Disaster Drills

How often do you try out your disaster plan? If you’re a small or medium business, the default answer is “what plan?” or “we’ll find out when it happens”. The reason is cost, complexity, and apathy. CFO’s balk at the cost of most technology. Technology folks struggle with where to start and how to justify, as not all disasters are equal or require the same response. Finally, the norm for most management is that even when knowing the first 2 facts, they do business as usual because “it’s never happened before because we have smart people and redundancy” (or whatever helps them sleep at night).

Rather than bore you with steps to take to recover from a disaster, the following are some current and nominal cost approaches of how we run our business (and of course help clients do the same):

  1. Recently, a key employee’s spouse was badly injured in a car accident. We were able to advance some additional salary for a short period during the spouse’s recovery. Cash is king in business. You don’t want to have too much as it signals possible operations problems to potential buyers and excess dollars should go to shareholders, but you must have enough on-hand or readily available to cover such situations.
  2. After another summer storm, our main domain controller died. As best practice, this server shared no data or ran any key applications. The second domain controller took over ready and able to service the whole network, using DHCP failover strategy. While operations ran normally, our team was able to seize critical roles and manually remove the domain controller from Active Directory.
  3. Major storage for a client failed. Fortunately, our online backup had a full copy of the data, including databases and server system states. We managed to keep the storage running in a degraded state and minimized customer downtime, by moving data and virtual servers to other locations. Online backup continued to run regularly and after the hardware problem was resolved, the data moved back and synchronized with the off-site backup.
  4. A contractor blew the transformer for our building. Fortunately, we run our business using cloud computing with services like Office 365. Our personnel were able to easily and securely work from home for a day with no loss of operations for customers.

Now the scary part – all of these things happened in the same month. We survived because of business acumen with little additional cost. Our Virtual CIO services can help you identify how to run operations that are disaster ready. If you were the average business, would you still be in business without your key employee, main server, critical data, and a power outage?

IT Spring Forward

Back to the future in the late 80’s, I started with a company that did automatic identification (bar coding) and data collection for Fortune 500 manufacturers and distributors. At that time, single hand laser scanner and data terminals started at nearly $4,500 and label printers at $7,000.  My first day was spent cleaning and organizing. The kids may not be in bed, so to put it politely there was debris everywhere. Files and software on the computers were even in more chaos.

The job was to bring some technical and business analysis, along with software development to what was previously limited manufacturer demos for scanning and labeling. The company had Billy (not his real name) who worked part-time after hours and had done some minor software tweaks and loved the hardware. The problem was that Billy was just plain odd throwing often expensive things around like a monkey, rummaging through every drawer in the company, and in a few lucid moments breaking a full suite of demos that had been restored.

So the second day, I went to the owner and told him it was either me or Billy. It could have been over with dismissal as some punk kid. Instead opportunity abound working with some of the most well-known customers in the nation and the ever-changing wave of leading manufacturers and latest hardware and software over the last 20 years. Looking like you know what you’re doing sets a tone and only helps to build trust, along with solid action.

Q1 one is done and gone, so you can continue status quo with your lost hour of sleep or spring into action. Clean off your digital and physical desktop, donate or disperse that bone pile of miscellaneous technology, delete or file the myriad of haphazard files in your user folder, and do some real work and re-establish your priority and project list.

Now, what is it that you and/or your IT staff spend the most time doing or costs the organization the most? If you have no case history and use gut feel, that’s another problem – but  a start for now. Rank the task/project list and put columns for start and end dates, cost for products and support, and yes/no for management buy in or approval. Now be realistic about effort and available time. Then be further pragmatic of what management will accept.

You’re all cleaned up and ready to perform. Pick the one thing that is a win-win-win for lowering organization cost going forward, improving your productivity, and hopefully learning something new. You’ll have a double sense of accomplishment and many of the answers are getting easier with cloud computing, online backup, and managed services.

Some things management will not understand or may choose to gamble with high risk. Let it go as it’s not something you can control and you’ve done your part by bringing a problem/opportunity to their attention. After you knock out one project, move onto the next. One thing is for certain like everything in IT, you’ll be doing this routine next year. If the project list hasn’t changed significantly by then, serious reflection is in order. Step up, continue as usual with no grounds for complaint, or move on.

Preventing Business Piracy

Let’s be clear. Like any crime, if someone wants to steal from you or attack you or your assets, they will. Your only solace is knowledge to use prudent controls and understanding of the law. Fortunately, as of November of 2009, Oklahoma has made it a criminal felony of Grand Larceny to take proprietary information from your employer.

Previous to this ground breaking event, the matter was civil with it costing an average of $50K just to get to trial. Lawyers were the only winners and if a judgment was made against a pirate, they simply declared bankruptcy and escaped justice. However, now that there is some law for protection, businesses still need to shore up defenses for proof and diligence with policy and controls.

You should start with company culture to make it clear that security breaches and grousing are harmful to all employees, as well as the company. Grousing, theft of company intellectual property, and security breaches of any kind should not be tolerated and met with swift dismissal.

You should consider putting employment agreements in place that have specific language concerning confidentiality (consult your attorney). It sounds outrageous to check, but there is a school of thought often taught by unscrupulous attorneys that employees should sign their name something like “Why Bother” to look like their signature and backdate signing date by a year to escape agreements. In addition for little or no cost, a logon banner should be implemented that states company policy and must be accepted at each logon.

The next 3 major risks are e-mail, web browsing/social media, and file access. The best approaches are regular audit, prevention, and quick recovery. There should be the ability to access an employee’s files and e-mails on demand at any time. Further, e-mail should be journaled for message tracking regardless of employee deletion. Regular snapshots on data should be handled in a similar fashion. For web browsing, it’s best to simply have web filtering prevent access to adult sites and shopping. Finally, it’s a good idea to use tools like Google Alerts to track key employee names, company name and products/services, and competitor names for daily reputation management.

Remove IT Conflict

Your IT Department likely has contempt for you or best case is just indifferent. The reason why is that any feedback you give is negative and what measurements do you really use to judge IT performance?

There are always the same 3 plays for someone in IT:

1) Grow a department.
2) Fly below the radar and keep status quo.
3) Learn something new and move on in 2-3 years.

The first play goes like this: upgrade the infrastructure often starting with cabling/bandwidth, implement some new technology, get some licensing, add desktop and application people, and then rule the fiefdom. The second play is to latch onto some technology while avoiding change and guarding legacy knowledge until termination or retirement. The third play is often the most confusing for businesses as all seems well until the player suddenly turns in their resignation one day. The really scary thing is that each type of player may wake up suddenly and decide they want their own business, wreaking havoc on themselves and unsuspecting customers before understanding they have little chance of success or happiness with a hyper-competitive market and limited business/sales/marketing/financial knowledge.

No scenario described above really has any advantages for business. So it’s time to take control and recognize your situation. After all, IT is your number 4 business cost after salaries, rent, and taxes/insurance. The following are a few general tips:

  1. Know the cost of IT personnel. You should pay student interns no more than $10-$15 per hour and the rarely occasional one-man-show “consultant” only $30-$35 per hour. Ignore Salary Surveys and look up the real wages reported by the state for IT positions. Demand a relevant Bachelor Degree and current certification or adjust earnings down. Check references and ask for a copy of a W-2 to verify previous salary. Much of these same things should be done when picking a vendor.
  2. Measure IT to reduce cost or increase sales. Don’t have IT report to Accounting. Accounting has no understanding in this area and should be focused on business valuation, shortening accounts receivable, increasing credit lines, and reducing debt/taxes. Ideally, try to tie a portion of compensation to reducing cash outlay over time or increasing revenue. Also, there should be some built-in retention so things like bonuses are lost on an early exit. Know that you get what you measure and you should have an easy and regular way to review monthly to quarterly.
  3. Focus on business and not technology. Your IT staff would much rather help improve the business than do mundane tasks or risk livelihood implementing new technology they don’t know. Instead of having IT struggle for time to update and maintain the environment or before hiring that next IT staff person, consider managed services for better support at less cost. Ensure business continuity, lessen IT staff involvement, and reduce storage and tape costs with online backup. Spend less for hardware with virtualization or maybe eliminate some portion of IT infrastructure with cloud computing.

Like anything in business, you’ll find there are some things you need to stop doing and others that have been completely ignored. For certain, you can keep blindly spending money or embrace your IT and move the business forward.

Don’t Lose a Quarter

It’s year-end and time to reflect on your performance. When I ask most people how they measure IT, there is always either a blank stare or a 15 minute Obama-like answer. The tendency is to get caught up in the holiday rush, have a much-needed break with family and friends, and then get steam rolled by year-end/year begin just to realize in Q2 you’ve made little progress and generally do nothing until something major breaks.

Here are 3 simple things you should do now, so you’re not in the same predicament at the end of 2010:

  1. Draw a picture of what you have on the left and what it should look like on the right. Don’t worry about too much detail like IP addresses, but rather versions of OS and warranty expiration dates  of equipment. List a few problem bullets in the upper left and wins in the upper right above the changes in the environment you show on the right like removal/migration of systems. Whenever IT is a topic throughout the year, refer to the picture.
  2. Create a spreadsheet with columns for the next 5 years and list down the side software licenses and other categories like servers and workstations. Tip – You’ll usually want to buy new workstations for a third of your fleet each year so there is not a huge cash outlay every 3 years. It’s common to have a detail page for each category. License agreements are usually 1-3 years and warranty on equipment is generally 3 years. Now you have a tool for no surprises and a format to quickly add  total cost of ownership for new business requirements.
  3. Make a list of projects. Then rank them and schedule by quarter.

With these 3 things, manage the BUSINESS of IT by dollars, date, and informed knowledge of issues.