SSS are specialist IT Security Developers and Resellers with over 25 years experience.

Meeting the IT security needs of our customers, and providing overall customer satisfaction is the foundation of SSS's business. Our team work hard to ensure that we properly understand your needs, and that the products and services we sell are a good fit for you. We thrive on solving your IT security problems.

Our Mission:     To provide enterprises with cutting edge and best fit security products, support and consulting services which combine our intellectual property, expert problem solvers and understanding of the customer's business to create peace of mind.


September 2014

Greylisting – and the problem with Google Mail servers

Greylisting is a method of reducing incoming spam. It has been in use for many years, and has proved to be an effective and low cost way to significantly reduce spam. Recently, a down side to grey listing has become apparent. Some companies – Google in particular – that provide email services are not set up to be grey listing friendly. As a result, emails from these email services can be delayed for significant periods of time. We have a look at this situation and suggest ways to manage it here.

Backups: Assuring data recoverability

Can you confidently recover your data? Most products are designed to backup your data only. Why do you backup data? There is on one reason and that is to recover. Do you have confidence in your existing backup product and know that the data that you are backing up can be tested daily and is recoverable? Is your company at risk? Most companies do not test the recoverability of backups.

StorageCraft ShadowProtect is a backup and disaster recovery solution for Virtual, Physical and Cloud based servers. Organisations of any size can monitor and manage multiple physical and virtual servers as wells as desktops and laptops protected by StorageCraft’s ShadowProtect.

Key benefits:

  • Automatically test your ShadowProtect backup images every night to ensure complete recoverability.
  • Centrally manage & monitor all ShadowProtect backup images at any time from one centralised console.
  • Automated daily and monthly reporting on backup status, successes and failures delivering monitoring and most importantly testing capabilities across your windows based servers.
  • Sector based real-time technology ensuring that you meet your recovery point objectives and recovery time objectives.

A bit more about StorageCraft:

StorageCraft now has over 50,000 customers in New Zealand and Australia.

  • Real-time protection of data, databases and even the operating system every 15 minutes
  • Reduce backup windows from hours to minutes (Starwood group went from 26 hours to 30 seconds)
  • Recover entire servers in minutes and files in seconds

StorageCraft delivers more than recoverability

  • Real-time replication
  • Near zero impact migrations (P2P, P2V, V2V, V2P)
    (P=physical server; V=virtual server)
  • Enterprise disaster recovery to VMware or Hyper-V

You can see more detail on the Starwood group's use of StorageCraft ShadowProtect here

During September we will be running a series of webinars focused StorageCraft backup and disaster recovery solutions - starting Monday 8th September. Contact us today if you’d like to book a place into one of those, or if you would just like to find out more about the product solutions in general.

We love talking with customers…

…so please do drop by our stand and say "hello" if you are attending any of these conferences that we will be at in the next few months:

Customer Focus: University of Canterbury

"We have been SSS customers for many years, initially for support and procurement of email messaging services from Process Software. They have provided a consistently high level of service for what has become a rather niche market (OpenVMS). More recently we moved our Sophos antivirus support to SSS. They have shown a high level of technical expertise and reacted promptly to any issues we have had. SSS have always been willing to negotiate favourable terms with our suppliers."

Malcolm Smeaton - Deputy CIO at University of Canterbury

August 2014

Time based web content policy controls can be useful - but beware the limitations

Problem 1: Some of your users are wasting too much time on sites such as Facebook; but you don't want to block access to all users all the time.

Problem 2: You have blocked all access to sites such as Facebook, TradeMe & Stuff, but would like to enable some form of "Reasonable Use" policy

Solution: Enable time based controls or usage reports on your Web Proxy Server - but be aware of the limitations of time-quota based policies and reporting.

Click here to see more information on the benefits of time based policies and also the major shortfall.

Massive savings available with Entrust: Save up to 77% on Multifactor Authentication!

Recently, a large customer of ours worked out that they could cut their cost of Multi-Factor Authentication by 77% - simply by moving off RSA on to Entrust Identity Guard. In addition, moving to Entrust increased the number of authentication options available to them.

  • Much lower cost: Typically Entrust is 25% of the cost of the server and user CALs of products like RSA. Entrust Mobile Soft Tokens (One Time Password – OTP) and/or physical tokens, are only $20 each at the lowest volume, whereas other vendor's tokens are typically around $150 each.
  • Much more functionality: Entrust offers the widest range of authenticators on the market via a single platform including SMS, Tokens, Digital Certificates, Passwords, IP Geolocation, Mobile Device Certificates, Smartcards and USB, Biometrics, Grid cards and knowledge based authentication.
  • Much more flexibility: Entrust enables multiple identities to be used on a single mobile device, PIV (Personal Identity Verification) standards credentials remove the need for a 'client' to be installed on external users' machine for smartcard/smartUSB management. PIV is natively supported on Windows 7
  • Much better manageability: Entrust also has great tools to make the overall management of the environment easier - such as a self-service portal, and a second factor authenticator to reset AD credentials

If you already have RSA deployed for Multi-Factor Authentication, the sensible time to move to Entrust is when you need more / different tokens, or when your annual maintenance is due. With Entrust, you can use Entrust IdentityGuard as the front end to an existing RSA infrastructure so that you can continue to use existing RSA tokens alongside new Entrust tokens. Thus extracting the value from the old asset at the same time as enabling the cost savings and increased functionality and security options of the new Entrust solutions.

Contact us to learn more about deploying Entrust IdentityGuard for Multi-Factor Authentication.

Identity Management – the heart of a modern security policy

We can help you with all aspects of your organisation's Identity Management. Our services can enable you to reduce your user management overheads, and improve your organisation's security, governance and compliance. Our engagements typically help in areas that range from automation of user provisioning; empowering users to manage their own password resets; PKI; role-based access solutions; right through to the deployment of advanced authentication platforms.

Click here to see more detail on our Identity Management Services.

We love talking with customers…

…so please do drop by our stand and say "hello" if you are attending any of these conferences that we will be at in the next few months:

Customer Focus: Baycorp

"Our engagement with SSS started a couple of years ago, to provide us with Sophos antivirus and management tools. SSS has always been available to provide us with excellent technical advice, and we've appreciated the high level of customer service we get from them."

Ray Al Jawad - IT Operations Manager at Baycorp Australia & New Zealand

July 2014

Self-service password reset portals can save you time and money

It’s probably the simplest and most common task in IT, and yet it typically adds the heaviest burden on helpdesks.

Figures on the “Net”, show that anywhere between 20% - 50% of Service Desk calls, are related to password resets alone. Going with those figures, in a team of 4 Service Desk staff, 1-2 people would be exclusively resetting passwords. Not a very inspiring role. It seems fairly obvious that these resets have a high cost to the business, both in terms of over-consumption of service desk resources, and in reduction of general staff productivity.

There is however a better way of managing password resets – that is cost effective for most organisations – and that is to deploy a self-service password reset portal.

Most of the self-service solutions out there are based on Active Directory (AD) password resetting so, if you are a fairly homogenous Microsoft shop, you are likely to be able to find a very cost effective solution. If your environment is more complex i.e. it also includes a mix of UNIX, database passwords, and/or web based resources with their own authentication process, then an appropriate solution can be proportionally more complex, but often still cost effective.

There is no shortage of products out there, ranging from open source products like pwm, through to commercial offerings from the likes of Entrust and Oracle.

In assessing your options, you need to be cognisant of the security implications, and select one, and deploy it in such a way, that it meets your organisation’s security/risk-management requirements.

How do they work?

Self-service portals use a variety of mechanisms depending on the solution, but probably the simplest form would be a series of “things that you know” type questions i.e. what is your favourite Ice Cream? Who is your role model? Moving up the ladder of sophistication, e-mails and SMS can be used to send one-time passwords. Sophistication more often than not brings about a little more expense and complexity, but usually improves the overall security as well. Below is a list of some of the reset mechanisms available:

  • SMS one-time password (things you have)
  • Email one-time password (things you have)
  • Biometrics (things you are)
  • Challenge Questions (things you know)
  • Phone one-time password (things you have)

The Enterprise

Moving up the scale, mid to large organisations may want to consider introducing an authentication platform. The benefits here are the multitude of authentication systems and types they can manage ranging from passwords through to certificate based smart credentials to tokens and biometrics. Products such as Entrust IdentityGuard spring to mind when considering feature rich solutions. Now-a-days, being able to manage smart credentials on a mobile device is often equally as important as being able to reset a Windows password. A good authentication platform should provide a rich variety of self-service options for all your authentication types, and be able to work across multiple Authentication systems, and finally be secure.

Contact us if you’d like assistance in selecting and deploying a best-fit self-service password reset portal for your organisation.

Secure Email: we think S/MIME is the best secure email standard for most business and government situations

SSS has more than a decade of experience in helping organisations deploy and manage secure email solutions. Specifically, our SecureIT S/MIME gateway solution is at the heart of that, and is used by government agencies and businesses here in New Zealand, and around the world. SecureIT is also fully SEEMail V3 certified by the NZ Government.

The key security features of S/MIME based email are digital signing and encryption. These two features are used to impart the following important security characteristics:

  • Authenticity – you can be sure of the identity of the sender; and
  • Non-repudiation – the sender can’t deny they sent it; and
  • Confidentiality – you can be sure no-one else has been able to read the contents of the email; and
  • Integrity – you can be sure the message hasn’t been changed or tampered with in transit.

There are other approaches used for securing email, and one of the more commonly used ones is TLS. Here is a very brief list of the key reasons why S/MIME is more secure than TLS:

  • Authenticity. TLS can be used with mutual authentication, but this does not provide authenticity of an e-mail message. E-mail messages can easily be spoofed. S/MIME, because it provides a digital signature, will always assure authenticity.
  • Non-repudiation. TLS will never meet this as there is no lasting signature to prove the originator.
  • Confidentiality. TLS meets this characteristic only during the session, whereas S/MIME meets this characteristic always.
  • Integrity. Assuming the chosen TLS security includes a digest; TLS will meet this characteristic, but only over the TLS session. S/MIME will meet this characteristic at all times.

Contact us if you’d like to discuss how best to enable secure email for your organisation.

Sophos Tolly report for virtualisation scanning:

Many of the organisations we have been talking with have expressed interest in finding out more about endpoint protection in virtualized environments.

Sophos have a solution in this area – Sophos Antivirus for vShield - and this has been assessed by the Tolly Group alongside some competitive offerings. The Sophos solution demonstrated consistently better performance and by inference, lower system resource demands than McAfee MOVE Agentless 3.0 and Trend Micro Deep Security 9. The Sophos solution also allowed for more simultaneous VMs than the other solutions tested.

The report includes blow by blow performance numbers that show that the Sophos vShield scanning solution is considerably faster and better performing than the alternatives. You can see the full Tolly report here.

Customer Focus: MidCentral DHB deploys RecallIT to help ensure the protection of private data.

With approximately 2,500 users across its network of campuses, MidCentral DHB processes almost 2,000 emails per day on average. With such a high volume of email activity, it is inevitable that occasional mistakes occur, so MidCentral DHB needed to find a solution to help it better manage the accurate sending of all outbound email.

"We handle a huge amount of data via email each day, and the need for all outbound emails to be accurate, and securely managed, is paramount to the organisation," says Robert Bradnock, Team Leader – Infrastructure at MidCentral DHB. "

As a government department we have been watching recent public sector privacy issues very closely and proactively identifying ways in which we can ensure we don’t suffer the same embarrassing situation," he adds. "We started looking at a lot of different solutions and while most had some good features, very few offered everything we needed," says Mr Bradnock. "It was only when we saw RecallIT that we felt we had a solution that ticked all the boxes," he adds.

RecallIT® is an email delay gateway that enables users to recall ‘faulty’ emails sent to external recipients. It holds outbound emails for a specified period prior to them actually leaving the organisation. Users are then able to ‘recall’ any of those emails.

MidCentral DHB is pleased with the value that RecallIT® has already delivered to its organisation. "RecallIT is a bit of a hidden gem really, a quiet achiever, that sits there doing exactly what we need it to do every day," says Mr Bradnock. "We’re only human and not robots and that means mistakes will happen, but with RecallIT we instantly have a layer of protection we didn’t have before," says Mr Bradnock.

"It’s a bit like an insurance policy that will help ensure we don’t find ourselves in an embarrassing situation," he explains. "RecallIT has satisfied all of our requirements, at a very reasonable cost of ownership, and continues to help us protect both our email and the reputation of MidCentral DHB," he concludes.

You can read the full Case Study here.

Older newsletters

June 2014  |  May 2014  |  April 2014  |  March 2014  |  February 2014  |  January 2014  |  December 2013  |  November 2013  |  October 2013  |  September 2013  |  August 2013  |  July 2013  |  June 2013  |  May 2013  |  April 2013  |  March 2013  |  February 2013  |  January 2013  |  December 2012  |  November 2012  |  October 2012  |  September 2012  |  August 2012  |  July 2012  |  June 2012

© Scientific Software and Systems Ltd