Small Businesses and ICT…how do you turn over the engine room keys to someone you can trust

Further to my post below from yesterday, I asked myself what would small businesses that have limited technology expertise do with regards to updating software or operating systems. I can imagine that there are many such companies where perhaps the principle of it ain’t broke, don’t fix it is the prevailing mindset.  No doubt it is not an inherently bad thing to be somewhat resistant to change but is that so with technology?

Well I can imagine that long running corporations, running huge legacy systems on ancient big iron, are very nervous of doing anything that might well bring these down and creating adverse conditions in which to conduct business. One reason I would think they do not look to going to new infrastructure, the pain of moving would be incredibly high and perhaps even so painful it brings the business to its knees. However they still do a lot of work to maintain those systems, including code releases and changes of hardware. They tend to do it very carefully. Well the ones that have an understanding of the risk a system failure poses to the business. Of course these businesses are able to hire highly skilled and experienced engineers and systems managers.

Of course not all small businesses (in fact I’d say most small businesses don’t) have huge complex systems or are running legacy code on ancient mainframes. However their technology, if it goes wrong, could have the same impact…it could drive the business under. However the difference is that the small business does not have highly skilled engineers nor managers.

So how do small business approach things like ICT support? Often they outsource their IT to professional managed service providers who do all the work for them or they rely on friends or family. Either of these are not intrinsically bad if they have undergone some measure of due diligence. If you are willing to turn over what is effectively the engine room of your business I certainly hope you know who you are turning it over to and that they are capable!

It might sound awkward to ask your friend or family member if they are competent ICT support people, but would you also ask the same of another company you want to hire to look after your IT? The answer has to be yes. However in both cases do you know  what questions to ask? You are not an expert, otherwise you’d be looking after your own ICT, right?

Well I have a very basic check list you might think of using to ask not only your friends and family but managed service providers as well. Some questions will only be applicable to these managed service providers.

  • What certifications do you (or your engineers) have?
    • Are they relevant to my needs?
      • How?
  • Can you provide me with business or customer references that are relevant to my needs?
  • How long have you been providing support?
  • Do you carry liability insurance?
  • What kind of Service Level Agreements are you able to work to? If I need 24/7/365 support can you provide it?
  • What do you do if you cannot fix my problem within the Service Level Agreement? Do you have an escalation plan?
  • Do you need to be onsite to fix my problems or can you do it remotely? If you are doing it remotely what kind of security measures do we need to put in place and why?

These questions are worded not sound harsh but to get both parties to think about the depth of the support relationship and how important your ICT is to you and your business.  It is not intended to insult your friends or families but would you rather keep your friendship or family member than give them the job in which it turns out they are wholly unable to commit to and it kills your business? When asking these questions to a managed service provider there really ought not to be a problem because if they are any good they will be able to answer them easily. They will also welcome probing questions. If the managed service provider is evasive or unable/unwilling to provide timely answers its a good sign you want to look elsewhere.

Advertisements

Messy! Why you should never have automated updates on production systems

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2060190

A pre-release version of vSphere Replication has been made available and if you have Automatic Check and Install updates selected the vSphere Replication appliance will automatically upgrade to version 5.5.
vCenter Update Manager may also have this version downloaded. VMware recommends not installing the vSphere 5.5 Replication version in your 5.1 environment.

I’m not blaming VM Ware…just dispensing some well learned experience. What I am saying is that when looking at new software (including updates) to put on your systems you need to be aware of unintended consequences. Here its an upgrade to a new version of vSphere Replication. Which will, by all accounts, leave you in a world of pain. This VM Ware technology is used to provide business continuity by replicating virtual machines.

vSphere Replication 5.5 is not compatible with vSphere 5.1, which results in an inability to manage vSphere Replication and initiate failover.

Using proper controls when releasing software and updates does tend to mitigate these kinds of issues. You should be looking to test the new software or update on a non-production environment to understand how it installs and to familiarise yourself with any interface and options or, in the case of updates, how the software has changed. You should then look to stage it in an environment that replicates your systems as close as possible to look for any issues with applications, operating systems, networks and storage. You also look to see how you roll back in the event of any serious issues, just in case.

Once you’ve done these things you should look to write up your findings and roll back techniques as part of your release management strategy (if you don’t have one…perhaps you should). If all is good and approval given in a change management meeting (aka Change Advisory Board) you go ahead and release into the production environment.

It really is not rocket science and saves you from major headaches.

Graphene wonder chips just the thing for green computing?

http://web.mit.edu/newsoffice/2013/graphene-could-yield-cheaper-optical-chips-0915.html

Graphene — which consists of atom-thick sheets of carbon atoms arranged hexagonally — is the new wonder material: Flexible, lightweight and incredibly conductive electrically, it’s also the strongest material known to man.

In the latest issue of Nature Photonics, researchers at MIT, Columbia University and IBM’s T. J. Watson Research Center promising new application of graphene, in the photodetectors that would convert optical signals to electrical signals in integrated optoelectronic computer chips. Using light rather than electricity to move data both within and between computer chips could drastically reduce their power consumption and heat production, problems that loom ever larger as chips’ computational capacity increases.

This is phenomenal technology that could well take computing to the next level. I am not going to comment more on this until I have really digested this news and after we see how good this works in the real world. I am waiting with baited breath as this kind of thing really presses my nerd buttons!

 

 

How a Grandmother, margarine, cornflakes and eggs started an online revolution. In 1984.

http://www.bbc.co.uk/news/magazine-24091393

In 1984 grandmother Jane Snowball, 72, created the worlds first electronic shopping order. Not via a  personal computer however. Rather via her television, believe it or not. She used a technology called Videotex, which allowed her to enter data via a keyboard.

So in a local government initiative to support the elderly, Mrs Snowball entered an order for margarine, cornflakes and eggs to her local supermarket which then packed her goods and dispatched them to her home.

The industry is now worth over £100 billion to the UK alone.

And it all started in Gateshead. Who would have thought a Geordie grandmother would have been a high tech pioneer!

Surface too slipery for Microsoft?

Seems the latest brainwave to hit Redmond is an offer (US only as far as I am aware) to rebate your “gently” used iPad 2, 3, or 4 for $200 gift card redeemable at Microsoft stores. Presumably to help shift their Surface devices. The ones that have been pretty much universally panned by…well everyone.

http://content.microsoftstore.com/en-us/offers?WT.mc_id=PromoEmail_iPadTradein_9-5-13_GetDetails#offer-tablet-trade

Good idea or desperate grasp at straws? I am leaning towards desperation.

 

Social Engineering gets crooks inside bank

http://www.bbc.co.uk/news/uk-england-london-24077094

It seems that a criminal group tried to access Santander via a remote device. The social engineering bit was a phoney third party engineer who was able to gain access to the branch computers and install a device (apparently a KVM “keyboard video mouse” switch) that would have been able to allow remote access to the computers.

KVM switches are mainly used in server rooms to allow one monitor to access multiple servers located in one rack. Sometimes users will have switches like this if they have more than one physical computer but only one monitor.  One question here is where the device was installed. Of course the most pertinent question is how the engineer gained access to the branch.

Luckily for Santander the device was never activated and that could have been down to internal procedures regarding the release of kit into live environments…as it stands we do not know.

As the story is still breaking, and although the perpetrators are in custody, there are questions here that need to be addressed and evaluated to ensure that banks, and other businesses that use third party companies to support their ICT infrastructure have the right measures in place to prevent such an occurrence.

What these are will be dependent on the company but there are some fundamentals that every company can follow…

  • Due diligence on the third party company
  • Be wary of unsolicited visits
  • Do not give any information out to anyone unless you are satisfied (and verified) their authority
  • Train your staff on how to deal with social engineers and more importantly to identify such attacks.

This is a good starting point (which also deals with phishing attacks) –

http://www.us-cert.gov/ncas/tips/ST04-014