Optrics is an engineering firm with certified IT staff specializing in network-specific software and hardware solutions. Committed to our clients, Optrics provides reliable and cost-effective solutions without performance compromise.
Optrics is excited to announce making #212 on the prestigious Branham 300 Listing of Top 250 Canadian ICT Companies for 2017.
Company representatives cite increased opportunities in wireless networking solutions, virtualization solutions, network attached storage, and anti-spam solutions as strong contributors to their success in the past year, as well as disaster recovery, and penetration testing/training.
The Branham 300, now in its 24th year, is the best-known and most widely referenced listing of Canada's top public and private ICT companies, ranked by revenue. The list also tracks the top ICT multinationals operating in Canada plus Up and Comers, those young Canadian companies Branham thinks will be big hits soon.
Canada’s Top 250 ICT companies delivered another banner year in 2015, generating a revenue total of $105.3 billion, an increase of 9.6% compared to the year prior. So we have a new revenue record for Canada's Top 250 technology companies, and a growth rate almost double the previous year.
"The 2018 edition of the Branham300 once again shows revenue growth in Canada's ICT industry. Revenue generated by the Top 250 tech companies in Canada has grown every year since 2009..." Wayne Gudbranson, CEO, Branham Group
A pioneer in online marketing and commerce, Optrics Engineering provides clients with expertise in computer networking, network storage, security, and IT infrastructure management.
Among the many internationally known organizations that have relied on Optrics for technology solutions are NASA, Microsoft, Best Buy, US Army, Air Force and Navy, DND, Boeing, Lockheed Martin and Mercedes-Benz.
Locally, the firm has worked with the University of Alberta, AMA, Capital Health, Fountain Tire and Fraser, Milner & Casgrain. For a larger client listing go to: www.Optrics.com/clients.
For more information, contact: Blair Zingle, CEO or Scott Young, COO Optrics Engineering 780.430.6240 Email: info@Optrics.com
Optrics is excited to announce making #234 on the prestigious Branham 300 Listing of Top 250 Canadian ICT Companies for 2017.
"The Branham 300 is designed to promote Canada's Information and Communication Technology industry and the people who build technology businesses in Canada. This year, we were thrilled to see Canada's Top 250 companies set another revenue record. It is a testament to the strength of our ICT sector." Wayne Gudbranson, CEO, Branham Group
Optrics is excited to announce making #227 on the prestigious Branham 300 Listing of Top Canadian ICT Companies for 2016.
Company representatives cite increased opportunities in wireless networking solutions, virtualization solutions, network attached storage, and anti-spam solutions as strong contributors to their success in the past year.
The Branham 300, now in its 23rd year, is the best-known and most widely referenced listing of Canada's top public and private ICT companies, ranked by revenue. The list also tracks the top ICT multinationals operating in Canada plus Up and Comers, those young Canadian companies Branham thinks will be big hits soon.
Canada’s Top 250 ICT companies delivered another banner year in 2015, generating a revenue total of $96.1 billion, an increase of 5.7% compared to the year prior. That new record number was driven by the impressive performance of Canada's Top 250 tech companies: 75% of the Top 250 generated revenue growth, and 54% delivered double- and even triple-digit increases.
Optrics is excited to announce making #240 on the prestigious Branham 300 Listing of Top Canadian ICT Companies for 2014.
Company representatives cite increased opportunities in wireless networking solutions, virtualization solutions, network monitoring solutions, and anti-spam as well adding new partners such as Xirrus and VMWare as strong contributors to their success in the past year.
Ottawa, Ontario, April 22, 2014 - Branham Group Inc., a leading global Information and Communication Technology (ICT) Industry Analyst and Strategic Marketing company, is pleased to announce the results for the 2014 Edition of the Branham 300.
The Branham 300 is the definitive listing of Canada’s top publicly traded and privately held Information and Communication Technology (ICT) companies, as ranked by revenues. Canada’s ICT industry continued to move forward in 2013, yet again setting another record with cumulative revenues for the Top 250 Canadian ICT companies increasing by 2.4% to $85B.
For 21 years, the Branham 300 has highlighted the top Canadian and Multinational ICT companies operating in Canada, as ranked by revenues. It illustrates the depth and breadth of innovative technologies developed in Canada and is widely considered to be a leading source of intelligence on Canada's ICT industry. The Branham 300 list consists of the following major categories:
The Branham 300 is published annually on www.branham300.com, as well as in the April/May issue of Backbone Magazine (www.backbonemag.com). Keep up to date with the Branham 300 and Branham Group on twitter at @branhamgroup, through Branham’s Newsletter, or RSS feed.
The Branham 300 media kit can be downloaded here.
A pioneer in online marketing and commerce, Optrics Engineering provides clients with expertise in computer networking, security, and IT infrastructure management.
This article originally appeared in Advantage Magazine, in the Q1 2013 edition.
Optrics Engineering marries diverse staff expertise with supreme client care for the ultimate in computer networking services.
By Christopher Cussat
Optrics Engineering became a highly diversified, network-specific, software- and hardware-solutions specialist as a result of a highly diversified history of company evolution. The firm initially started as FundSoft Information Systems, providing investors with Canadian mutual-fund data and MetaStock Technical Analysis software (which continues today as an Optrics business subunit). During that time, former president and CEO Bording Ostergaard and his strong, technically fluent staff were able to advise and assist clients with any technical problems they were experiencing from their computers or networks. Clients also started asking to buy software through FundSoft, as well as for help getting their businesses online. After an ongoing and continually expanding series of similar requests, Optrics was born.
Today, Optrics is very much an online business with clients throughout North America. “When the phone rings, you never know who it’s going to be - it could be a school down the street, a Fortune 500 company in the US, or a purchaser sitting on an aircraft carrier in the middle of the South Pacific!” says Scott Young, COO and partner. Ultimately, the company helps clients solve networking problems - whether they involve monitoring, security, or storage. “We also own and operate CudaMail, which is a popular spam-filtering service geared towards small and medium-sized organizations,” Young adds.
As far as advantages, Young believes that the company’s web-savvy and online presence are just a few of its many competitive keys. “We’re easy to find online, and we have a suite of solution-specific sites, such as CudaMail.com Spam Filtering, NetworkStorageSolutions.com, FirewallShop.com, and LoadBalancerSolutions.com.” He also notes that Optrics has a well-seasoned in-house staff that has 20-plus years of networking experience. “They can efficiently understand our clients’ problems by using online meeting tools, such as GoToMeeting, and recommend an appropriate and cost-effective solution,” he explains. “Of course, we also do go on-site for local clients.” In addition, Young says that Optrics is a licensed engineering firm, so clients know that it is held to a higher professional code of ethics. “This also makes us an easy and reliable company to work with,” he adds.
Young goes on to explain how specializing in network-specific software and hardware, as well as network management and monitoring, security, and data storage, can provide solutions for his company’s industry.
“Much of what we sell is complimentary, so whether it is professional services or turnkey solutions, we can definitely help clients with whatever problem they’re trying to solve,” he says, adding that Optrics also has excellent relationships with its vendor partners and other organizations in the industry. “So if we can’t help you, we can certainly find someone who can. We like to view ourselves as a one-stop shop.”
Optrics’s short-term goal is to grow its sales team, as well as its products and services offerings, so that the firm can leverage its long-term growth through the $10 million annual sales mark. But Young explains that Optrics’s biggest challenge for the future is finding strong salespeople, especially those with experience selling IT solutions.
Like many small businesses, Optrics has experienced its fair share of trials and tribulations, but Young says the key to his company’s longevity and success is all about how clients are treated and the people who work there.
“We’re committed to our customers and always answer the phone with a live person - our goal is to create satisfied customers and not just sales,” he says. “It boils down to having a solid team of people with a variety of experience and expertise (as well as personalities) that always help keep the ship upright and moving forward.”
Optrics is excited to announce making #242 on the prestigious Branham 300 Listing of Top Canadian ICT Companies for 2013.
Company representatives cite increased opportunities in network storage solutions, virtualization solutions, network monitoring solutions, and anti-spam as well adding new partners such as Dell and NetApp as strong contributors to their success in the past year.
Ottawa Ontario, April 23, 2013 - Branham Group, a leading global Information, Communication, and Entertainment (ICE) Technology analyst and strategic marketing company, is pleased to announce the results from the 2013 Edition of the Branham 300, the definitive listing of Canada’s Information and Communication Technology (ICT) industry leaders, as ranked by revenues.
“With the lingering effects of the economic downturn all but gone in 2011, the Canadian ICT industry generated impressive growth over the past year in order to set a new Branham 300 revenue record,” said Wayne Gudbranson, President and CEO of Branham Group. “Canada’s largest tech players as well as companies within the SMB segment closed strong fiscal 2011 campaigns, an indication that companies of all sizes experienced the market rebound. Looking forward, Branham expects the industry to build on its 2011 performance and post strong single-digit growth in 2012.”
For nearly 20 years, the Branham 300 has highlighted the top Canadian and Multinational ICT companies operating in Canada, as ranked by revenues. It illustrates the depth and breadth of innovative technologies developed in Canada and is widely considered to be a leading source of intelligence on Canada's ICT industry. The Branham 300 list consists of the following major categories:
Optrics is excited to announce making #276 on the prestigious Branham 300 Listing of Top Canadian ICT Companies for 2012.
Ottawa Ontario, April 24, 2012 - Branham Group, a leading global Information, Communication, and Entertainment (ICE) Technology analyst and strategic marketing company, is pleased to announce the results from the 2012 Edition of the Branham 300, the definitive listing of Canada’s Information and Communication Technology (ICT) industry leaders, as ranked by revenues. Canada’s ICT industry got back on track in 2011, as cumulative revenues for the Top 250 Canadian ICT companies combined to set a new Branham 300 revenue record in 2011, increasing sales by 11.75% to $82.62B, surpassing the high of $75.97B achieved in 2008.
Optrics is excited to announce that they've partnered with NEC, to offer their line of SAN Storage devices, as well as their FT Fault Tolerant servers.
NEC's D-Series SAN Storage arrays provide highly available and easily scalable storage for your SAN without sacrificing performance and flexibility. They include high-end features you won't find on other mid-range arrays, but at a lower cost than other systems. There are four models - D3i, D3, D4, and D8 - as well as a complete array management suite for businesses of all sizes that includes snapshots, replication, performance management, multipathing, failover, compliance, energy conservation, and more.
more information on D-Series SAN Storage Arrays
more information on Fault-Tolerant Servers
Optrics Engineering, a diamond partner of Barracuda Networks, which specializes in e-mail and web security, said workers should be aware everything they're doing is marked and logged - even things they might think are innocent.
“The equipment that most organizations install nowadays have months and months of logged data and information about every single message that goes in and out of the company, or every single URL or website that's been visited” he said from Edmonton.
What's more, some filters are set or configured to display a message notifying users that a particular website they're trying to visit has been blocked.
“Even though it is blocked, it still logs the fact that they attempted to go to it” he said.
In most cases, Bonanni said companies are trying to protect themselves against virus infection, but in some instances they're looking for something specifically to prevent abuse.
**excerpt from Globe & Mail Article. Original can be found here.
Optrics Engineering, a Barracuda Networks Diamond Partner since 2004, was recognized at the recent 2008 Barracuda Networks Partner conference in San Jose California, as Barracuda's 2008 Highest Revenue Partner for total Barracuda sales in North America.
Optrics, with its dedicated Barracuda.Optrics.com website, provides a full offering of Barracuda products and services from competitive quotes, to installation, configuration and full training for small business clients to large enterprises.
With this recent second award formally acknowledging the success of the Optrics business model backed by the strength of Barracuda's leading-edge technologies, Optrics is well positioned for continued future growth as a Barracuda market leader.
Optrics is a Barracuda Networks Diamond partner.
Consulting clients on how to maximize the use of network and Internet technology to advance their businesses has once again brought national recognition to Edmonton-headquarteredOptrics Engineering. The Internet-based engineering firm has been identified in the 20th annual PROFIT 100 ranking of Canada’s Fastest-Growing Companies by PROFIT Magazine.
“We are thrilled to have our company achieve the # 68 position on the PROFIT 100, and honored to have now received this recognition three years running” says Optrics Engineering principal Bording Ostergaard.
“Our model is simple, we assist our clients in making the best use of available computer and network technology for their needs,” says Ostergaard, with the company’s revenues on target in spite of challenges with the US dollar in what is now a competitive global export business.
Ranking Canada’s Fastest-Growing Companies by five-year revenue growth, the PROFIT 100 profiles the country’s most successful growth companies. Published in the June issue of PROFIT and online at PROFIT100.com, the PROFIT 100 is Canada’s largest annual celebration of entrepreneurial achievement.
“In 2001, we specifically chose the World Wide Web as the appropriate vehicle to showcase our expertise, products and consulting services to the world,” says Ostergaard. “We believe we were among the first and continue to be one of the few Canadian engineering companies to commit 100 percent to an Internet-based marketing strategy and it is most gratifying to see that this early vision was a key strategic move for our company. Current success has come about through the hard work, commitment and creativity of our staff and current growth rates are continuing this trend.”
The PROFIT 100 are role models for anyone who wants to expand their business domestically or internationally,” says Ian Portsmouth, editor of PROFIT. “All entrepreneurs can take great lessons from the product development, human resources and marketing practices of Canada’s Fastest-Growing Companies”.
A pioneer in online marketing and commerce, Optrics Engineering provides clients with expertise in computer networking, security, and IT infrastructure management. Among the many internationally known organizations that have relied on Optrics for technology solutions are NASA, Microsoft, Best Buy, US Army, Air Force and Navy, DND, Boeing, Lockheed Martin and Mercedes-Benz. Locally, the firm has worked with the University of Alberta, AMA, Capital Health, Fountain Tire and Fraser, Milner & Casgrain. For a larger client listing go to: www.Optrics.com/clients.
PROFIT: Your Guide to Business Success, is Canada’s preeminent publication dedicated to the management issues and opportunities facing small and mid-sized businesses. For more than 25 years, Canadian entrepreneurs across a vast array of economic sectors have remained loyal to PROFIT because it’s a timely and reliable source of actionable information that helps them increase their revenues, boost their profitability and get the recognition they deserve for generating positive economic and social change.
Published six times a year by Rogers Publishing Ltd., PROFIT is distributed almost exclusively to the chief executives of companies with 5 – 250 employees and annual revenue of $1 million to $25 million, reaching more than 300,000 readers across Canada. Visit PROFIT online at www.PROFITmagazine.ca.
For more information, contact: Bording Ostergaard, P.Eng. Optrics Engineering 780.430.6240 Email: bording@optrics.com
Optrics Engineering, a Barracuda Networks Diamond Partner since 2004, was recognized at the recent 2007 Barracuda Networks Partner conference as Barracuda's 2007 Top-Performing Global Partner for total Barracuda sales in all regions and countries of the world including the USA.
Optrics, with its dedicated barracuda.optrics.com website, provides a full offering of Barracuda products and services from competitive quotes, to installation, configuration and full training for small business clients to large enterprises. With this recent award formally acknowledging the success of the Optrics business model backed by the strength of Barracuda's leading-edge technologies, Optrics is well positioned for continued future growth as a Barracuda market leader.
Over the years, fate has dealt Edmonton entrepreneur Bording Ostergaard, P.Eng., plenty of adversity. What does he have to show for it? An Alberta Fast 50 company, of course, and back-to-back national PROFIT 100 awards
By Tom KeyserFreelance Columnist
With a wry grin, he refers to them as character-building experiences - CBEs for short. Those would be the challenges faced and adversities vanquished as Bording Ostergaard, P.Eng., blazed his bumpy and interesting career path.
When the founder and CEO of Optrics Engineering of Edmonton ticks off the list, he starts with the traffic accident. It happened in 1991, not long after he'd earned his electrical engineering degree from the University of Alberta. His vehicle was rear-ended with terrible force, and the severe and debilitating injuries sidelined Mr. Ostergaard from his career.
After an extended convalescence, the undeterred Mr. Ostergaard created an investment concern in partnership with a licensed mutual-fund dealer. But then, in 2001, after several years of hard work rebuilding his career, his colleague, then in his early 40s, died suddenly.
Without a fund dealer’s licence of his own, Mr. Ostergaard couldn’t carry the business forward. What now? The resourceful Mr. Ostergaard turned his energies in another direction — the aggressive development of a company he’d created earlier as a sideline.
Today known by Optrics Engineering, the name adopted in 2001, the company recently cracked Alberta Venture magazine's Fast 50 as one of the province’s most compelling growth stories. At press time, Profit magazine is acknowledging Optrics for the second year in a row as a national PROFIT 100 company.
And for good reason. Optrics has carved a profitable and fast-growing niche within a global market, providing network consulting, troubleshooting and training services, combined with network-specific hardware and software sales on networks as large as several thousand nodes spanning multiple continents.
With three partners, Mr. Ostergaard has assembled a solid-gold client roster. This isn’t empty rhetoric - the company’s clients include CBS, Boeing, CBC, Raytheon, Wal-Mart, Wells Fargo and even the U.S. Social Security Administration, to name only a few.
Optrics is staffed by a compact, loyal and efficient team, which performs out of proportion to its 10-person size. Some of that stems from Mr. Ostergaard’s upbringing on a central Alberta farm, where he developed spartan work habits and a positive outlook.
"It’s funny, but I find that the harder I work, the luckier I get," Mr. Ostergaard says.
Oh yes. Luck. Let’s get back to that CBE list.
As recently as 2004, Mr. Ostergaard had little time to contemplate a prosperous future. He was too busy struggling to recover from his most recent disaster — intensive flooding caused by a freak 100-year hailstorm that pummelled Edmonton on July 11.
It was a black day in Optrics’ history. "We were hanging on by our teeth," Mr. Ostergaard confessed to Profit magazine last year.
Many of the company’s troubles crawled from a hole in insurance coverage. The fiasco cost Optrics about $100,000 in all, not including countless hours of unpaid labour, as Mr. Ostergaard and his staff fought to get the operation back on its feet.
Their efforts paid off. With revenues on track and his team growing comfortable with 4,000 square feet of modern office space on Calgary Trail, things have turned out better than Mr. Ostergaard could have dreamed.
It's even a different kind of company than the one he first envisioned.
Originally incorporated as FundSoft, Optics began as an Internet-based financial services company in the mid-1990s. It used newly developed, in-house software to compile and distribute Canadian mutual-fund data.
By spotting market trends, the company helped brokers and dealers manage the fund investments of their own customers, and at its peak was directly involved in the management of over $100 million in funds and secondarily involved with other dealers to over $1 billion.
But as years passed and web-based technology became more sophisticated, the company’s scope broadened. Mr. Ostergaard refers to it as a "growing base of knowledge and expertise about data systems, data management, networks, computer technology, software development and programming."
Add that to business savvy and a demonstrable expertise in Internet marketing and sales, and you can see why Optrics has succeeded to the tune of annual revenues anticipated to surpass $5 million this year. The company has shifted gears with the marketplace, taking full advantage of its expanding skill sets and showcasing Alberta engineering and business talent to the world.
Optrics has also relied on a lean and effective business model, Mr. Ostergaard professes. "We carry virtually no inventory. Most of what we sell is intellectual property, knowledge and consulting services," he says.
"We do 99 per cent of our business through the Internet, including a training component and repairs, so we rarely have to leave the office." Very few clients have ever been met face-to-face.
Revenues are rising, and Mr. Ostergaard's partners are taking on more responsibility for day-to-day operations. That has Mr. Ostergaard thinking about a well-deserved break: "I could do with a three-month vacation in Europe," he confides.
While there, perhaps he'll keep an eye out for new opportunities.
"Someone once described himself as a serial entrepreneur," he says. "I'd say that applies to me as well."
If ranking 44th on the PROFIT 100 in 2006 was a sign that Optrics Engineering was a rising force on the Canadian entrepreneurial scene, then advancing to 39th in 2007 signals the Edmonton-based corporation is on track to connect a burgeoning global market of IT administrators and engineers with only the very best vendors of network-management and security hardware, software and services.
“Finding ourselves a PROFIT 100 company in 2006 was a pleasant surprise but certainly a consequence rather than a goal,” says Bording Ostergaard P.Eng. CEO, “and the result of focused effort to be a leading pioneer in online IT sales and consulting. Our success has come as much from simply trying to keep up with all the companies that have chosen to reach out to us for our expertise in addition to our ability to deliver true leading-edge IT solutions.”
Ranking Canada’s Fastest-Growing Companies by five-year revenue growth, the PROFIT 100 profiles the country’s most successful growth companies. Published in the June issue of PROFIT and online at PROFITguide.com, the PROFIT 100 is Canada’s largest annual celebration of entrepreneurial achievement.
“Internet marketing expertise in addition to technical expertise is what sets Optrics apart,” says Ostergaard. “You can have the best products and services in the world but if your clients can’t find you, nothing ever leaves the shelf. On the other hand, if you are successful at being found but don’t understand what it is you are selling, especially in the high-tech area, customers will not have the necessary confidence to choose you as their provider. Optrics’ success is due to its strength in both of these key areas.”
According to Ian Portsmouth, editor, “Profit 100 companies are the new heroes of Canadian business, creating jobs at home and products used around the world. They’ve accomplished this by building great employee teams, exploiting export markets and rapidly responding to customer’s fast-changing needs.”
PROFIT: Your Guide to Business Success, offers news, strategies, tips, interviews and other resources to entrepreneurs leading Canada's fastest growing companies. Each year PROFIT—which currently reaches 373,000 readers nationally—hosts a number of events that bring together business leaders in the fast-growth segment and champions the interests of those leaders. PROFIT was founded in April 1982, as Canada's first national magazine geared to entrepreneurs. Visit PROFITguide.com.
For more information, contact: Blair Zingle, COO or Bording Ostergaard, P.Eng. CEO Optrics Engineering 780.430.6240 Email: info@Optrics.com
In order to reach out to customers world wide who need help to secure and harness the power of their high technology infrastructures, Optrics Engineering cast itself into an engineering consultancy and e-commerce enterprise that is not only exemplary at maximizing the benefits of the very technologies and solutions Optrics sells, but is also streamlined for doing business on the Net. So streamlined, in fact, it landed Optrics Engineering the #14 spot on Alberta Venture’s 2007 “Fast 25 Under $20 million.”
With an impressive 3-year revenue increase of 126%, and 2006 revenues totaling $4,389,860 listed in Alberta Venture’s index of the fastest growing companies in the province, the question is how does a professional high-tech consultancy sustain such a lean and hungry business model in a booming Alberta economy?
“We do most of our business online, including training and repairs.” Optrics Engineering CEO, Bording Ostergaard, comments in Alberta Venture’s January 2007 issue. “We don’t have to leave the office so we don’t incur the expense of having people on the road.”
Even with Edmonton’s runaway real estate market, basing online operations here still beats maintaining outbound sales and technical teams.
“We operate our entire business out of 4,000 square feet in Edmonton and our inventory is extremely low,” Ostergaard explains. “So increasing overhead is more of an annoyance than a big problem.”
Consulting clients on how to effectively maximize the use of computer and Internet technology in their businesses has brought national recognition to Edmonton-headquartered Optrics Engineering. The Internet-based engineering firm has been identified as one of Canada’s Fastest-Growing Companies by PROFIT: Your Guide to Business Success magazine in their 18th annual ranking.
“We are thrilled to have our company achieve the # 44 position on PROFIT 100,” says Optrics Engineering principal Bording Ostergaard. “For a company that has never met 99.9 per cent of our clients face-to-face, this accomplishment has come about solely through the trust our clients have in our ability to solve and deliver on their IT challenges.”
“Our expertise is assisting our clients to make the best use of available computer and network technology for their applications,” says Ostergaard with the company’s revenues on target to achieve $5 million this year.
Ranking Canada’s Fastest-Growing Companies by five-year revenue growth, the Profit 100 profiles the country’s most successful growth companies. Published in the June issue of PROFIT 100 and online at PROFITguide.com, the PROFIT 100 is Canada’s largest annual celebration of entrepreneurial achievement.
“In 2001, we specifically chose the World Wide Web as the appropriate vehicle to showcase our expertise, products and consulting services to the world,” says Ostergaard. “We believe we were among the first Canadian engineering companies to commit 100 percent to an Internet-based marketing strategy and it is most gratifying to see that this early business decision was a key strategic move for our company. Current success has come about through the hard work, commitment and creativity of our staff and current growth rates are continuing this trend.”
“The PROFIT 100 are role models for anyone who wants to seize today’s best business opportunities,” says Ian Portsmouth, editor of PROFIT. “By differentiating their products and applying creative management thinking, Canada’s Fastest-Growing Companies are outpacing the competition at home and abroad.”
By Shari WeissFreelance Writer from California
Maintaining a secure and compliant data environment is a challenge for companies of all sizes but mid-tier companies often find themselves stuck in the middle when it comes to finding cost-effective systems and processes for meeting regulatory requirements.
With regulatory compliance costing well into six and seven figures for large enterprises, and the packaged technology designed for small businesses ill-suited for larger networks, what are mid-tier organizations to do?
While mid-sized companies still face the myriad of obstacles in complying with regulations like Sarbanes-Oxley and HIPAA, the likely don't have the budget, personnel, and existing infrastructure to get the job done.
"The key is to demonstrate that you are making your best effort to meet legal requirements and secure your information network and system administration," says Bording Ostergaard, CEO and founder of Optrics Engineering, a professional engineering firm with staff specializing in network design, security and network-specific solutions. "A mid-tier company that does nothing has already, in a sense, agreed that they have failed to comply. If a problem arises or an audit is scheduled, this company may face severe liability issues. Everyone has areas of responsibility, and mid-tier companies do not usually have the resources to fund internal personnel and whole departments to address compliance issues.
"An alternative option is to hire an outside security professional and/or deploy a security appliance, thereby, in effect, buying liability insurance in the form of being able to point the finger in the direction of the hired expert or service," Ostergaard says.
The recently discovered Windows metafile security hole is a perfect example of the challenges and liabilities of ever thinking you can safely tell people their network is secure and in compliance, according to Ostergaard. "At best all you can do is provide your best efforts or best-intentioned opinion based on defined criteria you are confident you can monitor and assess," he said.
With new threats released so often, security is a moving target, according to Vann Abernethy, executive vice-president and CTO at Avanton, a vendor partner of Optrics. Avanton provides multi-function security products that eliminate the complexity gap for small- to medium-sized businesses to secure and manage their networks and meet regulatory demands.
"Mid-tier companies typically have smaller IS staffs with either no dedicated security officer or an overworked network administrator who has the added burden of being the compliance officer. They do not have the resources to purchase sophisticated solutions where staff members have to go off site to get certified, a process that could take a week or more," Abernethy says. "Our solution presents information that is useful to the average IT person, whether that be a systems administrator or network administrator. A person doesn’t need a super secret decoder ring to figure out our product. Just good, solid networking and systems administration knowledge is enough, a level of technical expertise required to be in those positions in the first place. We cater to that level of knowledge."
Avanton does not sell its products direct, but works with value-added resellers like Optrics to introduce its appliance-based system to mid-tier companies. This was how Reading Eagle Company found its compliance-department-in-a-box.
Reading Eagle Company has been Reading, PA's local news source for more than a century, but in the last decade the organization has decided to venture into e-mail and web hosting, not only for their own purposes, but for other companies, as well. Over the past two years, this hosting business has sky-rocketed to more than 150 hosted Web sites, with hosted e-mails and other Web services, according to Roy Quickel, IS network administrator at Reading Eagle Company.
Reading Eagle Company had been able to develop direct relationships with a few technology vendors for computer hardware and software needs as well as networking hardware and switches. "But when it came to compliance issues, we were pretty much on our own," says Quickel. "With the sheer volume of Web sites hosted on our property, many of which are being provided with e-commerce solutions, we are subject to compliance reports.
"Compliance is a serious concern," Quickel continues. "We went looking through the Web for a solution and saw Avanton’s ReadyARM come up on the Optrics Web site. Optrics partnered with some of the same vendors already used by Reading Eagle Company, and their customer list impressed the staff of the news company. There was an element of trust that they were telling us what we need to know."
Reading Eagle Company did check out other vendors for basic set up costs and support, but the nearest competitor’s charges for the same type of solution were four times higher. "During our ‘Try and Buy Agreement,’ we decided the ReadyARM device met, and even surpassed, our needs for central monitoring and compliance reports, giving us exactly the support and functionality we were seeking," said Quickel who implemented the appliance-based system in October, 2005.
The hardware device plugs into a network device to monitor traffic, according to Quickel, who noted that, similar to an IDS, it sits outside of band so that it doesn’t affect bandwidth. "This solution gives our small staff a nice central location to view things like system logs and network equipment. It does vulnerability scanning so we can determine how severe a threat might be," he adds.
"Centrally located management and monitoring enables us to identify and respond to problems much quicker," Quickel explains. "I can go to one device and review the whole picture. With this product we did not have to make any changes to our infrastructure, nor did we have to retrain staff."
Quickel said that ReadyARM provided his company with a consolidation strategy that put several critical components into place: vulnerability detection, intrusion detection, system logs, and auditing reports.
Compliance involves a four-step lifecycle process, according to Abernethy of Avanton. ReadyARM handles the first two steps: monitoring the network and generating reports. The third step is analysis, which is often handled by local administrators, but can also involve outside consultants. The fourth step, remediation, involves implementing changes in security policy to address flaws that were uncovered during the analysis and/or fixing specific issues—for example, low patch levels. These may require additional solutions. A systems integrator and network specialist like Optrics can offer advice specific to the problem.
IS managers of mid-tier companies can meet compliance requirements without revamping the entire IS infrastructure and retraining the workforce by implementing a two-fold approach, said Abernethy. "First you must have a defined policy and communicate it to the workforce," he says. "You do not have to change anything. But, secondly, you must enforce that policy. Where you find flaws in the policy, you will need to make changes. This does not require administrators to do a lot if they have something in place to identify threats and policy deficiencies and fine-tune when those are detected. This does not have to impact normal users."
Abernethy describes security as information warfare. "Most of today’s companies have some type of firewall and some flavor of antivirus," he explains. "These are the two biggest problems: defending the perimeter, i.e., the connection to the Internet and defending companies from themselves, i.e., users who download tainted files and click on problem sites. However, where mid-tier companies often fall down is that they forget the firewall is designed to not only stop things, but also allow access in and out over certain ports and protocols, and those ‘holes’ can be taken advantage of.
"The only way to completely stop things from coming in through the firewall is to unplug everything, but, of course, this is not a viable solution," Abernethy continues. "You must defend against what is coming in, but, more importantly for compliance issues, you must be diligent about what is going out. Knowing what is going on in your network allows the local administrator to make an informed decision about what steps are necessary to affect change and shore up security. If you talk to regulators and auditors, they will tell you that when they look at companies, 10 percent of issues involve the perimeter while 90 percent concern what is going on within the network. Polices must be kept up-to-date and enforced. To do that, companies need to be able to shine a bright light into the dark corners of the network."