Tag Archives: Concerns

Determine if an Exchange Online migration makes sense

it just concerns moving email to the cloud. But there is a whole product suite to consider as part of this process.

The decision to shift from an on-premises email platform is not easy. Before the organization commits to this move, look at the transition from both a strategic and a technical perspective. There are a series of questions that should be answered before making the decision to switch to Exchange Online.

Is Exchange Online right for this organization?

Remember that Exchange Online is part of the Office 365 suite and is more than just email. The platform’s services address many business needs, such as file shares, document sharing, collaboration tools and simple word processing. And with certain licenses, if you buy Exchange Online, you own many of these other tools as well.

With that in mind, review the business issues below to see if an Exchange Online migration makes sense for the company:

  • The employees work in silos and require a tool to tear down these walls.
  • While emails don’t include client information, the system should automatically check that sensitive information is not sent.
  • Security is a priority. A lot of effort is made to keep that technology up to date.
  • Some employees get 250 email messages a day and must work collaboratively with other teams.
  • Company data sits in many different places, including email. Data management must be simplified.

While email is definitely part of the challenge, it’s not the only tool that runs teams and organizations. These hurdles should not hold up an Exchange Online migration. If email is a priority, consider making this phase one of the project, and then, deploy the additional tools your organization needs in different phases of the project at a later date.

Work out a path to a solid migration

Once the business works out the strategic approach, dive into the technical considerations for a smooth Exchange Online migration. First, find answers to the following questions because they will influence the user experience (UX), design and amount of time to deploy.

Should the UX be seamless, or will users log in with different credentials for Office 365 email?

Answer: I find larger organizations do not want users to log in separately, whereas smaller ones are more flexible in this area. That said, most businesses want a seamless UX. A business that wants to give users more streamlined access to resources should discuss how to implement Azure Active Directory Connect to set up password sync and single sign-on. Federation is not required, but organizations that already have it implemented find it is a good option for them. If federation is not in your environment, then look at other options.

Does the business need a failback plan?

Answer: Organizations often see a migration to the cloud as one way, but a failback plan should be included in the planning process. Ask yourself this: Would your organization migrate its on-premises Exchange deployment to a new server without a failback plan? For most companies, the answer is typically no. The only exception tends to be the very small business that just wants to be in the cloud and not maintain costly on-site infrastructure. With a failback option, the migration will be done in hybrid mode with the Hybrid Configuration Wizard. The ability to fail back mailboxes or migrated components if an unexpected issue arises provides a measure of stability for the business.

Does the business need to back up email data in Exchange Online?

Answer: This question seems straightforward, but the answer is complicated. If the business is OK without the ability to restore a mailbox, then this might work. The Deleted Item Recovery feature keeps messages for 30 days, and the retention hold options can be used to retain messages beyond 30 days. Does the organization need a way to restore a mailbox when it’s gone or recover individual items beyond 30 days? With answers to those questions, the company can then work to produce the correct technical implementation that best supports its email requirements.

Consider what the business uses in its on-premises deployment and whether that should apply in the cloud. Each organization is different from a technical perspective, so there is more to think about. These questions will help prepare the groundwork when the time comes to make a decision about an Exchange Online migration.

Healthcare quality goals set for telehealth, interoperability

The quality of healthcare and health IT interoperability are continuing concerns among healthcare professionals. To address these concerns, the National Quality Forum and its telehealth committee met recently to discuss ways to measure healthcare quality and interoperability.

The National Quality Forum (NQF) was asked by the Health Department to accomplish two tasks: identify critical areas where measurement can effectively assess the healthcare quality and impact of telehealth services, and assess the current state of interoperability and its impact on quality processes and outcomes.

In a media briefing last week, NQF experts and members of the committee in charge of the two aforementioned tasks discussed the thought process behind the development of healthcare quality measures and the goal the committee hopes these measures will help achieve.

“After a comprehensive literature review conducted by NQF staff, the telehealth committee developed measurement concepts … across four distinct domains: access to care; financial impact and cost; telehealth experience for patients, care givers, care team members and others; as well as effectiveness, including system, clinical, operational and technical,” said Jason Goldwater, senior director at NQF, during the briefing.

Goldwater said that, ultimately, the following areas were identified as the highest priorities: “The use of telehealth to decrease travel, timeliness of care, actionable information, the added value of telehealth to provide evidence-based best practices, patient empowerment and care coordination.”

Those of us that live in the world of telemedicine believe not only are there quality enhancements, but there’s convenience enhancements that are going to make medicine easier to deliver.
Judd Hollanderassociate dean of strategic health initiatives, Thomas Jefferson University

Judd Hollander, associate dean of strategic health initiatives at Thomas Jefferson University and a member of the NQF telehealth committee, explained that the committee wanted to begin this process of creating measures for telehealth and interoperability in healthcare by conducting an “environmental scan.”

“Where is there data and where are there data holes and what do we need to know?” Hollander said. “After we informed that and took a good look at it we started thinking, what are types of domains and subdomains and measure concepts that the evidence out there helps us illustrate but the evidence we’re lacking can also be captured? … So it was a really nice way to begin the discussion.”

Hollander added that the implications of the NQF report and the measures the committee is working on are “expected to inform policy across the entire spectrum of alternative payment models, government funded healthcare, and care funded by commercial payers because it’s just what you should be assessing to provide quality care.”

NQF’s telehealth measures: Patient experience

For healthcare to truly reap the benefits of telehealth, the industry has to focus on quality first. And to improve healthcare quality, there has to be a way to measure and report it, Hollander said.

“Those of us that live in the world of telemedicine believe not only are there quality enhancements, but there’s convenience enhancements that are going to make medicine easier to deliver,” Hollander said.

Hollander used a personal experience as an example of the benefits telehealth can bring to patients, even if a diagnosis isn’t or cannot be made via telehealth technologies.

“I had a patient who hurt his knee working in Staples, actually, at about 5:15, 5:30 in the evening. He had a prior knee injury and he had an orthopedist, but he couldn’t reach the orthopedist because their offices were closed,” Hollander said.

Without telehealth, this patient would have had to go to the emergency department, he would’ve waited hours to be seen, and then he would’ve been examined and had X-rays done, Hollander said.

Not only would this have taken a long time, it also would’ve cost this patient a lot of money, Hollander added.

Instead of going to the ER, the patient was able to connect with Hollander through JeffConnect, Jefferson University Hospitals’ app that enables patients to connect with doctors anytime, anywhere.

“I was the doc on call. We do know how to examine knees by telemedicine and we can tell with over 99% accuracy whether someone has a fracture or not and he did not,” he said.

Hollander explained that they then did a little “wilderness medicine.” Using materials lying around, the patient was splinted with yard sticks and an ace bandage and then was able to wait to see his orthopedist the next day.

“So we didn’t actually really solve his problem, but we saved him a ton of time and money; he didn’t have to go get X-rays one day, [then] have them repeated by the orthopedist who couldn’t see him [until] the next day because the systems aren’t interoperable,” Hollander said.

NQF’s telehealth measures: Rural communities

Marcia Ward, director of the Rural Telehealth Research Center at the University of Iowa and also an NQF telehealth committee member, brings a rural perspective to the telehealth conversation.

“Creating this framework we had to look across all of those different aspects of telehealth and how it could be applied. I find it particularly interesting that telehealth has been thought of as an answer for increasing access in rural healthcare … and I think that’s been one of the strongest suits,” she said during the briefing. “But now it’s developing into an urban application and I think we’ll see particular growth in that.”

Ward used the concept of travel in rural areas as an example of thinking of a unique, and maybe not always obvious, issue to address when creating telehealth measures.

“Travel is a concept that is very important, particularly in rural telehealth,” Ward said. “An example of that is there’s a telestroke program at the Medical University of South Carolina and one of the measures that they use is how many of the patients that are seen through their telestroke program at the rural hospitals are able to stay at their local rural hospital.”

This is an example of a healthcare quality measure that wouldn’t normally be seen in conventional medicine but is very appropriate for telehealth in rural areas.

“That’s a very important measure concept … able to be captured. Another one particularly important in the rural area is workforce shortages and we’re seeing evidence that telehealth programs can be implemented that help bridge that gap [and] be able to deliver services in very rural areas and have the backup from telehealth hub where there’s emergency physicians,” Ward said.  And we’re seeing evidence that telehealth, in terms of rural communities in particular, it’s really filling a particular need.”

NQF’s interoperability measures

While the experts focused mainly on telehealth during the briefing, Goldwater explained that when the committee was discussing and creating measures for interoperability they conducted several interviews to help them define guiding principles.

Goldwater said that these guiding principles include:

  • “Interoperability is more than just EHR to EHR;
  • “Various stakeholders with diverse needs are involved in the exchange and use of data, and the framework and concepts will differ based on these perspectives;
  • “The term ‘electronically exchanged information’ is more appropriate to completely fulfill the definition of interoperability;
  • “And all critical data elements should be included in the analysis of measures as interoperability increases access to information.”

Ultimately the committee developed healthcare quality measures across four domains: The exchange of electronic health information to the quality of data content and the method of exchange, the usability of the exchange of electronic health information such as the data’s relevance and its accessibility, the application of exchange of electronic health information such as “Is it computable?” and the impact of interoperability such as patient safety and care coordination, Goldwater said.

Kaspersky-Russian ties still unclear despite FBI push

Concerns over how the FBI has handled the investigation into potential Kaspersky-Russian ties has led to some experts saying the FBI should be more transparent with evidence before the it continues its push to get private companies to abandon Kaspersky Lab products.

Fear over potential Kaspersky-Russian ties has already led to Kaspersky Lab being removed from the list of approved U.S. government vendors. According to a new report, U.S. officials are not happy with how the FBI has conducted the subsequent investigation into Kaspersky Labs, saying the FBI has been too overt in attempts to get private companies to stop using the products.

A Kaspersky Lab spokesperson denied Kaspersky-Russian ties and said it would be “extremely disappointing” if the alleged briefings between the FBI and private companies actually occurred.

“The company doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against Kaspersky Lab,” the spokesperson told SearchSecurity. “The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it’s being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts.”

According to reports by CyberScoop, former U.S. officials claim the FBI has deliberately leaked information and been hyperbolic in classified congressional briefings as a way to build support for its accusations of Kaspersky-Russian ties.

Kaspersky Lab said it has tried to be accommodating to the FBI’s investigation.

“CEO Eugene Kaspersky has repeatedly offered to meet with government officials, testify before the U.S. Congress and provide the company’s source code for an official audit to help address any questions the U.S. government has about the company, but Kaspersky Lab has only received a general reply from one agency at this time,” the spokesperson said. “The company simply wants the opportunity to answer any questions and assist all concerned government organizations with any investigations, as Kaspersky Lab ardently believes a deeper examination of the company will confirm that these allegations are completely unfounded.”

The FBI did not respond to requests for comment at the time of this post.

Jake Williams, founder of consulting firm Rendition InfoSec LLC in Augusta, Ga., said opening the code base probably wouldn’t allay concerns of Kaspersky-Russian ties.

“If there’s any lesson here for foreign companies it’s that the public burden of proof for the FBI to come after you is very low,” Williams told SearchSecurity. “It’s hard to see how this won’t eventually hurt U.S. companies in other countries.”

Experts debate the FBI case regarding Kaspersky-Russia ties

Williams added that if the FBI has evidence to support its claims of Kaspersky-Russian ties, it should be more transparent.

“So far I don’t think we’ve seen much of the case at all, so I’m not sure what we can say [about the FBI’s case]. What’s been released so far is less than convincing,” Williams told SearchSecurity. “The whole public case seems to be that Kaspersky execs have ties to Russian intelligence earlier in their careers. That ‘connection to intelligence’ applies to a huge number of U.S. firms.”

Tom Kellermann, CEO of Strategic Cyber Ventures, said he believes the FBI has the best interest of the public in mind and may not be able to release more information.

“If the FBI were to disclose all evidence, they would violate classification laws, which would hurt the U.S. government’s capacity to leverage counter intelligence campaigns against the Russians,” Kellermann told SearchSecurity. 

The whole public case seems to be that Kaspersky execs have ties to Russian intelligence earlier in their careers. That ‘connection to intelligence’ applies to a huge number of U.S. firms.
Jake Williamsfounder, Rendition InfoSec LLC

Hank Thomas, partner and COO at Strategic Cyber Ventures, said dissecting federal investigations could “risk blowing tremendously complicated and expensive intelligence and counterintelligence operations.”

“Kaspersky should firewall off his firm further from anything Russia, become far more transparent, and bring in trusted leadership to run the company if he ever hopes to turn things around. But I doubt even that will help at this point,” Thomas told SearchSecurity. “Even his industry colleagues, many competitors that have tried to defend him for years have given up. One in particular has shared with me that they have clear indications that Kaspersky products are totally compromised by the Russian security services.”

Willy Leichter, vice president of marketing at Virsec, said that given the high stakes in the Kaspersky-Russia investigation, “the FBI should be more cautious and transparent if there is hard evidence.”

“Many U.S. security companies have ties with government agencies, that have at times raised eyebrows, such as RSA’s alleged backdoors to the NSA for widely used encryption algorithms,” Leichter told SearchSecurity. “Unfortunately, complex cyber technology issues lead to easy political grandstanding, as few people understand the underlying technology. If substantiated, the allegations against Kaspersky are obviously serious. But without clear evidence, this could easily harm the broader security industry that relies on global cooperation to be effective.”

Williams said the FBI shouldn’t keep information closed off to the public.

“I have little doubt that the FBI is presenting additional information to some U.S. companies about why Kaspersky products are dangerous. But if Kaspersky is facilitating spying with the Russian government, then they (and the Russian government) already know what is being briefed,” Williams said. “Only the public lacks the data to make an informed decision. But the argument that the FBI sharing data in closed circles will protect sources and methods seems hollow.”