Where technology experts at Endsight share their expertise on IT Management, the issues that arise for clients, and the benefits of technology for medical practices, biotech firms, law firms, financial services and other small businesses in the San Francisco Bay Area.
May 7th, 2010
by Jason Clause Filed under: Email, Managed Services, Outsourced IT Support, Software
My father worked in corporate America before everyone had a personal computer. Instead, my Dad had a tray on the left side of his desk that acted as his in box and a tray on the right that acted as his out box.
He traveled to Asia on multi week business trips and upon his return, he’d be greeted by a giant stack of memo’s, directives and other inter-office correspondence. His solution was to take the stack of paper from his in box and move it directly to the trash can. “If it’s important, they can call me,” he would say.
Dad’s approach to managing his data (paper) wasn’t glitzy or fancy, but it worked and I think it has some application in the digital world.
I’m pretty sure that if I deleted everything in my email store that was more than 6 months old, I’d probably never miss 99% of it. But I know to my core that 1% of that email data set is vital, and so the whole thing lingers on the mail server. That data is then replicated to Endsight’s off-site back up cloud and so now, this blob of mostly useless data exists in two places.
In his article entitled, “The big data addiction” Matt Prigg shares some of his insight into how this very issue is impacting organizations of all sizes today. In it Prigg says, “In a cruel twist of fate, our dependence on ever-expanding digital data has created a feedback loop that fuels its own growth. Within the past 10 years or so, we’ve grown more productive by using business technology. As a result, we’ve created even more massive mountains of data, and we rely upon those mountains to such a degree that we need to duplicate them – multiplying the problem again.”
In addition to email, Prigg is writing about business system data, file shares and a litany of other administrative and back up data sets. In a large organization, this data grows and duplicates at a much faster rate than in a small organization, but a small business isn’t immune to the problem.
I think that for most small businesses that data can be broken up into two parts, email and shared files. I recently contributed an article to the East Bay Chapter of the Association of Legal Administrators that highlights a few technologies that I think can be used to help manage email data without pressing the “delete” key. http://www.ebala.org/Topic.aspx?wiki_id=87#VendorArticle
For file shares, I think one of the prime culprits for expanding data is the fact that no one is really responsible for the files stored on the file share. For example, Endsight had a file on its sales and marketing drive called “2003 archive.” It hadn’t been opened since 2004. Every time I saw the file I thought to myself, “I should just right click & select delete.” But I didn’t create any of the files and so I couldn’t say for sure that someone wouldn’t go looking for a file housed in the archive.
I think the best solution for this problem is to create and publish a document retention policy. For an example of one click here: http://www.abanet.org/lpm/lpt/articles/sampledocretentionpolicy.pdf . This can help to eliminate any guess work and replace it with simple policy enforcement. You can even use technology to set rules and automate the document retention / purge process.
More and more of Endsight’s outsourced IT clients are encountering data store limit issues. We expect these issues to increase as firms move their on-premise computing systems to cloud computing.
To help our clients address this challenge, Endsight provides Planning Services: CIO/Sr. IT Management level consulting & strategy as part of our fixed fee, outsources IT approach. If you’d like to talk in-person about your data situation click here to schedule an appointment.
Tags: Cloud Computing, Email, Endsight, it management, Outsourced IT
Mar 30th, 2010
by Jason Clause Filed under: Email, Hardware, Hosted Services, Managed Services, Network Security, Outsourced IT Support, Software
There is a lot of noise about cloud computing. It’s fairly new and new is exciting. So what exactly is cloud computing? More importantly, why should a small business owner care?
The cloud is a metaphor used to describe the Internet. Cloud computing is building on that metaphor to describe using the Internet to deliver computing resources as a service. Broadly, cloud computing is the convergence of three technologies: server virtualization, utility computing and software as a service.
- Virtualization allows software to be separated from physical hardware.This in-turn, allows a single physical server to become 10, 50 or even 100 virtual servers.
- Utility / grid computing allows server capacity to be accessed across a grid of systems.This in-turn allows computing capacity to increase or decrease depending on user or resource demands.
- Software as a service allows on-demand software applications via the Internet to be purchased on a predictable monthly subscription basis.
This convergence allows a provider to aggregate many computing resources and profitably deliver those resources as a service for a fixed monthly fee.
The resulting delivery model is highly efficient, but it’s not the key reason for a small business to consider cloud computing. The key reason is best illustrated by looking back a century ago to the emergence of the national electricity grid.
Originally, if a business needed electricity it would have to build and fund the generating capacity on its own. Boilers, turbines and transformers were expensive and so only the largest firms could afford the new technology. The emergence of the grid allowed everyone access to electricity on a subscription basis. All one had to do was plug in. No more expensive capital projects.
In the modern era, mostly because of its size, a small business is inherently forced to either pay for more computer resources than it needs or to suffer with systems that won’t quite do the job. It’s an unwinnable contest that does not balance out.
Cloud computing gives a small business the ability to finally balance that equation by allowing them to pay for only the specific IT resources, service and support they need. Small businesses no longer have to lay out huge amounts of capital for servers, software and staff to build and maintain IT resources such as corporate email, shared files and accounting applications. Instead, they can plug into a computing cloud and access only the resources they need on a fixed fee subscription basis.
As with any new technology, there are a lot of options and providers to consider working with. If cloud computing is an option for your business, moving an on-premise computer network to the cloud needs to be thoroughly planned. For more information about cloud computing click here.
In addition to operating a private computing cloud, Endsight manages more than 100 on-premise computer networks. If you’d like to discuss your current situation and determine the cloud’s applicability to you’re business click here to schedule an in-person meeting.
Tags: Cloud Computing, grid computing, small businesses, utility computing
Feb 10th, 2010
by Jason Clause Filed under: Business & Management, Managed Services, Marketing, Network Security, Outsourced IT Support
When I was in college, I had to move every year. I lived in a fraternity house and that really simplified the logistic. But even though I never had to move more than a few doors down the hallway, I still didn’t like it. The idea of a uprooting all of my things, transporting them, and then having to find new places for everything, was a daunting task that stressed me out every time.
As Endsight’s outsourced IT business has grown, we’ve been heavily involved in a staggering number of office moves. Every time, it’s easy to remember the stress I felt as an undergraduate with my mini fridge and futon. Obviously, the client has much more to consider which makes the stress level even greater.
No two office moves are ever the same. But having been through enough of these, I thought it would be helpful to list some of the key advisers and partner/vendor rolls to consider as part of your planning process.
Many of our clients begin the process by seeking council from key strategic advisers.
Contemplating a Move:
Commercial Realtor (Help you selected a new location)
Banker (Help decide the best way to finance the move)
Accountant (Help you decide if you can afford the move)
Lawyer (Help you avoid costly legal issues associated with the move)
Once a location has been selected, there are a number of other partner/vendors to involve in the process.
The New Office:
General Contractor (Tenant improvements)
Architect (Make it look fabulous)
Cable Installer (Network cabling)
HVAC (Server room)
Signage (Sign out front, names on the office Doors)
The Move:
Mover (To get from point A to point B)
Phone System Support (Take down and set up phones)
Computer System Support (Take down and set up computer systems)
Internet and Phone System Connectivity (Connect to the outside world)
Office Furniture (Acquire new and /or liquidate old)
Printers, Faxes & Copiers (Often times these are under contract)
Communication:
Marketing (Promote new location, update Website, send a news letter, and create a promotional item)
Printed Materials (Letterhead, business cards, marketing collateral)
Most businesses enjoy existing relationships to leverage as part of the planning process. If your company needs help filling in the roster, Endsight can help by facilitating introductions to our network of colleagues. If your small business is planning a move click here. We would be happy to meet in person with you to discuss your plan.
Tags: Endsight, move, Outsourced IT
Jan 28th, 2010
by Jason Clause Filed under: Managed Services, Outsourced IT Support
All of the Great War movies have a scene near the end of the film where the climactic battle is over and the Medivac or “dust off” choppers swoop in to tend to the wounded, including the film’s hero, who typically gets a bandage over his eye or a sling for his arm.
For many of us, the last two years must feel like a war of sorts. We’ve had to make lots of sacrifices in one way or another including being forced to say goodbye to customers and coworkers. Even if you were not distracted with the recent events, you were probably fully focused on receivables and finding new revenue and didn’t have extra time to tend to your computer systems.
Last year I blogged about keeping an eye on your computer infrastructure as the disposition of your small business changed. Employee layoffs and office closures unaccounted for in network directories were creating gaping security holes in lots of small business computing environments. If you’re concerned you might still have that problem and want to learn more, click here to read that post.
Today, as the economy begins to emerge from the recession, it might be time to consider calling in the “dust off” choppers. Most of the small business owners that I know agree that computer networks are temperamental and that they require a lot of care and feeding. When left unattended (as many have the last few years) they become unpredictable and that can be a formula for disaster.
To get started on a good network dust off, I recommend starting with an inventory of your existing network. This inventory should include:
- A list of computer users
- User Accounts
- Email, Mailboxes
- A network diagram that includes
- UPS / Backup power supply
- ISP / T1 lines
- Firewalls / Router
- Switches
- Servers
- Workstations & Laptops
- Data Backup
- Software Inventory
- Anti-Virus
- Anti-SPAM
- Operating Systems (Server & Workstation)
- Productivity Software
- Business Software
- Messaging Software
Once you’ve completed your inventory, consider asking yourself these diagnosis questions.
- Are there any performance issues?
- How old is the equipment?
- What is still under warranty?
- Is the software licensing current?
Determining the current disposition and status of your small business computing environment and combining that information with an assessment of the network’s limitations will help point you and your IT partner, should you choose to work with one, to the right questions to ask as you redevelop your IT strategy.
Endsight’s outsourced IT support model is layered to encompass what we believe are the four basic components of sound IT management and support. Planning, Plumbing, People and Projects build on one another like a pyramid. Planning, at the top of the pyramid, is typically the first casualty in a recession. Without a good plan however, it becomes very difficult to maintain a small business computer network consistently.
That’s why Endsight includes planning as part of its “all-you-can-eat” outsourced IT support methodology. Working with one of Endsight’s CIO level IT managers, our clients benefit from regularly scheduled IT strategy meetings where we collaboratively review the current status of the computer network and together map out the future strategy.
If you feel like Endsight might be able to help you with your long-term IT strategy click here to schedule an in person meeting. We can then discuss your needs in detail.
Tags: Endsight, it management, Outsourced IT
Dec 3rd, 2009
by Jason Clause Filed under: Business & Management, Email, Hosted Services, Managed Services
In my opinion, the key incite to glean from Pete’s article is that your data is probably worth WAY more than you think. In fact, it is likely the very life blood driving your organization.
Many of Endsight’s clients operate a service business. They count on the intellectual property locked in their email and business applications to meet their customers’ needs. For them, data is the business.
As Pete’s article notes, “The Department of Commerce has determined that 90% of companies which do not have access to data for more than 5 days go out of business within 1 year.”
By itself, that statistic is alarming, but in the Bay Area it’s further exasperated by this one:
On April 15 2008, the San Francisco Chronicle reported that The US Geological Survey believes “A strong and deadly earthquake is virtually certain to strike on one of California’s major seismic faults within the next 30 years”
I’ve reposted Pete’s article below and invite you to consider what kind of impact a “day without computers” might have on your business. If you find the impact as alarming as Pete, contact us and let’s talk about how we can help mitigate that risk.
I’ve embedded a slide deck to a free seminar Endsight has provided about disaster preparedness. If you belong to a professional association or business / community group that might have an interest in the topic, let me know and I’d be happy to present it. If you’d like more information about the presentation, Email me and I’ll send you a topic abstract.
The Value of Data: What is your data worth to your Organization
By Pete Heles, Founder/CEO Framework IT, LLC
What is your data worth?
This question is one that will have a unique answer to each and every entity in existence. There is no easy answer. This is obvious in the fact that this very question has been asked many times without a quantitative foundation for the answer. It is the objective of this document to assist you in better determining the value of your firm’s data, how to increase its value and ensure the ongoing retention of value.
In researching this question, there are several current themes for determining the value of an organization’s data. The most basic formula is the data of an organization is equal to one times annual revenue. This theory is supported by the fact that if a company’s data is lost or handed over to a competitor, the firm is worthless without it. This is a rather simple formula that points out a fundamental flaw in attempting to establish a universal formula for determining the value of data: The value of data has much to do with the type of organization.
A flower shop, a paint manufacturer and a not-for-profit cannot use the same formula. Think about a dental office: new data is established on each visit and the data collected from prior visits is mostly negated. In the dentist’s case, the security of the new data is far more important than the “old data” with the establishment of HIPAA Guidelines.
A flower shop has names, addresses, credit card information and transaction history. The credit card data is again important from a security risk stand point, but to say the value of a flower shop’s data is 1 times annual revenue seems to be grossly overstated, as the majority of the information can be collected from a variety of sources and the confirmation of credit card information can and should be done with each transaction.
The paint manufacturer on the other hand is very different. In the recent past, a specialty paint manufacturer was purchased by a sizable competing firm. Within 6 months of the acquisition over 90% of the acquired firm’s employees were terminated and all but 2 plants shut down. The data was the only thing of true value. The purchase price was 4 times annual revenue. Formulas and client data in the sole possession of the acquiring firm were deemed to have that significant value.
In today’s business environment Certified Public Accountants and the Federal Government determine the value of tangible assets. Merriam Webster defines tangible as “capable of being appraised at an actual or approximate value <tangible assets>.”
If a firm buys a list of names and addresses it is a business expense and the initial value is easily determined. That list becomes valuable data with use and definition by the firm for its profitable use. The additional data that is built along with the name that was purchased is of significant value. In theory, it is no longer an expense, but becomes an asset. Only the tangibility of value is at question.
There are other considerations that must be realized in determining the value of data. A basic factor in value is the cost to maintain and collect data. What is the budget for computers, software, support, and people in the data systems group at a firm. This is a statement, not a question, as this is a cost of data for any firm. If, in fact, that amount is treated as an expense, it must diminish the value of data by the same amount.
On the other hand, it has been determined by the management of the firm that the value of data will increase in an amount greater than the expense; otherwise it would be a bad business decision to incur that expense. Conclusion: the data processing staff at a firm is critical in increasing the value of the firm’s data. Unfortunately the value of data is too often determined by the purchase price of technology which is used to house the data. That is like telling someone the $1 bill in the $100,000 vault is worth a hundred thousand dollars! In 1978 when a 73mb disk drive was $38,000, was the data more valuable than today when a 300 GB disk drive is about $250? Be careful not to get caught in this determination of data value.
Issues for consideration
1. Is it goodwill? What is that in accounting terms?
2. Is a patent an asset, and how is the value determined?
3. Is data the same as intellectual property?
4. Increasing the value of Data
5. Protecting Data
6. Handling, use, and availability of Data
7. Misuse of Data
8. Where is the Data?
9. Role of individuals and Data
10. Assault on Data
11. Treating Data as an investment
The topics noted above are best answered by the key management of your firm with needed participation from both accounting professionals and lawyers. A strategy for the proper collection, use, protection, and ability to compound data and its value can be an eye opening project that WILL increase the awareness of and value to your firm’s data.
Before starting the process of determining the management of your firm’s data, take a minute to answer the following questions. If an employee took (embezzled) all of your company’s key client, vendor, and financial data to his new employer (a prime competitor of yours), what could the financial affect be to your firm?
If there were a fire (or other situation) that destroyed all the file servers in your data center, how long would it take for your firm to recover from this calamity?
What is the cost/loss per day to your firm if corporate data is not accessible?
What would the financial impact be to your firm if the data that was backedup could not be restored and had to be rebuilt from scratch? These numbers are actually larger than you initially estimate. The Department of Commerce has determined that 90% of companies which do not have access to data for more than 5 days go out of business within 1 year. Does this fact change the way you think about the value of your firm’s data? The protection and assured availability of your company data?
A thorough Business Continuity and Disaster Recovery Plan is a key part of ensuring the “Survivability” of your company in the event of a business interruption or serious data loss. It is estimated that less than 5% of unregulated* businesses have a current and thorough Business Continuity and Disaster Recovery Plan.* (Banks, financial institutions, and publicly held firms are some of the business types that are federally required to have a BC/DR Plan.)
As a business professional it is essential (and possibly legally required) that you protect your firm’s assets. After reading this article and answering a few simple (maybe complex) questions you should have a new appreciation for the value of your firm’s data and understand the need to be more proactive in the protection and assured availability of your data. Start the BC/DR Plan development process today.
Tags: Bay Area, disaster preparedness, Email, Endsight, Technology
Oct 31st, 2009
by Jason Clause Filed under: ARRA, Electronic Medical Records, Managed Services, Meaningful Use, Medical, Stimulus Program
Choosing the right Electronic Medical Records System (EMR) for a particular medical practice can feel like a daunting task. There are hundreds of options in the marketplace making it difficult for an organization to sift through all the available systems and then make a selection. A further complication is the process of selecting the perfect information technology for a specific medical practice. This complex process requires a real examination of the workflow for one’s particular office.
Software companies continually promote through marketing campaigns the idea that marketplace consumers simply need to purchase software, insert the disk, press OK and begin using the software. When a small business is attempting to apply technology to their workflow, the process can become significantly more complex and involved.
Industries such as accounting, legal and financial services typically staff a full-time employee to manage the implementation of their business software. Some private medical practices may have the resources for this approach but without this dedicated position it is risk as most physicians are not familiar with the technologies involved.
To help get your medical practice started, I have outlined a phased approach to evaluate, select, deploy, and continuously improve an implementation of an EMR. This is by no means an all-inclusive “how-to guide” but rather a guide to begin the process of EMR implementation.
Phase 1: Identify the Need
Identify the people in your organization that will be responsible for the success of the EMR implementation. In a smaller practice this is typically a doctor and the office manager.
Once the team has been selected, start to create the criteria that you will use to review and evaluate potential EMR solutions. This is an important step to take if the plan includes the evaluation of multiple software platforms. It is much easier to compare options with a predetermined set of criteria.
Investigate the U.S. Government Economic Stimulus Program to ensure that you are a qualifying practitioner. For information click here to view our FAQ.
Ask yourself this question. What are my expectations of EMR in streamlining the daily business routines in my office? There are a whole host of features available as part of any qualifying EMR platform, i.e., e-prescription , faxing, referral letters just to list a few. It is important to first determine what features will most benefit your specific practice and what features fall into the “nice to have but not necessary” category. Completion of phase one will frame your requirements and establish a budget for this project. The number of “beneficial” features is directly proportionate to the cost and budget requirements.
Phase 2: Examine the Workflow
Once you have an idea of the features you would like to apply to your medical practice the next step is to determine those features that will be used on a daily basis. The best way to accomplish this is to examine the current workflow in the office.
Take a close look at how you run the practice today in the paper world and ask these questions:
• What are the steps taken with each patient?
• What parts of your paper notes do you really like?
• What’s really challenging?
• What efficiencies or limitations do you have in your practice?
• What do you hope to accomplish with an EMR?
• Is time wasted looking for misfiled patient charts?
• Is phone tag with patients an ongoing occurrence because access to the information is not always available?
• Do lab reports take forever to get into a patient chart?
• Does printing appropriate patient education materials with the push of a button seem appealing?
• Do decision support tools matter?
Performing this exercise should help identify how to gain tangible benefits from an EMR system. A sample list of criteria was created to help your office get started. Please email me to request a copy.
Phase 3: Solicit Proposals
Begin meeting with potential vendors now that you are armed with a list of selection criteria. It’s a good idea to exclude software options that are not CCHIT certified. EMR that meet the 2008 CCHIT certification standards already adhere to rigorous standards for interoperability and e-prescription. These and a host of other items will likely be requirements for your practice to qualify for federal stimulus funding.
Keep in mind when interviewing potential vendors that not all offers are the same. Some companies will offer software only, services only or some will offer both. It is always a good idea to have the same vendor that sells you the solution also be the one required to support your EMR. Proposals should include a description of how the vendor intends to move from paper to electronic data files and the one time cost to accomplish the change over. The proposal should also include an exact description of the vendor support program for your practice in the future and the ongoing costs to provide this service.
Phase 4: Implementation of EMR
Following the completion of vendor selection it is time to start the implementation of your electronic medical records system. The selected vendor should have outlined a phased approach to include:
• Purchasing, configuring and deploying the new hardware and software
• Examining your existing workflow and paper charts
• Applying lessons and insight from that examination to the business workflow of your EMR software
• Training everyone in your office to use the new software
• Repeated training if needed in your office to ensure competency with the new software
• Periodic follow up with everyone in the office to make sure they know how to use the software
• Follow up to make the necessary adjustments
Both the vendor and the practice need to adopt a “whatever it takes” attitude when it comes to making the transition work. The best vendor in the world will be unsuccessful if there is a lot of resistance from team members in the practice. Likewise, a rigid vendor that is more focused on the number of hours worked than actually getting the job done will likely contribute to a failed implementation.
Phase 5: Support is Critical
A well-designed and well-implemented EMR system is a great foundation, but it is not the end of the process. Software can be temperamental and sometimes users forget how to do something that they learned in training. EMR requires consistent practice for members who use the software to achieve the real benefits. Additionally, consistent use will likely be a key requirement to meeting the government’s “meaningful use” definition. That means that the software and the network that the system resides on must work reliably which is why it’s important to ensure that you’ve selected a vendor who has the ability and intention to support your practice long term. It’s important to understand when reviewing the vendor proposal, exactly how the company intends to support your medical staff users, your network and your data after the system has been deployed.
• Who will be called when there is a problem?
• What is the average turn-around time for support?
• How will systems and data be backed up for your office?
• What countermeasures and processes has the vendor put in place to ensure that your practice meets and stays current with the industry regulatory requirements i.e., HIPPA?
When making the important decision on the selection of a long lasting EMR system and vendor relationship, it is necessary and critical to take time. The failure rate for EMR implementations undertaken is 30% to 40%. An impulsive purchase of an EMR system is therefore ill advised. It is important to have everyone on-board at the practice with the decision, as it is vital to the success of this project. Using a selection process that’s methodical, critical and inquisitive will go a long way to help your practice succeed with electronic medical records.
Endsight works in partnership with gloStream and can help with the complexity of this process. Endsight provides an inclusive solution designed to help busy physicians like you through the change of migrating to electronic medical records. The process is called gloDNA and it stands for Detailed Needs Analysis. Included is a slide show that provides more detail about this approach. Click here to learn more and to schedule a practice consultation.
Tags: CCHIT, economic stimulus, electronic medical record, Electronic Medical Records, EMR, emr system, gloStream, HIT, medical records system, onc, stimulus
Oct 9th, 2009
by Jason Clause Filed under: Managed Services, Network Security
Social media and search engine scams are on the rise. Cyberthieves are finding new ways to slip onto your computer and into your pocket. Are you really sure you’re safe?
If any of my Facebook friends get a message from me that reads like this, “I’m in a Turkish prison and need you to wire me $1,000 dollars.” Please try to call my wife first. She’ll know what to do.
Scams and shams are increasing on Google and other popular sites. The cyber world is a dangerous place where the bad guys can look like good guys. I encourage you to give this article a good read. (Read the article by clicking here)
To avoid internet viruses and other traps intended to download malicious software on your machine it’s important to:
1. Implement a centrally managed antivirus solution
2. Create and maintain a patch management strategy
3. Consider internal policies that limit the time employees spend on social sites
4. Consider restricting network / user permissions with regard to software downloads
We’ve baked these countermeasures into our outsourced IT service approach. If you’re concerned about your exposure to the cyber slime, contact us, and let’s discuss your options.
Tags: cyberthieves, internet viruses, malicious software, Outsourced IT, patch management, search engine scams
Jun 25th, 2009
by Jason Clause Filed under: Hosted Services, Managed Services
It’s an interesting question. As small businesses, we will need to make sense of “cloud computing” and to try to determine what sort of impact, if any, this new concept will have on our business. Eric Knorr’s take on the difference between cloud computing and hosting is interesting. I think it does a fair job of trying to distinguish between the two concepts, but as with most articles I read, this is geared more towards the enterprise IT department.
Check our Eric’s article: http://www.infoworld.com/d/cloud-computing/cloud-computing-just-hosting-another-name-453?source=IFWNLE_nlt_blogs_2009-06-15
Basically, “cloud computing” is the industry’s new description for IT resources such as e-mail, being hosted somewhere other than on a server that sits in our office. One of the distinctions between “cloud computing” and “hosting” is that with the cloud, we don’t have any idea where our data resides. I think a great example of a “cloud” application would be Gmail. We can log into our mail from a Webpage but we don’t have any idea where the e-mail resides exactly. This is because Google has low-cost servers located all over the world and they use sophisticated load-balancing technology that moves information and data around their computing grid. This approach allows us to use e-mail as a service, but it limits our control over the data.
Hosting is similar to cloud computing in at the IT resource resides outside of our corporate computing environment. But unlike cloud computing, we know exactly, where our data resides. Hosted Exchange, a Microsoft product, is a great example of this concept. With this approach, e-mail resides off site at a co-location facility. We know where the co-location facility is and we know, where the server or in many cases virtual server is located. The same load-balancing concept applies to hosting in most cases, but it’s on a much smaller scale. And it’s managed by the local hosting company or IT partner as opposed to Google. The solution is less distributed, but it affords us more control.
Regardless of what we call it or the specific architecture we apply there’s a good chance that our next major computing infrastructure upgrade will be to the cloud. There’s just too many good reasons not to move services such as e-mail, file servers, and database applications out of our server closet and into a data center:
1. Disaster Recovery / Business Continuity: Moving our key server infrastructure to the cloud allows us to take advantage of all of the disaster preparedness countermeasures built into an enterprise class co-location facility. These buildings are constructed to withstand earthquakes, fires, power disruptions and other “acts of God.” They employ both physical and technological security that meets the most stringent regulatory requirements and most of them feature backbone access to the Internet with multiple redundant connections. The end result is that if a disaster strikes our office, our computer systems weren’t there to be destroyed. So long as our employees can access to the Internet, they can access our computing infrastructure and get back to work.
2. Scalability: Moving our servers to an enterprise class server and storage array that uses virtual technology allows us to access only the computing power that we need. As our business grows, we simply add more computing power. We don’t have to worry anymore about buying new equipment or what we will do with that equipment after a particular project is done.
3. Reduce Capital Costs: The cloud gives us the ability to pay a fixed monthly fee for our server infrastructure as opposed to laying out tons of cash to purchase all the equiptment we need for a major network upgrade. Instead, we only pay for what we need.
The key point that I gleaned from Eric’s article is this. In the small-business space, many offerings will be cookie-cutter. (Like Gmail) Small businesses using this service will not have the rich feature set that comes with an implementation of Microsoft Exchange. In my experience, a cookie-cutter approach for something like e-mail will not work for the vast majority of small businesses. As we explore our options for hosted or cloud solutions we need to be able to customize the offerings and service levels associated with those offerings.
The good news is that we won’t have to make these decisions immediately. Microsoft relseased Windows Server 2008 and developers will soon be releasing business software maximised for the new platform. The best way to explore a hosted / cloud infrastructure is too include it as an option in our next major upgrade.
Endisght is already talking to a number of clients about this option right now. Feel free to contact us if you’d like to talk about it to.
Tags: cloud, Cloud Computing, co location, computing environment, Eric Knorr, Hosted, Hosting, hosting company, Jason Clause, Managed Service, Outsourced IT, small businesses, small-business, Technology, virtual server
May 26th, 2009
by Jason Clause Filed under: Managed Services, Network Security
2009 has been a tumultuous year for the small-business Owner. Cutbacks and spending freezes from our customers have forced many of us to make some very difficult decisions with regards to employee retention.
Some of us have been forced to lay off some really good people as we attempt to reduce our cost structures, collect on outstanding receivables and most importantly find new revenue.
I came across a recent article by Roger Grimes entitled “Do you have a handle on your managed resources?” The article is really geared towards a larger IT department but I think it sheds some light on a new challenge that the small-business owner needs to consider.
From a computer infrastructure perspective each employee must exist as a user on the network. In addition to being assigned a physical workstation, that user needs the workstation to be assigned as a resource on the network. Each user and resource are then granted permissions and assigned to groups based on their job roles.
For example, you hire a new controller, and want to give him or her a workstation with access to email, shared files and your accounting data.
To accomplish that on the network your controller is created as a network users in your network directory. He or she is then assigned a workstation as a resource. The controller is granted permission to access email, shared files and your small businesses accounting system as a member of the finance group.
Proper maintenance of this directory is essential to maintaining a secure, reliable computing environment. As new employees start and others move on, this directory must be updated to avoid risks to security. (stale accounts give malicious hackers great opportunities to exploit your network)
This is a difficult process to maintain under normal circumstances, but for the last nine months our business environment has been chaotic. It’s a good bet that network directory maintenance has taken a backseat to far more pressing issues. But it should be addressed and the sooner the better.
Roger’s article is a pretty easy read and it should help provide some direction for those of you that feel like you can take care of this issue by yourself. But as Roger related his story, it’s really easy to delete items from the directory and cause a catastrophe. (Follow this link to read the specific example) So if you’re going to attempt to do this yourself you need to know that you might delete something that could take your entire network down.
At Endsight, we’ve developed add move and change policies that we’ve baked into our internal systems and procedures. Our team does this all the time and we can guarantee our work. If you need help with this issue or with any other aspects of managing your computer network please feel free to contact us.
Tags: computer infrastructure, directory maintenance, Email, hackers, reliable computing, Roger Grimes, small business owner, small-business
Mar 10th, 2009
by Lauren Papesh, Business Development Filed under: Hardware, Managed Services, Network Security
This is an article I found in business weekly which addresses Endsight’s main IT Security direction. Although the economy is down, companies cannot afford to skimp on security and IT maintenance. Endsight now offers virus and spam protection at the desktop and server levels. Many of our clients are realizing the value in protecting their most important asset- their knowledge. Back up is becoming more practicle, affordable and important these days. It’s a safe guard that many companies only realize the importance of once its too late.
Please enjoy this article written by Stewart Baines of silicon.com
Despite tight budgets, CIOs, faced with rising threats from malware and disgruntled employees, have decided it pays to be wary, surveys show
With IT budgets flat or declining, you might have expected security spending to be similarly under pressure. But it seems CIOs faced with rising threats—including those from malware and disgruntled employees—have decided that it pays to be wary.
Indeed, several surveys have reported that enterprises are increasing their security budgets in 2009 despite cuts in overall IT budgets, with tech chiefs expecting security issues to grow this year as a result of the economic uncertainty.
Speaking to IT directors, the story is the same: downturn or not, cutting security spending is not worth the risk.
Jane Kimberlin, the IT director of Domino’s Pizza, which is bucking the trend of depressing financial results thanks to diners downsizing to a takeaway, said: “We are in fortunate position of finding the downturn not affecting sales. Consequently I am not experiencing any budget constraints at all.
“Having said that, I don’t think we would ever reduce our security budgets. I often talk to other CIOs in the FTSE 250 and it’s not something anyone has said they would do.”
Similarly David Supple, IT director for Ecotec, a management consultancy working in the public sector, said despite the tricky economic climate: “Overall our IT security budgets are not down a lot.”
Crisis, what crisis?
So with IT security budgets largely intact, are companies well prepared for the challenges ahead? Over the past year there have been a string of high profile data breaches, and embarrassing cases of lost laptops, USB drives and CDs in the public and private sector.
But the fear is that such mistakes could be replaced with the deliberate theft of data, with disgruntled former employers made redundant in the downturn fuelling the insider threat to IT security.
Alan Rodger, senior research analyst, Butler Group said: “The insider threat is the most significant. With people’s jobs coming under threat, some will make the most of the opportunity before they leave. For others, simply being told their pay is being cut might inspire them to breach security.
“Investment over the years has focused on security threats outside of the organisation but I believe companies now need to spend a lot more time looking at the threats from within.”
Rodger’s stance is underlined by a recent Ponemon Institute survey of 950 people who had lost or left their jobs during the last 12 months. The research found nearly 60 per cent of them took company information, such as customer contacts, when they left.
The threat of flexibility
As the downturn rumbles on, there is pressure from business managers to be more flexible and cut costs: get closer to customers, work from home more often, and reduce the overhead on centralised offices. The counterpoint is that data leaves the once fortified confines of a company’s premises.
“My internal customers need to be more mobile and so we have seen an explosion of devices on market like netbooks which help them do this. I have to get the balance between making services accessible and security, and security has to win every time,” Domino’s Kimberlin said.
“But we have to recognise that there is a blurring between our work and personal lives so if our employees want to use social networking for instance, we let them do it as long as it doesn’t compromise our security,” she continued.
Ecotec’s Supple added: “Employees are working at weekends and in the evenings from home, maybe when they were not doing it before and using equipment that is not ours,” adds Supple. “Our perimeter has grown.”
So what can an IT director do when faced with conflicting pressures to make working practices more flexible, yet make access to sensitive corporate data more secure, particularly when there is little money around for investment in anything other than business-as-usual security? The trick is to focus investment on where it makes a difference.
Burton analyst Rodger said: “Over the years, most IT security projects have not had to be qualified by a business case but that is changing. Many businesses are recognising that they need to assess the risk, and find a balance between financial cost and the probability of a breach happening.
“When you understand the risk—and how the economic crisis could increase risks—you stop making short-term cost savings in the IT security budgets in ways that leaves you open to the worst risks.”
http://www.businessweek.com/globalbiz/content/mar2009/gb2009039_621530.htm?chan=top+news_top+news+index+-+temp_global+business
Tags: Back up, budget constraints, business weekly, CIO, Corporate, crisis, economic uncertainty, Endsight, IT managers, IT outsourcing, IT Security, proactive maintenance, security direction, SPAM, SPAM filtering technology, Stewart Baines, Tech Budget, tight budgets, Virus Protection
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=11ac27a1-31d2-4060-8c47-d48525ffa4fa)