We put the IT in city®

CitySmart Blog

Tuesday, March 6, 2012
Kevin Beaver, CISSP
It’s as predictable as the rising sun. Organizations often spend effort and money securing their more visible systems such as Web applications, databases and the like but often forget about their “lowly” email servers. Sure, email servers aren’t all that sexy and there’s certainly not much to them compared to, say, a Web-based ERP system. But this leads to the common assumption that they’re not a target for hackers, malware and rogue employees looking for ill-gotten gains.
There are a few issues with this approach:

1. Your email server is critical – arguably the most critical system on your network. We’ve all experienced email being unavailable. Spread that pain across your entire organization – especially if email is down for a considerable time – and you’ve got quite the dilemma on your hands.

2. Your email server has vulnerabilities just like any other system on your network. From weak email account passwords to missing patches to outdated anti-malware protection, there are numerous weaknesses that can put some of your most sensitive information at risk. All it takes is someone with free tools and minimal skills to scan for and exploit vulnerabilities on your server. Weak passwords can be exposed on webmail systems with even less effort. Malware propagation is a given that affects everyone.

3. Regardless of whether you believe you’re a target or really have anything of value that the bad guys want, you are and you do. It may not be sensitive emails and files shared on public folders but instead processor cycles and network bandwidth. Many of the attacks today are not intended to access critical information but rather so the bad guys can setup shop and use your system to attack others.  

If you don’t have the proper resources to properly manage the security of your email server – or your network overall – then outsource the hosting and management of it to a reputable cloud provider who can. 

You cannot secure what you don’t acknowledge. Make sure your email server is included in your ongoing information security testing. In the end, if a computer system has an IP address or a Web URL then it’s fair game for attack. It’s up to you to take the proper steps for minimizing the risk of a security incident and then prepare yourself and your organization for when something does go awry. You’ll never have 100% security and that’s okay. Just avoid being one of the organizations that has zero percent. 

About the author 
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 23 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com and you can follow in on Twitter at @kevinbeaver.
Wednesday, January 18, 2012
Dave Mims, President

While cloud computing has been generating buzz for the past several years, this technology will continue to gain in popularity in 2012 – especially among city governments. Leveraging cloud-based technology eliminates capital and operational expenses associated with servers, software licenses, maintenance fees, project labor for software upgrades, and, more. Other benefits of the cloud include:

1. Lower, affordable, monthly costs for exactly what is needed. Pay monthly for needed hardware, software, and services. IT is scalable – add or subtract users as necessary, and the cost is adjusted on the fly.

2. Clear, transparent ROI. Information technology has matured into a transparent reportable investment. A cost analysis of the money spent for traditional hardware, software, and services can be outlined and compared against a flat monthly operational-cost model. When this cost analysis is performed, many cities often uncover an opportunity for instant cost savings.

3. Included, no-cost hardware and software upgrades. With “pay as you go” IT service models, there is no longer any worry about upgrading hardware or software. With a city’s monthly costs, all upgrades are included.

4. Minimized risk of data loss and security breaches. With an IT environment that is monitored and maintained with consistent, upgraded, quality hardware, software, and services at a monthly cost, the burden of data retention, security, and maintenance falls upon the service provider. Recovering from theft or a disaster can be much quicker and more cost effective for the city.

The Changing Face of IT

Many cities have over-spent, under-spent, risked data loss, slowed employee productivity, and jeopardized the completion of major projects during the last few decades while wrestling with information technology. As IT has evolved through mainframes, desktop computers, the 1980s software explosion, and the 1990s Internet explosion, the last decade found nearly all organizations having to harness information technology in some form. Like everyone else, cities have had no choice but to learn and wrap their minds around information technology’s revolutions and evolutions.

“Pay as you go” IT services, reflected in flat monthly operational costs (versus expensive upfront capital costs), will lead to high quality, low cost technology infrastructures for cities. A January 2009 article entitled “Buyer Beware” from Public CIO states:

Despite [service issues from vendors], government organizations still turn to the private sector for help with their IT management. This trend will accelerate as workers currently managing legacy systems retire, organizations update technology, enterprise-wide software applications are implemented and shared services arrangements are adopted, infrastructure and applications become more complex, and securing talent at government salary levels becomes more difficult.

Information technology is evolving toward more of an operational cost and less of a capital cost. This involves “pay as you go” monthly fees for hardware, software, and services that can be turned off and on, saving significant money for a city’s IT budget – and overall bottom line. An expensive upfront capital cost is often an obstacle for cities when they wish to invest in essential IT infrastructure. With a series of smaller, more predictable payments, it is easier to justify such costs to city decision makers.

As can be seen, anyone concerned with a city’s IT budget needs to seriously consider cloud computing as a tool to reduce costs and save money. And with increasing budget shortfalls and greater calls for transparency, the time is ripe for cities to reexamine their IT budgets and find ways to save hard dollars through these emerging technologies.

Five Questions to Consider
1. Have you ever discussed the city’s information technology spending in terms of money saved each year (ROI)?
2. Identify a list of hardware and software upgrades you need. Is the upfront cost of this hardware and software prohibiting you from moving forward with upgrading the city IT infrastructure?
3. Look at your city’s IT budget. Are most of your costs related to capital expenses? Operational expenses? “Services” expenses? Do you know where the money allocated for your city’s IT budget is clearly going, and why?
4. Can you say with confidence that all servers, workstations, and network infrastructure components in your city are 100% current with patches, antivirus, antispyware, and security protection? If not, why?
5. Can you say with confidence that the city is not in danger of data loss or significant down time to critical applications at Public Safety or City Hall? Are there risks for security breaches?

As you enter a new year, are you confident in your city’s security infrastructure? Are you taking advantage of available technology to streamline IT costs and operate more efficiently? There is still time to examine your IT infrastructure and make the necessary changes for 2012.
Thursday, January 5, 2012
Todd Snoddy, Senior Software Developer
I recently wrote a quick blog posting regarding things to consider when making the decision to develop a native or web-based mobile app.  Once a decision is made to develop a mobile web app, the developers given the task of implementing that app will likely need to consider which mobile devices their web app should target, and how the content should be displayed on devices with different resolutions.  Should the content scale automatically, or should the developer implement multiple views optimized for different resolutions?  One good reference that I came across which discusses this in more detail is located here: http://mobiforge.com/starting/story/mobile-web-content-adaptation-techniques.
Like many problems in software development, there is no “one size fits all” solution.  The article mentions a “hybrid approach” that provides good results, but it introduces some complexity and additional effort, so there are some tradeoffs to consider which will impact development time, cost, and user experience.  The bottom line is that making the decision to develop a mobile web app is just the first technical decision among many.  Unless the phrase “money is no object” applies to your project budget, you’ll want to consider your target audience and try to identify that “sweet spot” of which devices should receive a premium user experience, and then have a fallback plan for how other devices should be handled.  Lastly, don’t forget to test on multiple devices too.  HTML should be admired for trying, but there is no such thing as a “write once, run everywhere” technology.
Wednesday, December 7, 2011
Clint Nelms, Network Infrastructure Practice Manager
Do you know anyone who has had their email address compromised?  Have you started to receive spam emails from friends or family members?  Unfortunately this sort of compromise has become more and more prevalent.

Incidents like these indicate someone has used a password guesser to gain access to your mailbox.  Spammers do this to get your address list. They then blast out spam to everyone in your contacts.  Besides being a hassle, this sort of breach makes you feel like your privacy has been violated.  

How to Fight Spammers
Many online services such as Hotmail, Yahoo!®, and local services such as BellSouth are under attack constantly.  Once your account has been compromised, what do you do?  
  • Contact friends and family and tell them not to open any suspicious emails or links from your compromised account.  
  • Immediately change your password. Use a complex password with letters, numbers, a capital letter and a special character such as a dollar sign.  
  • Contact customer support and let them know your account has been compromised.  
What about prevention? 
Google has launched a service called, “2 factor authentication.”  In this configuration you need to authorize a computer before it can be used to check your email, this includes tablets, smart phones, and etc.  To verify your account, you can ask Google to text a verification code to your cell phone. Once you receive the text, log into your mail account on a new computer and you will be prompted for that code. 

The service also creates custom passwords to be entered into smart phones.  In this case, your smart phone uses this code instead of your actual password to check your mail. Although this method is a bit cumbersome, once set up, you will have the peace of mind to know that your mailbox is much more secure and that access to your mailbox can only be accomplished from a device you have authorized.  

For more info on how to set this up, click here.
Thursday, December 1, 2011
Clint Nelms, Network Infrastructure Practice Manager
Forced with budget cuts, local government agencies have turned to cloud computing to streamline their IT needs, lower hardware expenses and improve accessibility and mobility to necessary data. 

In a special report on cloud computing, The Center for Digital Government, in partnership with Public CIO, compiled a list of five government cloud success stories, two of which are at the local government level. 

  • Problem: One year ago, the state of Wyoming was operating 13 different e-mail platforms in its executive branch. Each system required dedicated staff to maintain it, and myriad platforms meant the state lacked a shared address book across all agencies. 
  • Solution: In less than nine months, the state has migrated to a single cloud-based solution, and moved 10,000 state employees to the new platform. The move will save the state more than $1 million annually, but cost reduction is not the only benefit. State employees are able to collaborate in ways that were not possible before. 
  • Problem: What builder isn’t troubled by permit requirement delays? 
  • Solution: By moving to a cloud-based solution for issuing permits, Oregon is dramatically accelerating the approval process for contractors, builders and developers. Oregon’s cloud solution will eliminate jurisdictional confusion and time-intensive paper chases. 
  • Problem: Four years ago, Nebraska was nearly ready to replace its creaky electronic applicant tracking system with a new application. 
  • Solution: Fourteen months into its cloud implementation, Nebraska has a new, more efficient and flexible paperless applicant tracking system, and an entire human capital suite that includes learning performance, succession and compensation management; a better benefits enrollment process; e-procurement; and a core human capital database. 
Hudson County, N.J. 
  • Problem: Ten years after September 11th, disaster recovery remains foremost in county officials’ minds. 
  • Solution: A private county cloud that took just eight months to build now provides back-up for all critical data and applications. Even if county offices are compromised, personnel can log in from any location and keep things going. The Hudson County IT Division’s plan is to offer servers on demand to all the towns in the county, turning its private cloud into a community one.
Nashua, N.H. 
  • Problem: For 30 years, Nashua, N.H., used an internal IT system that had, like a monster in a science-fiction movie, spread its tentacles into every agency in the city. 
  • Solution: When this system was replaced with a hosted ERP solution, city managers are able, to see integrated numbers that show what’s really happening in the city, find and eliminate waste, and change processes when needed. 
The report also takes a deep dive into the evolution of cloud computing technology, identifies the emerging trends, and discusses the exciting implications it has for the future of service delivery. Click the link below to read the results.

Tuesday, November 22, 2011
Scott Miller, Network Engineer
Pin Up the Folders You Use Most 

Windows 7 allows you to “pin up” the folders you use most on your taskbar. Simply hold your mouse over the favorite folder, right click, and drag the folder onto the taskbar. Windows 7 automatically pins itself to the Explorer Jump List. To open the folder, right click on the Explorer icon and select the folder you want.
Tuesday, November 15, 2011
Brian Ocfemia, Network Engineer
The Windows Logo Key
The mouse proved to be a lifesaver for users who want an easy way to navigate Windows' graphical user interface.  Unfortunately, it's not always the most efficient way to interact with your computer.  There are several keyboard shortcuts that can help you save time.  However, one of the most underused keys on the keyboard is the Windows logo key   (found between the CTRL and ALT key).  There are many things that you can accomplish by using this key.  To start with, you can open and close the Start menu just by pressing the Windows logo key .  You can display the desktop by pressing Windows logo key  + D or open Computer by pressing Windows logo key + E.  You can even open any program on your taskbar by pressing the Windows logo key and the number that corresponds to the position of the application on the taskbar (i.e. Windows logo key  + 1 launches the left-most application on the taskbar, Windows logo key + 2 launches the second left-most application, etc...).  For more information on keyboard shortcuts that can make your daily computing easier and more enjoyable go to: http://windows.microsoft.com/en-US/windows7/Keyboard-shortcuts.
Monday, November 14, 2011
Sophicity recently surveyed Georgia cities with populations of 2,500 or greater. We were pleased by the overwhelming response – 144 cities of the 199 surveyed – or a response rate of more than 72 percent. However, the findings generated even more questions and concerns on the state of our cities’ IT infrastructure.

According to the survey results, cities are taking on extremely high risk due to unmanaged break fix environments.  In sum, cities are operating networks that are ripe for IT breaches , data loss, and system failure.

Sophicity surveyed cities on the following questions:
  1. How many people work at the city?
  2. How many people who work at the city are considered IT staff?
  3. Do you use a contractor or vendor in place of IT staff?
  4. If your city does use an IT contractor or vendor, is it for break/fix support or more proactive services?
Seventy eight percent of respondents reactively addressed IT needs. In short that means they are waiting for something to break. Only 11 percent proactively manage IT, while the remaining 11 percent didn’t know.

52 percent of the cities responding had no IT staff and no vendor.

If we break down the responding cities further by population, our survey identified:
  • Cities with populations from 2,500 to 4,999 are more likely to be reactive when addressing IT needs – up to 90 percent of cities in this category responded that they reactively address IT needs or wait for something to break. Only 9 percent proactively managed IT, and the remaining 1 percent didn’t know. 69 percent of the cities in this group don’t have an IT staff or IT vendor.
  • Cities with populations from 5,000 to 24,999 are faring a little better. In this group, 45 percent of respondents are reactively addressing IT needs. Only 10 percent are proactively managing IT, and the remaining 45 percent didn’t know.  More than 65 percent of the cities in this category also work without the benefit of an IT staff or a vendor.
  • Cities with populations from 25,000 to 49,999 are 56 percent reactively addressing IT needs. None of the respondents in this category are proactively managing IT, and the remaining 44 percent didn’t know. Thirty one percent of the cities responding have no IT staff or a vendor.
  • Cities with populations of 50,000 or greater are 21 percent reactively addressing IT needs. Only 7 percent proactively manage IT, and the remaining 71 percent didn’t know. Surprisingly, 43 percent of these cities that responded have no IT staff or a vendor.
The numbers paint a troubling picture and generate even more troubling questions. What city and citizen data is at risk for being compromised, hacked, or lost? What costs are rising from inefficiencies? What services are not being provided that could be? Who will our citizens turn to when a disaster occurs? Will the city be ready to help?

Benjamin Franklin is credited as saying “an ounce of prevention is worth a pound of cure.” That quote is applicable today to cities skimping on IT costs to “save” money. Don’t neglect. Get someone competent and skilled in place to manage the city’s IT needs day to day as well as strategically planning and preparing for the years ahead.

Hire a competent person, Engage a credible vendor, or do both. Don’t fall victim to data loss, system failure, or wasted / dated time consuming inefficiencies.
Tuesday, November 8, 2011
Dave Mims, President
The results are in! On November 2, Govtech.com announced the winners of the eleventh annual Digital Cities Survey. The survey spotlights the municipalities that best show how information and communication technology are used to enhance public service. The survey is conducted by the Center for Digital Government and Government Technology.
The top 10 cities were selected by four different population categories and judged on the following criteria:
  • Enterprise applicability/Impact across multiple program areas
  • Measurable progress from the prior year
  • Hard dollar savings/soft dollar benefits as a result of technology use
  • Innovation
  • Demonstration of effective collaboration 
The cities chosen were selected from hundreds of municipalities nationwide. Winners include cities like Chicago, Corpus Christi, Texas, Eden Prairie, Minn., Honolulu and Virginia Beach, Va.
So, who else made the list? Did your city? See for yourself.
Thursday, November 3, 2011
Ohm Sadasivam, Senior Software Developer
Microsoft has added many useful features in SharePoint 2010. One of interest for developers is support for Language Integrated Query (LINQ). LINQ abstracts us from data source specific syntax such as SQL for SQL Server as well as Collaborative Application Markup Language (CAML) for SharePoint content data. Nice! I won’t steal all the thunder, but if you need to programmatically access SharePoint data and you aren’t already using CAML for SharePoint data access then checkout these two articles on LINQ to SharePoint from Microsoft at http://msdn.microsoft.com/en-us/library/ee535491.aspx and http://msdn.microsoft.com/en-us/gg620622.
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 |