"Not a day goes by where I don’t read a headline talking about ‘the cloud,’” says Zack Schuler, founder and CEO of Cal Net Technology Group. “The current, overused definition of the cloud is ‘anything that happens on the Web,’ but in the business world, the more accurate definition of cloud computing is leveraging someone else’s hardware/software and services to complete a business task.”

Smart Business spoke with Schuler about the role that cloud computing has played for businesses during the past two decades, and in what ways it can benefit their operations today and in the future.

How are companies using cloud computing?

When I started Cal Net Technology Group 15 years ago, we didn’t host our own email server. We used an outside company (Earthlink) to host our email, which, in essence, meant that Earthlink was providing ‘cloud services’ for us.

We also have been using an online payroll service for eight years now, whereby we enter our payroll data into a website, and our employee paychecks are processed. Many other businesses might be doing the same. This is truly a ‘cloud service’ that has been around for close to a decade.

Some companies use an Internet-based product called Postini, which has been around since 1999, to scrub their email for spam. I bring this up to point out that all of us have been leveraging the cloud for quite some time, and we probably didn’t even think about it; in actuality, it really isn’t a very new phenomenon.

What are some examples of how businesses can move functions to the cloud?

There is a definite shift in moving some computing resources into another company’s data center in order to save you some headaches and, in some cases, time and money. I use the word some with emphasis here, because if you think that your entire business is moving to the cloud anytime soon, you are probably mistaken — unless your business consists of only a handful of computer users.

The most prominent shift to cloud computing is the migration of email back into the hands of hosted providers, similar to how it was 15 years ago. Microsoft is now in the hosting business with its Office 365 product. It consists of Microsoft Exchange (email server), SharePoint (an intranet product), and Microsoft Lync (instant messaging) in the cloud, with the ability to ‘rent’ Microsoft Office on a per-user, per-month basis, with Office still being installed locally on your desktop.

In moving from an on-premise email solution, such as Microsoft’s Exchange Server, over to Exchange Online, the migration has been very time-consuming, and thus very costly. These migrations have proven to be more costly than moving from one on-premise solution to another. That being said, there can be some significant savings in hardware and software costs, reducing capital expenditure spending for many companies. Additionally, after the solution is running, the ongoing maintenance of on-premise solutions will be gone, which should equate to a cost savings in the long run.

Google has made a significant impact in cloud computing with Google Apps software. From what I’ve seen of the software, it is a good solution for individual use, and for the use of ‘micro-businesses,’ but it reminds me of Office 95 from a functionality standpoint. So, I couldn’t recommend this to any business that relies heavily on word processing.

Perhaps the most successful case study, and a company that has truly made its mark by delivering software over the Internet, is Salesforce.com. It has a very robust feature set within its application, and it was remarkable what it was able to do early on in the cloud-based customer relationship management space.

There are some other line-of-business applications that are cloud-based, as well, and truly deliver a rich user experience, but these are few and far between today, but will be the norm in the next five years.

How can businesses determine what to take to the cloud?

The wise approach is to hire an IT firm with expertise in this area to evaluate your systems, determine the applications that may be ready for the cloud and take a hard look at the overall ROI in moving them.

Zack Schuler is founder and CEO of Cal Net Technology Group. Reach him at zschuler@calnettech.com.

Insights Technology is brought to you by Cal Net Technology Group

 

 

Published in Los Angeles

If your business isn’t completely dependent on technology, then you are in the minority these days. Given this dependence, protecting your business from an IT failure should top your priority list.

“Having been in the IT business now for 16 years, I’ve seen my fair share of close calls and, unfortunately, my fair share of outright disasters when it comes to IT,” says Zack Schuler, founder and CEO of Cal Net Technology Group. “There are three particular disasters that stick out in my mind. In each of these three cases the companies were taking nightly backups of their data, and they thought this was enough.”

Smart Business spoke to Schuler about how businesses can avoid these kinds of mistakes.

What are some of the worst disasters you’ve encountered?

The first case was a company that had a sprinkler break right above its servers. While it was taking a daily backup, the company left the tapes on top of its servers. The tapes were drenched and basically unusable after the downpour. The server hard drives were sent to data recovery, and after several days the company was up and running again. Had the tapes been taken off site, the downtime would have been significantly less.

The second case was a company that had its building burn down. Its current tapes were stored on site; however, the company had an older set that was taken off site. After a painful data reconstruction process, and several months later, the company was able to get back on its feet.

The last case was a company that experienced an Internet outage for a week when a major telephone company had its T1 down. This was the company’s only connection to the Internet, and its business was highly dependent on email, so this outage had a significant impact on its business. The company lost a percentage of its revenue as a result of the outage.

Needless to say, none of the above companies were prepared for the type of disaster that they suffered, yet all of them were backing up their data.

How can businesses avoid costly downtime?

Here are three important questions that you can pose to whoever manages your IT, and some tips that will get you one step closer to being truly prepared in case of emergency.

1. What is your plan in case of a lengthy Internet failure? The smart thing to do is to make sure that you have multiple connections to the Internet, over different mediums. Having a connection via a T1 and a DSL line is not a smart move, as they both traverse over the strands of wire. An Internet connection through a telephone company and another through a cable provider is the way to go.

2. What is your plan in case of a physical site failure, such as a fire, earthquake, etc.? Something as simple as a long-term power outage in your building can be a lot more common than one would think. On more than one occasion we’ve seen a building lose power for several days, and companies basically send their employees home. We had a client that was prepared in this scenario. It sent its employees to work from home, as it had a hot-site set up that employees were able to connect to from home.

3. What is your plan in the event of a major hardware failure? Even if your equipment is under warranty, if a particular part fails on a server, and the vendor is out of stock on that part, you could see some downtime. In this scenario, you should have a transition plan documented whereby you can easily move the data from one server’s backup over to another server, perhaps in a virtualized environment, to keep running.

What is the most common issue you’ve encountered with companies’ backup plans?

Perhaps the biggest overall error that I’ve seen companies make is that they don’t have any documented plan in place to recover from any of the above scenarios. Most companies simply don’t test their backups by going through a simulated failure. They assume that the backup is running as they’ve been told. The smartest action that you can take is to go through a simulated failure. Pretend that any of the above scenarios has happened, and try to recover from them. We assist IT departments with this type of work frequently, and we’ve never walked into a disaster recovery test whereby we didn’t make a tweak of some sort to make the plan better, thus more recoverable.

Zack Schuler is founder and CEO of Cal Net Technology Group. Reach him at zschuler@calnettech.com.

Insights Technology is brought to you by Cal Net Technology Group

 

Published in Los Angeles

If you are interested in becoming a cutting edge company with respect to communication, your phone system and email have become old news. The latest and greatest trend around communication is what the industry refers to as “unified communications.”

Unified communications (UC) is the integration of real-time communication services such as instant messaging (chat), presence information, telephony (including IP telephony), video conferencing, data sharing (including Web-connected electronic whiteboards, a.k.a. IWBs or interactive white boards), call control and speech recognition with non-real-time communication services such as unified messaging (integrated voicemail, email, SMS and fax).

“UC is not a single product, but a set of products that provides a consistent unified user interface and user experience across multiple devices and media types,” says Zack Schuler, founder and CEO of Cal Net Technology Group.

Smart Business spoke with Schuler about the highlights and advantages of some of the key components of UC.

What are some key features of UC?

There are some great aspects of UC that can improve communication at your company. These include:

Instant messaging (IM): IM has evolved from an Internet-based social tool, to a corporate collaboration tool. At Cal Net, we use IM to get a quick answer to a quick question. Rather than using email as IM, which many companies do, we choose to use IM itself. IM has to become part of the culture, and when you need a quick answer to a quick question, it’s our tool of choice. Email has a less critical response expectation than does an IM. To take IM a step further, if you implement what are known as ‘federation services’ you can connect to a clients or business partner’s IM system while still remaining in your IM interface.

Video conferencing: In its simplest form, video conferencing can be two people talking back and forth using an inexpensive Web cam. In its more elaborate existence, video conferencing can be a multiple camera setup in a conference room, connected to another conference room, over high-bandwidth private lines that produce very crisp high-definition video. The big value in video conferencing is to save time and money on travel, and to have a better communication experience with the ability to read facial and body language. Once part of your culture, it is a very effective tool.

Presence: Within many of our tools, such as IM and SharePoint, there exists a tool known as ‘presence.’ Presence is simply where a person is located and what they’re doing. This can include the city they are in and whether they are available, in a meeting, on a phone call, traveling, or whatever categories you deem appropriate. For example, when I look at our presence dashboard now, two of my employees have ‘do not disturb’ marked. Internally, that means ‘I’m working on something, so don’t IM me, call me, or stop by my office unless it’s an emergency.’ Presence is an effective tool for letting your coworkers know where you are and what you’re doing.

Data sharing or interactive white boards: These components of a UC system can prove to be invaluable when you are working with someone at a remote location. Let’s say that you’ve got a meeting with a coworker in New York and you are brainstorming on a work flow diagram. You can simply launch a Web chat through your UC client, and then through the client, one person can take over another’s desktop. You can share a particular document or you can bring up an ad-hoc white board and begin scribbling notes. This is a very effective tool for collaboration.

Unified messaging (UM): Imagine getting your email, voicemail, texts and faxes all in a single inbox. This is unified messaging. In my case, if someone leaves me a voicemail message, it arrives in my e-mail inbox as a .wav file. Double clicking the .wav file plays the voicemail back, which is far simpler than using my telephone to pick up the voicemail. If I’m out of the office, the voicemail is delivered to my mobile device, and once again, with the click of a button, I’ve got my voicemail. Faxes arrive in my inbox and in the form of PDF documents.

When used across an organization, UC can be a very effective set of tools to boost productivity and have an overall better communication experience.

Zack Schuler is founder and CEO at Cal Net Technology Group. Reach him at ZSchuler@CalNetTech.com.

Insights Technology is brought to you by Cal Net Technology Group

 

Published in National

Instead of merely maintaining technology, IT service providers are increasingly being asked to become technology drivers and bring innovation and new product ideas to their clients.

Cliff Justice, author of the report, “The Death of Outsourcing,” was recently interviewed by CIO.com and stated that there was a shift around 2006 to 2007 from outsourcing as a commodity focused on price to a service that’s value-oriented.

“We’re clearly seeing this shift,” says Deen Ferrell, business development executive at Cal Net Technology Group. “Clients want an insourcing partner today. Insourcing requires a broader talent pool, one that offers skill sets in all areas where technology touches the organization. Ongoing research passes critical intelligence of emerging technologies to the field so it can be applied to benefit the client. The focus is on best practices that better integrate technology platforms into a working strategy that drives profit while reducing redundancy and cost.

“The good news is that this shift represents a stronger commitment from the service provider sector. Providers are now expected to add value beyond ground-level support,” Ferrell says.

Smart Business spoke with Ferrell about the trend toward IT providers who help move business goals forward and the benefits to businesses from advancements such as cloud computing and unified communications.

Why is the shift toward insourcing occurring?

Mom-and-pop shops aren’t getting the job done because of a lack of depth and bandwidth — the proverbial ‘can’t see the forest for the trees.’ Providers get so focused on dealing with immediate issues that they can’t step back and think strategically.

A successful insourcing partner impacts all areas where technology touches the organization, as well as providing standard IT support and maintenance that allows companies to maintain core efficiencies.

What has been the impact on information security?

Retaining and securing sensitive information is a critical component of IT services. In a global marketplace where information is king, an ongoing managed security strategy can give organizations peace of mind related to risk management, security assessment, compliance issues and gap analysis.

What is meant by unified communications?

A unified communications strategy allows information to flow seamlessly through an organization by using tools such as voice over Internet protocol (VoIP), video conferencing, mobility solutions such as iPhone, iPad and tablet integration, and call center functionality such as call recording and reporting.

How can cloud consulting benefit companies?

For cloud solutions to deliver on their promise of reducing cost and risk while improving competitive advantage, they must be viable, supportable and secure. Vendor research and management, with an understanding of hosted offerings such as Office 365, infrastructure as a service (IaaS) and software as a service (SaaS), are critical to helping the organization realize cloud potential while avoiding pitfalls.

How does insourcing promote innovation?

An innovative environment is one where workflow automation and collaborative computing free up valuable time and provide on-demand access to critical information through dashboards, scheduling and customer portals.

Insourcing partners are providing supplemental chief information officer services such as documentation, change management and vendor relations support, which allow companies to cut waste, streamline processes and better position themselves competitively.

With the insourcing crowd becoming increasingly innovative, cost-conscious and competitive, it appears that the outsourcing model is on its way out.

Deen Ferrell is a business development executive at Cal Net Technology Group. Reach him at (818) 725-5062 or deen@calnet.net.

For information on the benefits of insourcing to Cal Net, visit http://www.calnettech.com/ourservices_OngoingSupport_InsourceBenefits.php.

Insights Technology is brought to you by Cal Net Technology Group

Published in Los Angeles
Friday, 30 November 2012 19:40

How to keep your IT department up to date

Many organizations have in-house IT staff that has been around for a long time. However, if the organization has not invested in employee skills, there is a tendency for complacency and stagnation, says Lou Rabon, Cal Net Technology Group’s information security practice manager.

“This stagnation comes in the form of believing that solutions the in-house IT people are providing are the best ones out there based on their experience,” Rabon says. “For loyal IT staff, their experience is usually only in one environment, and if no new education or experience has been acquired, then an element of risk is introduced into the organization. Not only will the organization be getting outdated and inadequate service and solutions, but the risk introduced may prove to be fatal to an organization’s data, as well.”

Smart Business spoke with Rabon about how to spot IT staff stagnation and what steps to take to address the problem.

How critical is the need to update IT skills?

Information technology experiences paradigm changes over very short periods of time. New, disruptive technologies are appearing all of the time, sometimes in as little as months. In information security, this trend is even faster, where minutes and seconds can separate effective solutions from completely inadequate, and expensive, defenses.

What are signs that IT staff might have stagnated?

If your IT person has been doing the same thing since 2007, you can be assured that there are going to be problems. Large and small companies should take stock and ask:

• Does current IT staff/policy favor convenience over security?

• Are there direct remote connections to machines because a virtual private network or remote access solution was considered too complicated or not possible?

• Are there passwords that are not complex or do not change?

• Do easy-to-remember — and therefore easily crackable — administrative passwords exist that have access to sensitive data?

• Is there a lack of visibility on the network?

• When problems occur, is root cause rarely determined and downtime frequent?

• Is there resistance to change?

• Are overly technical and confusing answers given when approached for advice or questions?

These are just some of the more obvious ways to determine if your current IT staff might need a knowledge refreshment or replacement. Unfortunately, most internal IT staff will believe everything is being done right, despite evidence to the contrary. This is what psychologists call the Dunning-Kruger effect, ‘in which unskilled individuals suffer from illusory superiority, mistakenly rating their ability much higher than average.’

What steps can be taken to address this problem?

The first might be to look at how staff is managed. Maybe the reporting structure should be changed. In many growing organizations, IT will typically be CFO-led. Ideally, IT staff should fall under a COO or, better yet, a dedicated CIO who can look at the big picture of where an organization is headed and drive this strategy.

Another option is training. Incompetence of any staff might be a failing of the organization itself to properly invest in its work force. Picking the right training can be a challenge, but there are a number of solutions. Vendor training is an option and can typically be obtained at a reasonable cost, especially if the organization has used one vendor’s technology over a long time and can leverage fidelity for a reduced training cost. New vendors also can be looked at to displace existing technology and they may throw in training as part of a purchased bundle. Many specialty organizations offer training such as A+. For security, the SANS Institute has an excellent Security Essentials Boot Camp, which can start to embed some of the basic tenants of security for any staff working with sensitive information or information technology. Finally, continuing education at a local university and even some of the free courses released by institutions such as Stanford might be a good way to stimulate critical thinking and encourage the staff to refresh its skills.

Another solution, which could be the easiest, is to augment the staff with outside talent. Bringing in an outside consulting firm can give an internal IT department a kick in the pants. Personnel will respond differently to this, with some seeing it as a threat and others embracing the help. Both perceptions can be helpful. An outside firm will help you navigate the technology, but more importantly, a good outside firm will help you identify who in the organization you should keep and who should go.

What about outsourcing all IT work?

Some organizations are much better off going in this direction, depending on what internal resources are available. IT, in and of itself, is a business, and, if you’re a small to mid-sized company, you might want to ask yourself, ‘What business am I in?’ For those organizations that prefer to concentrate on their core competency, outsourcing is a great solution. Doing so can help dramatically reduce costs, increase efficiency and productivity, and increase the security posture of an organization. A good IT outsourcing company is continually investing in its team, and because it sees many different IT environments, it is in a unique position to see what works best and provide those best practices to its clients.

Risk in any organization must be managed and mitigated as much as possible. Continuing to employ or engage unskilled or inadequate IT resources introduces an unacceptable level of risk. Your first step is to take a hard look at your organization, and evaluate whether or not you need to invest in IT skills or bring in external resources to best manage the information assets of the organization.

Lou Rabon is information security practice manager for Cal Net Technology Group. Reach him at (818) 721-4414 or lrabon@calnettech.com.

Insights Technology is brought to you by Cal Net Technology Group

Published in Los Angeles

When hiring a member of the IT team, weeding through all of the candidates out there is a tremendous challenge. Particularly if you are a smaller organization, it is likely that a non-technical person is doing the interviewing. In that case, it is very difficult to determine whether or not the person you are talking to actually knows their stuff. Even someone with a very technical background can be fooled by an impressive resume and a smooth talker.

“IT people are weird. I should know — I’m one of them,” says Zack Schuler, founder and CEO of Cal Net Technology Group. “They are the hardest to hire and even harder to retain, and are sometimes hard to fire, as many of them make themselves indispensable as they convince management that their skills are unique. Many of them have technical egos that are larger than life.

“At Cal Net, we have roughly 35 talented IT engineers that we had to hire, train and retain. And we’ve had to let some go over the years. We would like to think that we have this down to a science.”

Smart Business spoke with Schuler about the best process for hiring and retaining the right IT people.

Should IT people be interviewed differently than other potential hires?

Like with any position, you should be screening for the personality traits. An egocentric IT person is the last person you want on your team. Some interviewers are naturally talented at sniffing this out. For others, I would recommend a personality profile. In my opinion, personality is more than 50 percent of what you should be screening for.

Another of the most important traits is good communication skills. We have all experienced the IT guy who wants to sit in a closet somewhere to minimize his contact with humans. If they do make enduser contact, it is usually a painful experience, as they will say the least amount possible so that they can head back to their cave. You should have the expectation that your IT person will be able to communicate as effectively as anyone else in the organization.

How should a company screen an IT person?

Start with, ‘Tell me about your IT environment at home.’ If they give you an answer along the lines of ‘I have three physical servers, running seven VMs for testing, and I’ve got my own mail server running Exchange, and I’m running VDI for my primary workstation,’ then that is a good first step. They view this as their ‘sandbox.’ If they respond, ‘I’ve got a laptop at home and I try to stay away from the computer as I get enough of it at work,’ then they probably aren’t a good technical fit. You want your IT folks to be passionate about technology, and most of them do their best research and learning at home, after hours.

The second easy way to screen is to have a short technical quiz that can be administered by anyone. Feel free to email me for our quiz.

Last, and perhaps the most time-consuming and difficult process, is to put them through a technical lab. We require that our new hires come in and build a network in an eight-hour time period. We have a point system that scores the candidate, as no one ever finishes the lab. This gives us an excellent assessment as to what they do know, and what it is that they need help with. Depending on what you are looking for, there are companies that will administer these sorts of labs for you. If you are testing on Microsoft infrastructure skills, we can administer this sort of lab.

What are some of the challenges of retaining IT people?

In general, IT people are motivated by advancement and the quest for knowledge. In organizations where there isn’t any room to move up nor is there anything new to learn, IT people will stagnate and usually move on.

Good IT people are always looking to explore and learn the latest and greatest technologies. Just as they have a sandbox at home, they want to work for an organization that invests in IT and gives them an opportunity to learn.

Good IT people are also looking to move up the food chain. While some IT folks are motivated heavily by pay, many are more motivated by an increase in title and responsibility.

How can these challenges be overcome?

Quenching the IT person’s quest for knowledge isn’t always the easiest thing to do. There are two ways to attack this. First of all, if you hire someone who is a master of all of the technologies that you are currently running, you’ll get someone who can hit the ground running, but you will also get someone who becomes bored quickly. On the other hand, if you hire someone with like experience and aptitude, but not exact experience in the technologies you are running, you will give someone an opportunity to learn. You will obviously have to weigh the business risk in doing this — and while they are learning you may want to supplement their skills with a consultant — but it can be well worth it in the long run. In short, I recommend slightly ‘under-hiring’ for the position.

The second way to attack this is to give your IT person some latitude when it comes to decision-making. If they want to implement a new technology that is reasonable from a cost standpoint, and delivers business value, I would err on the side of letting them do it. Even small concessions can give your IT person a sense of worth and something new to learn.

Last, in terms of advancement, don’t ‘over-title’ a person. Don’t call your lone IT person ‘IT director’ right away. Create a career path: network administrator,  senior network administrator, IT manager, IT director and so on. Even very large IT organizations should be using this model. Look for increases in responsibility along the way, along with small increases in pay. Thinking out a career path before you hire someone will go a long way in making sure that they hang around for a long time.

Zack Schuler is the founder and CEO of Cal Net Technology Group. Reach him at ZSchuler@CalNetTech.com.

Insights Technology is brought to you by Cal Net Technology Group

Published in Los Angeles

In her summary blog from the World Innovation Forum, author Andrea Meyer noted an acronym, WeKE, which epitomizes how IT environments often perceive themselves. It stands for, “We Know Everything.” The sarcasm of the acronym may seem biting to IT directors who struggle daily with the escalating pace of change, the demand for improved performance and the increased financial pressures of the current technology world.

However, as resources become more limited and demands become more immediate and complex, Professor Mohanbir Sawhney, director at the Kellogg School of Management, says a new operational dynamic is needed. In this shifting model, IT environments accept that they don’t have a monopoly on expertise, are prepared to let go to grow, should communicate to internal stakeholders across the enterprise that open innovation is complementary to internal innovation, and create new roles and units responsible for implementing outside innovations.

“Outside collaboration can help create a synergism within organizations that counters the strain of performance demand, charting new ways of accomplishing more for less,” says Deen Ferrell, a business development executive at Cal Net Technology Group.

“While seminars, trade articles, focus groups and conferences all provide generalized ideas, only trade consultants, with their ability to analyze and assess each specific environment, can provide the particulars that often spark innovation,” he says.

Smart Business spoke with Ferrell about how IT consultants can help your internal department adapt in an ever-changing environment.

How can in-sourcing specific skill sets benefit a lean internal IT team?

In-sourcing specific skill sets that are expensive to hire internally and difficult to retain can help organizations improve knowledge-share without bankrupting their IT budgets. FMS Financial Partners, for example, a company specializing in employee benefits, found a need to ‘in-source’ a core business function outside their area of expertise. The company reported that this type of in-sourcing offered a competitive edge that it couldn’t have gotten on its own.

Specific skill sets that may be tapped include:

  • Unified communications such as VoIP telephony, wireless access, mobile computing and video conferencing.

  • Cloud consulting.

  • Virtualization, which includes server virtualization, VDI and thin provisioning.

  • Backup and storage, for example, business continuity management, disaster recovery planning and SAN replication.

  • SharePoint programing and implementation.

  • Security, including pen-tests, compliance audits and risk management.

  • Infrastructure maintenance such as daily resource provisioning, issue management and on-going network monitoring.

  • Help desk support.

  • Technology design that would encompass assessments, system architecture, return on investment and budgeting.

Even top-level IT teams benefit from in-sourced specialists, who bring a unique perspective to the team — one grounded in wide-ranging practical experience.

Can a collaborative approach to projects really offer a better chance that they’re completed on time, on scope and on budget?

When Harvard-Westlake School, one of the top preparatory schools in Los Angeles County, needed a firewall solution, it decided to work together with an outside IT consultant. Two years later, with hundreds of collaborative projects completed together, school officials said the collaboration allowed projects to be completed rapidly while ensuring a high quality outcome.

World Vision, a not-for-profit organization operating in more than 100 countries with some 40,000 employees globally, had a similar experience. The organization had an enterprise-level project involving a Microsoft product and needed specific expertise, so it turned to a staffing firm, but after several weeks was still unable to meet the specific requirements. That’s when it contacted a local IT consulting firm, which provided the services and solutions that were required for the project and saved money for the organization in the long term.

How does a collaborative relationship spur innovation?

For any real innovation to occur, you have to have a baseline — you have to know what you don’t know. That’s where collaboration comes in. One of the best ways to enter a collaborative relationship is with a frank assessment. Some companies shy away from assessments because they worry about the cost, but having a clear picture of where you are is the best place for creative thinking to begin. In some instances, the right pieces are there, they just need to be pulled together in the right way. An effective IT assessment, coming from outside the organization, provides new critical eyes to clarify where internal vision is clear and where it doesn’t quite hold up. Once weak points are identified, the stage is set for effective problem solving. Collaboration leads to new perspectives, and from new perspectives, innovation is born.

Can this really help safeguard against uncertainty?

Peter Salmon, managing director at FISCHE Consulting in New Zealand, says collaborative innovation may soon define the organization of the future. He says as future uncertainty and change increase, organizations will face increasing pressure to adapt, evolve and remain viable, making collaborative innovation a critical success factor.

The effective trade consultant not only provides a springboard toward collaborative thinking but also provides the very tools to help innovative ideas come to fruition on time and on budget. In uncertain times, this seems to be a safeguard none of us can afford to ignore.

Deen Ferrell is a business development executive at Cal Net Technology Group. Reach him at (818) 725-5062 or deen@calnet.net.

Insights Technology is brought to you by Cal Net Technology Group

Published in Los Angeles

The need for information security is indisputable, and the increased commitment to it in recent years has been impressive. All too often, however, the decision to commit more resources to security in an organization is in reaction to either an event or fear, the latter of which can stem from a news article, strange traffic on the network or a nagging feeling. This reactivity can lead to poor outcomes when trying to increase an organization’s security.

“Security vendors take advantage of this fear to sell their products,” says Lou Rabon, Cal Net Technology Group’s information security practice manager. “Many of these products are effective at solving specific problems, but those products, examined one at a time, may not completely fill your needs.”

He says if you do not have an idea of what your criteria and desired future look like, you’re more likely to walk away with something more expensive and riddled with features you don’t really need.

Smart Business spoke with Rabon about information security strategies to keep your data and systems protected.

How can organizations best secure their information?

The easiest and most effective way is to make a commitment to an information security strategy or framework. It’s obvious from reading the news that security incidents are happening as frequently as car accidents. Any organization that has not yet implemented a security program has just been lucky that its proprietary or confidential information has not walked out the door. Unfortunately, in many cases it already has. A 2012 study by Trustwave found that attackers had an average of 173.5 days within the victim’s environment before detection occurred.

What is involved in creating an information security strategy?

The global standard for information security is the ISO27000 series of standards, which specifically sets up an information security management system (ISMS) framework and a number of the implementation elements. An ISMS framework is a list of policies and procedures that define an organization’s information security strategy. This can be considered the map that charts an organization’s course through the murky waters of information risk. It allows security decisions to be made against a set of established business practices and procedures, which means less waste and a much higher level of security.

An appropriate first step towards implementing an information security strategy or framework would be to conduct a security review at a high level with a trusted third party. This strategy is valid for organizations that are just starting to review their approach to security, as well as those that have an existing strategy but have not reviewed it within the last year.

How might a real-life scenario unfold without a security strategy?

Let’s say a CIO reads that a new attack vector consists of a phishing attack that spoofs a LinkedIn invitation email using the lure of a high-paying job to entice potential victims to click a link to malware.

Without a security strategy and depending on the size of the organization, the CIO would either call in the company’s security lead, infrastructure manager or third-party managed services provider to discuss the situation with them. Without an overarching strategy and no mandate to refer to, a number of point products then are considered to plug the hole. Taking for granted the organization is already using a mail filtering program, it’s decided that the easiest way to solve the problem is to either block LinkedIn completely or to implement an additional malware detection device that would detect and possibly block these attacks were someone to click on the link.

However, blocking LinkedIn is wrong for a number of reasons, namely:

  • There is an organizationwide business need for that website.

  • Blocking it will not block the attack vector or the attack since it is email based.

  • Even if blocking LinkedIn proved to be effective for this attack, it would not address the myriad other attack vectors that could be used in the future. This is the equivalent of playing Whac-A-Mole with one’s network.

Adding an IPS/IDS solution is a good idea, but without a strategy, there are a number of factors to consider, such as the part of the network it would protect, if the device will block potential attacks or just provide an alert, the person who will respond to IPS incidents and a way to deal with false positives. Failure to address these issues can lead to a very expensive paperweight sitting in the data center.

How would the same threat be managed with a security strategy?

The CIO calls the team together to address the LinkedIn threat. They first review their strategy and policies, and then they note:

  • Users do not have administrative access to their machines, which will prevent most malware from being installed without user knowledge.

  • An intrusion prevention and detection device was on the strategic roadmap, and therefore, the time frame is accelerated to implement this solution.

  • An incident handling team has been defined and a third party is responsible for dealing with alerts, so the internal and external teams coordinate to ensure they have heightened awareness of this alert.

  • Their security framework defines that security awareness sessions are conducted quarterly for all staff; therefore, the staff has already been educated about clicking links from untrusted sources and is less likely to fall victim to this attack.

This proactive approach saves much time, money and consternation. Committing to a security framework makes it easy to make decisions around information security and ignore the hype with which we’re constantly bombarded. Committing proactively rather than reactively to security will avoid information-related emergencies and aid in getting a good night’s sleep.

Lou Rabon is information security practice manager for Cal Net Technology Group. Reach him at (818) 721-4414 or lrabon@calnettech.com.

Insights Technology is brought to you by Cal Net Technology Group

Published in Orange County

When it comes time to search for an IT consulting partner, there are a lot of areas that you should consider before selecting a firm. According to Zack Schuler, founder and CEO of Cal Net Technology Group, it takes a specific skill set to understand and address the technology issues that businesses face.

“Over the years, we’ve taken over from sub-standard providers, and I’ve seen some pretty bad work that our clients have paid a lot of money to get done,” he says.

Smart Business spoke to Schuler about how to choose the right IT partner for your business’s needs.

How can business leaders best approach the process of finding the right IT firm?

In my experience, there are six things to look for when selecting an IT consulting partner:

1. Years in business. I’ve seen a ton of ‘fly-by-night’ IT companies. They usually start with a very technical owner, who has difficulty hiring and managing good people, and are out of business within three years of getting started. When looking at years in business, it is important to see whether or not the company survived the last recessions. For example, if they started their business in the ’90s, they’ve been through the dot-com bubble, as well as the latest recession. If they survived one or both, that is a good sign. My recommendation: If they’ve been in business less than five years, I would steer clear.

2. References from your industry. Even though many of the IT systems are the same across industries, there are some industries that have their idiosyncrasies. For example, with accounting firms, an IT provider familiar with that industry would plan upgrade projects in November. Then, between the Christmas holiday and April 15, they wouldn’t make any changes unless absolutely necessary. And while they might not be experts in tax accounting software, they have enough experience with the packages to know when to call the software vendor when they run into an issue. My recommendation: Hire an IT firm who can provide references in your industry and call those references.

3. Industry certifications. IT is one of those areas where you don’t need any sort of minimum certification to practice. It’s like hiring a contractor without a license, or a lawyer who hasn’t passed the Bar. Because of this, it is important to see if the companies themselves have industry certifications. This might entail their engineering team having personal certifications, among other things that the company has to do. Also, check to be sure that their certifications are current. For example, they could have been a Microsoft Gold Certified partner two years ago but haven’t qualified this year for the new requirements. My recommendation: Look closely at industry certifications when selecting a partner and make them prove their currency.

4. Strategic IT consulting. In today’s times, it’s relatively easy to find an IT provider who can patch your servers and workstations, update your anti-virus software and fix your email when it’s not working. These types of services have become somewhat commoditized simply by the fact that so many people can perform them. That being said, to find a company who can truly be a strategic partner with your organization is another set of skills entirely. This would be a company who can, with your input, write a full-scale strategic plan around technology. They would be able to manage any other vendor you’ve got who provides a technological role, as well as track your IT assets, forecast your upcoming expenses, etc. These are duties typically involving an IT director or CIO, and you should have the expectation that a firm you work with, no matter your company size, should have these types of resources.

5. Number of employees. While even the smallest of IT organizations can have some very talented people, those talented people can’t know everything. It is hard to throw a number out there as to what the ideal number of people is. On the smaller end, somewhere between 15 and 20 people is a good number, assuming that they don’t have too many disciplines, nor cover more than a county or maybe two. You want to make sure the IT provider has great ‘back-office’ support (i.e. HR department that can hire quickly if they lose a key employee, good accounting department, etc.) as well as field personnel who are local to your place of business and have redundancy. In other words, if you have a ‘subject matter expert’ on your account who knows a specific piece of technology, you want to make sure that the IT provider whom you partner with has multiple experts on that technology as redundancy. My recommendation: Ask how many employees they’ve got, and then go to their office to see their place of business. It’s an easy step if you are going to trust them with your IT.

 

6. Hiring and retaining. The last and perhaps one of the most important aspects to inquire about is how they hire and retain their people. IT providers should be placing the same standards upon themselves as you would to hire your own IT employee. Look for companies with employees who are good communicators, as well as passionate and knowledgeable about the technology.

In terms of retaining, there is no harder employee to retain than an IT employee, and this can spell bad news for you if the company that you are partnering with is riddled with turnover. Every time an employee at your IT partner turns over, there is going to be some knowledge lost — it is likely the idiosyncrasies of your business, but sometimes, that can be a lot. I think it is important for you to ask them, ‘How do you retain your people?’ An average sales person might not know the answer to this, but any member within their management should have a good answer for you. My recommendation: Inquire hard about hiring and retention processes.

Zack Schuler is founder and CEO of Cal Net Technology Group. Reach him at ZSchuler@CalNetTech.com.

Insights Technology is brought to you by Cal Net Technolgy Group

Published in Orange County

You may not want to think about it, but it’s bound to happen sooner or later: turnover in your IT department.

“Not a day goes by where we don’t receive an emergency phone call from a frantic executive with a story that we hear time and time again, ‘My IT guy has just quit, and he has all of our passwords, and we can’t do anything without him,’” says Zack Schuler, founder and CEO of Cal Net Technology Group.

Many companies don’t plan for this sort of exit, though this type of exit will be inevitable for every company at some point or another. It is safe to say that no one stays with a company forever, and when IT people leave, it can be especially painful.

Smart Business spoke to Schuler about how to put the proper backups and protocol in place to keep operations running smoothly even after the departure of trusted IT personnel.

What protective measures can businesses take to be ready for the departure of a key IT person?

1) Insist that your IT folks provide you with administrator and all passwords that they are in possession of. There is nothing worse than an IT person leaving, and not being forthcoming with password information. If you make this a requirement early, and ask for any changes often, you shouldn’t have an issue getting the information that you need. There are pieces of software that you can buy to securely store your passwords that you can give two or more people access to. The key here is making sure that there isn’t one person who has the ‘keys to the kingdom.’

2) Your IT team should provide you with complete and comprehensive network and systems documentation. I could fill up this article with the list of everything that should be documented, but let’s leave it simple and say that everything related to IT that has a power cord should be documented. Also, it is not good enough to document it once and then walk away, but a routine and methodical process of having it updated, at least quarterly, is a critical step. IT changes quickly, so you always want to have up-to-date documentation.

For some companies, this will be hard to get. For many companies, they’ve asked this of their IT folks, and it hasn’t been produced. Why? Most of the time, the pushback from IT is, ‘I have other, more pressing issues that get brought to my attention every day, and documentation always gets put on the back burner.’ One tip we’ve used here is to ask the IT folks to come in on the weekend (and offer to pay them if they are hourly, which they likely are, or at least should be), in order to get documentation done, uninterrupted. It doesn’t take that long once they get into the groove. If IT still pushes back, hire a company to come in and do the documentation for you. You’ll get it done, and have the benefit of an audit of your IT person’s work.

Once this is done, and done well, if the IT person leaves, it is a lot easier to have someone jump into their shoes and take over quickly.

3) Do your best to ensure that your IT people are cross-trained to the fullest extent possible. If you put a serious cross-training program in place, it may save you in the long run. It also gives you the opportunity to feel like you are not tied to a ball and chain with any one IT person, and it makes them replaceable, if the need be.

4) Develop a ‘lock out’ procedure. In the event that an IT person leaves, or is asked to leave, it is important to have a lock out procedure documented, and a plan in place to execute it. As soon as or just before the person is out the door, you should disable their user account and wipe their cell phone, if it is company property. Also, many times it is wise to have the user community reset their passwords, as, in some organizations, the IT guy had access to those as well. An exit agreement drafted by your attorney that lets them know that they are to give back any confidential information is advisable as well.

5) Hire an outside firm to be your backup. One of the duties that we fill for many of our clients is the role of backup IT provider. Most of our clients have an in-house IT staff, and we work with their staff on issues that they don’t have the skill sets to tackle themselves, or in areas where there is simply more demand than supply. Many of our clients hire us to help out, with the secondary benefit of being able to rely on us should an IT person quit or be let go. We are able to fill in for that person with minimal interruption because we’ve become familiar with the environment. Sometimes the company realizes that just part-time consulting work is all that they need, and other times we continue to work full time until they’ve backfilled us with a new resource, who we then train. Having a backup IT provider can be a very smart move.

It’s not always well received when the backup IT provider is brought to the table, as internal IT usually feels threatened. That being said, in almost every case, we work alongside that person well, and they get to understand our value. In many cases, we become the reason that the IT person is able to go on vacation, as we become his or her trusted resource. We want to become the IT person’s trusted resource, as well as the executives’ trusted resource, should the employment relationship go awry.

In short, protecting your IT environment means making sure that you have control over it. Nobody ever got fired for being prepared.

Zack Schuler is the founder and CEO of Cal Net Technology Group. Reach him at ZSchuler@CalNetTech.com.

Insights Technology is brought to you by Cal Net Technology Group

Published in Los Angeles
Page 1 of 2