SAGE will be hosting webinars this Summer on a number of hot topics. These webinars are free and all are welcome to participate. Each webinar happens between Noon and 1 P.M. EDT, so please spend your lunch with us.

First up is our popular Metadata 101 webinar, "Your Documents, Your Undoing" (7/15) which discusses the risks from metadata and sensitive content in your documents. We discuss methods and strategies to mitigate those risks using tools like Workshare Protect and best practices.

Next is our webinar on Getting the Most From Your IT Budget (7/23). In it, we provide some benchmarks for what your IT budget should be, and how to stretch it to extend your capabilities. During the webinar, we discuss where IT provides maximum value to a firm and how to balance user support, projects, and regular maintenance.

MS Office is more than just spreadsheets and documents. In August, we debut a new webinar on Doing More with MS Office (8/19). For this webinar, we describe new uses for accounting, CRM, and HR from old standbys like Word, Excel, Access and Outlook, and illustrate what can be done with newcomers InfoPath, OneNote, and Groove.

Sign-up for SAGE Wisdom webinars on our web site. If you have any topics that you would like to learn more about, let us know in the comments or drop us a line.

Cisco has announced the plan to discontinue the Cisco PIX. After July 2008, PIX will no longer be available for purchase, with accessories sales ending in January 2009. Cisco will continue to honor only existing support contracts after July 2009, and will honor those commitments until 2013.

Models on the chopping block include: Cisco PIX 501, PIX 506E, PIX 515E, PIX 525, and PIX 535.

Why? Even though many network admins would say "mine gets the job done." Cisco says there is a greater need to support Payment Card Industry Data Security, HIPAA, and SOX standards and the PIX doesn't cut it like their new ASA device does.

Rumor has it that the biggest complaint is that the Java-based user interface (PDM) doesn't play nicely or at all with the latest Java virtual machine. (Cisco doesn't make any mention of this).

This Tuesday, we spoke to the Small Firm Management section of the ALA Capital Chapter on IT trends for small firms. What we encounter is that small firms have many of the same IT challenges of large law firms, just not on the same scale.

Both small and large firms alike are paying close attention to these IT trends:

Getting more for your money – Everyone is looking to stretch their IT dollars, so small firms are looking to managed IT services and large firms look to outsource basic tasks like daily server checks and monitoring. Firms are also looking at application services providers (Internet providers) for critical systems like time & billing, backup, e-mail and spam filtering.

Virtualization of desktops and servers – flexibility and ability to recover from disasters quickly makes this one of the hottest trends to watch.

Data vaulting – whether the firm administrator is tired of bringing back-up tapes home every night or an integral part of a disaster recovery plan, data vaulting—online backups—are the way to go.

Mobility – Including remote access, laptop and handheld computing, staying in the office is so last century.

Security – While constant struggle against malware rages on, now everyone should also pay attention to stopping data breaches that can cost your firm both money and its reputation.

What are the IT trends where small firms are sitting on the sidelines? WANs; desktop management and software deployment; and Storage Area Networks (SANs).

EWeek’s Knowledge Center posted a handful of new articles this week on security, providing answers to your questions about:

• Multifactor authentication;
• Device identification;
• Digital watermarking; and
• Password hardening.

These are proven technologies. The hardest part is getting attorneys and professionals to accept and use them. That means getting buy-in from senior management. Perhaps talk about the bad things that can happen from data loss, like bad press; loss of client confidence; professional liability and restitution damages.

SAGE has spoken before on this topic of mobile security to organizations. Drop us a line if you would be interested in hearing more.

Here is an idea to think about and discuss. This isn’t an endorsement. Hopefully, it is the start of a conversation.

Chris Anderson, Editor of Wired Magazine and the main who coined the them “the Long Tail” has an interesting post about dual IT networks—one official, the other not—at Wired’s offices. One is the corporate network that is locked down and heavily managed to protect its core functions like accounting/finance, file storage, backup and Exchange. The second is an “open” Internet connection, providing full access to Skype, instant messaging clients, and Facebook.

Now Wired magazine is about living on the digital edge, and law firms and professional services firms are not. Law firms especially need to protect data because the professional and financial ramifications of not doing so are devastating. But innovation is required in any industry, and we have touted the many advantages of new Web applications and services like RSS, social bookmarking, wikis, and more. Giving employees a playground to experiment could lead to a better way to provide client service or an innovative approach to services via these new Internet technologies.

As Anderson mentions in his blog, many corporate CIOs are implementing or seriously considering this dual networking strategy, either with physically separate networks or virtual networks. Time will tell, however, what problems could arise from this intriguing approach. At the person and workstation level those networks converge, causing potential headaches like lost productivity to fantasy sports leagues; malware pickup up from risky web sites and apps, and random questions about obscure web applications into the help desk.

Please share your thoughts in the comments.

We are not in the hype or bandwagon business, but a follow up to our post yesterday about the iPhone’s potential place in business is in order. In an interview with USA Today this morning, Apple CEO Steve Jobs had this to say about corporate e-mail and the iPhone:

Q: What about corporate e-mail? I understand that's an issue for many consumers, who may not be able to hook up to their company networks?

Jobs: You'll be hearing more about this in the coming weeks. We have some pilots going with companies with names you'll recognize. This won't be a big issue.

There you go. If we were to read the tea leaves, likely candidates are Microsoft and Motorola (who recently acquired Good). RIM, the company behind Blackberry, is less likely because their system uses dedicated data centers. Whether the iPhone can be remotely managed and wiped still remains to be seen, but Apple apparently wants to remove any barriers to the business market.

In the past week, the first reviews of the IPhone have come in and Apple has released videos, FAQs,and press releases almost daily. So the days of speculating about its features and functionality are finally over. Only wild speculation and misinformation has matched the mammoth hype, especially when in it comes to how the iPhone may fit into business. So here is our balanced opinion on the iPhone in a business setting (we have Mac and PC fans here who work together quite peaceably).

Why Should We Care? In the past few years, consumer technology has been the primary driver of new technology into the workplace. While the iPhone is primarily aimed at the consumer, there are a number of compelling features appealing to business users: ability to select a voice mail rather than listen to all in sequence; ease of use; and full web browser with wi-fi, to name a few. Throw in the iPod features and don’t be surprised a partner walks in with one.

Following are issues where the iPhone is not quite ready for business. The caveat is that Apple is treating the iPhone as a software system and has vowed to push out software updates upgrading its features and functionality. Just because it doesn’t have it now, doesn’t mean it won’t in the future.

Email. Push Me, Pull Me. The killer app for business in mobile phones is e-mail, and to a lesser extent calendaring, which is why Blackberry rules the roost. Blackberry, Good, and Microsoft’s ActiveSync are “push” technologies, sending the e-mail to the mobile device when it is received on the e-mail servers. The iPhone has push e-mail, but only from Yahoo! mail because it uses “push-IMAP,” a protocol MS Exchange server doesn’t support. Otherwise, the iPhone “pulls” e-mails using IMAP, where the iPhone periodically checks in with the e-mail server to see if there are new messages.

Rumor has it that Apple has licensed ActiveSync from Microsoft, meaning it would have push e-mail compatibility with MS Exchange. If so, the iPhone would be on par with Blackberry and Good.

Control Issues and Remote Erasure. Blackberry and Good are corporate darlings because of configuration, control, and the ability to remotely erase the data on handhelds. So far, the iPhone lacks these features. Controlling the configuration allows the IT department to ensure quality service because they do not have a myriad of different handhelds with different software and settings configurations. And the ability to remotely wipe data on a smartphone is priceless when the employee leaves the phone with confidential e-mails in the taxi or the plane.

The Slippery Slope of iTunes. iTunes is required to sync not only songs, photos, and video to the iPhone, but also contacts and calendars as well. This raises the question of whether putting iTunes on business computers will invite streaming music over the Internet, which iTunes allows, or employees putting personal music files and videos on firm equipment. Who is then responsible for backing up their personal music? These issues may be resolved with an “Acceptable Use” policy and disclaimer, but the implications should be thoroughly considered.

So, if you need justification for turning away iPhone toting members of your staff, these are:

• no "push" e-mail functionality compatible with our e-mail infrastructure.
• no ability to wipe data remotely to protect sensitive data in the case of a lost iPhone; and
  
• iTunes is not sanctioned software for a computer that IT will manage.

Remember, however, that the iPhone is in its infancy. Should Apple repeat its runaway success with the iPod or merely match Blackberry’s initial acceptance, it may be a wave that IT departments can’t resist. If that is the case, IT will be tasked with figuring out how to accommodate it rather than dismissing it.

Here are a few tidbits worthy of your attention on the Web today:

Security Honcho "Wants People at Microsoft to Think Like Criminals." Wow, can you have fun with a line like that.  Anticompetitive practices aside, this article over at CNet talks about the mindset needed to defend against cyber evil-doers. The trick, evidently, is to think like a hacker, rather than a developer or user that view security vulnerabilities as yet another bug to squash.  The  article is part of a series on web security that is worth a read.

Preview of Top EDD Providers. So if you are into Top "N" lists (that's geek shorthand for any number like 10), The Common Scold has a preview of the top 10 EDD service providers and software vendors, with details to come in the August issue of LTN. Again, if you are into that sort of thing...

...So About That iPhone Post Yesterday.The first reviews coming in suggest the hype may well be warranted, increasing the chances of a partner purchasing an iPhone and wanting to get firm e-mail on it. So if that happens to you, we have an article about security and the iPhone, and a post trying to clear up some misconceptions floating around on the "Internets." The big problem may be the inability to remotely wipe the iPhone.

You could accuse us of trying to make bank on the iPhone hype, but don’t say this scenario is implausible: In a couple of weeks, the superstar partner walks into IT with her brand new iPhone. And after surfing a few web pages on the firm wi-fi and watching a clip from The Office, she then says, “I want to get my work email on it.”

So what do you do? Can you really suggest the bare bones Outlook Mobile Access (OMA) after she demonstrates flicking through her GMail? Are you forced to enable IMAP after all these years?

Now, the iPhone won’t be replacing Blackberries in the law firm any time soon, but the point is personal technology encroaching on “work” tech. Like instant messaging and wi-fi, these days new tech is being introduced in the law firm from attorneys and staff bringing it from home rather than from the IT department. You probably went with Blackberry back in the day because a hot shot partner saw a colleague's device and wanted one for himself.

To quote a Zen saying: “the only constant in life is change.” In IT and administration, your job is to maintain a consistent, high-quality level of service. Sometimes that means saying no. But the other mandate is to provide tools that make the firm and its employees more productive and effective. That means saying yes and using a little ingenuity. The iPhone promises a very easy user experience for calling, voice mail and others beyond e-mail, which is Blackberries forte. Should it deliver (a very big if), then it is time to reevaluate the firm’s policy—and embracing change.

If not the iPhone, it will be something else.

Firms looking to be more secure with their data both internally and with their mobile devices should focus first on the cultural barriers to greater security within their firm. Attorneys and professionals who don’t want to be inconvenienced by enhanced security like multi-factor authentication need to be persuaded that the risks far outweigh the inconvenience. Loss of client confidence, professional liability, and the potential for restitution damages are very dire consequences from not securing company, employee or customer data. Making busy professionals understand the trade-offs required for a more secure environment will lay the cultural groundwork that can lead to the introduction of heightened security measures like passwords on handhelds, encrypted drives, and SSLVPN connections for remote access.

We recently presented to ALISM on the topic of securing mobile data. Please talk to us if you have questions or concerns on this topic. We might be able to help.

Adobe’s “Acrobat for Legal Professionals” blog announced that they will be conducting a webinar on May 24 on document security that may be worthwhile. They will cover discerning whether PDFs have been tampered with, revoking PDFs and other security features. Many of the basics like restricting printing and copying will be covered as well. Registration is through Adobe’s web site.

Some researchers yesterday announced the results of a survey finding that data leaks cost corporations on average of $1.82 million, when they can actually calculate the costs, that is. Editors Note: [like we have editors!], the research is tied to a McAfee product pitch, so for our purposes on this blog we will use these numbers just to get your attention. There are some other interesting stats from the survey: such as it costs approximately $250,000 to inform customers of a data leak alone, and that nearly two-thirds of respondents felt the leaks were an inside job. If you happen to be a law firm, those costs may include a malpractice lawsuit.

And here is an excellent point: talking about data leaks means “copies” too. The original will still be there, but the proverbial copycat is out of the bag.

David Carns, one of SAGE’s cadre of new consultants and former a IT Director, will be discussing mobile security at ALISM’s Annual Seminar on Managing Technology on May 23, 2007. Be sure to contact ALISM to register for this event. We will post more information as it becomes available.

We at SAGE are excited about all of the advances in web technologies.  Between Outlook Web Access, LegalKey's Attorney Desktop , Google Maps and GMail, we all know that today's web is nearly a replacement for desktop applications.  That realization will shape much of the thinking we do for future software and hardware deployments. 

So that's the good news.  The bad news is that the more sophisticated the web gets, the less we know about how secure it really is.  In the early days of the web, the technology was so simple, that there were very few security implications - it was a "READ ONLY" web.  Today, not only can websites allow you to read and write data (thanks in large part to the AJAX revolution), but they can do so without you knowing it.  Hackers picked up on this pretty quickly and there are now many Cross Site Scripting (XSS) attacks that plague unsophisticated web developers.  The biggest problem with XSS is that there is nothing you can do to prevent the problem, since the problems the hackers are exploiting are actually the very features in web that make it so useful today.

What should you do as an individual?  The web is here to stay.  You cannot avoid it: clients require it, coworkers prefer it and, chances are, you have too much invested already (family photos on line, personal email, etc).  So the best advice is to always visit reputable web sites that take security to heart, such as Google, Yahoo and Microsoft.  Those companies have headed the hackers off at the pass and have all but eliminated XSS vulnerabilities in their products.

What should you do as an IT Professional?  Ask your web-based vendors what their web security strategy is and what measures they have against XSS attacks. They should be happy to share with you the details of their approach.

As we all gear up our mojo for another work week, here are a few places to check on the web that are actually work-related.

Holes in Vista’s Sandbox. From the “Devil is in the details” department, Vista’s new sandbox feature “Protected Mode” turns off in a number of instances leaving machines vulnerable to hacks like the recent animated cursor attack. Trusted Sites and turning off the highly annoying User Account Control are just two instances. Webware’s article highlights all the scenarios where Microsoft kicks the user out of the sandbox and leaves open some vulnerabilities.

Dreams of a Web Operating System. Web applications are becoming more a part of our daily work activities—think GMail and Outlook Web Access—leading many to dream of an operating system based entirely in a web browser. (Never mind that an OS is still required to run the browser). This CNet article has a rundown on current developments and the technical and market challenges any web-based OS faces. Either way, look for webware to force an evolution into the staid thinking about operating systems.

Blackberries To Keep up With Home, Too. While many spouses and significant others have bemoaned the corporate tether that is the Blackberry (and its brethren), a new poll suggests that the workers are revolting and using their company-provided smart phones and laptops for personal reasons as well. We guess that turnabout is fair-play.

So much of today's technical news focuses on when technology fails us.  Security breaches, lost laptops with social security numbers and emails that contains "too" much information are on the minds of business people around the world. Law firm clients are acutely aware that poor technology management can lead to unintended results and they are asking their firm's to take note.

Here are some of the steps that firms can take to avoid being in the headlines:

• Require that each Blackberry has a four character password at minimum.
• Each Blackberry should prompt for a password after an hour (or less) of inactivity.
• Ensure your IT staff knows how to remotely "wipe" a Blackberry.  That lost goldmine traveling around in the back seat of a cab can be erased from the Blackberry server to mitigate data loss.

• PGP WDE (Whole Disk Encryption)
• Voltage Secure Disk
• PointSec
• Guardian Edge
• Microsoft Vista's BitLocker Technology

Last week, Microsoft matched its record of fixes in its monthly security update.  With all the updates coming from Microsoft, “Patch Tuesday” is getting up there with “Hump Day,” but still lagging way behind “Manic Monday” and “TGIF.”

With all these patches, here is a corollary to the law of unintended consequences: test any patches before deploying them to servers and workstations on the network. This is now become one of cardinal rules of IT. Don’t expect Microsoft or any other vendor to have exhaustedly tested any patches they have released. Patches themselves are often rushed fixes to vulnerabilities and exploits, where speed is generally more prized than quality or stability. To be fair, accounting for every possible computing environment is impossible. Microsoft will even push the envelope on what is considered a “critical patch”: like releasing Internet Explorer 7 (IE7) as a critical patch. IE7 broke many web applications due to changes in its architecture.

As part of our SAGE OnSight service, we test all patches before deploying them to the networks we manage for our clients. This practice has been instrumental in the high degree of up-time, stability and reliability our clients enjoy.

After our post about how the upcoming Apple iPhone could start a sea-change toward handheld computing, we are reminded that technology can be used for good or evil. The simple fact that there are nearly 1 billion cell phones makes them a tempting target for all sorts of malefactors. There have been a few cell phone viruses, but they haven’t done any real damage.

The real threat comes from theft of PDAs, laptops, and portable media, according to this article. The kicker is that an estimated 60 percent of laptops and PDAs contain unprotected sensitive or confidential information. That means potential liability if that information is customer or personnel data.

So lock down your portable devices, using physical locks, data encryption, strong passwords, and a harsh glare if necessary. We have more than a few horror stories of clients calling us to do audits because they think some computer equipment has gone missing. Usually, their intuition is correct, but the problem is even worse than they thought.

Adobe is seeking to capitalize on the movement towards PDF and native document formats in the legal world with new features in Acrobat 8.  The latest version includes legal-focused features like redaction, metadata removal, and bates numbering. Acrobat 8 also sports better integration for e-mails with Outlook and Notes.

Adobe is also backing up their push into the legal market with support/marketing resources. Adobe now hosts an "Acrobat for Legal Professions" blog which has great resources like in-depth review of new features and best practices. For instance, posts on the new redaction feature covers workflow, limitations, and best practices. The blog also provides tutorials on converting deposition transcripts into PDF and using Acrobat with various equipment.

While single-page TIFs still dominate in most litigation settings because of speed of review, the addition of bates numbering and redaction should send Acrobat to the forefront on the production side. Do you see new uses for Acrobat 8 in your firms because of these new features?

With the upcoming launch of Windows Vista, the operating system replacement for XP, here is a sampling of news and opinion from around the web.

• Vista will reportedly have highly restrictive, some say draconian, licensing restrictions: a one-time, and one time only, transfer of the license to another device, but you can run the same copy virtually on the same machine.
• MS will also be taking a hard line against piracy, reportedly crippling machines with unauthorized versions of Vista. This presents a problem, since there are complaints that its watchdog program, Windows Genuine Advantage, produces too many false positives
• A few people have put together a wiki of third-party applications that are not working or have significant issues in Vista RC2; Although Microsoft’s Application Compatibility Toolkit 5.0 may be a workaround for legacy systems, if you are brave enough or have mad skillz.
• Then there are the many existential musings about whether Vista is worth the upgrade, including Great Britain's The Inquirier, and from Windows evangelist Paul Thurrott. That leaves some to ponder where is the business case is for upgrading?

We will weigh in on the Vista upgrade issue soon, but give us your thoughts in the comments.

Here is our inaugural entry into weekly survey of web sites: Surf's up. We start off this week with a community driven anti-phishing site, Phish Tank (http://www.phishtank.com/). Phish Tank is an online database of phishing sites that allows readers to submit entries and verify other readers entries. Best of all, they provide an API so developers and programmers can build applications using their database.

For those trying to tweak as much performance out of Windows XP to avoid an upgrade to Vista, this blog has a list of XP performance tweaks. Word of caution, some of those tweaks may not be advisable in a managed environment.  And speaking of avoiding an upgrade to Vista, XP Myths explodes some common myths about Windows XP concerning performance, reliability, minimum system requirements, and more. The best part of the page, however, is the section on bad tweaks that are supposed to improve performance but actually don't.