IT Support Blog for Small Business Owners

IT Technology Lifecycle Management for Small Business

Posted by Michael Silverman on Fri, Dec 27, 2013

IT Technology ChangeThose who know me know I believe that business requirements drive technology investments (not the other way around).  So let’s assume everyone agrees with me on that, but what about managing existing technology investments?  A few of the more common technology management scenarios we see in small businesses include:

 

  • Upgrading when the existing technology literally fails and becomes unusable

  • When a visiting engineer tells you, “Houston, we’ve got a problem”

  • When introducing a new business application, the vendor “requires” new equipment

     

IT managers, or outsourced Managed Service Providers, should always steer management with technology management recommendations proactively.  Hardware does get older; new software versions come along; hardware and software even becomes obsolete.  Lifecycle management is a subset of technology management and should be reviewed regularly by either internal staff or your outsourced Virtual Chief Information Officer.  I utilize a Risk Assessment worksheet to document everything critical to my client’s IT environment from hardware to software, local and remote technology.  Some of the considerations, beyond business drivers, include the physical age, performance metrics, end of life, and end of support data for hardware and software.

So, you might ask, “what’s the risk to my small business if I’m not managing and attending to my technology’s lifecycles?”  Worst case is you’re exposing the business to unplanned downtime.  One of the most common examples is an expiring agreement.  Virtually every business has a domain name used for accessing a web site and managing the flow of email.  If the registration for your domain name expires, the business is not only at risk of disruption of email flow or access to the web site, but another organization or individual can actually take ownership of your domain name, forcing you to find a new name.  Some other expiring agreements associated with lifecycle management include SSL certificates (equally as disruptive as domain names) and both hardware and software maintenance agreements. 

Second in line to expiring agreements is dated hardware or software.  Let’s start with hardware.  In general, my greatest concerns about hardware reliability occurs right after new equipment is deployed and after 3-4 years of its useful life.  The graph below provides an illustration of the typical lifecycle of a piece of equipment.  During the first 90 days or so, there’s a risk of premature failure.  ANP will “burn-in” new equipment for a series of days to try to catch this potential risk.  Once through the first 3-6 months, failure rates become quite infrequent.  As equipment ages beyond 3-4 years, the risk of a component failure dramatically increases.  This risk can be mitigated through effective business continuity planning.  We’ll typically leverage redundant components and systems in our designs and discuss the cost/benefit relationship to insure the client is making the most prudent business decision.

 


lifecycle management

The last aspect of technology lifecycle planning is driven by the manufacturers and software developers.   It’s referred to as End of Life and End of Support.  Many of the major manufacturers publish End of Life documents.  I’ve included a few common manufacturer links to their lifecycle web pages.  One of the most notable, near term events, is the pending Microsoft Windows XP SP3 End of Support date, April 8, 2014.  This means that as of April 8th, Microsoft will no longer provide automatic fixes, updates, online technical assistance or, most importantly, security patches, potentially leaving your business vulnerable to virus attacks or security breaches.

Technology Management Guidelines

Although every businesses situation is different, the following guidelines provide a good rule of thumb:

  • Upgrade desktops every 5-6 years, including upgrading operating systems and the Office suite.  For the next upgrade, evaluate the feasibility of thin clients or virtual desktops

  • Upgrade key physical servers every 4 years.

  • If you’ve begin to virtualize servers:

    • Upgrade virtual guest servers based upon the application vendor’s guidelines

    • Configure the virtual host servers “N+1” so you can function if one server fails; stagger purchase dates; monitor performance, then replace upon failure of a host unless performance dictates.

  • Storage systems should be evaluated at the 5-year mark
  • Network switches:  At end of support, usually 5 years
  • Routers, Firewalls: At the end of software maintenence

In summary, it doesn’t matter whether you’re large or small, driven by technology, or just consider it a necessary evil; you need to have a Technology Lifecycle Management strategy.  I’ll leave you with a few guidelines and resources.  As always, drop me a note if you’d like to discuss lifecycle strategies, or request a free network assessment to determine where your IT equipment is on the lifecycle graph.

 

Request A Free Network Assessment

Resources

Topics: Business IT, IT Assessment, Business technology, Managed Service Provider, IT Technology, Lifecycle management

How does a Business Owner Insure IT Security with Employees?

Posted by Scott Persechino on Sun, Dec 22, 2013

IT SecurityHaving worked in the technology field for many years, I’ve developed a certain perspective regarding the security of technology devices in my office and in my home…and frankly, I’m not sure if it’s “healthy” or “unhealthy”.  Here in my office, if I take a look at the devices connected around me, I see a computer with connections to internal resources as well as external Internet- and cloud-based resources; I see a little USB drive hanging off my computer; I see a smart phone with all sorts of applications loaded on it; I see an IP-based phone, with voice mail, and all sorts of other capabilities.  At home, I have a cable modem, a little wireless router, a few cable boxes, telephones with voice mail service, and a couple of smart appliances.  Although all of these devices are either essential for me to be able to do my job…or help make my time at home be more convenient and enjoyable, I can’t help but think they all have one thing in common…and that is all of these devices can be hacked!

The simple truth is that if you can plug it in, or connect it to a “network”, your device, no matter what it is, can be taken over by someone else. And the truth is that someone doesn’t have to be an experienced hacker to do some serious damage…either on purpose or by accident.

Frankly, I’m a minimalist when it comes to technology…I want to turn things on and have them work.  I don’t need every fancy attribute, but I expect that my equipment will work, and I don’t need any hassles with hackers.  Part of what makes new technology so exciting is that, unlike the old days, it works right out of the box. Now any “non-techie” can download just about any application very easily, and it just works.  However, with this “tech world” being more accessible, it also becomes more problematic…and the hackers love it!

Take a look at a quick list of devices that “experts” think will be vulnerable over the next few years as the Internet of Things becomes more widespread.  Here are the pretty obvious items: smart phones; smart watches; office computers; tablets; home computers; the cloud (services, storage, software); ATMs at banks; printers; GPS devices; Wi-Fi routers; web cams; thumb and portable USB drives; cable box or DVR; voice mail (especially those with a global call-in numbers that don’t lock out after successive failed attempts)

But how about these “less obvious” items…these might be the “hack-able” devices of the future: power strips (today, they can be infected with malware); power cords for your devices (software code can be implanted now); luggage trackers (such as the Trakdot); connected glasses (Google Glass); gaming consoles: PS3, Kinect, Nintendo; refrigerators (such as Samsung); cars with computer operating systems; smart pens (like the Livescribe); gesture control devices (such as the Leap); cameras; smart alarm clocks; coffee makers; key fobs; light switches; moisture sensors; traffic lights (MIRT transmitters can change lights to green in two to three seconds); highway signs that spell out text  And I didn’t even mention medical devices, which are frighteningly exposed to hackers.

The proliferation of all this technology creates a constant need to keep devices updated and secure. For small- to medium-sized business owners in particular, where your internal IT support may be minimal and less-experienced at best, you are uniquely vulnerable.  Experts believe the most vulnerable device in any American house is the cable box, because it is so rarely updated.  However, if a hacker takes out your cable box, the damage is pretty well contained…hopefully.  Yet, if a hacker takes out your company’s server, or critical workstations are compromised, it could bring your company to its knees, and potentially put you out of business.

If what I’m saying makes you uneasy, you’re not alone. So how should we think about our constant vulnerability? Whether it’s “healthy or unhealthy”, I make a daily assumption that everything I do is hack-able.  I have an awareness of potential vulnerabilities, and I’m trying to develop an evolving set of street smarts…all business owners should as well.

For example, when you’re traveling and working on the road, consider carrying your own Wi-Fi hotspot. You can use a secure virtual private network (VPN) to send and receive email, and to access content that you have stored in the cloud. (Truth be told, that network can be hacked too, but at least your IT person or your managed services provider can watch the logs of what information is coming and going, and attempt to fight off intruders.)

Another good rule of thumb is to keep your network cloaked, meaning, don’t name it “Joe’s Hotspot”, if your name is Joe Smith.  As a managed service provider who performs regular network assessments for prospects, we routinely look at networks, and are astonished to see how many people use their own names or the names of their companies in their naming conventions. One approach is to change the names of all your devices to your mobile phone number. That way, if your laptop is lost or stolen for example, someone will see a phone number rather than your name, and perhaps there will be less of an incentive to poke around your machine to see what’s there.

Another idea is to use passwords that are easy to remember, but difficult to crack. Experts say you’re best off with a long phrase that also includes numbers and at least one capital letter. For example, something like “Iwant99pizzasand12sodasfordinnertonight” is actually more secure than “Gx1U2y,” because the algorithms that are used to crack passwords have to process many more computations when the password is longer.  Speaking of passwords, as much of a pain as it is, please change them regularly…weekly is recommended. It should go without saying that each one of your networks and devices should have a different password. When was the last time you changed yours?  Since I know you’re wondering: there is no workaround for this and no way to short-cut the management of your own passwords.  Again, another function you could look to your managed services provider for assistance.

Another good rule is to turn off your peripherals when they’re not in use, including printers.  Same goes for nonessentials on your network, such as additional computers, game consoles, and the like. The more things you have plugged in, the more opportunities there are for penetration. Be cognizant of who’s plugging “what” into your network. An innocent-looking thumb drive can destroy your computer within seconds…scary.

The good “healthy” news is that the “tech world” is open to all, offering fantastic business opportunities “in the office”…not to mention that it teach kids how to use and control the many devices that are undeniably tied to their futures “at home”.  The truth is that open networks are vital to innovation…however, the “unhealthy” truth is that they aren’t totally secure…and probably never will be…

It is incumbent upon a business owner to insure himself that as his company data is proliferated over smart phones, home networks, everything remains secure! ANP can help you evaluate if in fact you have everything secured, what happens when an employees laptop or smart phone is stolen; can your company wipe off the data? ANP can help, check out our free network assessment below.

 Request A Free Network Assessment

Topics: IT Technology, IT security, Business Owners, Virtual Private network, home network, security of your company

Subscribe By Entering Your Email

Follow ANP



Latest ANP Blogs

Browse by Category