1) Internet

Q: As a user I want to watch movies, make video calls, and browse websites.

A: If you can get fibre to your community, that’s your best bet. Your average user will use 10 Mbps if they are streaming a video or on a video call. If you have 100 user, that’s 1 Gbps. The likelihood of them all being on at the same time is small, so divide by 4 as an estimate. This means that for these 100 users, you need a 250 Mbps service (1 Gbps/4 = 250 Mbps). It is important to have this speed both ways, not just on the “downlink”, because users will experience poor quality video calls (the “uplink” needs to be good, so get fibre where you can!). In tech lingo this is called a symmetrical fibre link (now you know!). You can always start smaller (125 Mbps), and see how that goes. Once you have fibre, the service provider can easily adjust speeds on their end. Don’t do it too often though as it screws up their billing and they don’t like it. Get this service from Bell, Telus, Rogers or Shaw, which are called internet service providers, or ISP’s.

You aren’t done yet - read the next part about WiFi and Wireless Internet.

2) WiFi and Wireless Internet

Q: As a user I want to watch movies, make video calls, and browse websites - on my phone, tablet, or laptop (which is about 90% of what people use these days).

A: But I got the Internet (see above) - I’m done, right? No. You need to have good WiFi too, which basically makes the internet available to anyone with a phone, tablet, laptop, Alexa, etc. Anything that is portable - not your ancient desktop computer. And these days, this is like water to people (visitors, contractors, and of course, your residents and staff), so you need to make it available (aka work) everywhere, and that means EVERYWHERE (including in the car park). Well, that sounds hard, how do you do that, you ask?

It isn’t easy. This now becomes hard for people other than IT folks, so you need help. And it’s a commodity service, not strategic, so outsource it. That means get a good consultant or a service provider, to get you a managed service. You can get that from the telcos - Bell, Telus, Rogers, and maybe Shaw. (If you use a smaller provider, at least have a chat with one of the big telcos, for comparison. My favourite is Bell.)

A managed service means the service provider will tell you where you need the equipment (access points, switches, routers); they will install it for you, and most importantly they will operate it for you, meaning that if it isn’t working right, you only have one call to make - to them! This is not the cheapest way to get WiFi, but it is the most headache free way. They will keep it up to date, configure separate networks for you and staff, residents, and visitors to preserve data privacy,, and other tweaks / bells and whistles. Very importantly they will make the whole thing secure! Do it yourself and risk a cybersecurity hack and unhappy clients.

Now you can claim to have “Internet”.

3) Cybersecurity

Q: As an operator, I want to ensure I am protected against ransomware and cyber compromise.

A: Think of modern cybersecurity as a 3-legged stool which will get you 90% of the way to a good place, namely a good cybersecurity posture.

The 3 legs are focussed on 1) prevention, 2) detection and response, and 3) education. (This isn’t meant to be order of implementation - more on that later below).

(1) First, we want to make sure we prevent bad things from getting into our environment. We used to do this with firewalls and web filter appliances. It worked well when employees were in the office and all the applications resided in the data centre. But now, employees work from anywhere, and since most enterprises use software-as-a-service (Office 365 etc). That means we need to protect the user-app connection, no matter what network is used. This requires a new approach, which we call Security Service Edge (SSE). Like the applications accessed by users, it is delivered through the cloud, closer to where the applications are, and accessible from anywhere. Top vendors include ZScaler and Netskope.

These SSE services centralize the prevention function by providing Secure Web Gateway (SWG), Firewalls (FWaaS), and Data Loss Prevention (DLP), which will achieve most of what you need, unless you have specific and complex use cases. These platforms also shift the management away from rules (old school) to policies and outcomes (much simpler to manage), and they apply these globally to your entire environment.

(2) Next, you need to know when something bad gets into you environment (detection) and do something quickly to contain it (response). This is what will let you sleep well at night, knowing that if something happens, it will be contained. Since you probably don’t have a lot of security people on your team, you need a managed service, meaning someone else takes care of all this for you - tools, tech, and staffing. Best in class is Crowdstrike’s Falcon Complete , which a managed detection and response service. Implementation and management of this service is low effort, and the Crowdstrike team can get you up and running in a few weeks.

(3) Finally, since your employees sometimes end up clicking on phishing emails, and inadvertently inviting in bad things, it makes great sense (and great return on investment) to help educate employees on good practices to stay safe. This also helps them at home, not just in the office - bonus! This type of education is called security awareness training, and should feature short video vignettes that are dramatized to drive home specific messages. My favourite is Mimecast since their videos are funny and educational, and pit characters like “Human Error” against “Sound Judgement”. Their platform provides simple but complete reporting on participation, and features short quizzes after each video to check for understanding.

Doing these 3 things, with vendors that suite your company and are best in class, will get your cybersecurity program into great shape in no time! If you have limited budget, and don’t really know how good your cyber hygiene currently is, then it makes sense to start with detect and respond, #2 above. Don’t forget, this is a journey, pace yourself and keep moving forward.

Have other questions?

If you have other questions or suggestions regarding the above, feel free to send them to me via the contact form or to my email address found below.