Canadian Web Hosting Blog and News
29Jul/110

6 key takeaways on Google+

It’s been weeks since Google+ has launched and there has been numerous articles on various tech blogs. By now, you most likely have received a Google+ invitation. In this post, we’re doing the heavy lifting, so that you don’t have to spend hours figuring out the latest beta Google project:                     

After testing this new tool within our team, we’re sharing our first take on this latest online buzz with the following 6 key components:

1. Circles
To make Google+ work for you, the first thing on your list should be to find your friends (or invite them first), then add them to circles. Some examples could include family, friends, co-workers, social media, tech bloggers, celebrities, etc… In other words, you can view these circles as filters to be used in your stream later on.

2. Stream
When you first log into your Google+ page, you land on your main stream which consists of all the information shared from all of your circles. However, by clicking on the category that you created earlier (see circles), you can quickly filter out information that you only want to view. For example, if you only care to find out what’s currently happening with your co-workers, you would simply hit your “co-workers” circle under the stream on the left hand corner and only their feeds would show up.

3. Sharing (+1)
Sharing information is similar to Twitter or Facebook when it comes to sharing what’s on your mind at the moment. The main difference is that when it’s time to publish it, you have the choice to pick the circles that you’d like to share it with. An example would be if you’re sharing a family photo, you might only want your family members to view it because it’s personal to you. You’re in control of who gets to view the data that you end up sharing.

As you are surfing the web, more and more sites are including “+1” sharing button and as you click on it, these +1’s will appear onto your own +1 timeline. This aggregates all of your internet findings similar to social bookmarking sites like Delicious, Digg, reddit, etc… Also, as your circles search the internet, your +1’s will show up in their searches with your name showing up saying, “Canadian Web Hosting shared this,” underneath the link. This feature socializes your searches and give you context as to whom in your circles have already come across similar content that you’re searching for.

4. Hangouts
This feature is fun to try with friends or perhaps when you want to collaborate live on a project. With this, you’re able to pick a circle and spend some facetime via video chat with anyone from that circle who happens to be online. You can even join current hangouts that are happening.

5. Sparks
Google+ already features certain categories such as soccer, recipes, cycling, movies, gardening and more. You pull up keyword searches such as “iPhone” and add them to your interest. When you click on any of your saved searches, news from all over the web are aggregated directly onto your Sparks page.

6. Business Pages
As of right now, Ford is the only company testing Goople+ on behalf of businesses. Compared to Facebook or Twitter, the white, very clean interface, makes it easy to view any content that they’re sharing. As more businesses get to test this new platform, it’ll be interesting to see how the public responds.

Closing Remarks
As most tech bloggers have concluded, it’s still too new to predict if Google+ will take over Twitter or Facebook. One strong sentiment seen from across the web is that Google+ needs more users for it to be beneficial for any end users including companies and when you put it side-by-side with Facebook, it feels harder to be heard when your audience is so small. Once we start seeing more growth in their user base, we might start seeing more momentum and even more buzz surrounding their new platform.

On the other hand, the circles appear to be powerful since it filters out all of the noise that Twitter and Facebook currently have. There is an overwhelming amount of content on the internet and with the help of the circles, we can be more productive in receiving all of this data.  It really helps categorizing the things that we’re interested in and the people that we actually care to follow.  The process of creating circles seems a lot less daunting that creating lists on Facebook or even Twitter; drag and drop is easy. Finally, it’ll be worth following changes that all of the other social media platforms choose to develop as Google+ refines its own features.

You may view their demo to learn about Google+ in more details too.

20Jul/110

How to Find the Best Firewall Option for Business

How do you protect yourself and your business online? This is an integral question that you need to set before, during and after your deployment goes online.

In looking at options for Linux, CSF (ConfigServer Firewall) is our preferred option as it provides proven security and a more friendly interface through cPanel which for a lot of web hosting users is an ideal mix.  CSF at its core is an SPI iptables firewall, otherwise known as a Stateful Firewall, and is a highly scalable solution that is comprehensive, straight-forward and very flexible to configure.   Here is a link to the feature set of the firewall, and most good web hosting companies will offer this at no cost.

Some Pitfalls
When looking at software firewalls like CSF, there are some potential pitfalls that can occur when using a software based-firewall. For starters, the firewall is on the server itself and if you are carrying a lot of traffic, your server may not be able to handle the amount of traffic that your business is experiencing.   Its direct affect in the case of web hosting, is that your server’s ability to handle the incoming traffic is taken away because it has to spend time processing traffic coming into the server through the firewall before it can handle the actual connections.

A second potential drawback that can occur is that if your operating system firewall is not configured correctly, it is possible for your server to become completely inaccessible and in some cases even more vulnerable to attacks than it was before.   In looking at the scenario, a malicious user could gain access to a web site hosted on your server and ultimately gain access to an administrator’s account and modify your firewall to give them access.

One of the most significant benefits is that a hardware firewall takes the load off of the server.  This includes activities like processing firewall rules, controlling traffic (including the ability to have a predetermined amount of concurrent connections), application layer protection and deep logging features.  Though similar in functionality to software firewalls, the dedicated hardware option tends to be much more robust in its ability to block certain types of traffic.  In addition, for web hosting customers who have multiple servers, hardware firewalls are better able to handle the traffic for multiple servers and can differentiate between what traffic is allowed to one server but not to another.

Cisco ASA Firewalls
Let’s look deeper into a very popular line of hardware firewalls – Cisco ASA firewalls.  In the case of the Cisco ASA firewalls, they can provide a 1-to-1 NAT-based firewall solution, where machines behind the firewall maintain internal IP addresses, and can be accessed through a public IP address.  Here is a sample diagram of a NAT setup as demonstrated on Wikipedia:

This provides further security to your network by concealing your internal network, thereby making it harder for a malicious user to look at your network.

Another great feature is that Cisco ASA firewalls can provide transparent firewall functionality.  Cisco defines a transparent firewall as a “Stealth Firewall” that allows the firewall to connect to the same network on its inside and outside ports.  Though hidden, a transparent firewall still interprets the data and will restrict traffic unless explicitly permitted in the access list.  This type of configuration is a great option for users who already have a pre-existing network because the end users do not need to re-address IP. This simplifies the configuration as there is no translating involved. The public server IP address is the one being configured.

Many firewall appliances, including the Cisco ASA series and Juniper SSG series, provides advanced features and allows for further functionality as a VPN access point. In turn, it can provide access to an end-users internal network in a secure and reliable fashion, again taking more load off of the servers.

What is the best firewall option?

The best option depends entirely on the individual requirements for your web hosting solution.  If you don’t have much experience in securing a server for use on the Internet or you are the administrator of a low-traffic website, we would typically recommend a software-based firewall.  But if you have multiple machines or you are an experienced system administrator with higher security requirements for your servers/network, we would recommend a hardware firewall solution.  Of course, there is always a third option.

In the end, all of these options possess user friendly interfaces and provide security. You have to assess your own comfort level when making your choice, but overall, our aforementioned options are great solutions to help you keep your data secure. For more comprehensive security, you can implement both solutions and have something to fall back on, in the event that a personal computer gets compromised and a malicious user tries to infect your servers behind your firewall!

Ultimately, no matter why type you go with - some security is better than no security.

Filed under: Web Hosting No Comments
14Jul/110

SAS70 and What it Means To You

Since we (www.canadianwebhosting.com) completed our recent SAS70 Type II and CICA 5970 audits, we’ve been getting a lot of questions about what it means and why these types of audits are important to a business and their operations. To understand the full benefits, it’s important to understand why the audit process was created. SAS70 stands for for the “State on Auditing Standards No. 70”. This audit standard was created to identify organizations that are willing to hold themselves to higher standard of commitment and to provide transparency of their “controls” and processes that a company or organization claims to have to protect customers and their data.


“Controls”

One very significant difference between leading hosting companies is what is defined as a “control” and how it is used.  We spent a lot of time reviewing this internally, and with other leading subject matter experts; all to gain a better understanding of what is required to have a verifiable control.  Based on those discussions, we defined a “control” as a process, policy or tool (hardware or software) that a company has in place to enforce a specific claim. For Canadian customers, this is especially important, as PIPEDA requires your hosting company to meet specific privacy and security requirements, and by measuring these controls, one can have a level of security that your requirements are being met. It is important to consider that not all types of audits can give you this level of surety.  When an independent auditor is engaged, the hosting company has two options - Type I and Type II.

Listed below are the descriptions of the different types of audits as defined by our an independent auditor SAS70cpa.com including the described benefits of each:

Type I Audit

A SAS 70 Type I, officially known as a “Report on Controls Placed in Operation” or a Type I Service Auditor’s Report, is intended to provide user organizations and user auditors with information about the controls in place at a service organization that may be relevant to the user organization’s internal control over financial reporting. Materiality of the services provided by the service organization to the user organization is taken into account by the user auditor in planning an audit of the user organization.

What is significant about this type is that unlike a Type II SAS 70 audit, no testing is performed to determine the operating effectiveness of the controls described in the report. Therefore, a Type I report does not provide user organizations or their auditors with a basis for reducing their assessment of control risk below the maximum level. A Type I report is not an acceptable replacement for first-hand testing in conjunction with financial statement audits or Sarbanes-Oxley (SOX) compliance. For this reason, Type II reports are highly preferred by user organizations and their auditors. The Type I reports are generally used only for informational purposes and carry weight because a licensed third party CPA firm verified information contained in the report.

Type II Audit

A SAS 70 Type II, officially known as a “Report on Controls Place in Operation and Tests of Operating Effectiveness” or a Type II Service Auditor’s Report, is an independent third party verification by a licensed CPA firm as to whether control activities described by a service organization were suitably designed to meet specified control objectives and were in place and operating effectively over a period of time that is typically at least a six month period. The Type II auditor's report deals with the fairness of presentation of the internal controls, the design of the controls with regard to their ability to meet defined control objectives, and the operation effectiveness of those controls over the defined period.

Obviously, we are not all CPA’s or experts in identifying and measuring controls. So, what should you look for in these audit reports? One should carefully note the description of controls and it should cover items such as:

  • Facilities and asset management
  • Physical and logical security
  • Logical access and access control
  • Network and information security
  • Backup and recovery
  • Organizational and administrative controls
  • Security policies, reporting, and monitoring
  • Computer operations

This is the essence of how seriously the hosting provider takes their processes and systems to assure repeatability and verification of their controls.

 

7Jul/110

Microsoft Launches Office 365

Last Tuesday, Microsoft launched Office 365, their newest cloud service now available in 40 markets. By using this new tool, you'll have access to any of your documents, emails, calendars, contacts and more as it brings together Microsoft Office, Microsoft SharePoint Online, Microsoft Exchange Online and Microsoft Lync Online.

As a small or midsize enterprise, you can benefit from being connected to any of your documents in real time thanks to their cloud service. This tool will help increase and enhance your own productivity along with your employees. Collaborating on projects will be easier and more seamless than ever since Office 365 allows you to share calendars and ideas at the same time.

Office 365: Ready to Work Whenever You Are

Why should you think about using Office 365? It's simple. It's already enterprise ready and it works on all the browser platforms. For example, compare it to the Google Apps, it stands to be a lot more robust with all the full features that Word and Excel or Powerpoint offer rather than very basic functioning apps that can't work offline (Google plans on changing that soon). With Office 365, you can run the apps on your desktop or in your browser and everything looks the same, there's no headache. Besides, since most of the marketplace is dominated by Microsoft, here, they're providing us with a solid solution in becoming more efficient on how we access any data on the go anywhere at any time.

You can also learn more by visiting the official Microsoft page or find out how you can start exploring these benefits directly by visiting our offer page for only $7 per month per user.

Tagged as: No Comments
5Jul/110

When is the Best Time to Tweet for Small Businesses?

In the Twitterverse, conversations happen around the clock, however, there are certain aspects to consider when tweeting. With limited time on their hands, it's important for small businesses to understand the best times to tweet throughout the day in order to maximize their social interaction with their audiences.

Here are three key components to consider:

1.     Location & time zones
Where are your customers located? The time zones that they are in will affect the times that you should be online listening to their conversations, engaging with customers and/or replying to questions or simply providing pertinent content to your community. For example, in North America, if your office is on the West coast and your customers happen to live mostly on the East coast, you’ll want to consider adapting your work schedule around their own hours of operations.

2.     Timing during the day
According to a recent survey, the best times to tweet are in the afternoon around 5 pm EST and by doing so, you will have a greater chance to get retweeted as well. Spending more time in the afternoon will benefit your company in the long run because with the more retweets that you receive, the more exposure you will get.  Also, noon and 6 pm EST have more online traffic during those times as people go to lunch and get home from work respectively.

3.     Days during the week
Using the data from the aforementioned survey, the best days to focus your social media efforts should be midweek and on weekends. This will allow you to start off your week and gather or create content for the later part of the week.

These components will vary from business to business and in the end, it’s in your best interest to understand your customers’ online behavior to gauge the best times to tweet.

Are you a small business owner? Have you found other tricks that have worked for you? Please share your comments.