What should be in a ‘Go Bag’ for business?

A ‘Go Bag’ is essentially a collection of items that will facilitate a specific task in an emergency. There are survival Go Bags, communications Go Bags and now we are seeing the emergence of the ‘Business Go Bag’.

Key functions need to occur, even during a regional disaster, in order for a business to survive. These may include production, transportation and communication. Arguably, the last one, especially communication with your customers, is of paramount importance.

So let’s talk about a Go Bag for key members of your customer service staff.

Situation: Commercial power is unavailable and communications infrastructure has been damaged in the effected area. Event duration is expected to be several days at a minimum.

Assumed: Company has an IP based PBX and company applications running in a secure data center.

A customer service Go Bag to deal with such a situation should include the following:

High-efficiency laptop with WiFi capability and Soft Phone software loaded and configured

-Headset/Microphone for laptop

-Cellular Wireless Access Point

-Cellular phone

-Standard phone-line type modem

-Temporary power supply (example)

With these items, a customer service rep has the ability to operate for extended periods in the absence of facilities that we have come to take for granted.

Customer calls will reach a rep who has the ability to take orders, answer questions about existing orders or respond to other customer inquiries.

IT Managed Services: Preventing it from becoming mid-90’s ‘Outsourcing’

This article is for those contemplating a Managed Services engagement to address all the repetitive IT headaches that take time away from strategic planning efforts. You have realized that you don’t want to use your highly-compensated IT staff to check backups, restart services or fight the myriad of fires that pop up every day. There are, however, some old ideas that need to be shed to help ensure success.

1. Named Resources

This is one of the most dangerous ideas.

“I want to know who I am dealing with!”

No, actually, you don’t.

If you have come to the conclusion that Managed Services will enhance your IT group, only the SERVICE matters. If the service is provided successfully, maintains the environment and deals with issues that arise, it shouldn’t matter if it’s being performed by lawn gnomes.

Requiring dedicated named resources removes one element of efficiency in that the resource becomes basically a replacement for a full-time employee.

The enhanced financial efficiency and technical superiority of Managed Services comes partly from the fact that it’s a shared service.

As long as end-user satisfaction stays high and all SLA figures are met, a shared service is actually a benefit. A named resource is only exposed to your issues. A shared group of qualified professionals is exposed to the issues that arise in tens, hundreds or even thousands of enterprises. This kind of technical proficiency cannot be taught.

2. The ‘Price Shopper’

Long-time technicians are all familiar with the phrase ‘Buy cheap, buy twice.’ To some extent, this applies to services too. I’m not saying that spending more than necessary is a good thing, but spending less than necessary is most definitely a bad thing.

Many of the ‘Big Box’ outsourcers have re-branded themselves as managed service providers with no real change in operating procedures. This gives them a very attractive price point. In order to maintain profitability at this price point, however, rigid, inflexible adherence to the pattern of services delivered across all their customers is paramount.

If you’re shopping for price, don’t  expect a solution that fits your business. Expect, instead, to modify your business to suit the service model.

3. Leveraging

Get some project work done without bringing on additional resources. Sounds like a great idea.

It’s not.

Managed services are designed to address repetitive but necessary support functions within an environment. Each time a project is injected into the mix, the support pattern is disrupted.

The efficiency and effectiveness of Managed Services arises mainly out of well planned, well managed and well tracked repetitive procedures.

Your Managed Service Provider will be more than happy to assign you a project resource if you really need one, and probably at a fair price. Avoid disrupting the support matrix by insisting on the ability to leverage.

4. “Get your boss!”

In the outsourcing days, often a problem arose that required escalation to a higher level of management. Once we got that person’s name and number, we often found it a time saver to go directly to this party to resolve all future issues. Senior management had the clout to issue ‘Do it now!’ orders.

Things have changed. If you have an on-site or remote Service Delivery Manager, that will be the resolution point for most issues. If you don’t have an SDM, you will have been provided with contacts intended to smooth any support turbulence that may arise.

“Do it now!” has another meaning: “Stop what you are doing”.

Going directly to a higher level can have serious impact on support. A senior manager will generally act quickly when advised of a problem. This quick action precludes in-depth analysis of the ripple effect that such a disturbance may have upon an otherwise well-ordered support structure.

I don’t mean to imply that you should never address an issue to a higher level of management. Just do it only when necessary.

5. Staff Replacement

Outsourcing was based on the notion that replacing our internal IT staff with a contracted staff would save us countless dollars. I guess we saw how that worked out…

Managed Services: NOT a staff replacement.

Managed Service Providers take away the redundant operations that keep your existing staff from reaching their potential as contributors to company profitability.

Since it is genuinely a service, and not a staff replacement, it is usually priced very attractively. Combined with the increase in effectiveness and productivity of your internal staff, you realize a net gain to your company.

 In Conclusion….

IT Managed Services are a great way to enhance your organization’s business model by removing all the repetitive but critical activities that become an overwhelming source of ‘background noise’ that prevents you from bringing real strategic change and value.

If we’re not careful, however, in both planning and execution of Managed Services implementation, we could miss out on the benefits and find ourselves stuck in the 90’s. Please keep these five points in mind as you proceed.

Jeff’s Top 5 BYOD Concerns

We’ve all heard of, and many of us experienced, the Bring Your Own Device (BYOD) wave. As users become aware that their personal devices are capable of interacting with corporate resources we are getting more and more requests to allow such interaction.

The potential increase in productivity as users employ devices that they are very familiar with, however, must be balanced with caution and careful planning if we are to maintain data security and prevent IT costs from rising uncontrollably.

Here is a list of five critical issues that must be kept in mind when considering BYOD.

Access/Loss Control

It happens every day… A sales rep forgets his or her tablet or smartphone in an airport bar. What happens next? Ideally, it would be turned in to airport security and remain there until the original owner called to claim it. This outcome is not guaranteed, however, or even expected for that matter.

Sadly, it is much more likely that the unattended device will catch the eye of some disreputable individual, never to be seen by the original owner again.

Does this device contain cached passwords to company web portals or email? Are corporate documents stored locally on the device? If so, the easily-bypassed device lock password is the only defense against unwanted disclosure or access to corporate resources.

The solution? There are several things that can be done to mitigate this threat.

  • Any device that has access to corporate resources must support remote lock and wipe. (Let’s coin an acronym… ‘RLAW’, Remote Lock And Wipe, to be pronounced ‘ARE-LAW’)
  • All employees using such devices must be made aware that loss of a device must be reported IMMEDIATELY, even if they believe they will find the device in the near future.
  • To the extent possible, corporate information must be kept OFF the device. Web mail is a good example of this. Locally running mail clients store mail on the device and it is accessible to the enterprising information thief even after the mail account has been terminated. Web mail functions inside a web browser and leaves no mail locally on the device. Microsoft’s OWA (Outlook Web Access) is a particularly good example of such a method.

Information Leakage

Many of the new breed of mobile devices have, integrated with the operating system, some sort of app store or other utility for downloading and installing applications to give the user new functionality. It has been seen in the past, however, that some programmers, when designing their apps, integrate some sort of information gathering function within. If this ‘back channel’ functionality is not detected by the security folks from the application store and is made available for download we find ourselves again at risk for unwanted disclosure.

Another avenue for information leakage is found in public Wi-Fi hotspots. Any information passing over such a network can, and often is, captured by a third party.

Oh, and here are three words that should scare the heck out of you… “Personal Cloud Storage”.

What can be done?

Only devices that allow for centralized restriction of software installations to only approved apps should be allowed to connect to the company network or resources. A list of approved apps will need to be created by your security staff.

The public Wi-Fi issue is also easily mitigated. All access to company resources must be conducted via encrypted session. For web-enabled applications, this is easy. Just make sure to only allow SSL (HTTPS) access.

Upgrades

What happens to the information on an old smartphone when a user wished to avail themselves to their ‘New Every Two’ privilege? In many cases it stays on the phone and is either turned in to the service provider or dropped into one of those cell phone reclamation boxes. Hardly a secure location. Additionally, some providers will transfer your contacts and other files for you from your old device to your new one. Sometimes this is done via a computer that copies all the information to its local hard drive and then copies it back up to the new device. This means that for some period of time, your information exists in a place that is beyond corporate security measures.

How do we handle this one? Simple. A secure wipe of the device must be done prior to the upgrade. Deleted files are not really deleted in most cases, so a secure wipe is the only way to permanently clear the information. Most devices have integrated functionality to perform such a wipe. Hopefully the user’s device came with software that will allow them to export contacts and other files so that they can be moved to the new device. If so, company IT staff should perform this migration for the user. If the user does it at home, on their personal computer, we have the same problem… Eventually the computer will be disposed of, and almost no home users securely destroy data on their local hard disks before getting rid of the machine.

‘Decommissioning’

An employee that leaves the company for whatever reason will certainly be taking all their devices with them. These devices must be ‘decommissioned’ as corporate authorized devices. Decommissioning involves removing data, documents and client software from the device. This should be performed by internal IT staff with sufficient knowledge of company security policy. If solutions mentioned earlier are already implemented and enforced, this may not be necessary. (I’m still waiting to see such an environment)

Here’s the bad part. This can be kind of hard to enforce. Remember earlier in this article when I said ‘deleted files are not really deleted’? Same goes here. Deleted documents can usually be recovered… The only sure way is, once again, the secure wipe of the device.

Unless BYOD users are educated to the need for this, and sign a document giving permission for this to occur, you will be hard pressed to enforce this. So make sure your company security policy contains a section on decommissioning and that employees are required to sign as an indication that they have read and understand this.

Support

If there are no restrictions as to what kind of device can be used to connect to company resources, expect support costs to rise. Most IT professionals will be able to get through just about any issue a user may have, but the time needed to do so increases greatly when the tech is assisting with a completely unfamiliar OS or device.

To the extent possible, devices should be allowed only after your technical staff, whether internal or outsourced, has a degree of familiarity with the device type and its associated quirks.

In Closing…

BYOD can be seamlessly integrated into your company if these basic guidelines are properly addressed. I would advise that anyone going down this road consider each, as well as following industry standard IT and security practices. Keep your security policy updated! If you don’t presently have one, get one, and keep it updated!

 

Why Linux is Not Going To Replace Windows for Business Users

I would imagine that the title of this article will offend many. That being the case, I shall start by saying that I have been, and continue to be, a dedicated protagonist of Linux ever since the mid-90’s when I got a free Red Hat distro at the Computer Expo in New York City. I was hooked. Today, my personal machines are mostly various flavors of Linux. The ease of customization has made the OS perfectly suited to just about any project I had in mind.

And therein lies one of the big problems….

Customization equals expense in the business world

In order for IT, whether insourced or outsourced, to support a population of desktop or laptop computers efficiently, it is imperative that there be a ‘standard image’. Every computer must have the same OS, the same UI, and a substantially similar suite of applications. Exceptions must be made for specific cases, such as engineering or production control computers, but every deviation from the standard equals an increase in support expense.

A deskside support technician may need some time to familiarize him/herself with a non-standard machine. In large machine populations, the cumulative time required for familiarization with customized machines becomes a large, yet undocumented, expense. For remote support staff, the problem is even greater. Instructions that would remedy a situation on a standardized machine may worsen a situation on a customized machine. Now the cost of lost productivity starts to add up.

Microsoft has provided the tools to ‘lock down’ a Windows installation in a domain to ensure that the OS stays standard and supportable. With Linux, there are no such mechanisms.

This is a prime example of short-term vs. long-term gains. Any immediate savings in licensing costs realized by using open source operating systems and application suites are generally exceeded by the support costs.

Ah, there’s another point. Application suites. We’ll have to cover that in another article.

 

The First REAL Review of the Microsoft Surface

After reading literally hundreds of blog posts and reviews of the Microsoft Surface (not the Surface Pro), I decided that it was time to review it fairly. All the reviews I have seen seem to be judging the Surface on its ability to BE a laptop.

Examples of its alleged shortcomings:

  • It won’t run Microsoft Outlook!
  • It cannot join a Microsoft domain!
  • It’s not a full-blown desktop that I can carry around with me!

OK, I made up this last one… But still, you can see that the Surface is being judged unfairly. Judging a tablet by its ability to run Microsoft Outlook is a lot like judging a fish by its ability to climb a tree*.

“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.”

― Albert Einstein

So, I went out and purchased one. (A Surface, not a fish) Here is what I found…

The Surface was never meant to BE a laptop… it was meant to be a fully functional mobility platform. Microsoft Office documents? No problem; edit, create, print in native format. The folks you forward documents to never suspect they were not edited on a laptop or desktop.

And, would you really WANT to run a full version of Outlook on something that was designed to be a mobility platform? (Translation: Do you really want to have PST files on a device that you may forget in an airport?)

Were the early Android devices criticized for not having Microsoft Outlook? No. How about the Apple iPads? Again, no. Both families of devices have attracted a sizable following and have found their way into the New Mobile Workforce.

Why, then, do so many reviews grade the Surface as if it were the latest sub-notebook or NetBook? Blame Microsoft for that one, if blame we must. The device ACTS very laptop-like. The visual similarity to laptops running Microsoft Windows 8 makes one set loftier goals than one aught for a tablet.

So, how should we judge such a device? Here’s an idea… let’s judge it against what it was meant to be: A TABLET! Here’s what reviews SHOULD be talking about:

  • Indecently long battery life. How can I bail out of long seminars claiming ‘low battery’ if the thing lasts all day? (Mine typically runs 11 hours of ordinary use.)
  • Ability to connect to Microsoft Exchange servers, as well as most other mail services
  • Ability to create/edit Microsoft Office files. I didn’t even need to purchase this separately!
  • Present your documents! Relatively inexpensive attachments exist for output to monitor, TV or projector.
  • Limited storage… OK, I’ll give you that… unless you plug in a MicroSD card or external hard drive! You can carry around (and lose in an airport) terabytes of your personal documents if you so desire!

So there you have it. We can either judge the Surface for its shortcomings as a laptop, which it isn’t, or by its myriad of superior feature as a tablet, which it actually IS.

Top 5 Reasons IT Service Engagements Fail for Manufacturing

In the manufacturing industry, CIOs have come to the awareness that cost reduction alone is simply no longer enough. Outsourcers and managed service providers almost always provide for cost reduction, but often fall short in the area of operational efficiency and overall contribution to company productivity.

In this article we will review the reasons most frequently associated with failed outsourcing engagements.

So, what is it that causes IT service engagements for manufacturing organizations to fail? Read more

Emergency Laptop Power on a Budget!

Have you lost commercial power, can’t get to the office and your laptop’s battery is fading fast?
What can be done to prevent being put in such a position? Good question! We assembled our own emergency power supply from readily available items.  If you want to try it yourself, here’s what we did (and it was easy!) Read more

Sample Disaster Protocol and Checklist: Follow-Up to 3 Part ‘What we learned from Sandy’ Series

To view the original 3 part series, click HERE

In the event that we are lucky enough to have foreknowledge of an impending disaster, there are a number of things that can be done to increase the probability of continuing business during the event. Please use the following text to aid in creating a plan that suits your organization. Read more

What We Learned from Hurricane Sandy about Disaster Preparedness – Part 3 of 3: Looking Forward

Parts 1 and 2 of this series detailed the disastrous events experienced and the subsequent return to normalcy. Now we get to the meat of it: What have we learned? Is it possible to deal with such adverse conditions differently in the future? If we start by looking forward, preparing for the event, and not for the aftermath, the answer is ‘yes’.

First, traditional Disaster Recovery/Business Continuity measures cannot be discounted. They must work flawlessly. Datacenters, primary or backup, must be functional and accessible. Server and database reloads must occur smoothly and by the numbers. Nothing new here…

However, a combination of just a few basic elements can make any business much more resilient. Read more

Dynamic Strategies President quoted in InfoWorld Article

Dynamic Strategies President Joe Infante was interviewed for an InfoWorld article written by Bob Violino on November 19, 2012 entitled 7 outsourcing nightmares — and how to avoid them.

The article, through a series of interviews, provides detailed accounts of cases in which outsourcing engagements failed to yield expected results and how to avoid such pitfalls. Read the full article HERE.