Skip to main content


Showing posts with the label TVM

Ransomware attack on Vendor Kaseya sends shockwaves worldwide

  Kaseya , which is based out of Ireland (International HQ) and Miami (US HQ) provides IT Management solutions to many customers and MSPs. Hundreds of customers including  railway, pharmacy chain and grocery chain in Sweden were hit by this REvil ransomware . The attack is similar to Solarwinds ransomware, in which the hackers managed to hack a software update to push malicious code to thousands of customers.  The hackers have exploited a vulnerability in Kaseya's VSA software against multiple managed service providers (MSP) and their customers. Kaseya announced on Jul 2 that it became infected and has asked the customers to shut down it's VSA servers. "It's critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA," said the Kaseya CEO Fred Voccola. Customers were also notified by Kaseya. The vendor has since shut down it SaaS servers and pull its data centers offline. What is affected? Th

Would The Risky Government In Israel Affect My Business Operation?

  Israel has got a new coalition government led by Naftali Bennett after Benjamin Netanyahu was unseated after 12 years of reign. Israel has seen 4 elections in merely 2 years, but the opposition was united to oust Netanyahu after allegations of Bribery, Fraud and Breach of Trust .  The new government narrowly won the elections with razor thin majority of 60-59. Polls suggest that 43% Israelis expect the Government to dissolve quickly and only 11% expect it to survive the full term. If the Government fails to survive, would it impact you as a Technology Asset Owner or a Vendor Manager?  It might seem like connecting two disparate topics, but you will be able to connect the dots when I say Israel is a cyber security powerhouse  and has some top tech companies that you might be using today such as CyberArk, Guardicore, NICE, Check Point, Cloudify, Monday, Radware, Wix and Varonis to name a few. I do not know whether the government would fail or not as I am not an expert at International

Automation and Why it Matters for Your Organization?

  As organizations begin to evolve and become complex over time, it is imperative for them to be mindful of manual versus automated operational functions and capabilities. Adoption and continuation of a manual approach can take up a significant amount of time and resource, impacting organizations in many ways. Ever so often, organizations forget about complex processes they currently have in place, which becomes the limiting factor for the organizations’ ability to grow, move forward and gain a competitive advantage. In order to tackle this challenge, automation tools and capabilities can allow organizations to further refine and improve their overall efficiency. Everything, including the underlying business strategy and organizational transformation, begins at the top. A solid business strategy must incorporate a technology view together with an understanding of resources and capabilities in order to create a competitive advantage. Organizations should be aware of the right mix of

Cyber Insurance Prices are Going Up: Should you be worried?

With the spate of Cyber crimes and spike in ransomware incidents in 2020, CXOs and Board Members in every organization have Cyber Risk on their agenda regularly. A single incident of unwanted ransomware could prove to be detrimental to the existence of few organizations, and a significant dent to the bottom line for others. Chief Risk Officers are crafting plans to reduce and mitigate this risk at mission critical speed. One thing is pretty clear, you don’t have a defense if you don’t have a well thought out strategy. I am not saying that having a good strategy will prevent you from falling victim to ransomware, but it can significantly reduce the risk and if it actually happens then it reduces the impact to your bottom line as well.  The first thing anyone would think is that there is Cyber/Breach Protection Insurance to protect us. And you are not wrong, Cyber Insurance is there to protect. However I’d like to draw your attention to changes happening in the Insurance industry that co

Critical Metrics You Must Include in Performance Scorecards

Introduction  For an ongoing relationship, it is needless to say that there needs to be a mechanism to monitor the health of the relationship. At a 25,000 ft level, the process of having a regular touchpoint to talk about things that can improve or maintain an existing relationship between and vendor and its client is called a Governance Scorecard. It is a formal way to measure, track, compare, monitor vendor performance and address any pending issues. Having this touchpoint helps to just set aside a dedicated time to discuss matters that are important for both organizations to continue enjoying a healthy ongoing partnership   The Deep Dive Whether the vendor misses the SLAs or fails to provide a deliverable under a Statement of Work, the governance meeting is a place where each party can have an open dialogue based on facts. Setting up the right Governance framework might be but complicated and time consuming at first, but once every stakeholder understands what they are expected to d

How do I calculate my Software Entitlement?

Introduction Most software companies invest millions of dollars to create a world class product. They want your organization to use the software as much as possible as it is their major source of revenue. Software companies usually have a software management tool that they expect the client to install so that anyone with the access to that tool (usually IT Administrators at both ends) can track the usage and if you are reaching the entitlement threshold then you can get alerts or the vendor would point that it's time to release the next Purchase Order. However it is not always possible to get the management tool to a point where it is fully functional and it is connected to all endpoints. Sometimes there are legacy software issues that prevent the client organization to complete the install and track usage. If the installs are not tracked, then you can easily go over the entitlement before you even know it. So, unless you are in an unlimited licensing usage agreement for the softwa

What Are The Types Of Software Licensing Models That Vendors Offer?

Introduction In the advent of current technological evolution, it is unimaginable how far we have reached since the first Fortran was made commercially available in 1950s to current state where we are talking about Artificial Intelligence, Machine Learning, etc. The enhancement in technology, computing power, competition, adoption is so rapid that most software companies release new versions with new updates as quickly as possible. In 2 to 3 years, the software is obsolete because the upgrades in underlying hardware will not completely support it. Depending upon the application and use, the software companies largely offer three types of licenses. Perpetual, Subscription and Open Source. The software is same, how they charge the customer is different. However it still important to understand how the models work. Perpetual Licenses Generally speaking, Perpetual licensing model has following characteristics: It is a Vendor's proprietary computer software that the vendor provides to t

How To Assess The Risk Profile Of Vendors?

Introduction I am writing this post in middle of pandemic, when employees are working from home and organizations have been forced to hire third party vendors to do myriad of jobs ranging from print services to purchasing software to enable remote login for employees. This happened so quickly that not many companies had the time or capacity to take a risk based approach. Irrespective what what kind of product a vendor provides, you always want to assess the risk profile of the vendor organization and the product that you are or will be using. Why is it important? It is important to know what would be the impact to your business if something were to happen to the Vendor tomorrow and you are no longer able to use the product or service from few hours to few days to permanently. How dependent your business operation is going to be on the vendor's business operation. If you don't know the risks, then you are inviting a lot of trouble that you can easily avoid by assessing the risk

What's The Difference Between Vendor Management and Strategic Sourcing

What's The Difference Between Vendor Management and Strategic Sourcing The concept of Strategic Sourcing has existed from many years now. Vendor Management function is evolving from past few years and has now reached a stage where companies are now finding it hard to draw a line between the two. What does a strategic sourcing manager do that a vendor manager doesn’t? Are there any overlaps in responsibilities between the two? How to tell a Vendor Manager apart from a Sourcing Manager.? I have had these questions asked by multiple people within my organization who easily assume that I am a Sourcing Manager. I have to then wear my coaching hat educate them on the difference between the two. I don’t blame them as there is no standard way how every company structures the sourcing organization and uses the two functions. Few organizations have the roles more clearly defined than others.  In order to define what Vendor Management Office (VMO)  does, I need to define on a very high level