may want to take advantage of the newest release, and the fact that it’s being offered for free, and we’ll work with you to roll it out smoothly, if that’s you. In the meantime, you don’t need to do anything, and we encourage you ignore the prompt about reserving your copy.

We expect Microsoft to release more details and tools soon for IT departments to help the companies they serve, to ensure consistency. In the meantime, as your IT department, rest assured that we’re on top of the Windows 10 news, and as always, you can come to us with any questions about what’s the best approach for your company.

Topic Articles
May 1st, 2015

By: Dan Bremner

This month’s article highlights another under-appreciated, but very useful technology that’s built into Microsoft’s Windows Server products. (In case you missed it, here’s last month’s post on Active Directory.) Remote Desktop Gateway is a service that enables people to securely log into their company’s Windows computers from any Internet-connected device that’s running a Remote Desktop client app. That can be a Windows PC, a Mac, a tablet, or even a smartphone. Yes, you could log into your desktop PC from your iPhone and run Quickbooks, though I’m not sure I’d recommend it for very long.

Many people are familiar with remote control solutions like LogMeIn, GoToMyPC, pcAnywhere, and so on. Microsoft has had its Remote Desktop (originally called Terminal Services) software for years, but using Microsoft’s solution to connect from outside the office meant using a VPN, or opening holes in the firewall, both of which carried potential risks, and added complexity. When Remote Desktop Gateway was introduced with Windows Server 2008, it promised to simplify and secure the process.

Here are 5 reasons to consider Remote Desktop Gateway if your company is looking for remote-access solutions for your employees.

  1. Connections are Secure. By using SSL Certificates (the same technology that secures your communication to online banking and ecommerce sites), and requiring only a single firewall opening, the remote connection is kept safe from eavesdropping and hacking attempts.
  2. No VPN Required. Any device with an RD client can connect directly over the Internet without opening any unnecessary tunnels between your corporate network and an employee’s home computer. This can save money on VPN solutions, keep things simpler for users, and limit your exposure to possible malware introduced by a non-secured home computer.
  3. One Connection, Many Options. You may have a Remote Desktop Server that many people can log into concurrently, or you may allow employees to connect remotely to their PCs at their desks. In either case, the same connection to the Remote Desktop Gateway acts as a bridge to the company computer that the employee is connecting to. There’s no need to worry about IP addresses, or DNS servers, or any of a number of other requirements that would be true of a VPN solution without RD Gateway. All that needs to be entered into the client connection is the name of the PC to connect to.
  4. Remote Desktop Gateway is Part of Windows Server. If you have Windows Server, you have Remote Desktop Gateway, and may need only to add an SSL certificate to get things configured.
  5. No Third-Party Sites. With many remote-access solutions, both the remote controlling device and the remotely controlled computer have to make a connection to a server operated by the remote-control service in order to make the connection. With RD Gateway, the connection is made directly to your company network with no intermediary required.

When it was first introduced, many of the RD Clients for non-Windows platforms didn’t have support for Remote Desktop Gateway. However, that’s no longer the case, as Microsoft has released clients for Mac, iOS, and Android in addition to Windows and Windows Phone, all of which support RD Gateway.

If you’d like to learn more about using this feature in your company’s remote access solution, just ask us!

Topic Articles
April 1st, 2015

active_directoryBy: Dan Bremner

I had a conversation with a client recently about Active Directory, and why it was a good idea, even for very small businesses. Like many business owners, my client had heard of Active Directory, but wasn’t really sure what it is.

Without getting into too much technical detail, Active Directory is a basically a list of the computers and people in an organization that all the computers share. It means each computer doesn’t need its own list, because they delegate the responsibility for authenticating users and setting permissions to a central location. In simple terms, it means that we can enter a user account once, and all the computers on the network know about that user, and know what things that user is and isn’t allowed to do. Without it, we would have to create that user account on every computer in the network.

Active Directory certainly isn’t a new technology, having been introduced by Microsoft in Windows 2000 (and built on LDAP and other technologies that are even older). However, if you don’t live and breathe technology every day, you may not realize all the good stuff that comes from having Active Directory as the framework for your computer network.

I’ve been asked, “When is a business large enough that they should use Active Directory?” With the ascendance of “the cloud” in recent years, there is also a school of thought that servers in the traditional sense aren’t needed anymore. I would answer that the foundation of Active Directory is still important for any business, and an inexpensive server like Windows Server Essentials is often the most cost-effective way to do it for the smallest businesses. (Although there are cloud options, too, including Microsoft’s Azure Active Directory.)

I’m going to turn that question around and say, “When is a business too small to use Active Directory?” My answer would be that a business with only a single owner/employee who does everything, and who doesn’t plan to hire anyone else, probably doesn’t need it. For just about everyone else, AD has benefits that make it worth considering. It’s part of the foundation that lets you build a scalable business.

Here are a few of the benefits of Active Directory for small businesses:

  • Single sign-on. Log into your computer and have access to all the resources you need on the network.
  • Permission schemes using Security Groups so things don’t have to be re-engineered when you add or remove employees.
  • Group Policy is an extremely powerful tool that can set standards for security, permissions, passwords, standardize appearance, install software, and connect to printers, all based on Active Directory attributes.
  • End-user PCs can be logged on by any user, which makes replacing, or restoring PCs take much less time, and enables employees to use another computer in a pinch.
  • For compliance with standards such as PCI-DSS and HIPAA, Active Directory makes it possible to ensure that required policies are enforced across the network.
  • Security auditing, if needed, is far easier with centralized authentication.
  • If someone leaves, or changes roles, there is one place to change their security settings, and it takes effect on all computers.

Active Directory may not be sexy technology, but it’s a solid tool for businesses that are serious about growing and scaling their operations.

Topic Articles
December 21st, 2014

BCP_Jan20_CBy: Dan Bremner

“Worst Case Scenario” thinking can help your business be prepared. No one likes to think about it, but what would you do if your office burned down, or flooded, or if thieves walked off with everything in your server closet? More to the point, would your business be able to survive?

Insurance is great, and hopefully you have good coverage that will get you a check right away to replace what was lost. (You do, right?) But while it’s easy to buy new equipment and furniture, there’s no store in the world you can go into and buy back the business information that was on those servers.

From an Information Technology perspective, the top priority for any Disaster Recovery (DR) plan is to ensure that critical business information is protected. Right below that on the list is ensuring that the business data you’ve protected, and the systems required to make use of that data, are available for use by the people who will be carrying on the critical functions of the business.

There is a lot that goes into a Disaster Recovery/Business Continuity plan, including threat analysis, Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO), as well as succession planning (having people that can step in if key employees are unavailable). It’s beyond the scope of this article to go in depth into DR/BC planning. However, I want to highlight a few technologies and practices that help make DR more affordable for smaller organizations.

  • Cloud-based data backup. For many customers, we have deployed a cloud backup solution that copies your server’s data files to a cloud server, and continuously sends updates as files are changes, while also maintaining older versions of the changed files. We have been advocating a combination of on-premise backup and in-the-cloud backup for a while now, as both have their advantages. For DR purposes, an event that takes out your office is unlikely to affect a remote data center, so cloud backup is an excellent fail-safe for your data.
  • Virtualization and Replication. This topic could be the subject of its own article (in fact, it was a few months back). Replicating a virtual server means that an exact copy of your server is being sent, in near real time, to another location, where it can be quickly placed into service if your primary server goes down. While other vendors have had replication options for virtual machines, Microsoft, with Hyper-V, has made replication an included feature, and has made it much more affordable to replicate servers to a secondary location. Just this month, they went one step further and enabled Hyper-V replication and recovery to their Azure cloud service ( Now a business that wants to replicate a few servers doesn’t have to buy additional hardware or software, or pay for colocation of hardware in a remote data center. Of course there is an ongoing cost, but no up-front purchase is required.
  • Data center colocation. An increasing number of companies are moving their servers out of their offices and into a secure data center. This can increase security, and reduce operating costs such as cooling and power, as well as real estate requirements in the office. From a DR perspective, servers in a data center are more physically secure from theft, fire, flood, and they are usually protected from power and Internet outages by multiple levels of redundancy.
  • Cloud services. It bears mentioning that fires, floods, or equipment theft in your office won’t affect things like Office 365, Google Apps, Salesforce, or Quickbooks Online. As long as you can connect to the Internet, you can still use those platforms, so if you use a cloud service for email, your email will continue to function even if your office location is offline. That’s not the only reason to move to cloud applications, but it is one benefit.

While no one ever wants the worst to happen, and no one thinks it will happen to them, going through some “what if” thinking and planning for it can make the difference between business survival and business failure. Each company is unique when it comes to what systems or data are most important. What is indispensable to one company, another may be able to survive without for days or weeks. When it comes to the IT portion of your plan, we can help you navigate the many options and together create a plan that is suited for the unique requirements of your business.

Topic Articles
October 15th, 2014

By: Dan Bremner


Is your smartphone bigger than your last one? Chances are pretty good the phone you have now, or the one you’re going to get next, has a larger screen than the previous one.131404860

I’ve been using an iPhone 6 Plus for a week or so now, and figured it was time to share some impressions of it. I’ve been comfortably in the Apple ecosystem for years, so I know I’m late to join the owners’ club of “comically large phones” (Or “phablets” if you prefer that term. Personally, I prefer “comically large phones”.) compared with some of my colleagues with Windows or Android phones.

Judging by the record-setting pre-sales figures for the new Apple iPhone 6 and 6 Plus—not to mention the Samsung Galaxy line and offerings from HTC and Nokia, among others—there is plenty of consumer demand for big-screen phones. This appears to be a trend that is here to stay, despite Steve Jobs’s famous, “no one’s going to buy that” quote. Consumers clearly prefer larger screens, and the phone makers have responded by super-sizing their new phones pretty continuously over the past 6 or 7 years, as this chart highlights.



My impressions after a week or so of use are generally favorable. Here’s a breakdown of the good and the not-so-good.


  • The screen is fantastic. Beautiful, crisp, and far better for reading, web surfing, and just about everything else. Also, showing a photo or video to someone, or to a group, just feels better than crowding around a tiny screen.
  • The camera takes great photos. I can’t say I’ve used the motion stabilizers yet, but I’m looking forward to putting that to the test.
  • Battery life is better than I’ve experienced on any previous iPhone.
  • I love the predictive typing feature. I know this is an iOS 8 feature, not unique to the new phones, but it’s a big time saver.


  • Holding and using one-handed. For me, the phone is right at the edge of being “too big.” That’s a very personal preference, and I’m told by others who have had larger phones for longer, that this will subside. In a few weeks, they say, it will no longer seem that way. I’ll see about that. Realistically, it’s usable one-handed, but a little awkward at times. The “reachability” double-tap helps but isn’t seamless. That said, I seem to use two hands a lot anyway.
  • Carrying the phone. For me it’s not too bad, though when I sit down the phone with it in my pocket, the phone does make its presence felt. I’ve always kept my phone in a front pocket, and for the most part, all my pockets accommodate this phone reasonably well, though not as discreetly as with a smaller phone.
  • The interface to my car is problematic when I want to play music in the car. I’m pretty sure this is an iOS 8 bug too, because my iPhone 5S had the same issues after I upgraded it. I suspect Apple will have some fixes coming soon, which I hope will take care of this.

Time will tell if the minuses become non-issues. Meanwhile, even after only a week, an iPhone 5S now feels small to me. My teenage daughters give this phone a big thumbs-down, though. Their hands are smaller, their pockets (if any) are smaller, and the back-pocket method they prefer would not work well with this phone.

For a lot of people, the 4.7″ screen of the iPhone 6 will be a better fit than the 5.5″ iPhone 6 Plus. But as we all get more accustomed to using our phones for things we used to do on our computers, the extra screen real-estate is welcome, and that’s a good thing. Because it seems there will be no going back to the old 3.5″ screen of the 2007 phones.

Topic Articles
July 14th, 2014

480365773By: Dan Bremner

Email security is on my mind today for a couple of reasons.

With my oldest daughter off to Marquette University in the fall, the “college fund” my wife and I have been saving into for years is no longer a deposit-only thing – we need to start tapping into it to pay tuition bills. So I’ve had to exchange some documents (via secure email) with my financial advisor to get accounts linked so we can transfer funds and make those tuition payments.

At the same time, as some of you know, we’re in the process of rolling out a new email security platform to our Managed IT customers. While “email security” in this sense refers to spam and malware filtering, the “secure email” I want to talk about is email encryption, a newly available option with this platform. It lets us exchange information via email while keeping prying eyes from intercepting and reading the contents. Like those documents from my financial advisor that have my bank account information in them.

But I’ve Always Heard Email Is Insecure?

Isn’t email inherently insecure? Well, yes, it is. Standards for email delivery don’t require encryption, which means that as your message passes from one mail server to another on the way to your intended recipient, there’s a good chance it’s being passed around and stored in plain text. It also may end up in many different places, not all of them secure, such as a smartphone, iPad, or home PC.

Bottom line: Email is insecure today, just as it always has been. This is why we avoid sending important login credentials, or anything else important like credit card numbers through email.

So How Do We Make Email Secure?

Over the years, many “email encryption” solutions have been introduced, incorporating technologies like S/MIME and PGP. Ease of use has been the biggest barrier to mass adoption. Not only were they cumbersome to use, but because you couldn’t assume a recipient was even able to receive an encrypted message, these solutions never really took off in widespread use.

More recent solutions have emerged to simplify the process, and to comply with data security legislation, such as HIPAA, PCI-DSS, Sarbanes-Oxley, and the EU Data Protection Directive. To do so, they have approached the problem from a different angle. Essentially, since email is insecure, they take the sensitive data out of the email message. More on that in a moment.

It’s worth noting that these newer solutions have different goals than previous “end-to-end” email encryption solutions. Whereas those solutions aimed to ensure only the individual sender and receiver could read the message, these solutions are more concerned with making sure the message remains under the control of your company (or designated service provider acting on behalf of the company), with access granted only to authorized viewers, because that’s the key to being compliant. If you think about how such information is handled in the non-computer world, this makes sense. Your medical information is not just given to your doctor, but also the nurses and other medical personnel who need access to it, just as multiple people at your bank have access to your bank account number and can look up your balance.

Email as a Notification Tool

These newer encryption solutions take advantage of several realities.
1. Email is great for notifying people when they have a message.
2. Everyone already knows how to use email.
3. Interacting with secure web pages, whether for e-commerce or online banking, is both simple and familiar for most users.

With our newly available encryption platform, when you have a secure message to send, the outbound mail server detects if the message needs to be encrypted based on rules set up by your company. You could have a trigger like [secure] in the subject line that automatically creates a secure message, or it could scan the email content for something that looks like a SSN, or credit card number, and auto-create a secure message.

Rather than sending the message along, the message content is removed and stored it in a secure web-based messaging system. An email is sent to the recipient saying, “You have a secure message,” with a link to the secure web-based system. The recipient clicks on the link and creates an account (no cost). After logging in, they can read the message and any attachments. Subsequent messages to the same recipient will use that same account.

For many organizations that need to communicate sensitive data while remaining compliant with data privacy laws, a secure email solution could be just what the doctor ordered. Or banker, or lawyer…

Topic Articles
May 27th, 2014

178495138By: Dan Bremner

Software vendors are increasingly using a combination of carrot and stick to induce customers to sign up for their subscription-based software licensing. The “carrots” tend to be extra features or permitted uses, while the stick may be higher prices for traditional perpetual licenses, or discontinuing the perpetual license (almost) entirely, as Adobe has recently announced.

While some vendors consider subscriptions part of their “cloud” offering (e.g. Microsoft Office 365 ProPlus, Adobe Creative Cloud), in most cases the software itself is still installed locally. Notwithstanding the cloud features that may come along with it, the question still comes up, “Should I buy or subscribe to software?”

Since the answer to this question is inevitably, “it depends,” it may be helpful to list some pros and cons of software subscriptions in general, and some things to be aware of in specific cases, namely Adobe Creative Cloud and Microsoft Office 365 ProPlus.

First the positives:

  • With a pay-as-you-go subscription, you don’t have a large up-front purchase, and can make your software an operating expense rather than a capital expense.
  • You always have access to the latest version.
  • Software companies like the predictable, consistent revenue stream.
  • In theory, the developers can focus on incremental upgrades that users have requested rather than having marketing drive new features based on shiny new bells and whistles they think will drive upgrade purchases.
  • Customers have access to vendor support without separate maintenance fees.
  • For customers who would normally upgrade to new versions regularly and/or purchase software assurance, the costs of subscribing will often be lower, and come with additional benefits.

Now some drawbacks:

  • If you upgrade infrequently, or skip a few versions between upgrades, you may pay more by subscribing.
  • If you prefer to stay on older versions of software, a subscription may not give you that option.
  • If the vendor discontinues a product, or stops offering the service, you may lose the right to use it, which would not be the case if you bought a license.
  • If they raise subscription prices, you have to pay a higher price for the subscription, or find an alternative product. If there is a strong competitive marketplace for similar products, it should help keep pricing in line. If the vendor feels they have a virtual monopoly (or high cost of switching products) it may make this a more likely scenario.

It looks like this model is being adopted by more and more software vendors. Adobe has been among the most aggressive, announcing that they will no longer sell new versions of their Creative Suite products (which include such stalwarts as Photoshop, Illustrator, Premiere, etc.), as perpetual licenses. The CS6 versions will be the last available for purchase. Further, they have recently announced that they will stop selling the CS6 bundles; only CS6 individual products will be available for sale. All new features and future upgrades will only be available to subscribers to Creative Cloud.

Both Adobe and Microsoft include additional features such as simplified cloud download and installation, cloud storage, and the ability to install the products on multiple computers for the same user. With Microsoft, the license extends to 5 devices for each user, including a home PC or Mac, even if your company is paying for the subscription. Both companies also offer the entire suite of products to subscribers, which is great if you need or can use those products, but not all that relevant if you don’t.

Whether you prefer to buy or rent/subscribe, there are options out there for you, but more and more customers are finding the pay-as-you-go model to be a compelling and attractive option. As always, we consider our role as a technical and business advisor to be one of our most important contributions to our customers’ operations, and that includes helping to analyze how best to procure the software licenses you need. We include that advice and analysis at no extra cost to our Managed IT customers.

Please contact us if you have questions about software subscriptions, or anything else technology related. And if you’re not currently a Managed IT customer, feel free to contact us about that, too!

Topic Articles
April 17th, 2014

By: Dan Bremner

You’ve likely seen media coverage of the recent “Heartbleed” security issue. We have received a lot of questions about it, so I figured a brief FAQ might be helpful.

Q. This looks too long and I don’t have time to read it. Should I change all my passwords?

A. Yes, that is a good idea. This is especially important for websites that have credit card or banking information, or places where you’ve re-used the same password on multiple sites. Your Windows/Domain password is less likely to have been compromised, but it still wouldn’t hurt to change it, especially if it’s the same as a password you’ve used elsewhere.

Q. What is this “Heartbleed” flaw?

A. Most websites that deal with sensitive information (i.e. e-commerce, online banking, etc.) protect that information from unauthorized access using SSL (secure socket layer) encryption between your browser and the web server. OpenSSL is one widely-used implementation of SSL that is used by many websites. Specific versions of OpenSSL were discovered to have a flaw that could permit an attacker to see some of the encrypted data in an unencrypted form.

Q. Who or what is vulnerable?

A. Not all websites that use SSL are using OpenSSL. OpenSSL is just one programming library that exists to implement the SSL protocol. However, OpenSSL is widely used, with some estimates putting it at over 60% of all SSL-enabled websites. Notably, Microsoft’s IIS servers do not use OpenSSL, so Outlook Web Access, Remote Desktop Gateway, and Office 365 connections were not at risk. Not only websites, but also any apps that communicated via SSL to a vulnerable server could have been compromised.

Q. What’s the problem with using the same password on multiple sites?

A. If one site is vulnerable to this security hole, and your email address and password are obtained by an attacker, they can go try that email/password combination on other sites. Password-guessing programs are pretty sophisticated now, so chances are good that they’ll try variations on that combination also.

Q. Why am I reading advice to change ALL my passwords?

A. This flaw existed for 2 years or so before it was detected and fixed. It’s possible that attackers could have discovered and exploited it at any time during those 2 years. It’s hard to tell if a site had the vulnerability at any time during the last 2 years – all we can look at is whether it’s vulnerable now. Changing passwords periodically is good security practice anyway, and better safe than sorry is the thinking behind that advice.

Q. I have dozens or hundreds of passwords on various websites and online apps. How can I possibly keep them straight if I’m not supposed to re-use the same password, or variations of it?

A. That’s a good question, and it highlights the inherent weakness of password-based security. One solution is to use a password manager, such as LastPass, KeePass, or 1Password, and let those programs suggest and maintain complex, random passwords for your online accounts.

Q. Where can I go for more information?

A. Mashable has a list of affected sites and recommendations for which passwords to change.

LifeHacker has a lot of good information, including this guide to what constitutes a “secure” password, and this one about why its best to have a password you can’t remember.

Here is a Heartbleed test that will report back if a site is vulnerable. It is best to wait to change your password until the site has patched OpenSSL, and ideally, has re-keyed its SSL certificate.

Finally, if you want all the geeky details, see for more information.

We have audited sites for our Managed IT clients and notified any we found that had vulnerable code. If you have specific questions about your situation, please feel free to give us a call.

Topic Articles