Reducing IT Costs: Why Variety is the Wrong Type of Spice

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money - Part Two

In your pursuit of reducing your business IT costs, the recipe not only includes avoiding the “lemons”, but also avoiding too much variety.  When you dig a little deeper you will discover that your computer system is not one product designed by one manufacturer.  Even when you purchase, let’s say, a Dell computer what you are really buying is: a motherboard manufactured by ASUS, a processor manufactured by Intel, memory manufactured by Kingston, a hard drive manufactured by Seagate, an operating system manufactured by Microsoft, etc.  Essentially, what Dell does is bring these various parts manufactured by different manufacturers and assemble them into a computer.  But, even Dell knows you can’t take various parts with different technologies, features, and versions and throw them together and expect them to work nicely with each other.  Dell does extensive testing with combining these different technologies before assembling them into a computer. 

Now extend this scenario to a business network.  You have computers from different manufacturers like Dell, HP, or Lenovo.  On these computers you have different operating systems such as Windows XP, Windows Vista, Windows 7, Windows 2008 server or Macintosh.  You also have a variety of devices such as printers, switches, broadband routers, network firewalls, etc that are all manufactured by different manufacturers and some have new technology while others have older technology.  Installed on your computer you have a variety of software such as browsers (Internet Explorer, Firefox, Opera, etc), accounting software (QuickBooks, SAP), office suites (Microsoft Office, Open Office, Word Perfect), customer databases (ACT, Goldmine), inventory tracking software (Fishbowl), and antivirus software (Symantec, McAfee, Trend Micro, etc).  And, all this software has different versions.  With all this variety how can you be assured they will play nice together?

In add to this plethora of software, hardware, and devices, is the fact that most computer products can be custom configured in a multitude of combinations.  In fact it is this complexity of numerous configuration settings that keep many a computer tech employed.  One misconfigured setting can cause your whole business network to stop functioning.   With this ever increasing complexity of product and configuration settings comes an ever increasing chance that things can go wrong causing outages and service disruptions.  So, how do you combat this trend? 

According the IT Process Institute one of the most effective ways to control IT costs is to simplify and standardize the configuration of your business network.  Practice “Less is More”.

Below are some ideas on how to do this:

1. Remove or disable any application or software on your computers that do not have a business use.
2. Prevent employees from installing software on your business computers
3. Buy computers from the same manufacturer and buy the same model.  Have the same operating system and software on all computers.

Standardization will greatly simplify the maintenance of your business network.  Below are some reasons why…

1. Standardization goes a long way in effectively managing change in your network and computers systems. (See The Five Pillars of Computer System Stability and Reliability – Change Management)
2. Standardize to avoid compatibility problems. The more software and hardware you have, the more often you’ll encounter conflicts and errors that are hard to isolate and fix.

Part Three: How to save money by managing change

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money

Reducing IT Costs: The Five Pillars of Computer Dependability and Longevity that Save Your Company Money  

Part One - Avoiding the Lemons Is Easier Said Than Done

We all heard the term “Lemon” as it applies to a product that is bad, unreliable, or simply doesn’t work.  What makes any product a “lemon” is poor design, not just quality control. Even if, you have a manufacturer renowned for product reliability such as Toyota, that manufacturer can still produce a product that needs to be recalled.

The first pillar of the Computer Dependability and Longevity that Save Your Company Money is to avoid purchasing that computer application or hardware with poor design or is a “lemon”.   Unfortunately, in the ever changing environment of computer technology that is easier said than done.  It is easy to get fooled by the hype and sucked into keeping up with the Jones so we are not left behind in the old technology dust.  Even so, try to fight buying on impulse and follow the best practices below before purchasing any computer product:

Purchase products that have a proven track record

What I’m saying is a “product” that has a proven track record, not simply a manufacturer with a track record.  This means do the following:

1.    Avoid being a “first” adopter of new technology

2.    Purchase products that have been on the market for six months or more

3.    Check any and all product reviews about the product

4.    Check any “troubleshooting” forums that mention the product.  This is the advantage of waiting at least six months.  After six months these forums should be replete with complaints about the product.  Review these complaints to determine what you are really purchasing

5.    Buy business models. When you’re buying new computers for your business, look at the business models instead of the home models. Manufacturers (Dell, HP, etc.) change the components in their business machines less frequently, and only after testing the components in their “home” or “consumer” models.  This is reason behind the longer warranties you get with a business model. 

Whenever possible, test the product before you make the purchase

You may find the product that has good design and is reliable, but it may not pair well with the other software or hardware in your computer or your company computer network.  You can do this by doing the following:

1.    If it is software, obtain a demo.  Run the demo on a typical computer in your network. 

2.    Buy one copy or one device and test it before purchasing multiple devices.

3.    Setup a “test” computer that you don’t mind crashing.  You can use virtualization and imaging software to create you “test” computer so there is NO need to purchase additional hardware. 

Ask your computer support tech or company if they do the following

You can get invaluable advice if your computer support company does the following…

1.    The computer support company has their own “lab” where they test products

2.    The computer support company belongs to industry trade associations and regularly attends meetings.  Whenever techs get together they ultimately will discuss horror stories about products. These associations also provide a resource that your tech can tap into and obtain information from other techs who have had experience with a product.

3.    Avoid working with computer resellers who try to push you into adopting the latest technology. 

4.    Find a computer support company that is exclusively a consulting company or one that makes 80% of their revenue from consulting and less than 20% of revenue from product sales.  At least the financial incentive of the computer support company will lean heavily toward support and not product sales.  Essentially, they are forced to support the products they sell.

5.    Avoid Break/Fix computer companies.  They charge by the hour and they make their money when your computer breaks down.  It is the wrong financial incentive to pay a tech only when the computer breaks down.  From a Break/Fix support company’s view there is little financial incentive to prevent computer issues. The financial incentives lean to much toward the expensive fix as opposed to preventing the expensive fix. Find a company that will agree to work for a flat fee for all support and maintenance including system replacements…yes, they are out there.    


Part Two: Why variety increases your business computing costs

 

Why Don't Computers Get Any Respect?!

Why do so many business owners treat their computers like Rodney Dangerfield... they just don't get any respect!  They are an after thought, an annoyance, or unfathomable gadget that is here today and gone tomorrow.  The truth is that we have become so dependent on computers to perform some of the most basic business tasks we could never imagine being without them.  And, frankly our businesses couldn't function with out them. Why does it take a crisis or major disruption before computers get any respect?!

Anita Campbell wrote an article "5 Success Tips You Never Learn in School" for the online magazine Small Business Trends that echos my sentiment above.  The fourth tip in her article is "Treat Your Computer Systems Like a Factory Production Line".

Anita Campbell explains, "For millions of business owners like me, our computers are the biggest set of business equipment we have — and they’re crucial. Without a computer system, I cannot operate my business.Yet, why do so many of us still treat our computer systems as if they’re discretionary gadgets? That’s one of the mysteries of the universe. It’s the Rodney Dangerfield syndrome — they “get no respect.” We don’t back up our data regularly. We don’t do maintenance (such as de-fragging or critical updates) the way we should. Our electronic files are a disorganized mess. We practically ignore our computer systems until a problem happens. Then the problem turns into a full-blown crisis."

So, why do so many business owners ignore their computer systems until there is a full blown crisis?  And, that crisis is often a major disruption that can be very expensive due to not only repair costs, but also lost productivity or business.  As the industry saying goes, "There are those that backup their data, and then there are those that WILL backup  their data!"   Why does it take a crisis or major disruption before computers get any respect?! 

I agree with Anita Campbell that the aforementioned seems to be one of the mysteries of the universe, but I believe the essential answer to that mystery is as follows:  If you don't want your business to come to a grinding halt, because your computer systems aren't functioning, then your goal should be to find ways to prevent problems from occurring or at least minimize the impact of computer disruptions.  It seems to me that most business owners would like to accomplish the aforementioned goal, but don't know the "how" of attaining that goal.  Then they turn to their computer technician whom they only pay when the computer breaks down.  Since, that computer technician only gets paid when the computer is NOT functioning, there is no financial incentive for him to prevent problems from occurring.  So, where can a business owner turn to for advice on preventing computer problems and mitigating disruptions?

In the next series of blog posts entitled "The Five Pillars of Computer Reliability and Stability" I'll detail the steps you can take to prevent computer problems and mitigate disruptions in non-technical language.  I'll present the "Five Pillars of Computer Reliability and Stability" in a management framework that you can use to manage your computer disruptions more effectively as well as either get you current technician on-board with preventing or mitigating computers disruptions or find a computer technician that will work with you toward that goal. 

SMB's Suffer High Incidents of Bank Fraud

Guardian Analytics and the Ponemon Institute have combined to publish the results of their  Business Banking Trust Study. The study underscores the battle against increasingly sophisticated bank fraud campaigns targeted at small to medium sized businesses.
Some of the reports highlights:

• 56% of businesses experienced a bank fraud attack in the last 12 months. Of those that experienced fraud, 61% were victimized more than once. 75 percent of the businesses participating in the study experienced online account takeover and/or online fraud.
• In 78% of fraud cases, banks failed to catch fraud involving the illegal transfer of funds or other nefarious practices such as information identity theft.
• 38% of respondents said they access their company's banking accounts from mobile devices including smart phones and tablet PCs like the iPad, compared to only 23% in 2010.

Legally, business accounts aren't protected against losses due to fraud, as consumers accounts are. As a result, small businesses are forced to absorb excessive losses resulting from their business bank accounts being fully drained and unable to recover any of the losses.

What are can you do to avoid being a victim?  The follow are best security practices

1. When you access your bank account online, do it from a computer that is NOT used to access the Internet or email.  You should have a dedicated computer that accesses only your bank account and nothing else.  As an alternative, you can configure a "virtual" computer using VMware Workstation.  This  creates an environment similar to having a separate computer without having to purchase separate computer hardware.   Ask Avisotek for more details or your computer service provider 
2. Change your bank account password every 30 days
3. Make sure your computer has a firewall that filters incoming and outgoing network communications.  The Anti Virus software should perform "full scans" every day.  Security updates to Windows XP or Windows 7 should be performed weekly.  
4. The computer you access your bank account online should be used for business purposes only.  DO NOT download and install games, wallpaper, music, weather bug, desktop themes, etc.

http://info.guardiananalytics.com/2011-TrustStudy-Press.html

To Cloud Backup or Not To Cloud Backup

To backup your company data in the "Cloud" with an online backup provider or to backup to only a local hard drive? That is what many small business owners are asking themselves these days.  

For a small business with inadequate (or no) Disaster Recovery Plan, online backup can be a huge step in the right direction from a data protection standpoint.  A company's data is considered one of the most valuable assets a business possesses, and should be protected in the event of a total disaster such as a fire, flood, earthquake, or theft.  Therefore, having an offsite backup is very prudent.  However, business owners should consider some of the security concerns associated with putting your data on someone else's computers. 

Acccording to Kevin Beaver, information security consultant with Principle Logic LLC, "How do you know your backups are going to be secure? It's more than just 'we encrypt' and 'you'll have a login,'" said Beaver. "Online backup environments are just like any other Web application. There are literally tons of security flaws that can be exploited to put your backups at risk. Don't fall for the common 'we're SAS 70 certified' response. Ask for an independent penetration test/security assessment of Web-based environment and ensure the vendor's assessing for new security flaws on a regular basis."

Security expert Jon Toigo, CEO of Toigo Partners International echoed this sentiment. "A lot of cloud vendors will tell you everything you want to hear in order to get your business, but it would take a lot of time and energy for you to go and investigate whether they can deliver what they are saying they can. Interview other customers and make sure there are ironclad security policies in place before choosing a vendor."


If you personally don't have the time to weed out the "Cloud" hype from reality, then consult with your computer services consultant or contact Avisotek. 

Also, data backup should only be one component of a full Disaster Recovery Plan.  If your server or computer that stores all your company data has a complete meltdown, how quickly do you need to have that computer up and running?  Two hours? One day? 72 hours?

How quickly data can be restored from a Cloud backup provider depends on your Internet bandwidth and how much data needs to be recovered.  Your can easily recover one Word document in 10 minutes or less. However, recovering 200 GBs of data or thousands of files is another matter.  It could take days or even a week.  You will need to know what the data transfer rate is in order to calculate how long it will take to fully recover ALL of your data in the event of a complete disaster.  If it is going to take too long, then you will need to explore other alternatives.

Put the "Plan" into Recovering from a Disaster

Four Essential Elements For an Effective Disaster Recovery Plan

Step #1: Identify Which Systems Are Absolutely Critical to Operating Your Business

There are three areas you need to assess: data, systems, and communications.   Determine the data that is critical.  Your customer database and accounting may be critical, but your employment applications forms may not be.  On what computer systems is this data stored?  Your company data may not be stored  in one location.  Data can be scattered over many computers.  Also, determine which computer systems are critical.  Perhaps, your company website availability is not important, but being able to access the Internet is.  Sure, you need to access your customer database, but is printing also critical?  Lastly, how do your customers communicate with you?  How long can your business survive if all forms of communication are disrupted?  What percentage of customers get a hold of your company through the telephone, email, or website?   If 90% of you customers choose to contact your company using the telephone, then you could consider your phone system is far more critical than email.

Step #2: Determine How Long You Can Be Without These Critical Systems

If you clients could not contact you because all you communication systems are disrupted, how long will it take before they will contact a competitor?  If you cannot process orders, at what point will you lose revenue and potentially loose customers?  If you need your systems functional in 24 hours, then a solution that will get those systems functional in 7 to 10 days is not the right solution for your business.

Step #3: Know the Value of Your Critical Computer and Communications Systems 

It is easier to figure out what the replacement costs of you computers are, but what about that customer database?  How many hours have you spent entering information, comments, orders, etc?  How much did you pay employees to enter this data?  Sure, you will need this information for insurance purposes.  You do need to make sure you are properly covered.  And, you can't determine the best coverage until you know the replacement value of your systems and how much business you may lose as a result of the system being down.  But, insurance companies do NOT cover data loss, only lost business.  How long would it take to reconstruct your customer database?  How much would it cost you to have all that data re-entered into the database?  You may be surprised to find out that your database may be valued at tens of thousands of dollars.

Step #4 Have a Disaster Recovery Plan in Writing!

This is the most important element that you must have.  When a disaster occurs you must be ready to recover and get your business up and running otherwise your business will be a statistic. As simple as it may sound, just thinking through in advance what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast.  At minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how.  Also include contact information for various providers and username and password information for various key web sites and services.  Writing this plan will also allow to think about what you need to budget for backup, maintenance, and disaster recovery.  If you can’t afford to have your network down for more than a few hours, then you need to a plan that can get you back up and running within that time frame.  You may want a redundant server, allowing your office to run off the redundant server while the real one is being repaired.  And, with “virtualization” there are real inexpensive options to having a redundant server.  If you can afford to be down a couple of days then there are less expensive solutions.  Once written, print out a copy and store it in a fireproof safe, and offsite copy, and a copy with your IT consultant. 

"Open for Business" disaster planning recovery series is an excellent source for those wanting to properly and fully plan for staying open for business in the event of any major disaster. 

http://www.disastersafety.org/ofbInfo?execution=e5s2&execution=e5s1&execution=e5s1&type=ofb_basic

LinkedIn Password Compromised - What Should You Do?

Yesterday, LinkedIn confirmed that millions of LinkedIn users passwords have been compromised.  Later, LastPass’s and LeakedIn websites offered tools to enter your LinkedIn password to find out if it had been compromised.  Why bother! Just change your password! It would take less of your time than going to one of these websites....and you should be changing your password regularly anyway.

I agree with Jim Bliss comment to article "How to Check If Your LinkedIn Password Was Stolen" on mashable.com:

Why LastPass’s and LeakedIn’s password checking tools (above) are really not a good idea:

1) They only check a subset of the leaked passwords. Therefore, even if you get a ‘clear’ result this can not be relied upon as there are many leaked passwords that are not checked against.
2) Recommending users to enter their passwords into third party sites is asking for trouble, desensitizing users to the problems of phishing.
3) Sooner or later (if not already) a site will spring up claiming to check passwords only to store them for nefarious use (yes, without a corresponding username / email address it is arguably less problematic; however, it would still be useful data for a cracker enabling them to hash the captured password and see if there’s a match and, bingo, you’ve done their work for them).

Far better advice, IMO, is to ignore the checking tools and just change your password.
Checking with these tools provides no security or assurance whatsoever.