MSP Does Not Mean Off Site

You hear this often: “I don’t want to work with an MSP, because I want my IT people sitting right here where we can talk to them.”  The idea here is a good one, having your IT people, or at least certain IT roles that need to interact with end users and “other humans” often makes total sense.   You can communicate better, get more involved socially, build better relationships – being “part of the team” has major value.

What is incorrect, though, is the idea that because you work with an MSP that you do not have that option.  Maybe some MSPs will not offer it, but many (including NTG) absolutely offer their own staff to sit full or part time in your facility allowing them to act and react just like an internal employee would but with the added benefits of the MSP infrastructure and ecosystem.

There is nothing in the MSP model that dictates that staff need to be offsite, or shared between customers.  In fact, an entire MSP could be dedicated to a single customer, although this would generally be impractical for everyone involved.

More typically, what we see, are hybrid models where some MSP staff are full time, dedicated, and on site with a single customer and tend to handle functions that deal directly with people often such as helpdesk, deskside support, training, and security.  Then other resources are shared, and off site handling tasks with little to no human interaction like automation, server management, or similar.  This can allow for the big cost savings and skill benefits of an MSP, while keeping the “face to face, immediate response” nature of having the IT team sitting in the office with everyone else.

Considering using an MSP should not make you feel like you are choosing one mode of operating over another, nor that you are giving up options: with the right MSP partner, you should have more options, more flexibility, and more capability than ever before.

Make an IT Service Provider Your Next Employee

IT hiring is hard, even at the best of times. And for normal (non-tech) companies, attracting and retaining good IT talent can be exceptionally challenging whether because they are hard to find, the business lacks evaluation and selection skills, or the challenges of the business don’t interest the best potential candidates.  Even in the enterprise, hiring a good resource can easily take six months, and is a very expensive process.  And, of course, the harder it is to fill a position in the first place, the less likely it is for that person to stay long term: they are in demand and likely working their way up in their career.

Service providers present a significant opportunity to alleviate these challenges.  Service providers offer potential employees a broader range of challenges, mentoring from experts in their field, career paths without having to switch employers, and peers within their own profession – these aspects of a position are very important to an employee.  They also hire IT staff regularly and have a deep understanding as to what constitutes a valuable person for a role – something that most companies find very difficult to ascertain.

Contrary to the popular impression of service providers, staff that they provide need not be remote or even shared with other customers.  Service provider staff can be on site, can be fully dedicated to you, or any combination of pooling, dedication, location, etc.  There is great flexibility to find an operational mode that is both affordable and provides the functionality needed from the position.  Talk to your service provider, they are likely able to find a solution that will work for both of you.

Dedicated resources from a service provider can be surprisingly affordable, but come with many benefits such as being part of a larger billing system for other resources, having support resources from a dedicated IT organization, having included coverage options for holidays or sick days, ability to fluidly scale up or down through the use of other service provider staff, and so forth.

Service providers can change how you look at how your IT staff can work, and can do much to keep the costs of your staff low.  Internal staffing brings many high costs that are not always realized at the time of hiring, or are just assumed as unavoidable costs. But service providers bring scale, experience, and flexibility that single, traditional organizations cannot have themselves.  Reach out and see how your service provider can change how you look at your next IT hiring process.

 

Why Every Business Needs Backup

When we talk with technology professionals, almost universally they point to backups being possibly the most important thing that any business will prioritize when considering their computers and business systems.  But in the real world, backups and data protection often receives almost not attention. Why is this?

Backups are boring, they are invisible, they are easily forgotten.  You don’t see them, you don’t deal with them, and you hope that you never need them.  If you ignore your backups you might go years, possibly many years, without ever seeing a reason to have needed it.  Like airbags in your car, you can drive possibly for decades without seeing any value to them; in fact you might forget that they are there.  But when you need them, you have no time to decide to add them: you need them right that moment; and they can save your life.

Backups are the core protection for your business.  How much would it cost you if you lost a record of your customers, lost track of billing, couldn’t produce financial records, and possibly stopped being able to make your own products! Every business is unique in how data loss will impact them, and often it is far more dramatic than we imagine.  In a majority of cases, data loss without working backups isn’t just financially damaging – it actually causes businesses to close their doors for good.

The rule we live by is this: “If something is important enough to store, then it is important enough to back up.”  This means if you don’t see the value in protecting a piece of data, you shouldn’t be paying for someone to create, collect, or store it in the first place.

If you have never tried it, do some role playing in your office.  Sit down and run through what data loss would look like.  Try to imagine how bad it will be.  Then add in the feeling of panic; the pending sense of disaster not just for yourself but for staff.  Some people feeling like maybe they are to blame, some worried that there won’t be money to pay them, many worried about the future of the company.

Backups protect against far more than just traditional disasters like hardware failure, fires, and floods.  Backups protect against accidents, which everyone makes sometimes; select the wrong file, or the wrong button, and critical data might simply vanish.  Backups protect against upset employees looking to lash out.  Backups protect against malicious competitors who may hope to shut you down, or at least slow you down.  And, more relevant than every today, backups are the last line of defense against the new and massive threat of ransomware.

While backups have always been possibly the most important thing any business can be concerned about when it comes to technology, the modern landscape where nearly all businesses end up facing regular ransom attacks on their data has taken the already incredibly high need for backups to a level never previously imagined. Without solid, tested backups today, a business has effectively guaranteed itself a disaster from which it will struggle to recover.

 

Outsourcing and Offshoring

Outsourcing and offshoring are two terms we hear a lot, and both are important to businesses of all types, but the terms are often misused and misunderstood.

Outsourcing refers to the practice of using external companies to provide functions to our own company. This is so common that it is often ignored as a special practice and we see this commonly in the use of bookkeeping, accounting, financial, human resources, information technology, legal, electricians, plumbers, and many other roles & departments.  Bringing in outside companies that specialize in these functions, rather than staffing up and training departments of our own, is often the only sensible way to get the expertise that is needed at a price that can be afforded.  Outsourcing is generally done to leverage either scale or expertise, or often both.

For example, a typical business would not get good financial returns from hiring a full accounting department with a full range of skills and training, they would be idle most of the time, wasting money.  But an outsourced accounting firm can work just as needed, while providing a range of skills from many different internal people.  Through outsourcing, your company may get more and better skills, all while saving money.

Offshoring is different and refers to having staff work from locations outside of the country (presumably across the ocean, hence the term, but simply outside of the country is all that is really meant.)  The term arose from the common practice of using south Asian resources across the Pacific from the US as low cost workers, but it is important to understand that many European countries use American staff in exactly the same way – low cost, overseas labor compared to what they can hire at home.  Offshore workers may be normal employees, or may be provided through an external vendor.  The concept of offshoring does not imply outsourcing as well.

Essentially all companies outsource, whether a little or a lot.  Outsourcing is most often another business right down the street, or at least in the same country. Rarely is outsourcing also going to be offshored.  But no reason that it cannot be.

Offshoring is very rare, for an average company.  It is complicated and poses many legal and logistical hurtles, and it requires much understanding of the offshore location and culture.  Most people who express concerns over outsourcing actually mean offshoring – extremely low cost, extra-national workers with little training, and probably no oversight.  Offshoring tends to engender apprehension either because people associate it with low quality work because end users typically only interact with it through low cost call centers that give it a bad reputation, or staff react to the idea with fear that their jobs will be sent out of the country.  But offshoring can be effective if done well, and can be important to keeping your business competitive.

Combining these two is common and can be beneficial; it is not surprising to find that many outsourcing firms also offshore.  But the two components are distinct and serve different purposes.  When seeking an outsourcing partner,  consider that offshoring may be an optional benefit that they can offer.

What Is Your IT Department

Every business talks about their IT department, or person, but how often do we really take a moment to consider what that department’s (or person’s) job really is.

“It’s to fix the computers!”, I hear you saying in your head.  But that’s a pretty minor function of IT and not really where the value is.  That’s like saying that the attorney’s job is to “organize paperwork”, which of course they do, but that isn’t what you pay them for.

IT does a lot of things, and should be extremely core to your business.  IT has to understand business needs and processes and design information systems that support, and protect, those needs.  IT has to do complicated cost and risk analysis to know when you should be spending, and when to be saving.  IT has to understand your business, and its finances, to know what systems will benefit you best.  IT handles the most important aspects of security for your business.  IT oversees much of the most important business purchasing.  IT has to protect the business from sales people, and marketing.  IT has to apply math and logic to business processes; take that which is conceptual and make it real.  IT must also combine sweeping technical and business knowledge and apply it to current, real world market products and techniques.

Sure, in doing all these things IT tends to touch the computers and fix things when they break, but these tasks are not the ones that gives IT its value.  We must remember to keep perspective that these are not the tasks that create the need for IT.  IT forms a core of our business, it builds our infrastructures, it keeps us safe, it is involved in every aspect of the business.

How we view and treat our IT people or department have a big impact on the ability for IT to make us efficient, empowered, and competitive.  It’s time to move from viewing IT as “the computer guy” to “the key business oversight department that oversees infrastructure, security, and business enablement.”

Ransomware and You

In the last couple of years, ransomware has appeared as the next big threat not just on the horizon, but affecting people today.  Never before have we directly known more companies impacted by a single type of threat as often, or has heavily, as with ransomware.

The basics of ransomware are that a malicious outside organization manages to gain control of all or a large portion of your data and hold it in such a way that you must either pay a ransom or else the data is permanently destroyed.  Typically you are forced to decide quickly whether or not you will pay, making the entire situation more tense and giving you very little time to plan or react – no time to test your backups, or see if there is a way to recreate the data.

Many companies choose to pay heavy ransoms, often thousands or tens of thousands of dollars, without any guarantee that their data will be restored once they pay! This makes the situation so much more dire; a complete lack of assurance that anything will restore your data.  Law enforcement is all but powerless to help.

These days, it seems nearly certain that almost every business will experience a ransomware threat at some point, and many have been hit more than once, already.

Strategies exist for protecting your business from ransomware, but it can be difficult.  Traditional strategies of user training, email filtering, anti-virus, good desktop security controls, and so forth do help, but are not enough.  Additional protection from technologies like version control, long retention backups, and even rethinking the fundamental design of your network all play major parts in reducing or eliminating the ability for ransomware to impact the network.

Ransomware has caught not just companies unprepared, but many MSPs and IT firms lack the necessarily security and infrastructure experience to tackle the kinds of changes needed to effectively deal with a future that involves threats of this nature.  Protecting against ransomware isn’t a quick fix, or a checkbox, it requires significant planning, and possibly some major changes to how your business works.

There are benefits, too, though.  Ransomware might be an unfortunate reason to have to modernize your network, but in doing so there are many other potential benefits to reap which may make the entire process beneficial.

Part Time CIO, the Virtual CIO

CIOs are, of course, costly and many businesses attempt to function without them.  This, however, is very dangerous, as a degree of knowledge and oversight is needed for even a very small business.  A CIO need not be full time, but does need a level of expertise that is rather extreme.  In some cases, a CIO might only be needed a few days, or possibly just a few hours, a year.  Having a CIO, even a very good one, need not be highly expensive.

Without a CIO, a business is left vulnerable.  Vulnerable to maintaining status quo due to a lack of planning, vulnerable to de facto decision making without proper evaluation, vulnerable to vendor sales people, vulnerable to unneeded products and services, vulnerable to missing big opportunities that were never identified.

But with a small business, a planning roadmap might be laid out for a year or two in advance with almost no need to review it during that time.  Purchasing decisions, business changes, new opportunities are rare and don’t need to be watched for every day.  For very small businesses, a long lunchtime conversation with your CIO might be enough for your entire year – lay out the latest changes, ask about the newest things to be looking for.  It can really be that casual.

For bigger businesses, a part time CIO, often called a Virtual CIO or vCIO (because, you know, “Virtual is cool these days”) can mean a few days, or a few weeks a year.  As you get larger, maybe it’s a few months on, a few months off.  Eventually a full time resource might be warranted, or perhaps a junior CIO role that is full time with a very senior CIO adviser as even moving through the CIO ranks can be very challenging.

No business is too small for a CIO, and every business can benefit from one.  Finding one that understands your needs, and can work within a framework that makes sense for you, is all that is needed.

Every Business Needs a CIO

What exactly is a CIO? The name is a Chief Information Officer, but the role of the CIO is to take business needs, requirements, and opportunities, at the highest level and guide IT decision making so as to consider the specific needs of your business, while considering the full range of IT possibilities.

CIOs do a lot, from overseeing how the IT department is run and treated, to providing the most important interface between technical staff and the business, to creating strategic roadmaps and planning, to creating a structure for engaging vendors, suppliers, partners, and contractors.

Functioning without a CIO can be dangerous and costly.  Without a CIO a company is often vulnerable to vendors trying to sell the next big score, strategies copied from a book rather than catering to the needs of the business, and tech being deployed for the sake of tech rather than specifically in support of the business’ unique challenges and opportunities.  Of course, like with any position, having the right CIO is important, as well.

IT is a key player in any business.  Of course, you can focus on doing as little with your IT department as possible, but this often backfires.  Without proper management, IT often becomes very costly in ways that are not always obvious.  It is common to find IT departments, even in very small companies, with budgets many times larger than they should practically be; literally spending 200-500% the amount that they should be.  Lacking strategic oversight makes it easy to accidentally overspend without even realizing lower cost options are possible, and often even better.

Having spent decades in a CIO role, whether full time or consulting, I can tell you that it is very common to walk into a meeting and in just a few hours take a project budget for a small business from $150K to just $35K while not losing any capabilities, but delivering more, in fact!

CIOs are a difficult role to fill as they must have a deep business understanding and should be a business advisory role alongside the CFO to the CEO.  Your CIO needs to be a part of all strategic decision making and there to help you identify risks, as well as unseen opportunities, at every turn.  The CIO needs also to be deeply technical and experienced, otherwise they are easily misled or confused.  A CIO may not need to be hands on day to day, but needs a long background in technology to understand the underlying themes and currents of the field.  A CIO is a generalist who needs to have worked in the industry, and brought business experience to bear on that experience.

A good CIO is a key strategic planner for your organization.  A business specialist with broad technical scope.  One of the most important players in making your business efficient, agile, capable, safe, and prepared to rise to meet challenges you may have not yet even envisioned.

Beware of IT Protectionism

All people fear change.  This is a natural part of being human, so we can hardly fault anyone for feeling a bit of panic when they find out that big, sweeping changes might be coming to their industry or career. But IT is a career of managing change and it is necessary for IT decision makers to embrace change, rather than reacting negatively to it.  All change brings opportunity, but those that let emotions drive them instead of rational thinking are not in a position to benefit from it.

In IT we often see emotional responses to change in the form of IT Protectionism.  This can wield itself in many ways.

One key example is IT staff who feel that they “own” your network and your computers and try to maintain control rather than working purely on your behalf. Often this results in decisions being kept secret, hoarding of access, and at worst even absconding with the keys to the kingdom and holding you ransom or worse.

Another example is avoiding modern approaches to technology. A common example here is IT staff claiming that they don’t “trust” cloud products because they don’t control them. This tends to be either an example of trying to “grab control” as I mentioned above; or just plain fear that moving to cloud hosted applications or products will cause their job to be eliminated.  In both cases, what is best for your business isn’t taken into consideration, but only what either makes them feel in control, or gives the appearance of protecting their career.

The last example that I will give is selecting technologies based on what the IT staff is familiar with, rather than considering the needs of the business.  IT staff should, in theory, easily be able to adapt as business needs change.  But often this is seen as risky to their careers to “more of the same” is often chosen to ensure that there is no risk of the staff selection being modified.  In larger companies, you will often see additional staff with matching skill sets hired to reinforce the company’s dependency on decisions that are made in the interest of the staff, rather than the needs of the business.

Protectionism is a scary thing for any business as it can creep in and represents a sizable risk either by making the business insecure, costly, or inflexible.  There is no simple answer to avoiding protectionism, it must be watched for from the very top and can be different to identify as often it is masked in technical jargon.  But there are signs, from unexplained fear of change or modern approaches, to a focus on hiring or using specific technologies without solid explanation, to language and behavior withholding access to systems or use of possessive language.

Be vigilant. The network belongs to the business, and IT needs to be a part of the business, not in competition with it.

You Need IT from Day One

Are you starting a new business, or considering doing so? On the first day, the first hours, of your new business there are a few key players that are needed to be in place. Your attorney, of course.  And probably your financier.  Maybe someone who understands your operations, if that isn’t you yourself.  And, of course, your technology adviser.

To many starting a business, it might sound crazy to have someone to oversee your technology before you have incorporated, before you have any staff, or even any computers; but this is exactly when they are needed.

This is called a greenfield and this is the time that your technology partner, who might be a CIO, an ITSP, or other resource, has free reign to consider all possibilities.  This is the one, and literally the only, chance that your company will ever exist with zero technical debt and all options can be evaluated, including those you never knew were options because no one ever evaluates the greenfield scenarios.

If you, instead like most new businesses, run out and set up email accounts, buy laptops, order your Internet connection and so forth before IT is there to guide you, you have created technical debt.  Money has been spent, decisions made, debt incurred.  Sure, it can all be replaced, but it won’t be. Those decisions, ones that feel ridiculously trivial at this stage, will normally haunt a company for more than a decade.

From the IT perspective, the mistakes made at this crucial time are often astounding. Wrong licensing, bad hardware, key applications chosen. Often in a few minutes without IT guidance, decisions that end up doubling the cost of IT infrastructure over the next decade are made, but because of the frog in the boiling water problem, they are likely never resolved.

This happens because it feel logical to just “buy what gets us up and running right away, we will fix it later.” But this makes no sense, fixing things is very costly and when will you rip and replace everything? There is no sensible time to suddenly decide to do that. You didn’t do it on day one, why would you do it on day two?

With each new day, more time and money is invested into the initial decisions. More hardware, more software, more licenses, more applications that depend on those things are purchased. Day by day the initial decisions go from “technical debt” to heavily entrenched decisions with unknown dependencies throughout the organization. On any given day it is just “doing the simplest thing right now” and “not wasting time on big decision making”, but this de facto planning process ends up guiding the core of the business, and all of IT, without anyone intentionally deciding on what actually would best service the business.

It’s a ripple effect (the butterfly effect), what seems like a completely trivial decision to move quickly without getting “bogged down by IT” can spell long term disaster and is often the underpinnings for many of the struggles that businesses face every day.