Thursday, March 25, 2010

Why should we audit our IT environment?

If you run a business with more than a handful of computers, you are already spending money on IT and are probably doing so in one of two ways:

1. You react to problems and spend money as the need arises; or
2. You have a strategic plan for IT that aligns to your business plan.

If you fall into the second category, then a regular audit every year or two will ensure you maintain accountability, and deliver and maintain your systems according to plan. This already makes sense to you as you are organised, and can see the benefit of checks and measures in your business.

If, like most of the SME community, you are in the first category and are sick of the instability of your IT environment and the reactive fashion in which you manage it, then an audit is the perfect bridging tool to let you take stock of where you are – and where you need to be. The audit will allow you to make plans and set budgets, meaning you can stop being reactive and start being strategic.

Having clarity in terms of how your IT environment should be functioning means you can write an IT plan for the future, and start working proactively to build the systems your business needs; according to that plan.

Your audit must take into account your business plans for the future, and ensure the scale of projected business growth will be facilitated by a solution that already exists, or is being developed.

We offer our clients and prospects audits as a way of clarifying expectations on both sides of the fence. After all, computers are business productivity tools and work best to support a business when there is accountability on both sides for requirements and deliverables.

To be thorough, an audit must consider the following areas of your technology:

  • External networks and communications, internet connection, private networks and phone.
  • Internal networks for speed and segmentation.
  • Security between the public and private networks.
  • Security within your network for connections between departments and access to files and digital assets.
  • Storage architecture and capacity planning.
  • Server capacity and scalability (this may include virtualisation and consolidation).
  • Data and system backup resources for on-site and off-site backup.
  • Disaster recovery capabilities.
  • PC capabilities and requirements.
  • Application suitability and fit for purpose for each business unit (this may require extensive business analysis and is not a trivial component for many organisations).
  • Online strategies and requirements for applications, communications and marketing.
  • Software licensing.

To be able to do this well, your IT team needs to know a bit about your plans for the business, including:

  • What does the business do?
  • What markets does it sell to?
  • What expansion plans are there for the next three to five years?
  • Will the business expand locally, nationally or internationally?
  • How many new sites will be opened with how many staff at each?
  • What applications are you already considering deploying?
  • What reporting requirements do you have?

When getting an audit done, make sure you use a supplier that is capable of working at the strategic level your business requires – this will ensure that the advice you receive is not too tactical or too basic to be of value.

So, what have been your experiences with IT audits?

David Markus is the founder of Combo - the IT services company that ensures IT is never an impediment to growth.

Thursday, March 18, 2010

IT spending never stops, but how can we make it manageable?

Unsurprisingly, this week's question is one I get asked a lot.

Because the costs associated with IT are ongoing, it makes sense to do some planning and budgeting in advance to ensure you maximise your return on investment.

First, let's establish whether you really need computers to run your business. If you don't need them and you can make money without them, you're in a fortunate position! If that is the case, throw out your existing computers, as email and social networking are bound to be wasting employee time – at your expense.

If you suspect you could do without them but aren't entirely sure, turn them off for a few days and see what issues arise.

If yours is one of the many businesses that do rely on computers, the first part of keeping your IT spending manageable is to replace your computers regularly.

Computers double in speed at least every 18 months, and double in capacity as least as quickly. This means that a three-year-old computer is four times slower than a new one. Add to that the fact that aging computers have an increasing rate of hardware failures, and you end up with a high-risk, low-performance environment as machines age past the three-year mark.

So, how can you improve your return on investment?

First of all, it is well worth getting good quality equipment with a manufacturer's three-year warranty (today some are even doing five-year warranties). This will protect your initial investment, and ensure you get the hardware support you require.

The next piece of advice I would offer is to spend a little more time and money on the hardware design and selection to get better performance, as this will extend the useful life of the machine at the tail-end by some months or years.

The reason for this advice is that the services that go into setting up a computer form a significant part of the cost of the equipment, as does the software licensing that goes with the device. So a longer machine life protects the other parts of the investment.

By extending the life of each of your computers, you may be able to reduce your purchasing cycle by one computer per employee over a 10-year period. This can represent significant savings, without a perceived drop in care for your employees. This applies equally to PCs and servers.

Once you have a plan in place in terms of what you need to buy, and how often, you can assign a budget. If a large capital expenditure does not work for your business, you should consider a finance deal. Talk to your accountant to determine the best method, and then ask your suppliers for vendor-based credit, as this can be a great way to get cheap loans for computer equipment.

In terms of the costs associated with managing your IT environment on an ongoing basis, consider the following. I have seen many companies with a full-time employee running from place to place fixing aged computers as they break. The irony is that a full suite of new, stable, financed computers, and an outsourced management solution, would have cost less per year over three years than the cost of a full-time employee.

Furthermore, the savings that a stable IT environment would have created in terms of increased staff productivity and improved employee retention would have been significant. So, be careful that the affordable short-term option doesn't end up costing you more in the long run.

Ultimately, don't let short-term issues and a lack of strategic planning cause you to leave creaking infrastructure in place. This will only destabilise your IT environment and frustrate your staff. Instead, get some advice on what solutions will bring good stability and cost savings to your business, and then action a plan to implement those solutions accordingly.

David Markus is the founder of Combo - the IT services company that ensures IT is never an impediment to growth.

Thursday, March 11, 2010

Why did our server fail in the floods?

This question has just landed in my inbox, with flash flooding hitting the city and surrounds here in Melbourne over the weekend.

I love a good storm, and when I found myself stuck in the middle of Vic Markets with my two young boys with hail crashing on the roof so loudly that we had to block our ears, it was very exciting.

When the lights in the market went out due to a wet circuit, it was no big deal – although I’m sure a lot of the vendors were panicking about their fridges that keep thousands of dollars of produce fresh. In the chaos of the moment, even I neglected to think about all the servers that had just gone down due to poor power protection.

But protecting your IT assets against flooding is critical.

We all know that water and computers do not mix and I have heard of local companies whose ground floor was flooded, and their floor-dwelling computers got a soaking. This is unfortunate, and only preventable through better desk design that includes a desk position for the PCs.

On the other hand, the totally preventable issue that we have been inundated with this week is computers and servers that were not surge or power protected by an uninterruptable power-supply (UPS).

This means that when the power to a region or building fails, the server stops instantly – losing any data in its memory, write cache, or disk controllers. This can lead to serious problems on server start-up.

Even worse is when the power surges before disconnecting and causes physical damage to computer equipment.

Today it is possible to place surge protection at the power board in the office, so the entire power outlet system is protected. I strongly recommend an additional step of placing a surge cube or power board with surge protection at each PC station.

For your servers, a good UPS is essential to filter the incoming power and to run the server for 15 to 20 minutes after a power outage so that the server can shut down properly.

A UPS for a server will typically cost less than 1 hour worth of salaries for the number of staff connected to the server. So, it really only takes one power-related outage over the three years or so you will have the UPS to cost justify the expense.

While I’m on the three years topic, make sure you test your UPS regularly as the batteries can fail. Most UPSs will have replaceable batteries, and it is necessary to replace them as they age.

If you are not sure how best to protect your computers against flooding, get advice and make sure you have the right solutions in place to protect your IT assets.


David Markus is the founder of Combo - the IT services company that ensures IT is never an impediment to growth.

Thursday, March 4, 2010

Is my mobile phone secure enough?

Unlike many of the questions answered in this blog, this week's question is not one I get asked often. In fact, many people think, 'Why do I need to worry about the security of my mobile phone? It's just a phone, right?'

Wrong.

These days, the average mobile phone is actually a small computer, with more computing power than the early mainframes that took up massive rooms just to compute ballistic trajectories. Today, 'Paper Toss' on an iPhone does that with full graphics and a crosswind calculation as well.

In today's fast-paced environment, our phones contain an infinite wealth of information, starting with – but not limited to – contact details for your family, friends, clients and prospects.

The consequences of losing your phone or having it stolen could be disastrous. And with approximately 4,000 mobile phones lost or stolen EVERY WEEK in Australia, that's more likely to happen to you than you may think.

Leaving an unsecured mobile phone in a taxi, shop or bar, could lead to any number of scenarios as a result of identity theft. Having a phone stolen from an unwatched bag or car is always going to be a pain – but losing data as well only adds insult to injury.

Let's come at it from another angle. If you run a business and let your staff connect to your computer systems with their phones, how do you know what information they take home with them when they walk out the door each night? What documented policies do you have around the use of mobile phones for this purpose? What computer-based software enforced policies are in place?

In many cases, people simply don't know that this kind of technology is available. Did you know, for instance, that in Windows Small Business server 2008, you can force auto locking of phones so a pin is required to access the phone? Is that enforced in your business?

There are also applications that allow computer administrators to wipe a lost or stolen Windows Mobile, iPhone or Blackberry. Are you set up to activate such an application? Do you even have a plan to activate when a phone is reported lost or stolen?

There is also software for phones that have a built-in GPS that lets you track where your phone has gone. This is a small investment that may save you a phone replacement, and a lot of grief. Of course, if you live in a mansion it may also help you to determine which room you left the phone in with the ringer on silent!

I can promise you that each of your staff will complain about the pin being enforced, and will want it removed. You won't enjoy it yourself; but when the next phone goes missing, and you know it can't be accessed or used by the person who finds it, you will appreciate that extra bit of security you put in place.

Of course, the security is not completely robust. Like all security systems, there is a way around it or through it, but it is still far better than nothing. You can always add extra security with stronger passwords and encryption, but for the small business market just setting up the basics is usually a big step in the right direction.

In today's world of ubiquitous data, we all need to be aware of the data we hold in our hands, and the importance of securing that data. It is absolutely my recommendation that you take proactive steps to ensure that security, and resist the temptation to be lazy and leave yourself open to risk.

Click here to read more IT Systems expert advice.

David Markus is the founder of Combo - the IT services company that ensures IT is never an impediment to growth.