|
|
Regarding Cell Phone SPAM:
So this morning at about 4AM I received another in a long stream of unwanted SMS (aka text) messages on my phone. Since we have an on-call alert system for our customer’s critical systems, I generally take the time to read any SMS messages I get, no matter what the hour, in case something needs to be done. In this case, the all-important 4am text message read “Do you need some money this week? www.somecashwebsitecrap.com has a hassle-free 2 minute loan form for up to $1500, without a credit check. “stop” to unsubscribe.” Now, since I didn’t need any cash, I deleted the message and tried to go back to sleep.
But why didn’t I reply with ‘Stop’ – you might ask? Especially since this is the 15th time in the last 3 months I’ve received this nearly identical message? Good question. The first 5 times, I didn’t reply, because with regular SPAM messages, the minute you reply to an unsolicited email message – that spammer has your email address and knows you are a real person, and will hand (or sell) your email address to all their spammer buddies. After the first five, I figured that in this case the cat was out of the bag. So on the 6th through the 10th message I replied with STOP, UNSUBSCRIBE, BLOCK, and OPTOUT. Obviously none of these worked. Having had just about enough of this Cell phone SPAM, I did some digging about what, if anything, I could do about it.
I came across a nice little FAQ from my cell phone service provider AT&T explaining how I can forward the message to their short code “7726″ or “SPAM” to “Begin an investigation”. After doing so – they reply immediately and ask for the originating senders phone number, which I provided, after which they replied and thanked me for my assistance. I’ll let you know when (if) I receive any results of this ‘Investigation’. In addition, you can visit http://mymessages.wireless.att.com/ and after registering – you can set preferences.
This was just for AT&T, check with your individual provider for more details on their individual methods.
I uncovered a few other interesting tidbits regarding cell phone SPAM and how to prevent it. I found out you can take it up a notch and report this abuse directly to the government agency responsible for investigating and prosecuting violators of the CAN-SPAM act. Here’s the direct URL: https://esupport.fcc.gov/ccmsforms/form1088.action
I owe credit to the following excellent post for most of the above information: http://www.theinternetpatrol.com/how-to-stop-sms-text-spam-and-how-to-report-sms-txt-msg-spam/
It’s important to understand one little-known ‘feature’ of SMS cell phone spam – the vast majority of it is actually sent from the Internet, spamming the email-to-cellphone text messaging gateways that nearly every cell phone carrier maintains. What this means is that your cellphone has an email address, and if people know the magic addressing formula, people can send text message via email to your cell phone. For example, if you are an AT&T customer, your cell phone’s email address is:
your-10-digit-phone-number at txt.att dot net
Similarly, if your carrier is Verizon, T-Mobile, Sprint, or Nextel, your phone’s email address is:
your-10-digit-phone-number at vtext dot com
your -10-digit-phone-number at tmomail dot net
your -10-digit-phone-number at messaging.sprintpcs dot com
your -10-digit-phone-number at messaging.nextel dot com
At least with AT&T, you have many different options to plug this gaping hole via their http://mymessages.wireless.att.com/ website. I created an alias, and only messages that come from certain domains, to the alias@txt dot att dot net will be delivered.
I hope this helps with your cell phone SPAM problems!! Please comment below if you’ve experienced this Cell phone Spam.
Problem: Backup-to-disk drive runs out of space even though Backup Exec should overwrite older backup data/media as needed based on the Media set specified in the backup job.
Cause: Exchange data that is backed up to a Backup Exec Backup-to-disk folder and stored in folders labeled as IMG000559 are not assigned to the Media set specified in the backup job definition. Instead, Exchange data is assigned to the default Media set associated with the Backup-to-disk Folder. The default Media which defaults to Never Overwrite is called “Backup Exec and Windows NT Backup Media” and it cannot be modified. The result is that your Backup-to-disk folder/drive will eventually fill up with Exchange backups.
Solution: In the Media configuration, select All Media in the navigation tree on the left. On the right, locate your Backup-to-Disk Folder, right-click it and select Associate with Media Set. Choose the Media set you’re using for the rest of the B2D job so it will obey the same retention rules. From now on, Exchange data will be assigned to the correct Media set and will therefore be removed as needed.
I wrote this last year to try to educate as many people as possible about a lot of things you hear often and quite possibly understand very little of. These terms are thrown at you in TV ads and they’re all over the internet. Pretty much anything internet-related will have used 1 or more of these terms to try to confuse you into thinking 1 device is better than another. I haven’t found a very good explanation of this stuff anywhere out there in cyberspace and so I came up with this list. My goal was to give technical terms, numbers and abbreviations some real and meaningful values. It starts off a bit mathematical but quickly becomes practical so please keep reading!
1 bit = a 0 or a 1
8 bits = 1 Byte (represented by 8 0s and 1s)
1 Byte = 1 letter on your screen (the letter A is 01000001)
1024 Bytes = 1 Kilobyte or KB
1024 KB = 1 Megabyte or MB
1024 MB = 1 Gigabyte or GB
1024 GB = 1 Terabyte or TB
1 floppy disk holds 1.44 MB
1 CD holds 700 MB
1 DVD holds 4.7 GB (a dual layer DVD is double this)
1 Blu-Ray disc holds 25 GB
A typical hard drive in a PC these days is around 250 GB but can also be over 2 TB
A typical email with no attachments is about 2 KB
A typical large Excel or Word document is around 2 MB
A typical large PDF document is around 25 MB
A large CAD drawing can be over 100 MB
An 8×10 photo is 20 MB
A 3 minute song is about 4 MB
An iPod holds 8, 16, 32, 80 or 160 GB of music and photos, depending on the model
A typical website’s home page with text and images is around 300 KB
A T-1 can transfer 193 KB from a website to your computer in 1 second
Broadband internet (cable or DSL) can transfer between 768 KB and 3.2 MB from a website to your computer in 1 second
A wireless PC can transfer 1.4 MB using “wireless B” or 6.9 MB using “wireless G” in 1 second but will be limited by your internet connection speed (when your computer says it’s connected to your wireless network at 54 Mbps, your internet connection is still only as fast as what you paid for so it acts as a bottleneck, making that 54 Mbps only useful between computers in your home or office)
A wired PC can transfer 128 MB in 1 second but will also be limited by your internet connection speed
A fast moving 3G phone (driving in your car) with full signal can transfer 18 KB from a website in 1 second
A slow moving 3G phone (walking) with full signal can transfer 48 KB from a website in 1 second
A stationary 3G phone with full signal can transfer over 256 KB from a website in 1 second
It would be very difficult to keep the above information totally up to date or make it 100% accurate, but those rough estimates should give you an idea of what you’re looking at the next time someone tries to tell you that your T-1 is “the Cadillac of internet connections!”
After much deliberation and soul-searching, I ended up getting an iPad2 a couple of months ago. I was on the verge of getting a Playbook…whew! I think I dodged a bullet there.
My goal was to have a device that could do most of what I needed from my laptop without the bulk. I was very curious to see just how much work I could do in the evening on a tablet without having to break out the laptop or go sit in the basement at my desktop. I read a lot of reviews about this exact concept and concluded that the type of work I was doing at home in the evening could translate to a tablet computer. Even supporting customers remotely, which I ended up doing several times.
At a little over $600 (with the fancy magnetic Apple cover), the iPad2 is a worthwhile investment for anyone that doesn’t already have an iDevice. You see, I have an iPhone 4 and I was really hoping that the iPad 2 had more to offer than being just a large-screened, big-keyboarded version of my phone, but I was let down. Not only is it NOT a replacement for my laptop, there are a few features that make it a negative compared to my phone.
- Size: sure it’s smaller than a laptop, but it doesn’t fit in my pocket, so does it really matter? It’s just big enough to be awkward to hold and yet not too big to get angry about it.
- Screen: anything I look at on my iPhone 4 looks 10x better than on the iPad 2. You just can’t be the retina display of the iPhone 4.
- Camera: SERIOUSLY DISAPPOINTING. I made the mistake of assuming the camera in the iPad 2 was identical to the iPhone 4 and I was WRONG. It might as well not be there. It’s that bad.
- Keyboard: yes, it’s larger. Yes, that makes typing on it different than the iPhone 4 but not better. I make as many errors and get at least as frustrated on the iPad 2 as the iPhone 4. At least when I’m typing on the phone I think, “it’s a phone…” but when I type on the big keyboard of the iPad 2, I expect to be able to type like I’m using a keyboard. Not so.
- Glare: serious glare from any light source causes major problems pretty much all the time. I can’t stress enough how annoying it is to have to hold the thing at funny angles to avoid glare. The only reason the iPhone 4 doesn’t have the same issue is because it’s smaller surface area has less chance to pick up a glare and also the retina display can overcome a lot of glare/light. This is almost a deal-breaker.
- I don’t play games: I got this for business use – not as a portable gaming system. I’m so tired of looking at the Top 25 apps and seeing 24 games and 1 social networking app. Eventually I tried a few games out but my policy is to use only free apps so the choices there are pretty limited. I’m certain a gamer would find the iPad 2 much more exciting than I do.
All that said, there are a surprising number of “killer apps” made for the iPad that no one bothered to make for the smaller-screened devices. I can see how valuable this device would be if I could find just 1 killer app to use on it. Unfortunately for me, email/calendar/contacts is my killer app and I already have that in my pocket. When I bring my iPad 2 into a meeting to take notes and someone says “so what’s the business use for that thing?” I can only say “watch this” as I show them pictures of my kids and possibly play a video. At that moment, it’s worth every penny, but most of the time it feels like an expensive toy.
To sum it up, I don’t know anyone that needs an iPad 2 (myself included). I think all tablets are still trying to find their place in the world and eventually, something very similar to an iPad will be the go-to device for anyone currently lugging around a laptop. Until then, it’s a great conversation starter and certainly makes work more fun!
So I recently scratched the gadget itch by purchasing myself an E-Reader. After a little digging, I found the Barnes & Noble Nook Color to be the device I wanted. It had the right combination of size, battery life, and flexibility. It’s build on the Android platform, which some of you may recognize as the newish mobile operating system that’s starting to compete with the Apple iJuggernaut. The Nook also has the key backing of a major content distribution network (via Barnes & Noble); so getting new content on the device would be pretty straightforward. This seems to be an issue for every other e-reader not named iSomething or Kindle.
My other logic for this purchase had to do with some future planning. We support an application for a customer that uses a bunch of handheld devices to do data collection in retail stores, currently based on the Windows Mobile 6.0 platform. We need a new device/platform combination, and I wanted a decent Android device to do some testing with. The Nook Color fit the bill exactly; with one tiny exception. It comes locked down to the Barnes & Noble stock image and you can’t just install any random applications (or even access the Android Marketplace). So, knowing full well that my next actions would void the warranty, possibly result in a dead device, anger the content distribution gods, and possibly slow the rotation of the earth, thereby triggering another ice age and then end of life as we know it; I decided to ‘Root’ this device to get stock Android installed and working. Some of you may have heard of people ‘unlocking’ their iPhones to use on other networks, or install non-Apple supported applications – this is a similar sort of concept.
By following the excellent work by all the folks over at xda-developers.com, more specifically this thread: http://forum.xda-developers.com/showthread.php?t=942424, I was able to accomplish this feat in just under an hour. I had YouTube, Angry Birds, Gmail, Exchange sync (kinda) and access to my music and video collection on my Nook. *Note this is not for everyone; I was talking to Adam about this recently, and it’s kinda like the difference between the Mac experience, and the Linux experience. In the Mac experience, you have one hardware vendor and (virtually) one software developer controlling the user experience; not a whole lot of customization or freedom is allowed, but everything works together very well and the experience is smooth and easy to learn. The Linux experience is one where anything is possible, but you have to spend some time tweaking and trying and failing and learning to get where you want to go. So Yes, I had Android 2.2 running on the Nook, but still needed to download an application manager and a few other utilities to ultimately get it to behave in a usable fashion.
Even now that’s it’s working reasonable well – you can still tell that Android 2.2 is meant for smart-phones, not tablets. I’ve had to replace icons for phone calls, and install an app to mimic various other physical keys that the nook doesn’t have or doesn’t support. Poking around the XDA forums will show you there is the option of installing the Honeycomb version of Android that’s installed on the new Motorola Xoom you saw advertised during the Superbowl:
http://www.youtube.com/watch?v=M6lOW9–hiY
The Honeycomb build for the Nook isn’t QUITE production quality, and they’re waiting for the ‘official’ release of the Honeycomb operating system to recreate the build. Until then I’ll stick with the 2.2 version I’ve got working on my Nook and deal with the minor irritations. We are, however, able to do some development testing and starting to imagine what our app might look like with a larger (and touchable) screen, versus the smaller, stylus operated WinMo6. Plus I still have access to all my Barnes & Noble content, and there’s always Angry Birds!
When deciding what memory to buy, we’re now presented with way too many options. Registered? Buffered? Unregistered? Unbuffered? Single-rank? Dual-rank? Quad-rank? CAS latency? Speed? Type? Voltage? ECC? Cream? Sugar?
I’m hoping this article will be useful as reference material the next time you find yourself looking at a long list of choices when purchasing a new PC, server or upgrading memory in an existing machine. First, some quick definitions.
Registered (aka Buffered)
Contains built-in registers on address and control lines to buffer small amounts of data between the CPU and the memory. This increases system reliabilty but slows the result is a slight decrease in performance as data passes through the registers.
Unregistered (aka Unbuffered)
Does not contain any buffer between the CPU and memory so performance is slightly increased over registered/buffered memory but reliability is sacrificed.
Memory Rank
Remember when you only needed to know how many slots you had open to know how much memory you can add? Not anymore. I think of a memory rank as a path between the memory and the rest of the computer. Every motherboard has limits on the total number of ranks it will support (somewhat based on the chipset in use). Study your manuals or talk to the vendor to determine exactly what memory can be added to the system after you purchase it.
CAS Latency
CAS latency is the time (in clock cycles) required to access a column of memory on a DRAM memory module. A CAS3 rated memory module requires 3 clock cycles to address a column of memory, where a CAS2 rated memory module can accomplish the same task in only two clock cycles. So in other words, smaller number go faster.
Speed
In order from slow to fast: PC 100, PC 133, DDR, DDR2, DDR3. Easy! Nope. There’s no easy answer here. Within each of those categories are several sub-categories that can potentially make your system faster with certain DDR2 memory than with DDR3. Go to your CPU-maker’s website and find your CPU. You’ll see a list of supported memory types/speeds – don’t rely on your motherboard’s specs to dictate what memory you buy because your motherboard may support memory that your CPU won’t take full advantage of and so you’re throwing money away. Check out the specs on the Intel Core i7-950 processor. Memory Types are listed as “DDR3-800/1066” referring to the type (DDR3) and the FSB (Front Side Bus speed, in this case 1066) and yet here is a pre-built system with memory beyond this spec (1333 vs. 1066).
Type and Voltage
I won’t even try. This nice short article buy George Garza does a good job of explaining the role of voltage and also addresses the types (DDR/DDR2/DDR3). The gist of it is, buy memory that’s supported by your system.
ECC
ECC stands for “Error Correction Codes” and is a method used to detect and correct errors introduced during storage or transmission of data in many forms, including memory. Make sure you use ECC memory if your system requires it and do NOT use ECC memory if your system does not support it.
What prompted me to write this article was a server spec I was working on for a customer. I started out with 8 GB of memory and was thinking that I could add more memory at my leisure because I was going to use 4×2 GB Single-Ranked RDIMMs and I’d have 2 slots open. Available slots are not as important as available ranks because you can have 2 open slots and 0 available ranks. Not only that, but you must match the new memory spec to the existing or you’ll end up with an unbootable configuration. Trying to determine the total number of ranks for this particular server, and therefore the options for future memory upgrades, was difficult because it’s variable based on what type of memory you’re using. Luckily Dell provides a nice chart (actually, more like a dozen nice charts which makes it a bit confusing) to help explain what your options are. Take a look at page 33 in this tech guide for the T310. Simple, right? Not really. Confusing? Yes. This is why I recommend talking to the vendor about your plans so they can guide you through the process and help you determine if buying memory later is really a good option or if you should, as they usually insist, buy what you need now so you don’t end up throwing money away.
What did I learn from all of this? First and foremost, use registered memory in all servers. Stability is the primary purpose of a server so anything I can do to increase the likelihood that a server will be stable, especially for a small increase in cost, I will do. In this particular case, I also learned that if I start with the 8GB configuration, the max memory I can end up with in this server is 12GB before I have to throw away the installed memory and start with a different configuration. Good to know because this is a VMware server so memory is essential for the inherent growth capabilities you have when using VMware or any virtualization solution.
Sources
http://www.dell.com/downloads/global/products/pedge/en/T310_Tech_Guide_02152010_final.pdf
http://www.ramcity.net/content/faq/what-is-a-memory-rank.asp
http://www.tech-faq.com/cas-latency.html
http://ark.intel.com/Product.aspx?id=37150
http://www.brighthub.com/computing/hardware/articles/80109.aspx
So I wanted to take a minute and give a quick Toot! Toot! to Real IT Solutions and especially Adam for our recent write up on the VMWare website. A while back we (mostly Adam) implemented a solution for Northpointe Christian Schools that takes advantage of some hardware from Intel and of course educational-discount VMWare licensing. While the obvious purpose of the write up is for VMWare (and Intel) to toot their own horn, it’s nice to get a mention from the ‘Big Guys’ out there.
http://www.vmware.com/files/pdf/customers/VMW_10Q3_SS_Intel_NorthPointe.pdf?src=WWW_customers_VMW_10Q3_SS_Intel_NorthPointe.pdf
We actually implemented similar solution for a Rockford, MI based commercial printing and packaging company a few months ago, but I doubt we’ll get a similar write up for that.
The Seagate BlackArmor 440 NAS seemed like a nice enough product. It’s geared towards small business and high-end home use so for my intentions, this NAS fit the bill. My goal was to use it as a stable, always-on, backup destination for a small VMware ESXi implementation in a remote office. I’m using VMware to make remote support that much easier since I’ll be able to do absolutely everything remotely that I could do if I were physically present.
Let me first say that I’m a huge Seagate fan. Have been since the early 90s when I first started putting RAIDs in servers. When I buy hard drives, I always, always, always buy Seagate. OK not always, but 90% of the time. Sometimes you just go with the best deal, depending on the application. So I expected a lot from this product and I was certain it was exactly what I wanted. My requirements were so simple that I couldn’t see how just about any decent NAS would fail to meet them, assuming it performed as expected.
I unboxed the BlackArmor 440, plugged it in, popped the CD in my drive and ran the little wizard to install the “required” application. It turns out the app just scans your network for the device and then takes you to it via a web browser. I could’ve saved 5 minutes by looking at the IP on the front and browsing to it manually. Once connected, I was not pleased with the extremely slow web-based management interface. Oh well. I don’t expect a hardware company to have the best software so it’s not exactly a deal-breaker. The system is preconfigured as RAID 5 using all available disks. I prefer to use 3 out of 4 disks in a RAID 5 configuration and save the 4th drive as a hot-spare in case of failure. I had plenty of capacity (almost 4 TB) so I didn’t mind giving up the 4th disk. What’s this? No such option exists? For shame Seagate. Strike 1! Too bad I had to delete the preconfigured RAID to find this out and now I’m stuck waiting while the drives are reinitialized for the new RAID. Fortunately, it didn’t take long for something interesting to happen – drive 3 went dead.
Time to troubleshoot. I pulled the drive, stuck it back in, and repeated the process. Same result. I swapped drives 2 and 3 to see if the problem would move to slot 2 or if it was a problem with the chassis or backplane. Much to my dismay, the RAID is created and formatted successfully. The drive appears to be fine in slot 2. The drive in slot 3 is also fine. This is no good. I now have an array that’s sure to fail at some point. This gives me a very uncomfortable feeling. Strike 2!
Now comes the so-called fun part – I get to see how fast this thing is. I’m using NFS to mount the drive in VMware ESXi 4.1 and all is well as far as accessibility but the performance is TERRIBLE. I quickly get to Googling and find out that pretty much everyone doing what I’m doing (VMware + BlackArmor) agrees that the NFS implementation is severely lacking in the performance department. Some work-arounds involve replacing the factory image on the BlackArmor with something more configurable that will allow me to SSH into it (it’s running Linux) and make some needed changes that MIGHT fix the performance problem. The last thing I need is a totally unsupported device at a remote location for 1 of my customers, especially when I paid $999 for it to work as advertised. So, I Google some more and find that I need to implement Jumbo Frames with an MTU of 9000 bytes. This seemed to work for several people out there on the internet. This will allow the NAS to perform optimally with its point-to-point connection to my VMware ESXi server, especially since I’ll be using it for staging backup data and that’s going to be several multi-gigabyte files.
Want to spend an hour doing something frustrating? Change the MTU of the various virtual network components in VMware ESXi from the default of 1500 to 9000. Some command line fun and I did get it figured out eventually. Now to test…ugh. Still miserably slow. Not only slow with NFS but, unlike what others have seen, my performance using CIFS (SMB) was equally miserable. This is quickly turning into a nightmare because this box will not do what I need if I have to transfer data to it at about 15 megabytes per second. Yes, 15 MB/sec. On a Gbps network where I can access one of my 7-year old Windows servers and transfer files at 60 MB/sec. Strike 3! After another 2 hours of troubleshooting, testing, Googling and much hair pulling, I gave up and sent it back. Everything I experienced and everything I read said that this box was slow and on top of that, I probably had a bad drive.
I’d heard good things about a new model of NAS by Thecus, the N4200 PRO. Reviews show it to be fast and reliable AND it’s officially supported by VMware. Hallelujah. This unit doesn’t arrive as plug-and-play, which is fine with me, so I got to choose which drives went in it and install them myself (2 TB Seagate SATA-6). It even has a PCI-e slot for future technologies/interfaces (e.g. USB 3.0). Some of the negative things I’d read about this unit were only issues with older firmware. Things like not being able to team the 2 NICs together were fixed by the time I ordered this unit. My hopes were officially up.
Since the unit wasn’t pre-configured, I was able to create the RAID myself and that gave me a little more confidence in the drives I’d just installed. I planned to take advantage of the iSCSI capabilities of the N4200 PRO (unlike the BlackArmor, which only offered NFS for my purposes) so when I unknowingly created my RAID using the default setting which assigns 95% of the usable space to “DATA”, I was kind of frustrated when I tried to create an iSCSI target and was only offered that remaining 5% of space. I blame myself and my lack of iSCSI expertise because, in hindsight, I completely understand. iSCSI storage must be dedicated – it’s the nature of the beast. After recreating the RAID with 1% assigned to DATA, I was able to make the necessary connection between VMware and the N4200 PRO to give my Windows XP virtual machine a new E: drive which was located on the N4200 PRO via iSCSI. I immediately executed one of my tests from the BlackArmor debacle and found that the 3.7 GB file I copied from the VM’s C: drive to the new E: drive arrived in less than 5 seconds. So fast, in fact, that I doubted that what I’d seen was legitimate. It was late and I needed to get home so I paused my analysis for the evening.
The next day I picked up where I left off and began a more scientific analysis of the performance. It turned out that the N4200 PRO was performing really well with iSCSI – 115 MB/sec. This solved all of my problems but created a new one. Since iSCSI is a block-level protocol, the portion of the N4200 PRO that’s set aside for iSCSI can’t be accessed in any other way. That means I can’t schedule a task on the device to backup the iSCSI data to an external USB or eSATA drive for off-site storage. This is no good because I’m a firm believer in the fact that an on-site backup cannot be your only backup. The solution is to ditch iSCSI entirely and access the N4200 PRO directly from the virtual Windows servers using CIFS/SMB. The performance is about ½ what you get with iSCSI but still totally adequate (and 4x faster than the BlackArmor). I can backup my customer’s 300 GB in 1.5 hours and copy it to external USB drives for safe, offsite storage. I even bought USB 3.0 drives and will be installing a USB 3.0 card in the N4200 PRO to eliminate that last bottleneck.
In summary, all NAS devices are NOT created equal. It’s amazing what software can do to hamper the performance of a fairly simple device. Both of the products I tested are built on Linux and use very similar components. So be sure to test, test, test before you commit to what appears to be an easy solution to a simple problem!
-Adam Peterson
A number of our customers have come to us for help with a letter or notice they’ve received regarding this BIG SCARY Term: PCI COMPLIANCE. For some customers it can be quite daunting. So I’ve written down a bit of my experience to help guide you in the right direction, or show you which way NOT to go. I’m not claiming to be a PCI Compliance expert – but I’ve helped a number of organizations through the process and it’s not quite as scary as it may sound at first.
The single best way to meet your PCI Compliance challenges is to eliminate them. If you accept credit cards; use a payment processor who is already compliant and can integrate with your payment cycle to take any compliance issues out of your hands. These companies have spent millions of dollars on infrastructure, processes, and security to ensure they handle credit or payment card transactions safely and securely, specifically so you don’t have to.
There are multiple levels of compliance required depending on the the uses and storage methods of customer financial data in your organization. Each level carries an ever greater degree of complexity and challenge to meet the ever-more stringent guidelines. If you are able to work with your application vendors or in house IT to reduce your required level of compliance even a single level – the payoff for your organization can be immense. There are a number of different factors that determine which level of compliance you are required to meet, and I’d urge you to work with a qualified consultant to examine those factors and reduce or eliminate any which can drop your level of compliance.
One case study is a local parts distributor. We’ll call them ABC Plus. ABC does the majority of their business through a series of websites. The websites are hosted by a third party web host, but they integrate into a series of websites hosted by their CRM provider as well as their own internal applications. These other websites have pricing and stock status information that pulls data directly from ABC’s on-site database inside a program well call SuperInventory. So a customer could go to the website, find the part(s) they need, [automatically check the inventory] add them to their cart, and then pay by credit card. The secure form would take all their information and then send it through SuperInventory to execute the oder/ship process. So ABC Plus had customer records, including all the payment card information, stored directly in SuperInventory SQL Database sitting on a server in their office. BIG NO-NO. When they came to me for help with PCI compliance they were In for a bit of a shock. After the initial evaluation & completing the PCI SAQ [S.elf A.ssessment Q.uestionairre] we found their systems to hit SAQ Level C, and arguably Level D. Quick process changes dropped them to Level C, which is where I came in. Retrofits to their existing network, security, policies, procedures, backups, and physical security were going to cost them well over $75,000.
So what we did instead: we went to the application vendor – SuperInventory and said let’s modify the way this process works. Let’s get the payment processor to store more of this information for us and provide us with some unique confirmation numbers that we can use for the order/ship process. We had to do a little bit of extra customization to get refunds and custom credits or partial refunds to work; but SuperInventory was happy to work with us because they realized that nearly all of their customers would need to go through similar steps. After all this was completed we took ABC Plus’s compliance requirement down to a Level B. The final cost for their compliance was closer to $5,000. So by working with their vendors to reduce their compliance level, ABC Plus saved themselves $70,000.
A great resource for more infomation: http://www.pcicomplianceguide.org/pcifaqs.php
A few other links of worth:
http://www.pcicomplianceguide.org/
http://en.wikipedia.org/wiki/PCI_DSS
https://www.pcisecuritystandards.org/
“WHAT? Social Media doesn’t quite reach the appropriate target audience, and traditional advertising, such as billboards aren’t in the budget? What do I do now?”
This was my first thought when joining the Real IT Solutions crew as the Marketing Coordinator.
While discussing the market plan I realized that marketing for a small IT company in West Michigan may be more challenging then I had imagined. Maybe you have shared some of the same concerns in marketing your IT company as well? I will be sharing some of the things that I have found both challenging and helpful while marketing a small IT company in West Michigan.
Here are some things that I’ve found are a bit of a struggle when marketing a small IT company:
- Marketing ONLY to Grand Rapids companies using social media tools such as, Facebook and Twitter
- Most social media generally appeals to the younger generation, not business owners
- Finding potential clients that do not use corporate IT consultants or have internal IT departments
- Understanding the “techno talk”
- Staying within the marketing budget
Fortunately, it did not take me long to develop some marketing resources that would effectively promote Real IT Solutions Inc. Here are some of the marketing resources and tools I have utilized that have allowed me to stay within budget and also customize Real IT Solutions marketing towards the Grand Rapids Area.
- Google marketing- Google AdWords and Google AdSense
- Facebook Ads-have allowed me to post advertisements strictly for Grand Rapids individuals.
- LinkedIn- used for more than job searching, but for collaborating and forming relationships as well.
- Social media giveaways- have quickly built up our social media followers and fans.
- Grand Rapids Chamber of Commerce Luncheons-have opened the doors to many new relationships with local Grand Rapids business members.
- Newsletter-from all of the above resources we were able to build an email contact database of Grand Rapids individuals to which Real IT sends out a bi monthly newsletter.
In conclusion I have determined that although marketing a small IT company in West Michigan can at times be difficult to stay within the marketing budget and target only Grand Rapids individuals, properly utilizing social media giveaways, Google, email marketing, and building relationships can effectively market your IT company with very little expense.
|
|
