The majority of controls they note on their website [https://www.caremonkey.com/security-2/] are standard AWS controls that anyone with an EC2 instance can claim for themselves. Likewise their 3PAO attestations all appear to have been inherited from AWS. Perhaps they did their own PCI compliance audit but I doubt it based on the write-up presented.

I also find the lack of details on their application security practices a bit disconcerting. Why do they specifically call out encrypting password data but say nothing of encrypting user content. They even note that they encrypt the data on the mobile app but are interestingly silent about this on their web database, why is that? Also I find it curious they don't note anything about utilizing AWS's dedicated hosts and storage options which is one of the major requirements by Amazon for meeting HIPAA compliance, I know this is one of the many rules, because we had to sign contracts for our systems agreeing to this stipulation.

Another question is, is caremonkey even legally bound by HIPAA regulations? Do they have legally binding agreements with any covered entity or hybrid entities that subject them to HIPAA regs? It is one thing to say you are HIPAA compliant but if the rules don't apply to you then that really doesn't mean much does it...

So how long did that take you to do? A half hour maybe a little longer, how much time was spent by your coworkers diagnosing the issue trying to repair it and half hour? Was it really worth it to your company for you and your coworkers to waste X hours to attempt to repair the old KVM switch that accounting probably depreciated the value on anyway?
Anyway, is it really wise to be jerry rigging KVM power supplies, it certainly doesn't seem professional? If I was your customer and I was touring your facility and saw that, I would certainly have doubts about an organization that finds shoestringing power supplies onto KVMs acceptable practice, tell me you wouldn't feel the same way.https://ask.slashdot.org/story/12/07/06/2014207/ask-slashdot-old-dogs-vs-new-technology#

Some businesses are conservative and rightly so, momentum is slow and precise, changes are incremental and measured. Think mainframes churning through Cobol from the 60's. Bleeding edge things come and go and so do the problems they bring, but what works for years will generally keep working if left to its own devices. As for your company, there may be a business case to build a lab with XP (say most of your customers have XP). It doesn't excuse why your coworkers didn't take the initiative of figuring out why it didn't work but not everything new is awesome and not everything old is bad, you'll learn that after a few years of experience.
Furthermore you will probably soon learn that IT is there to support business not the other way around, unless you are company's goal is to produce IT products, chances are you are there to support your business unit or another company's business. You sound like you are enamored with the technology and want to play with technology for technology's sake, most veterans I've talked with are more concerned about things like uptime, scalability, change management, security, etc... Cool factor plays a part but that's a pretty poor indicator of professional skill, I've known plenty of "nerds" that love playing with new technology but couldn't design and coordinate a real IT project without all sorts of issues (thats the problem with cowboys). The best IT professionals will always keep the lights on, that's your primary goal.

There is no cheap magic bullet, if there was, everyone would be doing it. You will either pay for licensing, pay for hardware, or both. Clustering is usually a nonstarter due to the expense of a SAN, you get a cheap SAN then you still end up with a lousy single point of failure. SQL replication may work but the POS software may or may not work under that configuration and the fail-over may or may not be automatic so its a real crap shoot. Your best bet is a single quality server, minimize the crap you install on it, preferably just SQL, get a solid properly rated UPS, and make sure it is all setup properly. You will get great uptime. A mismanaged cluster is much more liable to cause downtime than a properly cared for single instance server.

You can definitely tunnel RDP, its built right into Windows and called Terminal Server Gateway. With that you can use client cert validation and tunnel in over SSL. Add some nice middleware and it will even allow you to use hardware password tokens (if you can afford them).
What people seem to be forgetting is that RDP alone is not really a "secure" communications channel for public networks. If you need high security, users should be VPNing into your LAN and then RDPing over that tunnel.

Have you considered purchasing your software through Techsoup. Microsoft software is virtually free (last i remember something like 10 to 20 bucks per copy of windows, similarly cheap for server OSes as well) so long as your organization qualifies. I am assuming you want to integrate everything on a Windows domain...

Why is Emil Protalinski's photo being displayed for this headline? It would lead the uninclined to think that is a photo of Mark Zuckerberg, aka Rotem Guez. Slashdot editors need a clue.

Yea definitely. Article 60: In the exclusive economic zone, the coastal State shall have the exclusive right to construct and to authorize and regulate the construction, operation and use of: (a) artificial islands; (b) installations and structures for the purposes provided for in article 56 and other economic purposes; (c) installations and structures which may interfere with the exercise of the rights of the coastal State in the zone.

Chances are ship parked there for any length of time can probably be classified as some type of installation or structure within the EEZ

http://www.un.org/depts/los/convention_agreements/texts/unclos/part5.htm

Your logic is flawed. YOUR fire extinguisher may have never been used in the past 15 years but undoubtedly someone has used their fire extinguisher for the purpose of putting out a fire within the past 15 years. Also the cost of a fire extinguisher calculated against the actual risk of a fire makes it an extremely good value by any bean counters standards. It is obvious that a fire extinguisher is a justifiable in terms of the actual risk of a fire both on paper and in practice. OTOH the back scatter machines and TSA theatrics have prevented zero terrorists ANYWHERE. The cost of these scans in manpower, productivity losses, capital investment on scanners and other lost opportunity costs calculated against the actual risk of a terrorist incident makes the TSA apparatus a terrible value at best. It is not obvious that this is a good solution to terrorism. Fund what works, more counterintelligence and human intelligence operations, not this dog and pony show called the TSA.

Agreed, if this is mission critical stuff and you don't have staff living onsite there is no reason why they could not justify purchasing an IP KVM and a remote PDU for just this type of emergency. I'd imagine it would take at least thirty minutes to a few hours to have your on call person drive into the office and push a power button, whereas remote access would take what like 10 minutes?

Makes sense but most enterprises are moving towards high density virtualization. This seems to be going the other direction towards specialized appliances rather than.general purpose computing. I could see workstations/terminals going the arm route as well as highly customized and code optimized app servers. But I don't think you'll see many enterprises switching over just yet.

Who is modding this informative? No mil sites use self signed certs. Please get your facts straight.

I think they are overcoming that particular limitation with the propellor which is technically approaching the wind indirectly.

Well lets break down the AC's self righteous gloating. He said its been 10 years since graduating so he graduated around 2000, he says he was in school for 5 years so he started college around 1995. Now let's take a look at this: http://en.wikipedia.org/wiki/College_tuition#Disproportional_inflation_of_college_costs and you will see how divergent cost of attendance has become to the standard inflation rate. Furthermore if you take into consideration the oversupply of college graduates, erosion of earnings potential for a 4 year degree and extremely limited job market then its pretty clear its almost impossible for most students to be able to work off their tuition/room board/etc while working college jobs. Sure it may be possible to go to night school and work a full time job but that significantly limits your choice of schools and coursework.Taking less credits each year is another option but that may mean you are taking the 6 or 7 year plan to graduation which is ultimately not worth it when you consider the lost earnings potential (unless you are working towards a degree within your current field of work).

Mod UP. Parent is a damn fool who obviously has no idea how BES works. This is not BIS we are talking about.