Articles / White Papers

Tuesday, March 06, 2012
Kevin Beaver, CISSP
It’s as predictable as the rising sun. Organizations often spend effort and money securing their more visible systems such as Web applications, databases and the like but often forget about their “lowly” email servers. Sure, email servers aren’t all that sexy and there’s certainly not much to them compared to, say, a Web-based ERP system. But this leads to the common assumption that they’re not a target for hackers, malware and rogue employees looking for ill-gotten gains.
 
There are a few issues with this approach:

1. Your email server is critical – arguably the most critical system on your network. We’ve all experienced email being unavailable. Spread that pain across your entire organization – especially if email is down for a considerable time – and you’ve got quite the dilemma on your hands.

2. Your email server has vulnerabilities just like any other system on your network. From weak email account passwords to missing patches to outdated anti-malware protection, there are numerous weaknesses that can put some of your most sensitive information at risk. All it takes is someone with free tools and minimal skills to scan for and exploit vulnerabilities on your server. Weak passwords can be exposed on webmail systems with even less effort. Malware propagation is a given that affects everyone.

3. Regardless of whether you believe you’re a target or really have anything of value that the bad guys want, you are and you do. It may not be sensitive emails and files shared on public folders but instead processor cycles and network bandwidth. Many of the attacks today are not intended to access critical information but rather so the bad guys can setup shop and use your system to attack others.  

If you don’t have the proper resources to properly manage the security of your email server – or your network overall – then outsource the hosting and management of it to a reputable cloud provider who can. 

You cannot secure what you don’t acknowledge. Make sure your email server is included in your ongoing information security testing. In the end, if a computer system has an IP address or a Web URL then it’s fair game for attack. It’s up to you to take the proper steps for minimizing the risk of a security incident and then prepare yourself and your organization for when something does go awry. You’ll never have 100% security and that’s okay. Just avoid being one of the organizations that has zero percent. 

About the author 
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 23 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com and you can follow in on Twitter at @kevinbeaver.
Wednesday, January 18, 2012
Dave Mims, President

While cloud computing has been generating buzz for the past several years, this technology will continue to gain in popularity in 2012 – especially among city governments. Leveraging cloud-based technology eliminates capital and operational expenses associated with servers, software licenses, maintenance fees, project labor for software upgrades, and, more. Other benefits of the cloud include:

1. Lower, affordable, monthly costs for exactly what is needed. Pay monthly for needed hardware, software, and services. IT is scalable – add or subtract users as necessary, and the cost is adjusted on the fly.

2. Clear, transparent ROI. Information technology has matured into a transparent reportable investment. A cost analysis of the money spent for traditional hardware, software, and services can be outlined and compared against a flat monthly operational-cost model. When this cost analysis is performed, many cities often uncover an opportunity for instant cost savings.

3. Included, no-cost hardware and software upgrades. With “pay as you go” IT service models, there is no longer any worry about upgrading hardware or software. With a city’s monthly costs, all upgrades are included.

4. Minimized risk of data loss and security breaches. With an IT environment that is monitored and maintained with consistent, upgraded, quality hardware, software, and services at a monthly cost, the burden of data retention, security, and maintenance falls upon the service provider. Recovering from theft or a disaster can be much quicker and more cost effective for the city.

The Changing Face of IT

Many cities have over-spent, under-spent, risked data loss, slowed employee productivity, and jeopardized the completion of major projects during the last few decades while wrestling with information technology. As IT has evolved through mainframes, desktop computers, the 1980s software explosion, and the 1990s Internet explosion, the last decade found nearly all organizations having to harness information technology in some form. Like everyone else, cities have had no choice but to learn and wrap their minds around information technology’s revolutions and evolutions.

“Pay as you go” IT services, reflected in flat monthly operational costs (versus expensive upfront capital costs), will lead to high quality, low cost technology infrastructures for cities. A January 2009 article entitled “Buyer Beware” from Public CIO states:

Despite [service issues from vendors], government organizations still turn to the private sector for help with their IT management. This trend will accelerate as workers currently managing legacy systems retire, organizations update technology, enterprise-wide software applications are implemented and shared services arrangements are adopted, infrastructure and applications become more complex, and securing talent at government salary levels becomes more difficult.

Information technology is evolving toward more of an operational cost and less of a capital cost. This involves “pay as you go” monthly fees for hardware, software, and services that can be turned off and on, saving significant money for a city’s IT budget – and overall bottom line. An expensive upfront capital cost is often an obstacle for cities when they wish to invest in essential IT infrastructure. With a series of smaller, more predictable payments, it is easier to justify such costs to city decision makers.

As can be seen, anyone concerned with a city’s IT budget needs to seriously consider cloud computing as a tool to reduce costs and save money. And with increasing budget shortfalls and greater calls for transparency, the time is ripe for cities to reexamine their IT budgets and find ways to save hard dollars through these emerging technologies.

Five Questions to Consider
 
1. Have you ever discussed the city’s information technology spending in terms of money saved each year (ROI)?
 
2. Identify a list of hardware and software upgrades you need. Is the upfront cost of this hardware and software prohibiting you from moving forward with upgrading the city IT infrastructure?
 
3. Look at your city’s IT budget. Are most of your costs related to capital expenses? Operational expenses? “Services” expenses? Do you know where the money allocated for your city’s IT budget is clearly going, and why?
 
4. Can you say with confidence that all servers, workstations, and network infrastructure components in your city are 100% current with patches, antivirus, antispyware, and security protection? If not, why?
 
5. Can you say with confidence that the city is not in danger of data loss or significant down time to critical applications at Public Safety or City Hall? Are there risks for security breaches?

As you enter a new year, are you confident in your city’s security infrastructure? Are you taking advantage of available technology to streamline IT costs and operate more efficiently? There is still time to examine your IT infrastructure and make the necessary changes for 2012.
Monday, November 14, 2011
Dave Mims, President
Sophicity recently surveyed Georgia cities with populations of 2,500 or greater. We were pleased by the overwhelming response – 144 cities of the 199 surveyed – or a response rate of more than 72 percent. However, the findings generated even more questions and concerns on the state of our cities’ IT infrastructure.

According to the survey results, cities are taking on extremely high risk due to unmanaged break fix environments.  In sum, cities are operating networks that are ripe for IT breaches , data loss, and system failure.

Sophicity surveyed cities on the following questions:
  1. How many people work at the city?
  2. How many people who work at the city are considered IT staff?
  3. Do you use a contractor or vendor in place of IT staff?
  4. If your city does use an IT contractor or vendor, is it for break/fix support or more proactive services?
Seventy eight percent of respondents reactively addressed IT needs. In short that means they are waiting for something to break. Only 11 percent proactively manage IT, while the remaining 11 percent didn’t know.
 


52 percent of the cities responding had no IT staff and no vendor.
 
 

If we break down the responding cities further by population, our survey identified:
  • Cities with populations from 2,500 to 4,999 are more likely to be reactive when addressing IT needs – up to 90 percent of cities in this category responded that they reactively address IT needs or wait for something to break. Only 9 percent proactively managed IT, and the remaining 1 percent didn’t know. 69 percent of the cities in this group don’t have an IT staff or IT vendor.
  • Cities with populations from 5,000 to 24,999 are faring a little better. In this group, 45 percent of respondents are reactively addressing IT needs. Only 10 percent are proactively managing IT, and the remaining 45 percent didn’t know.  More than 65 percent of the cities in this category also work without the benefit of an IT staff or a vendor.
  • Cities with populations from 25,000 to 49,999 are 56 percent reactively addressing IT needs. None of the respondents in this category are proactively managing IT, and the remaining 44 percent didn’t know. Thirty one percent of the cities responding have no IT staff or a vendor.
  • Cities with populations of 50,000 or greater are 21 percent reactively addressing IT needs. Only 7 percent proactively manage IT, and the remaining 71 percent didn’t know. Surprisingly, 43 percent of these cities that responded have no IT staff or a vendor.
The numbers paint a troubling picture and generate even more troubling questions. What city and citizen data is at risk for being compromised, hacked, or lost? What costs are rising from inefficiencies? What services are not being provided that could be? Who will our citizens turn to when a disaster occurs? Will the city be ready to help?

Benjamin Franklin is credited as saying “an ounce of prevention is worth a pound of cure.” That quote is applicable today to cities skimping on IT costs to “save” money. Don’t neglect. Get someone competent and skilled in place to manage the city’s IT needs day to day as well as strategically planning and preparing for the years ahead.

Hire a competent person, Engage a credible vendor, or do both. Don’t fall victim to data loss, system failure, or wasted / dated time consuming inefficiencies.
Tuesday, August 16, 2011
Ray Pedroso, Apptix VoIP Business Specialist
Financial responsibility. Effective communication. Internal efficiency. These are goals that government agencies work hard to meet every day. However, the technology used to reach these goals has changed; email, websites, and security cameras are all tools that have become important in just a few years. Yet one piece of indispensible equipment too often gets neglected, even though we use it every day – the good old-fashioned telephone. But how “good” is your phone?
 
Voice over Internet Protocol, better known as VoIP, is an internet-based form of telephone service. It offers a reliable, technologically advanced alternative to traditional PBX systems. Although VoIP has been around for years, many government agencies and organizations have not adopted it for a simple reason: their current phones are still working. However, hosted VoIP service has a number of features and benefits that can help you reach your goals better than traditional telephony solutions.
 
Financial Responsibility
VoIP represents significant cost savings on a monthly basis, with plans providing reasonable local calling and unlimited long-distance in the United States and Canada. Low set-up fees and affordable equipment (whether purchased or leased) contribute to a low total cost of ownership for state-of-the-art functionality. In addition, hosted VoIP service is completely scalable. Adding or deleting users is simple, and you only pay for the users you have.
 
Effective Communication
Because VoIP is internet-based, it is possible to have identical, seamlessly integrated services across multiple locations. Enterprise-class call management capabilities, including extension dialing, call transfer, call forwarding, call waiting, email to voice mail, and an “auto-attendant” (virtual receptionist) are all standard features available even to small organizations. Telephone communication becomes more powerful and more professional through these advanced features, with no loss of quality. Your calls are carried over a private, managed network that ensures top Quality of Service (QoS) for your voice and data calls.
 
Internal Efficiency
The transition to VoIP is easy – most providers pre-configure the equipment and some may even assign a dedicated resource to guide users through the process. In addition, there is no loss of productivity associated with the move –Local Number Portability (LNP) allows users to maintain the same phone numbers that constituents are familiar with, so government communications can continue as usual. 
 
Once the system is in place, web-based system management tools provide anywhere, anytime access to mange accounts, create greetings, add hold music or messages, or to set inbound and outbound calling rules. Internet devices such as PCs can function as “phones” on a VoIP system, enabling you to stay connected with the same level of quality and functionality from virtually any location.
 
An investment in a hosted VoIP system is an investment in the quality of your communications. VoIP is flexible, scalable, and cost effective, allowing governments and agencies to take advantage of updated technology without a large up-front expense.  VoIP ensures that your phone really is good enough to meet your needs.

Ray Pedroso is a VoIP business specialist for Apptix, a premier provider of business communication and collaboration services including voice, email, and web conferencing. For more information about Apptix VoIP services, visit www.apptix.com or contact Ray at 866.688.0127 ext. 4015.

Tuesday, June 14, 2011
Kevin Howarth, Director of Business Development


Billy Edwards
City Manager
City of Hinesville, Georgia

Billy Edwards is responsible for the day-to-day operations of the City of Hinesville, Georgia and oversees all City government departments. He acts as a liaison between the City Council and the public by responding to inquiries and resolving conflicts. He is also responsible for oversight of the City Council meeting agenda process and implementing policy decisions made by the Council members. Having served at the City for over 30 years, Billy has a wealth of experience in city administration and shared some of his insights with Sophicity.


What are the biggest challenges facing the City of Hinesville?
The biggest hurdle to overcome is budgetary concerns in a down economy. Last year, when we were putting together our current fiscal year budget, we had to make some tough decisions. We ended up dipping into our fund balance much deeper than I think anyone was comfortable doing. However, we were able to avoid layoffs and substantial reductions in services or employee benefits.
 
At the same time, we are a growing community. We’re not growing as fast if economic circumstances had been different, but we’re still growing. We have some capital projects that need to get done, and getting funding for those is obviously far more difficult now than it was then. We’ve got some infrastructure issues primarily with regard to potable water demand which we anticipate increasing as a result of continued growth. We expect to grow substantially over the next 10 years or so, and some of our growth will be the result of additional troops assigned to Fort Stewart over the next 4 years.

How does technology fit into the City of Hinesville’s strategic vision?
Along with enhancing communication, technology allows fewer people to get more accomplished. One example of technology’s benefits for the City of Hinesville is with water meter reading. Back in the old days, we had meter readers go out, visually look at every water meter, write down the data in their car, and bring it back to the office so they could key punch it into a computer. Then a bill would be produced as a result of that process. We gradually migrated to a system where meter readers do not actually have to read or write any data down. All data is captured on a little portable computer that they carry around with them. They also use a system that will allow 2 or 3 people to read the entire county’s water meter data in one day. That helps us get more accomplished with fewer people and frees up staff time so they can do more service calls.
 
About 20% of our utility customers pay their bills online now. When face-to-face contact with water customers is reduced, customer service representatives have more time to focus on service and less time having to multitask. That’s helping us substantially. We are also building a citywide wireless network for our employees. It’s primarily for public safety (police and fire), but other employees can use it too. Those individuals will have wireless connectivity if they are on a City-owned network. At this point in time, we have to deploy hot spots to accomplish this goal. That means staff has to drive to a hot spot to get connectivity to the City’s network.
 
There are many benefits to having a citywide wireless network. For example, if a police officer is out in the field, he or she can write up a report immediately instead of having to come back to the office. Wireless also helps us in an area like the inspections department. Inspections staff is able to provide near real-time information back to their department, which can facilitate the building permit process. Overall, we find that wireless improves response time and also cuts down on travel time.

How has the City of Hinesville leveraged GIS?
We’ve had a GIS operation for probably 25 years at the City of Hinesville. As an example of how we use this information on a daily basis, I recall recently visiting with a citizen and utilizing GIS data to explain why he couldn’t do what he wanted to do on his property. We looked at an aerial photograph that showed clearly why their property situation was a certain way. GIS is a great communication tool. It’s also helpful for economic development because we’re able to meet with individuals who are interested in potentially locating a business in Hinesville. GIS helps us better discuss what property is available and what kinds of services we have. Also, departments such as police, fire, and inspections use GIS very effectively.

How have mobile devices impacted the City of Hinesville?
Sometimes I feel we can be a little too connected to our mobile devices, but I also don’t know what we’d do without them anymore. Their primary purpose is to help us stay connected and communicate, but they also help me individually to keep my schedule organized. I am anything but in control of my time since I’m often at the service of city staff, elected officials, and citizens. But my mobile device allows me to stay abreast of where, when, and what I’m supposed to be doing. Since I am called out of the office so much, I’m able to stay connected to my email and other data which prevents me from getting swamped whenever I return to my office.
 
With everyone always checking their smart phones, the downside is that we have a tendency to lose focus on what we’re doing at the time. I don’t know how somebody can focus on what a speaker is trying to tell you when you’re texting or responding to email. I think we’ve diluted our attention so that we don’t focus enough on what we’re doing at the time we’re doing it, and so our depth of understanding is somewhat minimized.


How do you stay informed about not only your City but also wider municipal trends?
For me, the Georgia City-County Management Association (GCCMA) and the International City/County Management Association (ICMA) are the two primary points of intersection with my colleagues. I think everybody, regardless of industry, should have a group of individuals from their profession who they talk with on a regular basis. There are people I call on for advice and ideas on occasion, and it’s reciprocated.
 
Within the City, I meet with key staff on a regular basis. That includes our IT director, police chief, fire chief, chief financial officer, and other department heads. We’re all in close proximity to each other, so we stay in touch and they keep me abreast of anything significant I need to know. We have bi-monthly staff meetings and review Council meeting agendas to make sure we have all of our bases covered, but we also use that opportunity for each staff member to inform other staff members about key issues that may impact or be of interest to the other departments.

What do you do for fun?
I like to spend time with my family. I also like fishing. I enjoy salt water fishing in Liberty and McIntosh Counties and catching speckled trout, redfish, and flounder. It’s nice being out on the water in a boat even if you don’t catch any fish. I’m actually rebuilding a boat right now. I’ve got a little 14-foot fiberglass boat that I’ve gutted, and I plan to tear it up and rebuild it. It remains to be seen whether or not I have the courage to put it in the water!
 
Visit the City of Hinesville, Georgia online at cityofhinesville.org.
Wednesday, May 18, 2011
Kevin Howarth, Director of Business Development
Data backup and disaster recovery are probably the most important and least appreciated areas in information technology. When VML Insurance Programs (VMLIP) noticed data backup costs increasing too much while unnecessarily confused about exactly what services they were getting, they needed to reassess and find a different solution with less cost and comprehensive coverage. Steven Bergman, Director of Technology & Operations, shares his insights about VMLIP’s initial data backup problems and how he solved them.

What was VMLIP’s initial problem with its data backup?

First was cost. I felt our vendor was overcharging us. We also had difficulty restoring individual files or mailboxes, and the headache and hassle of working with the vendor was starting to take way too long. I never understood how we were billed and exactly how much data was covered.

What did VMLIP need as a solution?

We looked at several co-location facilities and initially thought we would replicate our data over to them. However, the costs in most cases were outrageous. We needed a cost-effective umbrella solution encompassing data backup, disaster recovery, and business continuity. We decided it was in our best interest to see if there was one vendor that could provide all of these pieces.

At first, the vendor research was frustrating. Even though we were clear about what we wanted to back up, vendors seemed to ignore that we had a lot of data in file shares that worked on virtual machines. They often said, “Oh, we didn’t realize you wanted that data backed up too.” And all of a sudden the price jumps way up. That happened three times with three different vendors. We told them exactly what data we had, and in all three cases they didn’t listen to us.

What did Sophicity provide as a solution?

Sophicity provided us with a reliable data backup solution that minimizes the risk of data loss because of how often (every hour) our information is backed up throughout the day. If we lose information, it’s an easy restore process. We just contact Sophicity’s helpdesk and files get restored. We also saw a dramatic decrease of 60% in monthly expenditures.

We partnered with Agility for continuity to provide a place to work in case of disaster. With the combination of Sophicity and Agility, we have data backup and disaster recovery, more options and less cost. Also, there is no bureaucracy to go through when getting data restored. With Sophicity, you send them an email or give them a call, they get back in touch with you, they get on it as soon as possible, and they do it.

Why would VMLIP recommend that local governments consider this solution?

First is cost. For what you’re getting, it’s a cost-effective solution. Second, many local governments probably have a data backup solution but not disaster recovery. It’s one thing to have your data backed up offsite, but if you lose your facility and you have no equipment, then what good is your data? Sophicity’s data backup and disaster recovery solution, along with the ability to either fail over to their data continuity appliance or they ship us another server, is very valuable in minimizing our downtime.

This article was originally published in the May 2011 issue of Virginia Municipal League's monthly magazine.
Tuesday, April 19, 2011
Dave Mims, President
Over the past few years, we have witnessed many technology support companies take advantage of the tendency for cities to simply pick the cheapest solution. Municipal procurement processes often encourage a “low price” philosophy, but this philosophy is especially damaging when information technology is treated like office supplies or a desk. Many technology vendors know how the game works, so they often submit a vague cheap quote that sounds good on the surface. When technical expertise is lacking, cities time and time again go with the cheapest solution.

It doesn’t take a prophet to predict what will happen 2-3 years down the road: frustration, bad service, and (yes) disaster. Cutting corners in the short-term leads to hemorrhaging money long-term. Not only are taxpayer dollars wasted, but cities do not realize the full ROI and value that information technology should be providing.

Unfortunately, information technology remains one of the most complex and least standardized services. It is often difficult to understand technology, equally compare technology vendors, and adhere to any standards (due to a lack of federal, state, or local regulations concerning technology support). As a result, many cities suffer from aging hardware that slows staff productivity, technology environments that are only fixed when a major disruption occurs (at which point it’s usually too late), information security that is the equivalent of leaving the doors of City Hall unlocked, and lack of data backup and disaster recovery. And cities thought their managed services provider was helping. So how did they end up here?

Asking the Right Questions and Understanding What You’re Getting

Many cities do not have the technical expertise to fully understand what “technology support” entails. Vendors often play up to this lack of understanding, focus solely on price, and get your business. We call this the “bottom feeder” approach. Cities think they’re getting a deal – until they see the bills that come later. Any problem that arises with a “bottom feeder” vendor often leads to a) another bill, and b) a chance for the vendor to upsell you on another product or service.

As you will see below, vendors will present services to you that are misleading and too good to be true. This article explains a set of typical “managed services” features that bottom-feeder vendors provide. I’m sure you’ve heard these claims. Perhaps your current provider even provides these “myths” to you. We ask you to challenge current and potential vendors with these questions. No matter what vendor you choose, understand what you’re getting.

24x7x365 Coverage

Myth: The vendor says they are providing services 24x7x365. That means they are taking care of my technology equipment 24x7x365, and whenever I have a problem I can call someone.

Fact: This is not true unless additional specific help desk support coverage is specified. It is typical for a managed services vendor to install agents on hardware and monitor it 24x7x365. That only means they are monitoring for problems. It does not mean you have access to a person for help 24x7x365.

In most cases, there will be long stretches of time during the week when either a) no human is staffed to cover your technology support, b) the person who is providing support is either the lowest-level technical resource or a non-technical resource, or c) a call center (usually with Tier 1 support somewhere unknown or offshore) will answer your calls 24x7x365. Depending on if any helpdesk hours are bundled into your monthly fee, these calls (and any problem resolution) will cost you money if steps need to be taken to solve a problem.

“Local” People Helping You

Myth: I feel comfortable using a local managed services provider because I trust these local relationships more than an outsourced or offshored model.

Fact: Do you really think your managed services costs are so low without any outsourcing or offshoring taking place? Numerous managed services providers engage your business by way of a local sales representative (e.g. CEO of company, account manager, etc.). However, they are often the only local staff of that company. In order to keep costs very low, these companies have to outsource and (in many cases) use offshore models in order for their companies to provide you cheap 24x7x365 coverage.

In other words, you may not be getting United States-based coverage. If that aspect is important to you, it is useful to know that many vendors are not forward about who and what type of engineers are providing you services. Thus, your level of comfort with a “local” provider is based on a false assumption.

Equipment Monitoring and Maintenance

Myth: The vendor is always monitoring my servers and workstations. That means when they find a problem, they fix it.

Fact: The vendor will certainly monitor and be alerted to any technology issues. However, this does not mean they will fix the problem. (It may just mean they closed another sale!) Automatic maintenance is usually limited only to the basic of basics: patching, removal of temporary files, running spyware scans, collecting data about the health of your hardware, etc. Maintenance does not mean fixing your servers or workstations when critical issues occur. You will be billed extra at a time when your choices are limited.

Conclusion

Below, you will find questions that give you a guideline for interviewing vendors about their services. Remember:

  • They prefer you don’t know what 24x7x365 really means – only that it sounds like it’s covering you all of the time.
  • They prefer you don’t know they are using offshoring to present a cheap solution to you – only that you’re reassured by their local sales presence.
  • They prefer you don’t know how much (or how little) “maintenance” really means – until a disruption occurs and they can start billing you hourly for “unexpected” costs.
Information technology support may be a difficult area to evaluate. The pressures for city administrators to bid out technology support and make a decision as quickly as possible may tempt them to think most vendors are the same. City Councils who are perhaps focused only with cost may simply rubber stamp the lowest cost solution. But the consequences of such decisions will haunt cities later with server and workstation failures, security breaches and viruses run rampant, data loss, and public embarrassment when audits reveal a staggering lack of technology professionalism – and waste of taxpayer dollars.


10 Questions to Ask Technology Support Vendors

  1. Define 24x7x365. What does it exactly mean?
  2. Are the vendor’s engineers working 24x7x365? Are they on shifts? What level of engineer is on these shifts? Can I meet these engineers? Where are they?
  3. Am I calling into a call center? Where is the call center? Trace the route of an issue from the time I call in to the time it’s resolved. What is the resolution time for an issue? How quickly can someone arrive onsite?
  4. Do I get the same type of engineers after hours that I do during normal business hours? Is it an engineer? Are issue resolution times consistent across all coverage hours?
  5. Do the engineers receive background checks?
  6. Who has access to my data and sensitive information such as passwords, user names, etc.?
  7. When an alert is generated, what happens next? Am I notified of the problem? When?
  8. What specifically is monitored? What different equipment is exactly supported? What automated activities are occurring to “maintain” my hardware?
  9. When a piece of hardware fails or has a critical issue, what happens?
  10. Why is my managed services contract so thick?
Tuesday, March 15, 2011
Kevin Howarth, Director of Business Development


Chris Lagerbloom
City Manager
City of Milton, Georgia

Chris Lagerbloom was appointed as City Manager for the City of Milton in February 2009. He also served as the Director of Public Safety and Interim City Manager for the City of Milton prior to being appointed as the full-time City Manager. During his time with the City of Milton, Lagerbloom coordinated the initial deployment of police and fire services, synchronized and implemented policy and employed a top-notch staff. After moving into the Office of City Manager, he took the lead on moving the City of Milton to performing more services in-house, which represented a cost savings of more than $1.5 million. Before joining the City of Milton, Lagerbloom served as an accomplished public safety executive in various capacities with the City of Alpharetta from 1995 through 2006, working his way up through the ranks from Police Officer to Police Captain.


What are some of the biggest challenges facing Milton?

Like everyone else, our biggest challenge is managing our competing needs with available resources. A down economy has hit us hard during the last couple of years. As a result, probably the biggest challenge we have is adapting our service delivery to this new “normal.” I think dealing with this new reality is a better way to look at our situation, rather than waiting for an economic rebound that may or may not occur at some point in the future.

We’ve looked at how we leverage resources and tried to find ways we can diversify our internal staff, along with partnering with business and other governments external to our organization. We’re figuring out the right balance: what’s essential, and what’s nice to have. That’s a big challenge. We’re also newer than most cities, and we’re still dealing with many challenging first-time issues and items.

How have you been overcoming budget issues?

The down economy has renewed our respect for every dollar. We’ve looked for cost-saving measures and ways to tighten our belts in areas as large as limiting overtime in our Police and Fire departments to something as small as whether we provide coffee services at City Hall. We’ve taken each area and asked, “What is critical? What is the city using the public’s money for? Do I need it to keep the doors open?” If the answer to that last question is no, we’ve tried to limit those expenses. We also celebrate when we tighten expenses and save dollars, even if they’re small.

As we close out our fiscal year 2010, we have a fund balance of $7.5 million out of a total budget of $18 million. That’s a great percentage of revenues over expenditures, which keeps our reserves strong and will allow for additional capital projects to be completed this year. My philosophy of budgeting is to anticipate revenues conservatively and expenditures liberally. We’ve continued to outsource portions of government that we think are right for outsourcing, particularly in our Public Works department. We’ve also done our best not to acquire depreciating assets (e.g. lawn mowers, dump trucks, etc.).

How does technology fit into your overall strategic vision?

We have embraced technology. We recognize there are roles and tasks that technology is replacing the need for a person to do. We try to implement technology solutions when it makes us better at doing what we do. The explosion of social media has also affected us, especially considering the number of citizens with whom we can now connect. Before, we would have not had those relationships. After the January 2011 ice storm, we provided real-time updates to our citizens about what roads Public Works crews were on, when roads opened and other important news. The feedback we received from our citizens was amazing. With their cell phones, they were able to know when we were going to have plows on their road.

How has the city leveraged GIS?

We use GIS in just about every city department. Public Safety uses it for emergency responses. Every fire hydrant in Milton is plotted with a GIS layer. We’re documenting and inventorying our city infrastructure. Community Development uses GIS for zoning and land use. Finance uses it for tax parcel IDs and acreage. It is truly used across the city.

We currently don’t have a GIS program in which somebody could go to our website and access public GIS data. They can do that at the county level, but Milton’s data is more accurate because we only have to maintain it for a small portion of the county.

We even leveraged GIS as we were going through our initial ISO rating for the fire department. Inside the cockpit of our fire trucks, our firefighters can pull up what appears to be a satellite image of the location to which they are responding. On the satellite image, they can click on the building and it automatically pulls up building floor plans, hydrant connections and other things that make fire operations smoother, right on their computer.

How do you connect with and learn from other municipalities?

In North Fulton county, we probably have one of the strongest groups of available city and county managers and administrators with whom I’ve ever had the opportunity to work. I can call any of our partner cities for help, and I am lucky to have some pretty experienced managers in this area. As I was contemplating taking this position, one of them told me that if I’m not afraid to ask for help, they were not going to let me fail. That was a powerful statement – somebody who has been in the city manager business for 30 years telling me its okay not to know everything. I rely upon these men and women tremendously.

Networking is also important and one of the most critical things people can do to stay successful. You don’t have to be an expert in everything. You just have to know an expert. I stay involved in the Georgia City/County Managers Association, and I’m a member of ICMA. I’ve had the privilege of being selected this year for ICMA’s leadership class of 2012. Fifteen people from across the United States and Canada were selected. The networking and outreach that has come with this opportunity is just phenomenal.

How do you stay informed?

My peers are a great source of information. I’m also a big reader of PM magazine (which is ICMA’s magazine), Governing magazine, and the Harvard Business Review. I’ve established a strategy team in the City of Milton consisting of eight department heads. We not only get together to manage the business of the city, but we also get together to invest in each other’s professional development.

We’ve read books such as Good to Great and will be reading A Whole New Mind. A Whole New Mind is an interesting book. It analyzes how the left brain thinkers of the world, those people who deal with analytics and strategy, have to find some way to exercise their right brain. If there is a technology solution that can replace people, then it’s being implemented. If a job can be outsourced cheaper overseas, then it’s being outsourced. If you don’t exercise your creative abilities to get your right brain working in conjunction with your left brain, over time it becomes more difficult to answer the question, “Why do you provide value?” In our business, city managers often present cases to City Council. Where we probably fall short is with our ability to tell a story. People don’t always remember numbers, facts and figures. But if you tell a story, they’ll remember. That philosophy also applies to how you relate to citizens. You’ve got to demonstrate you’re doing something for your citizens that they can’t get from a computer or overseas.

What do you do for fun? How do you enjoy your free time?

I have a six-year-old who keeps me running ragged. We have a lot of fun. At this point in his life, baseball and Harry Potter keeps us occupied. I also have a wonderful wife. My favorite hobby is cooking. My specialty (and I think my staff would agree) is barbecue. And I’m not talking about a hamburger on a grill. I’m talking about real, honest-to-goodness barbeque! We do barbecue about once a month at City Hall.
Monday, February 14, 2011
Kevin Howarth, Director of Business Development


Phil McLemore
City Administrator
City of Duluth, Georgia

As the independent focal point for daily City operations, Phil McLemore guides the City of Duluth through surges in residential, commercial, and quality of life growth. Mr. McLemore works with a municipal staff of 138 employees, manages a $42,543,413 annual budget, and advises the Mayor and Council on strategic and tactical planning, budgeting and programming. He has been with the City of Duluth since 1996. Before coming to Duluth, he worked for Polk County government in Florida as the Development Services Director and, prior to that, he worked for Cobb County government and the Atlanta Regional Commission. He currently resides with his wife in Dunwoody. They have one daughter who has made him a proud grandpa of two girls and a boy.


What are some of the biggest challenges facing the City of Duluth?
 
While our City faces various challenges such as embracing diversity, maintaining infrastructure, and expanding parks, they all take second seat to the economy and the City’s budget. Duluth’s major challenge right now is building back the 20% of our general revenue that we lost to the recession at the end of 2008.
 
At that time, Duluth had to find a way to balance its next budget. The loss of revenue meant either tax increases or expense cuts to offset the loss without cutting services. We also had to maintain the support of our citizens at a time when many were losing their jobs. The City decided to form a citizens budget committee with 44 volunteer members. The citizens received information about the City’s expenditures from the previous budget to study, and they were encouraged to ask questions. Each City department appeared before the citizens group to explain what they had cut and what the impacts would be for additional cuts.

What actionable information resulted from this citizen group?
 
The Citizens were told that they could recommend a reduction of employees, furloughs, tax increases, reductions in reserve funds, and any other ideas. The group indicated they felt more services should be paid for with fees by those who used that service. For example, our court operation was a big cost item. However, those using the court were paying no more for its operation than those who never used it. The group recommended that the City establish a $20 court usage fee. This fee was put into place and it generates $200,000 a year in new revenue.
 
The group also recommended that the new software and handheld hardware purchased for our police officers should have a technology fee charged to all users of the technology. As a result, the City added a fee to every ticket that is now going to pay off the cost of new software and hardware. Wrecker services, business licenses, alcohol permits, parks, city events, and sanitation were additional areas that the group felt the City could charge fees.
 
In 2009, these fees (along with cuts by staff and some reserve funds) balanced the City’s budget. In 2010, the same approach was used and the citizens committee determined that they did not want to cut City services. They recommended a tax millage increase of up to 1½ mills, the use of more reserve funds to balance the City’s budget, and that the City look into a stormwater utility as another method of charging fees. The City’s use of a citizens budget committee has proven to be one of the best tools the City has ever used in developing a working relationship with its citizens.

How does technology fit into your overall strategic vision?
 
A couple of years ago we recognized that the technology we were using was almost 20 years old and it was becoming too labor-intensive to do anything with our existing system. One example was that our City Council was receiving complaints about speeding tickets. Our police chief has repeatedly said we don’t stop people unless they are going more than 15 MPH above the speed limit. The Council wanted clear documentation as to how many tickets we had given for speeding less than and greater than 15 MPH. We had no technology that would let us query the system and give us that information. The police chief had to assign one person who manually went through every single ticket for the year, and it took that person one week of work to come up with an answer. After we updated our system, we can now do it in 15 minutes.
 
With the help of an IT consultant who helped us find the right software, we have seen tremendous changes in our efficiency since the software has been implemented. One of the greatest changes is evident in the Police Department. From the time a police officer writes a ticket, our police and court system used to manually rewrite the same information five different times. Now all of our police officers have handheld units in which they key in information. And that’s the last time someone needs to write down that information.

So this software had a major impact on public safety and many other departments?
 
This past year was the first time when we’ve had the software system up and operating to use with our annual budgeting. When we presented our financial information to City Council, we showed them the budget for each department through our software. The process went faster and easier because we could easily pull up any requested information. We didn’t have to go make changes and send it back to Council on another day. If Council wanted to make changes in the budget, they could be done while we were meeting.

How has the use of mobile devices impacted your city?
 
All of our department heads and key employees have iPhones now. These devices have become a good way of transferring data. We probably use them more for data than for voice. If I’m out of the office, I can access email on my iPhone and respond immediately if necessary.

How do you connect with and learn from other municipalities?
 
I am fortunate that the City of Duluth is in a county with fifteen other cities. Because of this number of cities, the Gwinnett Municipal Association was formed. The Association charges a fee for each City based on the number of citizens who live within that city. The money is used to hire a full time director who keeps all Gwinnett cities informed and acts as a State lobbyist on behalf of the cities. This group of united cities also has a much stronger voice when dealing with the County on items of common interest.
 
The Gwinnett Municipal Association meets twice every month. One meeting is for elected officials from the various cities, and the second meeting is for mayors and city managers. The city managers from the various cities will also contact each other between meetings to discuss items of common interest.
 
An example of the cities working together and exchanging information is their joint concern regarding fair and equitable treatment by the County of the City’s taxpayers. All of the cities joined together and paid for a study to look at what the City taxpayers paid for County services. The study’s findings indicated that city taxpayers overpaid the County for services they did not receive by as much as $20 million per year. Duluth taxpayers were paying over $2 million a year for services that were not received from the County such as police service, planning, zoning, and transportation. Duluth has its own police, planning, and zoning departments and does not use those services from the County.
 
Armed with documentation, the cities in Gwinnett have been trying to negotiate a settlement with the County to lower its tax millage on the services it is not providing to cities. The cities are expecting some type of agreement on this early this year.
 
In addition to the Gwinnett Municipal Association there are a few other organizations in which I participate. The Georgia City County Management Association provides education programs throughout the year and informs City and County Managers about state and federal issues that may affect them. The Georgia Municipal Association attends almost all of the Gwinnett Municipal Association meetings and keeps the cities informed about State laws and legislation. They also provide training for both elected officials and staff during the year. I am also a credentialed member of the International City/County Management Association which requires a minimum of seven years in a City Manager position as well as a minimum of 40 hours per year of study.

What do you do for fun? How do you enjoy your free time?
 
When there is free time, I spend it with my grandkids. I have three. I spend time with them doing anything they want to do. I’m fortunate in that they’re only about 15-20 minutes away, and we see other just about every weekend. I also enjoy getting outside and jogging, reading, and vacations that allow me some time to get away from everything!
 
Monday, January 17, 2011
Kevin Howarth, Director of Business Development


Patrick Dale
Director of Information Technology
City of Roswell, Georgia

Patrick Dale has spent over 15 years in information technology beginning with a position as software engineer at a company that developed mobile software for law enforcement agencies. He spent over 10 years handling IT at the City of Coconut Creek, Florida, where he was in charge of data and voice networks, application systems, IT training, help desk support and GIS services. At the City of Roswell, Georgia, he is responsible for all IT projects, capital budgeting, research and evaluation of new enterprise hardware and software, vendor management, strategic planning, disaster recovery planning, and policy and procedure documentation for citywide equipment usage. He earned a B.S. in Computer Information Systems at Florida Atlantic University. His free time is largely spent with his wife and two young children.

What are some of the biggest IT challenges facing Roswell?

We’re trying to do more with less. Right now, we’re getting ready to deploy two major enterprise level applications: a municipal enterprise resource planning (ERP) system and a computer aided dispatch (CAD) 911 system. I’ve got a very limited staff, so we’re taking the people who normally perform specific roles and training them to be able to manage these systems as well as doing their current day-to-day jobs. Budgeting is a big challenge for everyone right now, so I have to be creative. There is limited money available to get everything done.

By cross-training our IT staff and utilizing people for more than one task, we’ve overcome some of these budget challenges. Right now, I’m preparing one of my helpdesk staff members to be a trainer. She will not only be doing helpdesk but will also train city staff on software applications. For example, we’re currently rolling out Office 2010. One of my helpdesk people will temporarily become a full-time Office 2010 trainer and work with different city departments on changes to their Office software. We had no budget to hire an outside trainer or send people to take Office 2010 training, so we improvised internally.

How have you taken advantage of recent technology innovations?

During the last couple of years, we installed a fiber-optic ring around the city. Most of our sites are now connected by fiber. We own the fiber, and it’s managed by another company. We’ve installed point-to-point wireless for some of the sites to which we weren’t able to bring fiber. This has increased our overall bandwidth speeds and allows us to push out VoIP technology to those remote sites.

We’ve also been leveraging SharePoint, and it’s starting to help create some very good process changes for us. We’re currently starting the process for next year’s budget, and the entire budget process is going to be run through SharePoint. All of our project management will be in SharePoint, too. Our processes were previously very disjointed. Multiple copies of documents were everywhere and we never knew whose copy was the right copy. SharePoint is going to help us eliminate those problems and create true workflow.

How have you leveraged GIS?

Many of our departments are leveraging GIS. Our transportation department uses it for streets and roads, our community development department uses it for land permitting and other needs, and our fire department uses it for their operations. We have an internal GIS staff that resides in our community development department, but we also have GIS champions in other departments who work alongside the GIS staff. One of the things we did recently was sign an enterprise agreement with a GIS technology company, and so now we have the ability to push out its GIS software to nearly every desktop. In the next 12 months, we’re going to be pushing this software out to more departments so they are able to access GIS data sets for use in decision making. We even created a GIS users group that consists of a few of us from IT, the GIS staff from community development, and one representative from every department.

How has cloud computing affected your IT strategy?

We’ve looked at this trend on a few levels. We’re using cloud services for our legislative system that creates agendas and minutes for our council sessions. That service is run in the cloud through a legislative management software company. Right now, that’s the only service we’ve pushed to the cloud. We seriously considered cloud services with our latest ERP system, and the company has a cloud option for their software. We took a pretty thorough look at it and there wasn’t enough cost savings. True, we would not have had to invest in any new infrastructure, but in our situation we needed to invest in new infrastructure anyway. In terms of software costs, it was flat even between onsite versus cloud. For Roswell, there wasn’t a good enough justification to go with a cloud solution.

How has the city leveraged its website, eGovernment, and/or social media?

We’re doing a lot of eGovernment now. Utility billing, tax billing, red light camera payments, and tax payments all have online eGovernment components on the City of Roswell’s website. That type of customer self-service will be growing more with the implementation of our new ERP. We also have a decent Facebook presence for the entire city, law enforcement, and smaller groups such as Keep Roswell Beautiful. We’ve even kicked off a program which shoots out alerts via email and SMS about weather, traffic, and any other major alerts that need to be shared with residents. Residents can sign up for this today via email or SMS.

How have you leveraged IT for greater interaction between the city and its citizens?

We were asked to provide free WiFi access at some of our parks. Today, we offer free WiFi to residents at five parks and facilities. It works out especially well at some of our locations where there are classes taking place. For example, we have a physical activity center at our Roswell Area Park where there are many gymnastics, dance, and other classes. Most of those programs are only forty-five minutes long. To drop your kid off at the park, leave, and come back really doesn’t make sense for many people. We found many parents were just hanging out and we had real demand for this service while they were waiting. So we’ve done that.

How has the use of mobile devices impacted your city?

They’ve had a wide impact. We’re running mobile devices in all of our police cars. Those devices allow officers to spend more time on the road. Most municipalities are doing that now. We’ve also extended that mobility to code enforcement, building inspectors, and transportation. For example, our road crews are now mobilized and they can quickly examine the conditions of roads and update the grading remotely. People are spending less time in the office and much more time out where they need to be.

How do you connect with and learn from IT directors at other municipalities?

The Georgia Chapter of the Government Management Information Sciences (GMIS) and SIM International is definitely a big part of my peer-to-peer networking. I utilize the knowledge of many contacts I’ve made through GMIS through its listserv where I can query my peers about current IT issues. I also regularly reach out to my peers by phone and email when I have questions.

| 1 | 2 | 3 | 4 |
Contact
Contact a Sophicity Consultant Now To Find Out How We Can Help Reduce Your IT Costs Go
bottom