this is the archive page

Cybersecurity and data privacy: the legislative landscape is changing

Why we should all care and take notice

Over the last three to five years, there has been a steady increase in the number of legislative and regulatory rules in the cybersecurity and data privacy domains. These range from presidential executive orders and memoranda to new legislation at the federal and state level as well as new rules and guidance from governing bodies such as the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC).

The goal of this blog is to alert our readers to these legislative changes and their possible impacts on corporations and organizations. Over the coming weeks, we will supplement this information with specific reviews of key pieces of new legislation.

Why are we getting all these legislative actions?

Simply put, this uptick in “regulation” is a direct result of the rising tide of cybersecurity-related events and the impact on the U.S. people and economy. As the President stated in Executive Order 14028, “The cybersecurity threats… are among the most significant and growing issues confronting our Nation…[and] could cause significant harm to the national and economic security of the United States.” In other words, there is a real and present danger in the areas of cybersecurity and data privacy that could affect the economic health of the country.

These threats to cybersecurity and data privacy have touched all of us in some way. Bad actors have targeted or randomly taken down critical infrastructure systems such as the Colonial Pipeline and numerous hospitals and schools. The scientific evidence is very clear: the vast majority of these incidents would not have occurred if the impacted entities had basic and functional information security management programs in place. Effective IT hygiene—like regular, systematic patching of computer systems—can mitigate the risk significantly. The current legislative agenda clearly recognizes the fact that voluntary implementation of leading security practices has not been sufficient, and these new rules are starting to address that shortfall.

Read more: Essential security practices to protect your business

While much of the cybersecurity legislative activity is focused on protecting critical national infrastructure, these new regulations concern the energy sector; financial, food, telecommunications, and agricultural services; critical manufacturing; government facilities; the defense industrial base; and commercial facilities, including shopping, entertainment, and lodging. In our experience, few businesses are not part of the critical national infrastructure in some form or another. Likewise, few businesses are not concerned about cybersecurity and data privacy.

What are the various legislative and regulatory changes for 2023?

Executive Order 1428

In May of 2021, the President signed Executive Order 1428, Improving the Nation’s Cybersecurity, and it is noteworthy in that it requires specific actions from federal agencies. The most striking include the insertion of specific clauses in federal acquisition regulations that require the inclusion of cyber event reporting, and the provision of a software bill of materials (SBOMs) to reduce the risk of a compromise through the software supply chain. The order also requires the Cybersecurity and Infrastructure Security Agency (CISA) to define a zero trust architecture for use by federal agencies and sub-contractors. These measures are significant, as they will establish a new baseline minimum bar for cybersecurity and data privacy, which we expect to permeate outwards from federal business to general industry and other entities.

Cybersecurity Maturity Model Certification 2.0

The Department of Defense released its Cybersecurity Maturity Model Certification 2.0 (CMMC) in November 2021 as part of its DFARS 252.204-7019 and NIST SP800-171 rev2 requirements. The goal with CMMC 2.0 is to regulate data security practices through an assessment-based mechanism for the defense industry that processes or handles controlled unclassified information (CUI).

TSA Pipeline Security Guidelines

In July 2022, the TSA Pipeline Security Guidelines came into force. These require a risk-based security program for corporate information technology (IT) and operational technology (OT) networks—including supervisory control and data acquisition (SCADA) systems—that sets minimum standards for segregation of IT and OT systems as well as the ability to restore from backups or snapshots.

FTC Safeguards Rules

In 2021, the FTC finalized a new set of Safeguards Rules required under the Gramm-Leach-Bliley Act (GLBA). These rules outline steps that organizations in the financial sector must take to reduce cyber security risk and come into effect in June 2023. They will require the appointment to the board of a qualified individual who has cybersecurity experience, the implementation of an information security management program, and, at a minimum, an annual presentation of risk and issues to the board. The range of enterprises providing financial services is larger than first apparent and includes car dealers offering financing and higher education establishments participating in federal student loans programs.

SEC proposed rules

In March 2022, the SEC proposed new cybersecurity rules that will apply to all publicly traded companies. These rules, which are still under consultation, could become binding by as soon as May 2023 and will require reporting material cybersecurity incidents, an annual description of cybersecurity risk management strategy, policies, systems, and known cybersecurity risks. Notably, it could require disclosure of cybersecurity expertise on the corporate board, which would drive the appointment of cybersecurity expertise to all boards, similar to how Sarbanes-Oxley required all corporate boards to have financial expertise. In addition to these proposed rules, the SEC also released rules to govern all private and publicly traded investment and advisory companies to reduce market risk relating to cyber events within financial institutions.

Other privacy acts are coming online

In the area data of privacy legislation, the California Privacy Rights Act (CPRA) became effective this January. Soon to come are the Virginia Consumer Data Privacy Act in June, and Colorado’s and Connecticut’s Privacy Acts in July. Even as these data and privacy legislations become effective, work continues on Senate Bill 3600, which aims to create new data privacy law at the federal level. Many more states, including Ohio, have legislative work in flight in this area.

Where can I get more information about regulations affecting cybersecurity and data privacy?

In the coming months we will analyze key legislative changes in the cybersecurity and data privacy legislation space and provide a more detailed view on what they contain, and what actions you should consider taking as a result of the legislative actions. 

Alternatively, we would be happy to discuss these actions with you in person, either informally or as part of a tailored security assessment and roadmap generation. Contact us today.

This blog offers a personal opinion and is not intended as legal advice.


CBTS Achieves New Sustainable Business Practices through a Cisco Sustainability Specialization

Recently, CBTS earned a Sustainability Specialization with Cisco. The specialization is a training program for Cisco’s partners in sustainable business practices such as the circular economy, achieving sustainability goals, and meeting government environmental mandates. The timing is vital. According to experts, the circular economy will reach a market value of $4.5 trillion by 2030. This also comes as governments and markets shift strategies to address environmental concerns on an unprecedented scale.

Cisco environmental sustainability specialization emblem for sustainable business practices

Download the Environmental Sustainability Specialization and Takeback Incentive Ebook now.

As a part of the Sustainability Specialization, CBTS signed onto Cisco’s Sustainability Pledge. The goals outlined in this pledge include:

  • Achieving net zero across Scope 1, 2, and 3 emissions by 2040.
  • Ensuring 100% of its products and packaging incorporate Circular Design Principles by FY2025.
  • Accomplishing 100% return on end-of-use hardware.

“We are proud to earn this specialization, which supports our sustainability leadership and helps our clients reduce their environmental footprint by ensuring the technology they consume is reused or recycled,” said Jeff Lackey, President of CBTS.

This blog will examine details of the sustainable business practices that the Sustainability Specialization emphasizes. Additionally, we will explore the business opportunities unlocked for CBTS and their partners by participating.

The takeback incentive

Cisco’s Takeback Incentive is a program that offers discounts of up to 7% on newly registered products. The products return to Cisco at the end of use, and the discount is applied to replacement products.

The Takeback Incentive illustrates a dedication to the circular economy. Keeping hardware out of landfills through remanufacturing or recycling is a powerful way to generate cost-effective, sustainable business practices and pass those savings onto partners.

The Takeback Incentive also protects against hardware ending up on the gray market. Illegal hardware sales are estimated to be $2.5-3B yearly. The Takeback Incentive closes that loop and stamps down on bootleg competition.

Learn about CBTS social impact initiatives.

How sustainable business practices generate new opportunities

The Sustainability Specialization creates opportunities for CBTS and its partners to stand out from the competition in many ways, including:

Meet government requirements

Governments across the globe are creating new stimuli designed to encourage growth in green business and sustainability. Companies can access these funds by participating in programs like Cisco’s Takeback Initiative.

Enter new lines of business

Companies actively seek new ways to transform business practices through environmental and social good programs (ESG). Engaging in the circular economy and sustainable business practices is socially responsible and can be an icebreaker when reaching out to new business prospects. If nothing else, the Cisco Sustainability Specialization is a conversation starter for sales teams.

Expand service offerings

Customers often don’t know what to do with old hardware. Takeback programs are a great way to boost service levels and add value to existing customer relationships. Advising customers on ways to reuse, recycle, or refurbish obsolete technology are other ways to leverage the Sustainability Specialization.

Support partners’ efforts to reduce carbon emissions

Reducing emissions is vital for the world—and businesses in particular. CBTS is pleased to be able to advise its clients and partners with the expertise gained through this Specialization.

Win more proposals

A growing trend among businesses is to only source from sustainable and socially responsible companies. Certifications like this one from Cisco build credibility and meet customer expectations.

Also read: How Cisco Meraki + CBTS NaaS team up to deliver cost-efficient modernization for your network

Working towards a circular economy

Across the globe, companies of all shapes and sizes are stepping up to meet the threat posed by climate change. However, the time is fast approaching when companies who are not rapidly evolving to embrace sustainable business practices will be left in the dust.

According to an internal survey at Cisco, 41% of its partners were already engaged in some form of takeback or recycling services, and 45% expected to generate significant revenue from sustainability offerings.

CBTS is proud to offer a range of technology services for clients looking to advance their application modernization journey, including consulting, cloud, security, communications, and infrastructure solutions. A team of CBTS experts manages all services. The Sustainability Specialization from Cisco is only the latest in a long and fruitful partnership with Cisco. Additionally, CBTS has dozens of strategic partnerships with industry leaders, including Microsoft, Dell, Amazon, and many more.

Get in touch to see how CBTS can advise you on adopting sustainable technology business practices or providing other tech solutions.

How do you ensure the security of your supply chain?

Over the weekend another major crypto ransomware attack occurred, this time through an enterprise software vendor called Kaseya.

Tracking Point of Sale malware and determining if the malware from the Home Depot Cyber Attack was different than what was used on Target
This kind of attack allows the cyber criminals to maximize the damage.

For many CEOs or business owners, that name might not be familiar, since many of the companies that use this software are Managed Service Providers (or MSPs). The MSP uses the Kaseya software to manage their client’s computers.  This kind of attack allows the cyber criminals to maximize the damage by attacking not just one or two victims, but instead attacking one company that has connections to hundreds of other companies.

The technical details of the attack can be found here in this Threatpost article, Kaseya Patches Imminent After Zero-Day Exploits | Threatpost. If you have been impacted, you can track updates from Kaseya here on their website update link: Important Notice July 7th, 2021 – Kaseya

So what should you do if you have been impacted by this criminal attack? I’ve had similar considerations in my time as a security leader—here’s my take.

First, if you have cybersecurity insurance, hopefully you have called your insurance provider and you are working with them to obtain the necessary resources to get back up and running.

Second, once you have a minute to stop and think, review what other vendors you depend on to function as a company.

Do you have a payroll provider? If so, you will want to assess the maturity of their security program— perhaps by examining the results of an independent audit, such as a SOC Type II report, to see how they are protecting your data. 

Do you have vendor partners who have access to your company network? If so, you want to review how they protect their networks from cybercriminals so that if they are attacked, you don’t become a victim as well.

Do you use an MSP to help you manage your computers? If so, you also want to understand the measures they take to protect you from cybercriminals. Do they require multi-factor authentication (MFA) to access your network? Do they regularly update their computers and network to prevent attacks by cybercriminals using known vulnerabilities? Are they doing the same types of risk reviews you are with their own third-party service providers and vendors? There’s a lot to consider when assessing the security of your supply chain. If you have questions about cybersecurity insurance, what a “SOC Type 2 audit” is and how to interpret the report, or how to know if your MSP is protecting your data, contact the CBTS Security practice.

Read more: Software bill of materials (SBOMs): what is it good for?


John is a veteran technologist, CTO and CISO. He has nearly 30 years of experience building and running enterprise IT and shepherding information security programs towards maturity, based on industry standards like ISO27K and NIST CSF, as well as regulatory compliance requirements from PCI-DSS, HIPAA, FERPA, A133 and GDPR.

John has several GIAC certifications (GSEC, GCIH and GCWN) and has been active in the local information security community, through groups like Infragard and the Higher Education Security Council for EDUCAUSE. He holds BS and MA degrees from Xavier University and has served as an adjunct professor at Xavier and the University of Cincinnati.

Cybersecurity Guidance from the Top

Seems like nowadays, everybody’s got an opinion on how to protect your data and assets from threats like ransomware, supply chain attacks, and good old exploitation of vulnerable Internet-facing services.

That’s not really a bad thing, to be honest. At the heart of any responsible, mature security program is a set of fundamental principles—least privilege access, defense in depth, etc.—as well as basic practices like vulnerability management and security monitoring. The more voices we have urging organizations to adopt them, the better.

One significant voice in the last few months has been the White House. In May, we saw the President issue an executive order directing new security requirements for federal agencies as well as their suppliers. Key among these requirements:

  • Service providers will have to share information about threats they’ve observed and breaches they’ve experienced, and to store logs and telemetry for use in breach investigations.
  • Suppliers of software to the federal government will have to adhere to new requirements around secure software development. They will need to use administratively-separate build environments, audit trust relationships, and implement risk-based multifactor authentication (MFA).  Additionally, they will need to document and minimize software dependencies in the build process, use encryption, and monitor the environment for threats.
  • Federal agencies themselves will have to migrate to a zero trust network architecture, roll out endpoint detection and response (EDR) tools, and implement MFA and stronger encryption on data at rest and in transit. Furthermore, they will have to adopt a new framework to share threat and incident information with each other.

The technologies listed here—MFA, EDR, and zero trust—are more than just fancy new industry buzzwords (although they sure are used that way). They represent some of the most effective modern security controls available. It’s encouraging to see the White House push their use.

Read more about Zero Trust Networks (ZTN): What are they and how do I implement one?

The Biden administration has been vocal about the recent spate of high-profile ransomware attacks, too. In response, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, published a memo to business leaders—not just federal contractors, but any business operating a computer network—urging them to invest in some of these same technologies.

The guidance lays out a set of valuable practices that can help address ransomware as well as many other potential threats:

  • Implement MFA, to protect against stolen credentials.
  • Implement EDR, to identify suspicious activity in your environment and respond quickly.
  • Encrypt your data (note that while ransomware attackers also encrypt data, this control prevents them from publishing stolen data, a more common tactic observed by these attackers).
  • Patch your operating systems and applications.
  • Back up your systems, test the backups, and use offline backups.
  • Run tabletop exercises to test your incident response plan.
  • Use a third-party penetration testing firm to determine if your defenses will withstand an actual attack.
  • Segment your networks to limit internal access to critical systems and data.

While we agree with this guidance, and the effectiveness of these technologies and practices—indeed, our security team can help with solution selection, design, implementation, testing, and tabletop exercises—we feel they are best accomplished not as a set of standalone projects, but as the effort of what Neuberger calls a “skilled, empowered security team” that is the core of your business’ information security program.

We talk a lot about security programs around here, and we’d love to talk to you about how to build yours!

Read more: Car parts and cybersecurity: what is Google dorking?

Critical MS Exchange Server Vulnerabilities – What you need to know

While the last few years have seen most of our customers move their enterprise messaging from a local Exchange cluster to Microsoft 365, plenty still have some on-premises Exchange infrastructure. If this describes your organization, hopefully you have already heard about the critical updates that were released to address vulnerabilities in Exchange 2010, 2013, 2016, and 2019.

Vulnerabilities in some on-premises Exchange infrastructure can expose your organization to attackers.

It is absolutely essential that these updates are applied to your servers immediately. Bring them down in the middle of the day if need be—whatever it takes to get them applied. Why is this so serious? Because the vulnerability is currently being widely exploited by attackers, many of whom are believed to be nation-state actors. The exploit allows the attackers to gain access to the Exchange server, its data, and can also provide a launchpad for further attacks against the victim’s computing environment.

If you’ve patched already, great—but understand that this  does not protect you if you were compromised before the patch was installed. Microsoft has released guidance on what to look for on your Exchange servers to ensure no attacker successfully gained a presence on them. This guidance, and links to the updates, are all available at https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/, which is being regularly updated with new information. Get patching!


Continue Reading: Top 5 cybersecurity actions to take right now

Post COVID-19: Will a remote workforce become the new normal for healthcare?

During this time of uncertainty many healthcare professionals are appropriately focused on an endless list of things we have to do before our healthcare systems are hit with the full force of COVID-19. While we can and throughout the entire pandemic, I encourage everyone to take time to focus on things that are going well and can be leveraged in the future. 

Having spent 15 years in healthcare IT operational / strategic roles and now time with healthcare executive customers, I’ve had the opportunity to reflect on how healthcare organizations across the country respond to natural disasters and, in this case, a global pandemic. One question that keeps coming to mind is “Why is it always a fire drill, when healthcare organizations decide to send non-clinical employees home to work?”

Most of my 15 years of healthcare IT leadership were spent working for healthcare organizations in Florida, so I’ve seen my fair share of hurricanes. While we were always clinically prepared for the hurricane, we would still struggle with what to do with essential, but non-clinical employees. I recognize there are significant differences between a global pandemic and a hurricane, but argue there are similarities in the non-clinical response from healthcare organizations. In each case, the primary focus of healthcare organizations is to provide uninterrupted care for patients, protection for our employees and to return to normal operation as quickly and safely as possible.  Shifting Patient Financial Services, HR, Finance and Accounting, Patient Registration, etc. to work from home or remote work is always considered and often selected as the solution to protecting our employees and providing continuity of operations. After the event, we begin to return to normal operations, but what if we changed the definition of “normal operations” by leaving those remote workers…remote?

There are many reasons to consider making this the new normal, but two stand out:

  1. When the next natural disaster / pandemic hits, healthcare organizations will not have to figure out what to do with non-clinical employees since they will already be working from home. Instead, they will be able to immediately focus ALL of their efforts on the clinical response.
     
  2. Physical space is at a premium in healthcare organizations across the globe. Leaving these employees at home would create opportunity to turn non-revenue generating space into much needed revenue generating space. Many of these offices and buildings can be converted in to Ambulatory care spaces with relative ease. In the cases where buildings are leased, the positive impact would certainly be seen on the balance sheet.

So…why haven’t we done this already?

  1. It’s the way we’ve always done it. Healthcare has traditionally been a face to face workforce. The majority of care is still delivered in a face to face fashion and often this approach to work is adopted by the entire organization without thought. It just happens over time.
     
  2. HIPAA / Privacy concerns are always cited and MUST be considered when employees work with patient health information (PHI) in any location. With that said, clinicians have been providing remote care for years under the same HIPAA / privacy concerns.

During the COVID-19 pandemic, healthcare organizations should take advantage of the opportunity to scrutinize what works and what doesn’t with regard to their current implementation of non-clinical work from home employees. Post COVID-19, healthcare organizations should seriously consider why those employees need to return to the office.

If HIPAA / Privacy concerns are a “perceived” roadblock, consider this fact – For years, doctors and nurses have been documenting from home, using telephones and video to treat patients remotely and, in many cases, monitoring ICU patients remotely.

Ask yourselves why clinicians have adopted remote technologies at a faster pace than their back-office counterparts and then solve for those differences. The result will be a nimble, resilient, patient focused healthcare organization!

Machine learning and AI: past to present

1952 saw the first computer program that could learn as it ran. It was a game which played checkers and was created by Arthur Samuel.

Fast forward to 2019 and the usage of machine learning (ML) and artificial intelligence (AI) has accelerated to real-world use cases that can be applied to modern-day business problems.

Here are just a few of the ways that machine learning and AI improves our quality of life on a daily basis:

  • Receiving a movie or song suggestion while browsing video or music streaming services like Netflix, YouTube, and Spotify.
  • Using smart devices, such as the Nest thermostat, to determine your home’s optimal temperature settings when you’re home and away.
  • Google provides suggestive “predictions” based on the initial keyword(s) that you type into the search bar.
  • Machine learning and its subset, AI, have been deployed to assist companies with solving legacy problems related to IT systems (e-mail spam, threat detection, and mitigation) as well as physical security (theft and shrink reduction).
  • Document recognition and compliance to check signatures on thousands of documents—a process that takes humans hours or days to complete.
  • Image analysis using ML and AI is showing promise in the detection of cancerous tumors and is being used to diagnose and determine action to mitigate risk.
  • Chatbots, or automated “Level 1” support, provides customer service support without human intervention.

What is Machine Learning and Artificial Intelligence?

AI is a broad term that refers to the doctrine or study of training systems to perform tasks in a more efficient manner than humans can execute.

Machine learning is more nuanced and is often referred to as a “subset” of AI. Machine learning speaks to the systems, processes, and specific frameworks that are required to perform a task. This enables technology to actually “learn” and potentially provide value. The goal of machine learning is to ingest data input such as logs and images with the intent of learning things from that data.

Room for opportunity, and what enterprises are doing – by the numbers

I recently came across a Forbes article that polled C-level executives on the state of AI propagation in their respective enterprises. Poll results demonstrate that these leaders want to implement some form of AI in their respective line of business.

  • 47 percent of business executives have embedded at least one AI capability in their business processes.
  • 21 percent say their organizations have embedded AI in several parts of the business.
  • The Forbes article also cited a McKinsey study which found that 30 percent of businesses surveyed are piloting AI.
  • According to a RELX Group survey, 55 percent of government officials are aware of AI but say it is not being utilized, while 37 percent of surveyed officials are utilizing AI.
  • According to PricewaterhouseCoopers, only 15 percent of enterprises have appointed a single enterprise-wide AI leader while 3 percent said they were not sure who was in charge of AI, and none of the respondents said there was a single C-level executive who was in charge of AI at their firm. 24 percent said their enterprise-wide AI efforts were being led by an AI “center of excellence.”

First engagements with clients concerning machine learning and AI – what we have encountered

Most of our clients are generally in the discovery phase. This is when an organization studies how machine learning and AI can help streamline business processes and provide a relevant return on investment (ROI).

Unfortunately, we’ve also learned that many clients don’t know where to start when classifying what data is relevant to implement an AI strategy that aligns with their business needs. And there are often challenges with how they utilize data with an AI/machine learning framework in mind when the identified business process is data rich.

We also see businesses trying to operationalize an AI framework from an IT perspective before clearly identifying the appropriate use cases. We have engaged with clients that want to start this conversation using the same approach they would in sizing a “traditional” IT workload.

What OEM is the market leader, from a server perspective?

What GPU should I utilize?

Can we virtualize this workload? 

What are your other clients utilizing to manage this infrastructure?

Will the new AI platform that I am evaluating integrate with my current network/storage topology?

These questions are fundamentally relevant but are not necessarily the most pertinent at the onset of the AI conversation.  The success of any ML/AI deployment heavily relies on conversations with both business and technology leaders. It is essential to understand the entire business before discussing the speeds and feeds of any technology that will eventually follow.

Personnel, the AI practice, and the ability to execute

Finally, it’s important to mention the overall importance of skillsets that are typically required to deploy a successful AI infrastructure. In most cases, these skillsets are radically different from what enterprises have traditionally needed.

“Typical” legacy application deployment relies heavily on the systems administration and application development skillset. The machine learning and AI deployment shifts that focus from a primarily infrastructure-centric discussion to a more business-centric/data science approach.

This shift requires a new set of skills for success. Machine learning and AI professionals are typically more data driven and often hold advanced degrees in mathematics and/or computer science. They are typically subject matter experts in the area of statistics, data mining, and programming.

These roles typically include:

  • Data scientists, who are proficient with the knowledge of extracting data and who can interpret that data using tools and frameworks commonly found in the ML/AI stack. Data scientists spend a majority of their time collecting, preening, and massaging data to eventually drive actionable results. Data scientists are typically not primarily interested in the hardware technology, infrastructure, or day-to-day operations of a given deployment. Their primary goal is to evaluate data and provide meaningful insights.
  • Data engineers typically have knowledge specific to infrastructure and data architecture. Data engineers are often involved with the methods, tools, and infrastructure required to discover, extract, convert, and move data to its respective AI platform.

These data-centric skillsets are becoming increasingly difficult to find as the adoption of AI increases in the enterprise.

CBTS and our value add with machine learning and AI

The challenges specific to AI adoption quickly become apparent as these disciplines gain traction in the enterprise.

CBTS brings multiple aspects of value to your AI deployment based on our experiences with clients in multiple industries.

Perhaps you are just beginning to examine how an AI framework can bring value to your enterprise. Maybe you require assistance with finding qualified data science and engineering resources in a very competitive workforce. And there’s always a need to understand the right approach when selecting the appropriate infrastructure to deploy and operationalize your AI effort.

You can be confident that CBTS has the expertise to assist you wherever you are in your AI and machine learning journey.

CBTS showcases HPE partnership at Discover 2019

The blizzard of innovation at this year’s Hewlett Packard Enterprise Discover 2019 conference is a testament to HPE’s bold technology and business model innovation bets.

CBTS, which is an HPE Platinum partner, was among the conference participants, and Ron Nemecek, Business Alliance Manager for CBTS, participated in a panel discussion. Ron discussed a recent CBTS-HPE collaboration on behalf of a global financial services firm that needed to refresh its data center infrastructure for multiple United Kingdom locations.

CBTS and HPE partnered on a solution that features the latest technology, is sized effectively, and is structured to align the costs of the refresh and new IT infrastructure to the business usage. The solution is delivered via HPE GreenLake Flex Capacity to eliminate the extensive cost of over-provisioning.

It’s a great example of how HPE’s innovation has extended beyond tech products and services into business outcomes for customers, Ron said.

“The new innovation that HPE brings to the marketplace is business solutions and business outcomes that are really desired by our customers, because they only want to pay for what they use moving forward,” Ron said.

“Customers are telling us that CBTS and HPE have listened to what they have been asking for years — getting them out of paying for technology they are not going to use.”

Nemecek said customers are impressed with the GreenLake consumption experience.

“They can’t believe that it is true, and that a company came to them with a partnership to solve the business problem they have had for decades,” Ron said. “That is the innovation that HPE has brought to the marketplace, and they have empowered it through partners with GreenLake 3.0.”

Ron said he sees exponential growth ahead with GreenLake.

“This is what our customers are looking for, and we are going to address their needs,” he said.

Click here to learn how partnering with CBTS drives cutting-edge capabilities.

Municipalities streamline operations with NaaS

Municipalities are following the private sector, which has embraced Network as a Service (NaaS) to improve performance, deliver better services and products to consumers, and lower overall operating costs.

Advanced digital capabilities are reconfiguring the way municipal data infrastructure improves critical functions like emergency services, utilities management, and even traffic control. One of the core technologies involved in this transformation is networking, which can be complex, costly, and difficult to manage.

But as more municipal IT environments transition to virtual, software-defined infrastructure, many cities and towns are starting to recognize the benefits of converting from on-premise networking assets to streamlining operations with Network as a Service.

Network as a Service is reliable, cost-effective

Municipalities benefit from OpEx model

The chief advantage NaaS brings to municipalities is the ability to shift costs from a capital expenditure (CapEx) model to an operational expenditure (OpEx) model. In this way, agencies avoid the high upfront costs of network rollouts and expansion, while adjusting the consumption of resources according to workload demands.

The end result is a more reliable and cost-efficient network experience that allows municipalities to concentrate on their core mission and improve public service for their constituents.

But exactly how does NaaS work?

Third-party support gives municipalities flexibility

While every office has its own networking infrastructure in place, tasks like configuring routers, optimizing protocols, and setting up firewalls can be costly and time-consuming. With NaaS, municipal offices are able to outsource these functions to a third party.

Most solution providers offer a web platform that serves as a portal for IT staff to monitor and manage the network security and ensure that it meets regulatory compliance.

In this way, agencies are provided with a dynamic network environment managed by a trusted third-party solution provider.

Streamline operations, meet budgetary goals

In the private sector, networking budgets are often constrained due to the pressure faced when trying to achieve a company’s bottom-line as well as the competing demands of the overall IT stack. In the public sphere, budgets tend to be tight as a general rule, lest the elected decision-makers face the wrath of unhappy voters.

In both cases, however, the perpetual goal is to do more with less.

NaaS fulfills this mandate on the network level, while laying the groundwork for enhanced virtualization across the entire IT stack. Rarely does a solution provide improved service at less cost right from the start, particularly in networking.

CBTS helps municipal organizations streamline operations with Network as a Service and delivers an agile, top-notch network infrastructure that meets their budgetary goals.

Discover how CBTS helped a municipality save $12,000 a year by adopting Network as a Service to monitor and manage their infrastructure.

5 key benefits of CBTS NaaS solution for municipalities

The CBTS NaaS solution provides municipal organizations with these key benefits:

  • 24x7x365 engineering support from highly-qualified CBTS experts.
  • Data center support. CBTS establishes the groundwork for a software-defined data center through expert support of existing virtual servers.
  • Infrastructure support. CBTS provides the necessary infrastructure for additional applications, such as Hosted Unified Communications (Hosted UC).
  • Third-party visibility. CBTS offers third-party visibility into servers and individual telephones.
  • Predictable monthly costs. CBTS provides a predictable monthly cost model that builds hardware refreshes into the network lifecycle.

CBTS NaaS also provides a foundation for the extension of virtual networking over the wide area, a crucial element of flexibility for agencies that coordinate with other agencies or non-governmental entities like utility collectives, non-profit organizations, and contractors.

At the same time, CBTS NaaS provides seamless adherence to strict compliance rules, data sovereignty, and other regulatory measures.

CBTS is a trusted IT partner

With CBTS NaaS, our expert engineers are available 24x7x365.

CBTS helps municipalities free up their staff so they can focus on mission-critical tasks rather than spend time conducting patchwork, monitoring the network, or dealing with expensive hardware issues.

In partnering with a trusted solution provider like CBTS, municipalities remove the burden of IT management from their staff and are able to streamline operations with Network as a Service.


Continue Reading: Enhance services for your communities with Unified Communications for Government

CBTS wins VMware partner Innovation Award

CBTS awarded VMware 2018 Partner Innovation Award

Partners Awarded for Extraordinary Performance and Notable Achievements

Cincinnati, Ohio — CBTS is proud to announce that we have received the Americas 2018 VMware Partner Innovation Award in the VMware SD-WAN by VeloCloud Solution category. CBTS was recognized at VMware Partner Leadership Summit 2019, held in Carlsbad, CA.

“We congratulate CBTS on winning a Partner Innovation Award as Partner of the Year in the VMware SD-WAN by VeloCloud Solution category, and look forward to our continued collaboration and innovation,” said Jenni Flinders, vice president, Worldwide Channel Chief, VMware. “VMware and our partners will continue to empower organizations of all sizes with technologies that enable digital transformation.”

“CBTS is very pleased to receive this recognition from VMware, which validates our strong relationship and our shared commitment to providing an outstanding customer experience to our clients,” said Joe Putnick, Vice President and Principal of the CBTS Communications Practice. “We are excited to build on this momentum in 2019 and deliver continued success to organizations through custom designing a migration strategy to the cloud that will future-proof their network.”

Recipients of the Americas VMware Partner Innovation Award were acknowledged in 11 categories for their outstanding performance and distinctive achievements during 2018.

To be awarded the Partner of the Year for the VMWare SD-WAN by VeloCloud solution category, CBTS had to be a partner with a large focus on SD-WAN by VeloCloud solution whereby our outstanding performance can be attributed to aligning our skills, competencies, sales, and services capacity with our global practices. Our history of successful implementation of SD-WAN is evident in this case study, in which our deployment of this powerful solution delivered innovative results for a client in the healthcare industry.

Learn why successful businesses choose CBTS as their preferred provider of advanced networking solutions in our SD-WAN CIO Toolkit.

Take a look at our guide to learn more about CBTS SD-WAN solution powered by VeloCloud, now part of VMware.

CBTS Wins VMware Partner Innovation Award

About VMWare Partner Leadership Summit 2019

VMware Partner Leadership Summit 2019 offered VMware partners the opportunity to engage with VMware executives and industry peers to explore business opportunities, customer use cases, solution practices, and partnering best practices. As an invitation-only event, it provided partners with resources to develop and execute comprehensive go-to-market plans.

About VMware

VMware software powers the world’s complex digital infrastructure. The company’s cloud, networking and security, and digital workspace offerings provide a dynamic and efficient digital foundation to over 500,000 customers globally, aided by an ecosystem of 75,000 partners. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough innovations to its global impact. For more information, please visit https://www.vmware.com/company.html.

VMware, VMware Cloud, VMware SD-WAN, and VeloCloud are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and other jurisdictions.

About CBTS

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. From Unified Communications to Cloud Services and beyond, CBTS combines deep technical expertise with a full suite of flexible technology solutions that drive business outcomes, improve operational efficiency, mitigate risk, and reduce costs for its clients.