We put the IT in city®

CitySmart Blog

Thursday, March 27, 2014
Alicia Klemola, Account Manager

In this new series, we will talk about the benefits of transitioning a common technology item to the cloud—starting with servers. As cities have started to consider the cloud as a way to reduce costs and increase efficiency, they’ve especially looked at one of the most expensive investments in their technology budget: servers.

When a city’s servers are hosted onsite, it’s always an expensive line item. Servers take up space, cost money to purchase, and require maintenance, upgrades, and eventual replacements. However, leaving all these problems behind by moving into the cloud might seem too good to be true.

Having transitioned many cities from onsite servers to the cloud, we’ve outlined some of the key benefits you may experience when making the transition.

  1. Eliminating hardware costs. The most obvious and the best benefit is simply eliminating hardware that you need to purchase. Hardware functions as a capital expense that often creeps into your budget. Most hardware needs to be replaced every 5-7 years, so eliminating the hardware purchasing lifecycle is a boon to your budget. Plus, it frees up space that you pay for at your city.
  2. Reducing server maintenance costs. While you pay for some maintenance costs through cloud vendors, the costs are incredibly low because of the scale and consolidation of how cloud servers work. Cloud vendors can quickly maintain, upgrade, and replace servers seamlessly since your data is not partitioned off in any one particular server. Data is more fluid in the cloud, so a server going down doesn’t necessarily affect the entirety of a city’s data. By contrast, cities must spend a lot of money maintaining and upgrading dedicated servers onsite.
  3. Deploying new servers with a click. If you need new servers onsite, you have to purchase and configure them. That may take days and weeks to select, order, ship, and install them. With the cloud, servers are completely virtual. If you need a new server set up for something, it can literally take place with a click. Since cloud vendors don’t assign you individual servers, you’re really just carving out space for the equivalent of a server—and cloud vendors have plenty of space to offer.
  4. Scaling up and down. When you purchase servers, you might be locked into a set amount of servers. You’ve bought the hardware, software licenses, and support contracts. Suddenly, you might not need as many servers, but you may be stuck with them until the contract is up or you can sell them. With the cloud, you can add or subtract servers with a click. Depending on whether you add or subtract servers, you simply pay more or less per month. This is cost-effective for cities, especially since you may not know when you’re growing rapidly and need the extra bandwidth, or if you face layoffs or cancelled projects and need to scale down quickly.
  5. Paying for operational instead of capital expenses. Cities tend to prefer operational expenses. They are more predictable, easily budgeted for, and convenient if a city needs to increase, lower, or eliminate them. While cities often know they need more hardware investments, tight budgets have prevented them from making those investments. The cloud allows cities to ease into necessary hardware investments with lower operational costs. In fact, if a city is facing a tight budget, they can ease into the cloud slowly by transitioning their hardware in phases if needed.

Moving from onsite servers to the cloud is one of the biggest technology culture shifts we’ve seen since getting involved in this industry. It’s a shock at first to see the servers that your IT staff or vendor has taken care of for years “disappear” into the cloud. However, with more and more federal, state, and local government entities not only embracing the cloud but also finding extraordinary value in this shift with reduced costs, increased security, and higher quality maintenance, the end game after making this transition leads to a more efficient, better-run government.

To talk more about transitioning from onsite servers to the cloud, please contact us.

Tuesday, March 25, 2014
Nathan Eisner, CMO

You’ve probably experienced the frustration of making edits to a document and submitting it to someone, only for them to say, “Oh, wait. Edit this one instead. Jim added his edits to the older version.” “What?” you scream. That means you need to go back to the older version, incorporate Jim’s changes, and then reincorporate your changes. What a waste of time!

Modern document management systems include versioning—a method of keeping track of various versions of documents as edits are made along the way. Versioning provides a host of benefits that get rid of a lot of document editing headaches. Since versioning is one of the key features of a document management system, we’re listing a few of the biggest benefits in this article.

  1. Locking documents when people edit them. One of the biggest problems with document editing is non-sequential, overlapping edits by people. It’s the situation described in the introduction of this post where Jim edits a previous version of a document while you were supposed to be editing it. With document versioning, when you are editing the document, Jim cannot edit it. Not only that, but he’ll know that someone is currently editing and making changes to the document, and he’ll have to wait until those changes are made before he can look at the document again.
  2. Returning to previous versions of the document. It’s human for someone to edit a document and make such major, unwanted changes that you want to return to a previous version. Instead of scrambling to find it in your email inbox or personal file folders, your document management system can store all previous versions. With this feature, you can check what was edited, who edited it, and restore a previous version if needed. Versioning not only works as a form of backup, but it also adds a measure of document security and quality assurance to your content creation process.
  3. Archiving all previous versions for reference. Not only do previous versions help when you need to backtrack during your editing process, but they are also there for reference when people need to look at the history of a document’s edits. If a document is challenged or called into question, archived versions show the edits, the rationale behind the edits, and who edited the document. This is also a better option than storing a chaotic mess of previous versions of documents manually labeled (e.g. file-v1, file-v2, file-v1_jim_edits, file-revised-updated, etc.).
  4. Pointing to the most recent version of a document. If everyone knows that there is one, and only one, most up-to-date version of the document, then you will eliminate the problem of people editing different versions. Also, you’ll no longer have duplicate documents flying around people’s email inboxes and which create long-term problems for document management. Without document versioning, different people with different documents upload slightly different versions of the same document, leading to confusion about what’s the most current version.
  5. Collaborating without interfering or competing. Without document versioning and clear document management processes, you might find yourself in a document editing “war” that is supposedly collaboration. When collaboration is really just fighting to edit a document first or uploading your document with separate edits, then you’re not collaborating. Document versioning allows you to make edits clearly seen by all, and you can either edit at the same time with each person’s changes clearly seen or just edit separately and pass along to the next person when it’s time.

Once cities get the hang of document versioning, it becomes an essential feature of document management that helps out the workflow process when editing. Nightmares go away. No more wondering who has the most recent document, or if you should be editing it or not. Plus, it’s nice to know where to find the most recent version, stored in a convenient, centralized location where everyone has access to it.

If you’d like to talk more about document versioning, please contact us.

Friday, March 21, 2014
John Miller, Senior Consultant

For cities, the public safety page is always an odd page to create. That’s because most of the important interfacing with a city’s public safety department takes place with 911 and in-person encounters as police officers and firefighters interact with citizens. It’s easy for the public safety page to become an afterthought. In fact, when looking at a variety of public safety pages for cities, the content ranged all over the place—even for award-winning city websites.

In making our recommendations for public safety content, we’re not focusing on some of the things you’ll see on many city websites such as mission statements, welcome messages, and historical information. The most important content needs to serve your audience. That means public safety content must be prioritized to connect with your citizens.

So, when considering what content best complements 911 and in-person public safety service, we’re providing some suggestions on how to maximize the impact of your public safety pages.

  1. Provide contact information, especially phone numbers, for roles and zones. Second to 911, people often need to contact the police department about administrative questions after a crime, accident, or ticket. It’s not uncommon for citizens to call a city and get transferred from person to person to person, sometimes ending up where they began. If your city divides up public safety responsibility into jurisdictions or zones, make those geographical areas clear on your website. Also, be clear about contact information for specific roles and functions such as police, fire. investigations, towing, and other important areas.
  2. Answer common “how to” questions. Public safety is busy enough without having to answer the same question over and over. Where do I retrieve my car if it’s towed? How do I pay a parking or speeding ticket? Who do I call after hours? Who is my neighborhood representative? How do I apply to be a police officer or volunteer as a firefighter? While you can still create additional pages that talk about different aspects of public safety in more detail, make sure to answer common questions in an upfront visible manner. This will lessen the amount of calls that come into City Hall or 911.
  3. Advertise any meetings related to public safety. Include both regular weekly or monthly meetings, and especially important meetings related to some significant event or trend. Partly, this is logistically useful to citizens by providing a public calendar of public safety meetings. But more importantly, it shows transparency and that the city is addressing important issues head on. By publishing this information on your website in a regular, timely fashion, you’re being upfront. Otherwise, it can seem like you’re hiding information or not on top of important public safety issues.
  4. Provide access to public safety statistics, reports, and updates. Citizens like to see data and updates about crime and public safety in their neighborhoods. Provide the cold reality such as reports about violent crime, robberies, burglaries, and larcenies. But also provide positive community information such as public safety initiatives, school programs, volunteer opportunities, and charity events. Many public safety experts often say an informed public helps fight crime and prevent disasters, so your reports serve as a vital information resource to help achieve this goal.
  5. Use photos and visuals to “humanize” public safety. People often distrust public safety, and it doesn’t help when your website just provides a name, phone number, and email without visuals. Take professional photos of key public safety leaders and staff that show them smiling, welcoming, and ready to help. Additional photos of the police department, fire department, vehicles, and action shots from community meetings and events also help with public image. Videos are even better. The point is to represent your public safety department with pride and warmth, and to let citizens know they are approachable and ready to help.

While other information can find its way onto your public safety pages, it’s important not to prioritize information that gets in the way of helping citizens. An impersonal mission statement, a giant stock photo of a fire truck, or a long list of links to webpages and documents might have seemed great in the website design meeting but they may hide your most important information. Just because 911 can be called in emergencies doesn’t mean to ignore the usefulness of your public safety page. There is a lot of potential to connect with your citizens, keep them informed and aware, and represent your police and fire departments in the best light.

To talk about public safety web content in more detail, please contact us.

Tuesday, March 18, 2014
Brian Ocfemia, Technical Account Manager

It’s easy to adapt to your environment and accept it as just the way things are. However, despite information technology’s rapid evolution, people tend to settle into as much of a technology routine as possible for the purposes of stability. That’s understandable, since cities should not necessarily stay on the bleeding-edge of technology and upgrade all hardware and software to the latest and greatest every year.

With time though, hidden operational costs can creep up on cities if they haven’t evaluated their technology assets or operational environment in a long time. This is the classic danger of IT underinvestment: you think you’re saving money, but you’re actually bleeding it in places indirectly.

While there are many aspects of operations where you can take a look at your indirect IT budget, here are five common areas where IT underinvestment cripples cities and wastes lots of money.

  1. Downtime and slow machines. A well-maintained, properly upgraded IT environment should not have too many issues with downtime or slow down your city staff. We often see aging IT environments where the claim is that the city is saving money. Yet, we hear that servers routinely fail and need to be restarted. Employees suffer through slow Internet browsing, software that takes forever to register simple commands, and documents that freeze or crash. These situations are like time vampires, stealing minutes and hours over the year that end up crippling your productivity and lowering staff morale.
  2. Reactive IT management. Your IT staff or vendor looks busy, busy, busy. So they must be there for a good reason, right? It depends on what’s keeping them busy. If they’re always putting out fires, it’s a sign of underinvestment or lack of experience. When building a house, you wouldn’t tell the homeowner that you’ll provide a number for a firefighter whenever a fire breaks out. Instead, you build a house that prevents fires from occurring through the quality of building materials, smoke detectors, ventilation, etc. IT needs to work the same way. Reactive IT management never gets to the root of your problems. It wastes money and makes your operational budget unpredictable.
  3. Manual data backup. Modern automated data backup needs only an Internet connection and provides you significant amounts of data storage. That means the operational waste of manual data backup solutions becomes more apparent each year. Whether it’s handling external hard drives or tape, the time it takes to create the backup, transport it, and move it takes up valuable time for your IT staff, IT vendor, or city staff. Added to the expense and risk of data loss and corruption from manual data backups, the operational expense becomes a waste of money in light of more operationally efficient solutions.
  4. Office and building space. With the advent of cloud computing and increasing efficiency of hardware, you can reduce and eliminate many of your servers and free up room in your buildings. Unless you have an extremely specialized need, there is most likely little reason to host your own data center or fill up rooms with servers that you maintain. Real estate is an expensive operational expense, so the more room you can free up, the better. In addition, the power of employees to work from anywhere can give you options in how many people come to the office each day. With more teleworking flexibility, you can free up office and cubicle space.
  5. Lack of training. While training can seem to interrupt already busy people, it’s easily neglected when you buy new computers or software. Steven Covey once talked about the concept of “sharpening the saw,” meaning that if you don’t stop to metaphorically sharpen your saw while cutting wood, your saw will get duller and duller until it becomes useless. Training helps your employees maximize the use of any new technology or software that will become part of their jobs. And it goes beyond just necessary training. Keeping employees proactively up to speed on how new technology can make them do their jobs better ensures that they are not wasting you money by lagging behind in knowledge and motivation.

A good way to justify a shift in the way you look at operational expenses is to analyze areas where you are bleeding money. Talk about it in terms of time and lost productivity, and you can begin to build a business case. Then, you can consider technology investments in terms of a return on investment. For example, new software might shave so much time off a paper-based process that the software might pay for itself in a year. Begin analyzing your IT environment in this way, and you might find some ways to save and free up operational budget that you didn’t think was there.

To talk more about IT operations, please contact us.

Thursday, March 13, 2014
Clint Nelms, COO

While people often say “the cloud” when referring to most software applications accessed through the Internet, Software as a Service (SaaS) is still a term you’ll hear a lot. SaaS refers specifically to software offered over the Internet as a service to you. But there is still a lot of confusion about SaaS and why it’s an improvement over previous software delivery models.

Traditionally, purchasing software has been a cumbersome process. It involved an expensive upfront cost to buy servers and software licenses that dictated how many users could install and use the software. Your IT staff and software vendor helped install the new server (or servers) and installed the software on each person’s computer.

Then, the real fun began. Ongoing server maintenance involved software vendor support costs combined with IT staff or an IT vendor helping you manage those servers, apply software updates and patches, and help users with any issues. Many cities then find that their expensive software becomes outdated after about 3-5 years unless the vendor aggressively updates it on an ongoing basis. And those updates cost more money. Upselling is not uncommon as software vendors rapidly turn out new products to which they suggest you upgrade. It seems like you’re always dishing out upfront costs, unpredictably.

If it sounds like we’re making the old software delivery model sound bad, our analysis is supported by the advantages of SaaS and trends showing where technology is going. Software vendors have mostly switched to offering SaaS models for nearly all important software and SaaS sales are already in the billions every year. Those sales are expected to keep increasing.

SaaS Benefits Over Traditional Software

So what led to SaaS rising to such prominence when it seems like yesterday that buying onsite servers was the way to go? Here’s what happened:

  • Higher quality, quicker software design. From website interfaces to the user experience of software applications, the art and science of designing software has matured and standardized certain design and programming architectures so that software is much easier and quicker to design and build.
  • Ubiquitous high speed Internet. To access sophisticated software over the Internet, high-speed access needed to have nearly 100% uptime and handle lots of data coming through the pipes. As you can see through the dominance of high speed Internet in our society driven by laptop, tablet, and smartphone use, we’re already there—and we’ve been there for a few years now.
  • Government-level security. Storing data in the cloud, especially if you’re using accounting or document management software, used to be a huge security concern when SaaS first emerged. After all, the vendor hosted the data—not you. However, when vendors like Google, Microsoft, and Amazon wanted big business—including government—they had to adhere to the highest government security and compliance standards. Because those vendors now set an industry standard, most SaaS vendors follow strict security that’s often better than what cities can provide for themselves.
  • Reduced costs. Obviously, SaaS costs must make sense to vendors and cities alike. Vendors were able to reduce costs through scaling at huge data centers where they use the latest technology to consolidate and partition data in innovative ways. Cities then take advantage of this scaling, the lack of hardware, and the monthly subscription model pricing. All of these advances slash costs and transfer the pricing burden from a capital to an operational expense.
  • Support burden fully on the vendor. In the past, cities either supported the software themselves or relied on a third-party data center to host and support the software and servers. With SaaS, nearly all support, updates, and patches are centralized at the cloud data centers by the vendor. You do nothing. Occasionally you’ll see a hiccup or an occasional outage, but centralizing this support in the cloud takes away a lot of support costs that used to make software expensive.
  • Instant access. If you want to start using SaaS, you can start today if you want. All it takes is an Internet connection. In the past, there would be a delay between software purchase and implementation—having to wait for servers and a vendor team to come to your city and spend time installing all of the equipment. That used to add to overall software costs. Today, it’s more convenient for customers to start using the software immediately over the Internet—with no one needing to visit your city.

With such financial and quality benefits over traditional software delivery models, SaaS has emerged as a clear winner for most businesses. However, there are a few drawbacks that still linger around SaaS.

  • The SaaS vendor is in control, not you. You don’t decide how the software looks and feels, when updates are applied, or when the software is taken offline for maintenance. When the vendor is in the driver’s seat, you’re at the whim of whatever they do. In some senses, SaaS is one-size-fits-all and everyone gets the same treatment.
  • Dependency on an Internet connection. If your Internet is down (which can happen during any power outage), you cannot access your software. That may not be acceptable for high-availability software such as public safety or 911 services. You’ll need to assess how much your operations would be crippled with the loss of specific SaaS software and consider either redundant power (like a generator or traditional phone line) or traditional onsite software.

Even though there are a few negatives, most cities, government entities, and other organizations have mostly agreed that those risks and exceptions become more isolated and rare as time goes on. SaaS becomes extremely compelling when cities realize they can eliminate capital expenses, get rid of hardware, reduce overall costs, lessen the amount of IT staff or vendor time dedicated to software support, and know that the vendor will provide software updates along the way as part of the monthly fee.

In the 2010s, SaaS has truly evolved into a revolutionary technology and has become part of the technology landscape for business and government. The federal government has even passed legislation to push government entities into moving to SaaS. If you still struggle with using traditional software, it’s time to take a look at SaaS options to help save your city money.

To talk more about SaaS, please contact us.

Thursday, March 13, 2014
Dave Mims, CEO

Sophicity is excited to announce that we are now providing IT in a Box to cities through our new municipal league partnership with Arkansas. We officially announced our partnership and answered questions for cities when we participated in the most recent Arkansas Municipal League (AML) Winter Conference on January 31. Arkansas cities were excited to talk about their technology needs, and we look forward to helping those cities with a complete IT solution that’s custom priced affordably for them.

Below, you’ll find the official announcement from AML’s Executive Director, Don Zimmerman.


I am excited to announce that the Arkansas Municipal League is now offering a new service aimed at providing cities with state-of-the-art information technology tools supported by experienced, highly skilled IT professionals. The service is called “IT in a Box” and it’s being offered through a contract with Sophicity. For one monthly all-inclusive fee, a city will receive a website, data backup and offsite data storage, email, document management, Microsoft Office for desktops, server and desktop management, vendor management and helpdesk support seven days a week.

The city of Yellville was the first to join the service in Arkansas! Currently, there are several cities speaking with Sophicity and are expected to come aboard very soon. To learn more about the service, please click on the link below to the League website.


For additional information, please contact one of the following individuals:


Chris Hartley at 501-978-6106 or chartley@arml.org

Whitnee Bullerwell 501-978-6105 or wvb@arml.org


Randy Weaver at 770-670-6940, ext. 115 or randyweaver@sophicity.com

Nathan Eisner at 770-670-6940, ext. 103 or nathaneisner@sophicity.com

Yours truly,

Don Zimmerman

Executive Director, Arkansas Municipal League

Thursday, March 6, 2014
Dave Mims, CEO

One thing that often prevents regular data backups from occurring at cities is simply the inefficiency of it all. Using external hard drives or tape usually means someone is manually backing up data, carrying it to a secure location, and storing it for future use in case of disaster. If you’re using an online data backup program, it could mean managing servers, running memory-hogging backup programs, and spending time ensuring that an entire backup has completed without issues.

If you identify with these struggles, then you may have an opportunity to make your data backup much more efficient. Many advances in data backup technology, especially in the last five years, have made data backup a much more seamless and quick process. The best data backup solutions are so efficient you almost don’t notice them.

So, how do you get there? Here are some tips on evaluating the inefficiency of your current data backup process and considering a more efficient solution.

  1. Do you have unlimited data storage? Storage limitations are one annoying limitation that decreases data backup efficiency. If you use physical media such as tapes or external hard drives, they quickly run out of room. That means you always need to buy expensive physical media and you may even have to avoid backing up certain data because you don’t have budget for the storage costs. Even many online data backup programs have storage limitations, mostly from vendors charging an arm and a leg for storage space beyond a certain limit. Since data storage is now so cheap, it’s relatively easy to find options that give you unlimited data storage for a low fee.
  2. Do you back up your data in increments? Incremental data backup greatly increases overall efficiency by not reinventing the wheel every day. Typically, many cities avoid daily data backup because of the length of time it takes to grab every single bit of data. With an incremental data backup solution, you start off by backing up everything. From that point forward, each day (or even each hour) you only back up the small amount of data that has changed or is new. While consumer-grade data backup tend to work in this manner, it’s best to have an IT professional handle the configuration of your hourly or daily backups to ensure that you’re not missing any crucial data.
  3. Do you synchronize your data backups across different machines? Especially if people are accessing data from similar locations (like the same server), you don’t want to make a backup copy of that data on each person’s computer or on separate servers. It’s more efficient to centralize data so that it’s backed up once and then synchronized across different servers and computers as needed. Synchronization not only avoids redundant and duplicate data, but it also protects data. Just because a single person’s laptop gets a virus, the centralized data that everyone accesses won’t be affected by a singular incident.
  4. Do you automate your data backup? While you still want an IT professional managing and overseeing your data backup, they don’t need to be manually handling physical media or be responsible for starting each and every data backup. Once the data backup specifications are set and configured, modern data backups run without human intervention. This increases efficiency a great deal and lets you worry about doing your work, not backing up your work. You still want someone overseeing the data backup process in case something goes wrong, but the actual daily backups should just take place automatically each day or each hour like clockwork.
  5. Can you access your data from anywhere? When a disaster happens, it often takes cities a long time to restore data. Loading data from hard drives and tapes onto new servers that take a long time to arrive can slow down the data restoration process. Cloud data backup eliminates this inefficiency by giving you access to your data as soon as possible through the Internet. As long as you have an Internet connection, you will be able to access important files, documents, and software applications. While there still might be some complexity in getting the systems restored to their previous state, at least you’ll be able to access data from any location—which is especially helpful after a disaster when working from home or remote locations.

Even though we work with the latest technologies on a day-to-day basis, we’re even amazed at how far data backup has come in just a few years. Transitioning from bulky servers and physical media to the Internet, we’ve seen a clear shift to cloud data backup, unlimited data storage, and data restored in minutes or hours—not days or weeks. You might think these kinds of solutions are cost-prohibitive compared to your external hard drives, tapes, or servers, but you may actually be wasting money with your older solution compared to more modern data backup. It’s worth taking this checklist, examining your current data backup situation, and considering some other solutions.

To talk more about data backup, please contact us.

Tuesday, March 4, 2014
Alicia Klemola, Account Manager

Recently, an alarming cybersecurity report from the U.S. Senate highlighted some disturbing security breaches at three major agencies: the Department of Homeland Security, the Nuclear Regulatory Commission, and the IRS.

A few quotes from the report included:

  • Referring to the Department of Homeland Security: "Independent auditors physically inspected offices and found passwords written down on desks, sensitive information left exposed, unlocked laptops, even credit card information."
  • Referring to the Nuclear Regulatory Commission: "The NRC has had trouble keeping track of its laptop computers, including those which access sensitive information about the nuclear sites the commission regulates."
  • Referring to the IRS: "In March 2012, IRS computers had 7,329 “potential vulnerabilities” because critical software patches had not been installed on computer servers which needed them. [...] IRS officials said they expect critical patches to be installed within 72 hours. But TIGTA found it took the IRS 55 days, on average, to get around to installing critical patches."

When hackers are trying to steal government data on a daily basis, these kinds of weaknesses are simply unacceptable. While these agencies get more scrutiny than local government, they highlight the importance of implementing basic cybersecurity protections that are actually quite simple and cost-effective.

Here’s what you can learn from this report to make sure that your city is ahead of the game—and doing a better job than our federal government at protecting its most sensitive information.

  1. Create a strong password policy. Recent studies show that organizations—including the highest levels of government—use extremely weak passwords such as “password” or “123456.” When you have weak passwords, even amateur hackers are able to get into your servers and computers to steal sensitive information. Create a password policy that forces users to use strong passwords with a combination of letters, numbers, and symbols. They should also change their passwords monthly or quarterly.
  2. Install software patches and updates. It’s not uncommon to audit government servers and find important patches and updates have simply not been installed. Waiting a few days or a week is one thing. We’re talking about waiting months or even years to install patches, which means that your IT staff or vendor is simply not responsibly maintaining your equipment. Not installing patches and updates makes you liable for security breaches and indicates negligence on the part of IT staff. This is one of the most basic technology maintenance functions that should always take place.
  3. Use an enterprise antivirus program and keep it up-to-date. Government entities need enterprise-level antivirus software. You can’t rely on individual employees to install and update their own antivirus software. Enterprise antivirus software ensures that IT staff or a vendor is managing, updating, and maintaining it on an ongoing basis. On the off chance that you do get a virus, your IT staff or vendor will professionally handle the situation and work to eliminate the virus with minimal collateral damage. Since new viruses are created every day, you need to stay on top of those threats with professional antivirus software and management.
  4. Cover the physical side of information security. It’s easy to forget “real life” when dealing with bits and bytes, and apparently the federal government forgot real life a lot. The report detailed physical breaches of information security, especially in the Department of Homeland Security. Learn from their mistakes. Sensitive information (such as passwords) should not be written on paper or post-it notes and exposed to people who walk into a room. Printed out information lying on a desk is just as much of a security risk as stealing it off a computer. And make sure your employees lock their computers with a password so that someone can’t hop on and start snooping around for information.
  5. Perform a hardware inventory and track assets. You should never wonder where a laptop, desktop, or server might be. With modern IT asset management, devices can be commissioned, decommissioned, monitored, and maintained remotely. No device should be “off the grid” in this scenario. However, the situation becomes more complicated when people bring in their own devices. The simplest solution is to assign devices to people and not allow them to use personal devices for work activity. But if you do allow people to use their own computers, create a clear policy that accounts for how sensitive work data is handled. Consider cloud computing options to keep all information secure and off people’s individual computers.

Sadly, many of the federal government’s IT problems are easily preventable. The good news for you is that cities can follow the steps above to create a great foundation for cybersecurity. While there is more work to do beyond what’s listed above, by focusing on policies around passwords, IT maintenance, antivirus, physical security, and devices, you’ll eliminate a lot of easy security holes that hackers can exploit.

To talk about cybersecurity in more detail, please contact us.

Thursday, February 27, 2014
Nathan Eisner, CMO

When cleaning out your house, you’ve probably experienced the shock of realizing you’ve acquired way more stuff than you thought. After staying in one place for a while, it’s tough to go through your attic, garage, shed, basement, or other storage areas to decide what to keep and what to throw out. However, it’s quite a relief when you finally throw out a lot of unneeded things and free up space.

Information technology works similarly. Over time, technology objects pile up and lead to excess servers, desktops, laptops, network equipment, and software. Each city department may accrue excess technology, and that multiplies the extent of the problem. When it comes time to assess your technology, you might be surprised or shocked to find a bunch of useless or redundant equipment and software.

That’s because IT assessment and consolidation is always an ongoing process for any business or organization. From our experiences consolidating many city IT environments, we’ve provided some tips in case you’re about to tackle this kind of initiative. When you’re consolidating, always ask, “What are my city’s business goals? And how is a particular technology investment helping me achieve those goals?”

  1. Shed hardware. Excess hardware is one of the easiest places to start. We find that cities accrue extra servers, desktops, and laptops over time that aren’t needed. Plus, advances in cloud technology mean that you may be able to access many services directly through the Internet – allowing you to eliminate many (if not all) of your servers. Take the time to do a hardware inventory, track down unused or unnecessary equipment, and decommission those pieces of hardware as soon as possible. You can even take advantage of an online auction service to sell this unneeded equipment and collect some extra revenue.
  2. Shed software. Eliminating excess software is much more difficult but worth the effort. Here, you really need to look at your software from a business point of view and challenge its cost and usefulness. If the software is more than 5 years old and you haven’t looked at new options lately, you may want to see if less expensive software exists with more features. If you’re paying for expensive software licenses and hosting servers onsite, then you may want to explore cloud software options that are more cost-effective and easier to upgrade and maintain. Look out for software that you barely use or have stopped using. Those may be wasted costs that you need to eliminate.
  3. Review voice and data services. Often overlooked, voice and data costs often multiply because cities don’t consolidate. Individual departments and buildings buy their own services over the years, and those individual purchases don’t get questioned. Can you consolidate Internet services under one vendor? Is it possible to consolidate multiple landline phone systems under one landline? Or have you considered VoIP instead of a traditional phone system? We’ve guided many cities through voice and data consolidation that saved them thousands of dollars per year. If you haven’t assessed your telecom services in more than three years, then you definitely want to look for consolidation opportunities.
  4. Centralize your technology. Once you figure out what you can eliminate, now it’s time to see what you can centralize. Here, you’re looking for duplicate technology—especially hardware and software—between different departments and buildings. For example, instead of different departments each managing its own network, you should look to consolidate those resources into one network that serves everyone. Otherwise, you are wasting money, increasing security risks, and duplicating work. Similarly, look for departments that might have purchased software individually that really does the same thing for everyone. You might consolidate that software under one vendor.

While assessing your technology can involve a lot of upfront time, the benefits are worth it. Like cleaning your house, you’ll free up space and get rid of unnecessary junk. More importantly, your city stands to reduce costs, gain a lot of efficiency, and simplify your IT management. Once you consolidate, plan to reevaluate your technology assets at least once a year to see if any new or improved hardware and software may help you with further consolidation. IT consolidation is an ongoing process, and you’re always fighting against inertia, time, and technology innovations.

To talk more about IT consolidation, please contact us.

Tuesday, February 25, 2014
John Miller, Senior Consultant

A recent article from Microsoft points out that technology alone cannot improve your IT security. You need informed, participating end users—your city employees. When they are informed about security policies through proper communication and training, the true power of your IT security blossoms.

However, this article overrates the trickle-down effect of communicating security policies to employees. Don’t get us wrong. Establishing security policies are absolutely important and provide a great way to detail all important aspects of a security strategy for your city. But ask an employee about the last time they read or looked at a security policy.

We find that a great way to tie security policy to employees is by illustrating tactical, everyday scenarios that often place a city at risk. Through these everyday scenarios, you can discuss IT security policy in a way that relates to everyone.

  1. Internet Browsing. No matter how many years we’ve surfed the Internet, even the best of us get tricked or misled occasionally into a bad website. Usually, most modern browsers provide warnings that keep us out of the worst sites. But employees can be lured by the ruse of useful software, games, or information that is not what it seems. Employees need to be reminded to use only trusted or well-referenced sites, not to download software or plug-ins without the approval of IT, and to never click on a website link from an unknown source.
  2. Passwords. While IT might implement a password policy that employees are forced to use, it’s still helpful to let employees know about the importance of using strong passwords that change every few months. Recently, news organizations widely reported some research from SplashData, a password management company, that the most common password is “123456.” Hackers become more adept every year at breaking into email accounts, websites, and software applications. Your employees shouldn’t make it easier for these hackers. Strong passwords are long and use a combination of letters, numbers, and symbols.
  3. Social media. With so many social media outlets constantly full of people sharing links and information every day, employees can sometimes be unaware of the dangers inherent in sharing the wrong kind of information. Whether publicly or to a large social group, employees might not know what city information is proprietary, secret, or inappropriate to share. People with ill-intent often use social networks to extract information from employees—and local governments are a prime target.
  4. Email. We’ve put email a bit lower on the list since people have gotten better at understanding spam, while technology helps prevent malicious emails from even getting to the inbox. However, email is still a prime source of security issues. All it takes is one person to give up username and password information, open a malicious file containing a virus, or click on a website link that downloads malware, and your city is compromised. Keep employees informed about the dangers always lurking in their inbox and tell them to only open messages and attachments from people they trust.
  5. Physical security and internal threats. Often overlooked, employees will sometimes think IT security threats all come via the Internet. However, leaving a laptop laying around, a computer logged in, or a door open to a server room are all potential breaches of security. Similarly, especially in larger organizations, it’s easy to be tricked by someone who seems like they are another employee or get pressured by an actual employee without authorization to give you certain kinds of information. No matter how glib or natural someone seems, if an employee feels any doubt about a request for information or security access to a particular area, they should check with their boss or IT staff.

By sharing everyday tangible security examples with employees, you will be able to connect normally abstract security policy to their day-to-day jobs. After all, it’s in these specific scenarios that most security breaches occur. The biggest breach in the last few years (in South Carolina) happened when an employee clicked on an email. Weak passwords have allowed hackers to publicly expose sensitive information. And we hear stories about stolen laptops every so often, with those stolen laptops containing social security numbers and other publically identifiable information. When employees hear these kinds of examples, it’s more visceral—making your security policy more likely to stick in their minds.

To talk about IT security in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |