/usr/local.com

20%

January 2nd, 2010 | by | security, sysadmin

Jan
02

We launched our Hosted Exchange 2007 Product just over a year ago. And for the most part, things have gone great.

One of our early decisions was to balance the security of the system while making the system as user friendly as possible. Originally, we had a pretty strict password policy. We soon found that many of our customers were not too happy with this policy and thought it was too much. Were we out of control security freaks? Shouldn’t the customer appreciate the steps that we are taking to not only secure our servers, but their information!

Looking around at other vendors, we quickly found that we may be a bit too harsh. Take Gmail for example. Sure its not exchange. But then again it has over 100 million users. If they had massive issues with security and hacking, they clearly have it under control behind the scenes so things do not get out of hand.

And have you ever been prompted to change your password on gmail? I haven’t.

So we compromised. We altered the time between when the system forces you to change your password. We altered the number of passwords that you could recycle. And we also added a somewhat buried feature in our customer portal. That feature, ‘allow passwords to never expire’

Holy crap! Let’s just blow a huge freaking hole in the security system shall we.

This was a feature that we were not all that happy about, but with the other measures in place we figured we would avoid passwords such as abc123. It makes the end user happy, we have some level of security though not as high and tight as we would like. But its better than having things wide open.

Now here is the shocking part of this. 20% of our users have this feature enabled. 20-feaking-percent! I was really hoping for this number to be in the 5-10% range.
But no, 1 in 5 of our users will never change their password again.

Or will they?

I’m currently developing a nag script that will send out a reminder to the end users ever couple of months. Not enough to completely annoy the heck out of them. But hopefully enough to get a good portion of that 20% to change their passwords on a semi-regular basis.

So what do you do for your password policy? Leave your tips and tricks in the comments section. We’d like to hear what you think is an acceptable policy to stay secure!

Comments Closed

LightEdge Launches Hosted Microsoft Exchange and Mobility Access Services

October 7th, 2008 | by | in the news

Oct
07

Whoohoo! Its alive!

Below is a blurb from the press release for the project that I have been working on.

Hosted offering gives small and medium-sized businesses access to mobile communication and collaboration services through a cost-effective Scale-on-Demand model

DES MOINES, IA, October 7, 2008 – LightEdge Solutions, the leading hosted services partner dedicated to the full breadth of communications and IT needs for small and medium-sized businesses (SMB), announced today the launch of a new Hosted Microsoft Exchange 2007 platform. This fully redundant platform will enable SMBs to implement a mobile Exchange environment for their employees in a simple, hosted scale-on-demand model rather than an expensive and time-consuming on-premise implementation.

Microsoft Exchange, the dominant application for delivering corporate e-mail, personal and corporate calendars, task lists and contacts in enterprise settings, has been deemed too difficult and too expensive for most small businesses. This offering from LightEdge levels the playing field for the SMB by giving businesses of all sizes access to the communication and productivity tools in Microsoft Exchange in a monthly, “per-mailbox” fee structure that emphasizes the benefits of the service rather than owning and depreciating corporate infrastructure.

“We think that the timing of this offering couldn’t be more perfect,” said Jim Masterson, chairman and CEO of LightEdge Solutions. “Businesses fully understand the benefits of Exchange and access to Exchange from mobile phone, but the present economy is forcing business owners to rethink capital purchases. Given the instability in the market, Hosted Exchange really is the best option for businesses that are either ready to adopt Exchange or migrate from a legacy in-house implementation.”

source

Comments Closed