We put the IT in city®

CitySmart Blog

Tuesday, July 02, 2013
Clint Nelms, COO

Has a friend or colleague ever told you, “Hey, I got a spam email from you!” Of course you didn’t send it, and you scramble to change your password as quickly as possible. When this happens as a city employee, it’s even more baffling. Did someone hack into your city email and send spam from your account?

Usually not. Spoofing is different from being compromised (e.g. someone hacking into your email account). Spoofing simply means that someone is using your email address to pretend that their spam or phishing email is coming from you. These spammers are tricking the way email programs work. Email programs identify to you who is sending an email, and spoofers simply use one of your trusted contact’s information to make it look like the email is coming from them.

Because spoofing an email address is very easy to do, it’s a common form of Internet fraud. While it’s incredibly difficult to prevent spoofing (short of never using the Internet or email at all), there are some common sense tips that can help reduce the risk of someone spoofing your email address.

  1. Do not give your email address to any and all websites. Just because a website requests your email address doesn’t mean you have to share it. If you do, make sure you’re sharing it with a reputable website such as trusted brand or institution. But if you’ve never visited the website before and the brand is not well-known, then it’s probably not wise to share your email address.
  2. Do not enter your email address when downloading free software. Similar to the above point, free software must adhere to the same standards you apply to websites. If the brand is trusted (e.g. Google, Adobe, Oracle), then your email is usually safe. But sketchier, less known companies that provide free software frequently make money by selling your email address to either semi-legitimate email list companies or illegitimate spammers.
  3. Do not post your email address on a website. This is one of the easiest ways that spammers can get your email address to spoof. If your email address is public and listed on the Internet, then spammers “scrape” your email off of these websites. To scrape emails, spammers use programs that scan websites and extract the email addresses listed on them.
  4. Use one primary email address for your work, and use a “junk” email address for sharing on the Internet. Many times, your Internet surfing and exploration of software will be extremely hampered if you are overly cautious and never share your email address. Use a “junk” email, such as a Hotmail, Yahoo, or Gmail account, that you use for all of the times when companies request your email address for newsletters, software downloads, and website registrations. Keep your primary work email address more private. Don’t post or share it anywhere and only use it for work.
  5. Use a strong antispam program and keep it up-to-date. Since spoofing lives and thrives by spam getting through your filters, then you want to make sure that your antispam software is strong and updated. While your antispam program won’t catch all spoofing emails, it will block amateurish spoofing emails that will be flagged because of how they are being sent. If a spoofer cannot get through to you, they will eventually stop and look elsewhere for victims.

While it may be frustrating to know that you cannot prevent email spoofing, be reassured that it’s not as serious as your email being compromised or hacked. Most people’s email addresses have been spoofed at one time or another. Overall, just keep your city email address as private as possible. Even if you’re a city official, use a secondary email address, a form, or a link to your email if you need to post your contact information on your website. There are many workarounds to make sure that your primary work email address is as private as possible so that spoofers leave it alone.

If you have been spoofed, change your email address. It may be hard to let go of your favorite email address that you’ve had for many years, but once you’ve been spoofed your email address will be in the hands of spammers indefinitely. After you create a new email address, keep it private (using our tips above).

To talk about spoofing in more detail, please contact us.

Friday, June 28, 2013
Dave Mims, CEO

The Tribune 4.2 release has been completed and tested, and Sophicity.com has been running on it now for weeks. Our release date is Friday, July 12.

This release includes:

  • New Content Editor Control: The WYSIWYG control that provides the content editing capabilities for the Summary and Detail fields on the Story Management Detail screen has been replaced with a new control. This new control supports all features of the previous control but adds enhancements for better cross-browser support, the ability to paste cleanly from Microsoft Word, an image editor, alignment rulers, and more. Note: This is the Story Management Detail page where you spend most of your time in Tribune adding and updating content to your webpages.
  • Server Upgrades: A new production Tribune environment for hosted customers has been built with 64-bit Windows servers. Both shared and dedicated sites will be upgraded to the new environment.
  • 64-Bit Windows server compatibility: For our Enterprise customers, Tribune 4.2 is certified to run on both 32-bit Windows servers for backwards compatibility, and now 64-bit Windows servers. Tribune enterprise customers can migrate their sites to 64-bit Windows servers on their own timetable.
  • And, additional minor enhancements and fixes…

The next release will have Mobile Friendly Administration that allows you to add, update, and delete content on your Tribune website from mobile devices. Our ETA to deliver this next release is October.

On the radar to come:

  • Virtual Forms: Allow you to add forms to your Tribune website. You will be able to quickly create then publish forms yourself to your website. Once published, the form will allow a visitor to your website to submit a request or information. For example, you might create a form to report a pothole.
  • Virtual Products: Allow you to add items for online payment processing to your Tribune website. You will be able to quickly create then publish products yourself to your website. Once published, a visitor to your website can make a payment for the product. Example products include paying a parking ticket, paying a utility bill, etc.
  • And more, such as file manager, broken links reporting, slideshows, image gallery, recycle bin, spell checking, archiving, etc.

As always, as you have recommendations for product features you would like to see, please contact us.

Thursday, June 27, 2013
Nathan Eisner, Network Manager

One question we often hear from cities is “Is it safe to have my data in the cloud?” The main reason for this concern is a big change in IT habits over the past few years. If cities are used to how data was stored 5-10 years ago, it feels more secure when data is stored onsite. You can see the machines that are storing your data, and somehow you feel better knowing it’s all there.

Actually, your data is less safe when it’s stored at your city rather than in the cloud. Cities are usually not IT companies, and there are often limitations in how cities manage and maintain their servers, create data backup and redundancy, and secure their data from hacking and theft.

If that wasn’t convincing enough, it’s a simple fact that data is moving into the cloud because it’s safer, more secure, more cost-effective, and less hassle for individuals, businesses, government entities, and any organization. In this post, we explain some of the key reasons why storing your data in the cloud is safer.

  1. Your data is stored in well managed and maintained data centers. Occasionally, we’ll find a city that runs an exceptional in-house data center. But that’s rare because it’s expensive and becomes economically harder and harder to justify. Cloud vendors keep your data in data centers that adhere to the highest standards and regulations. Well-known cloud providers such as Microsoft and Google stake their business reputation on these data centers, and so they throw lots of money and resources at your data to make sure it’s safe.
  2. Cloud vendors use multiple Internet connections. Cities running their website or other important software on their servers can go down easily if an Internet connection goes down. It’s expensive to purchase multiple Internet connections at a city for redundancy, and it’s still easy for a local power outage to knock them all out. Cloud vendors operate on such a high scale that multiple Internet connections only add a negligible cost to you and help ensure nearly 100% uptime for your applications. That means your website will rarely go down, and your data is nearly always 100% accessible.
  3. Backup power is a given. Some cities may have generators in case of a power outage, but these resources are expensive and may be limited to only certain sections of a city. With cloud vendors, if power goes out at a data center, there is plenty of backup power (often for a week or more) until the problem gets fixed. That means if there is a problem at a data center, it rarely affects your data and you often never hear about it.
  4. Cloud vendors provide extremely high security. Data centers are fortresses. Cloud vendors provide high security to protect such valuable data, and they have stringent requirements about who has access to your data. Criminal background checks, authorization processes, and strict physical security all help protect the machines that host your data. No matter how well a city tries, it’s hard to beat this kind of security when storing data onsite. Too many cities keep servers in easy-to-access offices or rooms where theft, malicious damage, or hacking can occur.
  5. Your data is spread across different geographies. So let’s say the worst does happen. A Google or Microsoft data center is completely obliterated through some horrible disaster. It still doesn’t matter. Your data is safe! Cloud vendors don’t just store your data in one data center. They store your data across multiple secure data centers across the United States and the world. This helps keep your data up and running even if the worst case scenario happens in a particular area. That’s part of the real power of the cloud - it’s not just one data center but a network of data centers that make sure nothing is happening to your data.

Understanding how the cloud works at the data center level can help alleviate fears about how it’s secured. Letting go of your data can be hard. Even Sophicity went through a process where our dyed-in-the-wool IT experts who love their servers and technology had to phase out all of our hardware into the cloud. Feeling like you’re losing control can feel like a loss of security, but it was the right move. We not only saved money but also could scale up our technology faster and allow our staff more flexibility to work from almost anywhere.

As you can see, cloud vendors at the Microsoft and Google level have too much to lose and too many important clients to protect. They are throwing billions of dollars of resources to protect your data that no single organization can match. And that’s why the cloud is so revolutionary. It’s truly a leap forward in data security and management.

To talk about the cloud in more detail, please contact us.

Tuesday, June 25, 2013
Dave Mims, CEO

While we’ve touted the benefits of Voice over IP (VoIP) phone systems in the past, we’ve also acknowledged when you hit limitations. What are those limitations? And why do they exist?

To begin, it helps to define again what VoIP really does. Instead of transmitting phone calls across traditional phone lines, VoIP transmits your phone data over the Internet. Technology has improved so much that a VoIP system is nearly indistinguishable from a traditional phone system in terms of features and quality. With a usually much lower price point compared to traditional phone lines, VoIP suddenly becomes a compelling alternative.

But cities need to know when traditional phone lines still need to be used and in what situations. Below are some of our observations about the limitations of VoIP based on our experiences with cities.

  1. Public safety and 911 cannot go down with a power outage. Power outages are much more common than traditional phone line outages. That makes traditional phone lines more reliable during situations such as bad weather. Consider using traditional phone lines for these important services so that they are up and running despite a power outage. If you still want to use VoIP for 911 and public safety, you can also consider using a traditional phone line as a backup.
  2. Slow Internet speed will drastically affect VoIP quality. While high-speed Internet has permeated most of the country, there are still quite a few cities where Internet speed is still a problem. If your Internet connection is not fast, your VoIP call quality will suffer. That means people will sound choppy, sound will go in and out, and you may be unable to sustain a conversation. If your city still does not have cost-effective, quality high-speed Internet, stick to a traditional phone line.
  3. VoIP setup may be impacted by the quality of your network. Many cities have limited IT capabilities, and a VoIP system requires some standard IT network resources along with a slightly complex setup. By contrast, a traditional phone line is easy to set up - you just plug a phone into the jack. If your city still has extremely limited IT resources, then you may want to consider using a traditional phone line until you assess your overall technology needs.
  4. VoIP is only as good as your technology monitoring and maintenance. Since VoIP is software that harnesses your Internet connection, it is vulnerable to everything that a usual network and software application gets threatened by. Outages, security breaches, lack of memory or bandwidth, and viruses all can affect your VoIP system. If you don’t have IT staff or a vendor monitoring and maintaining your environment, then your phone system becomes vulnerable to problems just like your servers, computers, and software.
  5. VoIP equipment should not far exceed the price of a traditional phone system. The best VoIP systems on the market keep costs down by providing service in the cloud. That means VoIP vendors should not burden you with the costs of purchasing and maintaining a lot of new hardware. Remember, the point of switching to VoIP is to lower your costs. Setup and maintenance should be relatively minimal. If the total cost of your VoIP solution far exceeds the costs of traditional phone analog equipment, then have an IT professional ask tough questions about the VoIP vendor’s proposal.

As you can see, VoIP works best when you already have a strong technology network already in place. That doesn’t mean that smaller cities cannot take advantage of VoIP. It just means to look before you leap. Assess your phone system along with your technology, and explore if VoIP makes sense. In some cases, technology limitations or sensitive public safety systems may require traditional phone lines in all or parts of your city.

And remember, despite even us touting the benefits of a technology, always do an assessment to figure out if a particular technology is best suited for you.

To talk about VoIP in more detail, please contact us.

Friday, June 21, 2013
John Miller, Network Infrastructure Manager

As the Internet continues to evolve, content becomes more and more important. People usually research on the Internet as a way to explore nearly any topic, including learning about cities. Where 10 years ago people may still have found a lack of city website content acceptable, the same is not true today.

Your citizens (and even non-citizens) are “customers” who have distinct similarities in what information they need at certain times. They may be discovering your city for the first time and want to learn more about it. They may be researching your city to decide if they want to move there and join your community. Or they may be citizens that need answers to questions about city services.

Whatever needs people have, it’s up to your website to meet those needs. And do that, you need content. If you want to assess if you have some glaring content gaps, make sure you at least have the following five areas covered.

  1. Pages for City Departments. No matter what size city you are, you want to identify your most important departments and make sure they are represented on your website. For most small and medium cities, that usually includes city hall, public safety, parks and recreation, public works, and economic development. For these pages, you need content that welcomes people, provides a summary of what the department does, and offers links to further information.
  2. News, News, News. It’s essential that city homepages and other main city webpages contain news and updates. People judge a city by its perceived vitality. If the last news update was from six months ago, it suggests that nothing much is happening in your city (or no one cares). If there are no news updates, it makes the city’s website frosty and unwelcoming. News items are all around you: new businesses, community events, fundraisers, downtown economic development reports, etc. You need to capture and report those items to show off the best about your city.
  3. Events Calendar. From city business to barbeques, a city calendar is a great way to deliver up useful content and keep people coming back for more. Don’t just report the bare bones events such as city council meetings. A city events calendar should not only be functional but also offer a way to promote important city initiatives. Maybe the city is giving a tour of a successful business, or maybe the city is hosting a classic movie viewing in the park. Showcase events that suggest a vibrant community with lots of interesting things to do as well as highlighting important business meetings.
  4. City Council Agendas and Minutes. Many city websites still lag on uploading city council agendas and minutes, or they irregularly post them. It’s frustrating when months go by and the minutes of a city council meeting are not there, and it reflects poorly on the city’s transparency. Upload city council agendas at least a few weeks before the city council meeting. Post minutes at least a week after the meeting, if not days. Citizens will judge you (harshly) if you do or don’t provide this information in a timely fashion. Modern websites and information capturing methods make it easy, so there’s no excuse.
  5. Answers to Common Questions. Finally, no matter how else you create and organize your content, you always need to make sure you are answering questions in a concise, relevant way for people. Your utilities pages need to be focused on common questions related to signing up and service, not just providing a person’s name and phone number. Your court page needs to be user-friendly and answer questions clearly, rather than offering minimal or confusing content. All of your pages need to anticipate a person’s questions and concerns, and then answer those questions.

Even with just these basics, creating content takes sustained effort and some dedicated resources. It can’t be irregular or haphazard. The overall impression of a website matters, and too many content gaps reflect poorly on a city. Sometimes, this means taking a fresh look at your city’s content, identifying any ways that your content can answer questions better or show off the vitality of your city more effectively, and taking the time to rewrite it.

If you want to talk about websites and content in more detail, please contact us.

Wednesday, June 19, 2013
Clint Nelms, COO

Windows 8 is such a leap forward compared to past versions of Windows that cities have a lot of trepidation about upgrading. While you don’t want to be left behind, at the same time you want to make sure you’re not upgrading just to upgrade. There needs to be a compelling reason to upgrade.

Here are a few things to keep in mind if you’re on the fence about Windows 8.

  1. Begin by assessing what software applications you run. Just because your software can be used on Windows 8 does not necessarily mean it can “run.” For example, let’s say a common accounting program that most cities use does not support Windows 8. While you can access it in Windows 8, many important functions are not available and require tricky workarounds to make them work. We always recommend checking with the vendors of your most important software applications to make sure that their software is supported in Windows 8. If cities run older software applications and still gain value from them, then it may not be necessary yet to upgrade to Windows 8. Each situation is different.
  2. If you plan on transitioning key software to the cloud, then consider upgrading to Windows 8. One of the best things about Windows 8 is that it was designed with the cloud in mind. For example, for cities using Office 365, Windows 8 connects to it right out of the box. With so many Microsoft services having moved to the cloud, Windows 8 is a natural fit if cities want to transition those services. Also note that this capability is a sign that eventually most of your software will be moving to the cloud, especially if operating systems like Windows 8 are building it in.
  3. The user experience will take some adjustment. One of the biggest critiques about Windows 8 is its user experience. Some of it is legitimate criticism about the difficulty of figuring out how to access applications and move around the interface. Some of it is simply people getting used to something new, rather like how people have gotten used to using smartphones and tablets. You may want to consider some informal training sessions for city employees to make sure they understand how to navigate through Windows 8. Otherwise, your helpdesk might light up in the first few months and overburden your IT staff or vendor.
  4. Windows 8 is easier on remote workers and helps teleworking. Windows 8 contains various built-in features that allow users to access their desktop remotely without much of a hassle. What’s great about these features is that IT staff or an IT vendor can easily monitor and maintain all workstations using Windows 8, including applying upgrades and patches, while the user works from anywhere. For cities where employees cannot get software upgrades without coming into the office, this feature makes Windows 8 worth considering if cities want to encourage more teleworking without compromising IT maintenance and security.
  5. Windows 8 is still not the standard, and adoption has been slow. We completely understand if cities balk at upgrading to Windows 8, especially since many may have recently just upgraded to Windows 7. Windows upgrades can be costly, even if they’re cloud based. A recent article from PC World points out, “By the time the next major Windows upgrade is released, Windows 8 will be in less than 50 percent of workplace PCs, unable to overtake its predecessor Windows 7.” This situation provides a compelling rationale for sticking with Windows 7, and perhaps waiting to see what the anticipated “Windows 8.1” update will bring to Windows 8 later this year.

The verdict on Windows 8? We have to take the safest answer: It depends. In our analysis above, we provide a mix of positive, negative, and neutral analysis. Windows 8 is still not fully established as a standard and Microsoft is still working out some user and branding issues. The technology is sound, but the leap forward was more abrupt than any Windows launch since the mid-1990s. That abruptness makes cities understandably wary.

Once you assess your current technology needs, your plans to move to the cloud, and the state of your current software applications, you will get a better sense if you should upgrade to Windows 8 now or later. To talk more about if Windows 8 is right for your city, please contact us.

Wednesday, June 12, 2013
Nathan Eisner, Network Manager

You may have had the experience at some point of using up too much memory on your computer or smartphone. With such useful technology, it’s always a pain when you find its powers are finite. A short battery life, a full hard drive, or a slow Internet connection can frustrate you and prevent you from fully maximizing the use of your hardware.

Now take those problems and amplify them up to the level of your city IT network. Such resources are a vital part of a city’s operations, but we unfortunately find that cities are often not managing these resources well. Higher costs, work stoppages, and slowed software responsiveness result.

In this post, we discuss a few places where you may be unknowingly losing money and time.

  1. Real estate and building space. Many cities have too many servers either in city buildings or in data centers. The more machines you have, the more real estate it takes up—either yours or a vendor’s. To lessen the amount of space, first take an inventory of all hardware to see if you need every machine. An inventory usually reveals unused or redundant servers and workstations that can be decommissioned. Then, even with the remaining essential servers, see if you can transition some of this software to the cloud. This action can eliminate even more of your hardware and free up valuable real estate.
  2. Information storage space. Inside your servers and workstations, you need to make sure that you have plenty of data storage space. We find that cities often do not plan for the amount of storage they need. Depending on heavy use of video, audio, multimedia, or complex documents, your storage space can run out rather quickly. Work with your IT staff or vendor to share your business needs – both now and in the future – and help estimate the amount of storage you will need for files from city council meeting videos to PDFs of scanned documents.
  3. Power and cooling. While reducing your hardware inventory can help with saving valuable energy, you also need to look at your power requirements for existing servers and workstations. For example, significant energy savings can happen by virtualizing servers to reduce power and cooling needs. Replacing older hardware with newer energy-efficient hardware can also help, along with reassessing how you are cooling the rooms where you store your hardware.
  4. Low system resources. Your entire network can come to a crawl if your CPUs, hard drives, network capability, and physical memory are maxed out or worked too hard for too long. If you’re not monitoring data related to your system resources, overcapacity can sneak up on you and interfere with employee productivity. Your IT staff or vendor should be able to help you address your overall projected workload based on current hardware and software coupled with your business needs. Then you can plan for how many system resources you will need to accommodate your operational demands.
  5. Misuse of resources. Ideally, employees and IT staff respect the policies and technological limitations of a city, but occasionally there will be abuses. These can range from watching high definition movies on a desktop computer to storing thousands of music files on a server. Personal activities conducted on business property can lead to resource hogging, causing Internet bandwidth problems or lessened storage space. When monitoring your network, watch for unusual spikes in usage and then address the problem as soon as possible.

Above, the key themes throughout the five areas are planning and monitoring. If you reactively invest and manage your technology, you are not planning for additional resources that you’ll need in the future. And if you don’t monitor regularly, problems will sneak up on you and cause much more disruption to your city than if you had anticipated a need for more physical memory or storage space.

With planning, you will save money and maximize the use of your technology resources. To talk about resource planning and monitoring in more detail, please contact us.

Tuesday, June 11, 2013
Dave Mims, CEO

Since the launch of IT in a Box, its adoption has grown quickly! Thank you!

We have diligently collected feedback, monitored and analyzed existing product components, and assessed technologies. Now, I am very excited about IT in a Box’s new enhancements we are releasing!

IT in a Box enhancements include

No trip charges for onsite support visits scheduled Monday through Friday from 9 a.m. to 5 p.m. Standard expenses including mileage will be expensed back. We announced this one a little early, but it’s so good that I just had to mention it again!

Unlimited storage for offsite data backups! Yes, you read that right. Unlimited storage for offsite data backups! This means all versions of all your data can be securely and redundantly maintained offsite for disaster recovery for all of the servers in your IT in a Box plan.

Website Online Payments is no longer an add-on to IT in a Box. Instead, website online payments will now be covered under existing IT in a Box fees. That means IT in a Box will no longer have a fee for website online payments (e-commerce), nor a per transaction fee, nor a product listing fee to provide website online payments for city services such as utility billing, banner applications, etc. This includes an unlimited number of products listed on your website for which you can take online payments.

Note: You will still have to consider your online payment merchant fees, but those are typically negated with a surcharge (or convenience fee) that the city will set and receive. Also note that custom integrations (for example, with your accounting system) are not included. We can do that work, but that custom integration will be charged as a separate one-time fee.

Mobile device management and support spanning iPhone, iPad, DROID phones and tablets, Windows phones and tablets, and even Blackberry. Yes – that means not just your servers and workstations will be supported, but even your mobile devices (including your smartphones and tablets).

Microsoft Office 2013 upgrades to your desktop computers. Yes, new software for your desktop but no new licenses to purchase! We have been running Office 2013 internally for some time now and I personally really like the new experience it provides on the Microsoft Surface devices for email, editing documents, and working on spreadsheets.

Email (Exchange) server upgrades enhancing Outlook Web App (OWA) and anti-malware. No new server hardware for the city to purchase as in the past.

Document Management (SharePoint) server upgrades enhancing support to allow external document sharing. Again, no new server hardware for the city to purchase as in the past with other document management systems.

Next steps

Again, I am very excited about these enhancements to IT in a Box and the benefits they bring to you. Thank you for being a valued customer. We will be scheduling and rolling out these updates in the near future. At no charge to you.

If you have any feedback, please don’t hesitate to call or email me.

Friday, June 07, 2013
Dave Mims, CEO

While we continue to encourage cities to embrace the cloud in order to reduce costs and create a much easier-to-use IT environment, we sometimes see cities taking shortcuts with the cloud. With cloud services becoming more and more omnipresent, a plethora of free services have emerged that can tempt cities looking for low-budget technology.

Just as we warn with many other technologies, you pay for what you get. But the problem with the cloud is that the services seem pretty darn good. After all, as long as your email program, software, or storage seems to work over the Internet, why not use it?

Cities, as government entities, need to be particularly sensitive to free technology solutions. For the cloud particularly, here are some reasons why you need to consider an enterprise cloud solution instead of a free cloud solution.

  1. Better control over your use of resources. When cities use free cloud services, they tend to be unmanaged and set up by non-IT people. That means different people might be using different cloud services, storing documents in different places, or using the cloud services in ways that conflict with each other. While “free,” this kind of undisciplined use of the cloud actually costs you money. With an enterprise cloud solution, you have professionals overseeing the setup, making sure you have standardized software and applications across your city, and ensuring that you are utilizing resources (such as storage space) wisely.
  2. Better monitoring and maintenance. Just because it’s the cloud doesn’t mean it’s going to work without you taking care of it. That means having your IT staff or a trusted vendor monitoring all aspects of your cloud resources for problems, issues, and alerts. Patches and security updates may also need to be applied, either by your staff, an IT vendor, or the cloud vendor. With free cloud software and services, this kind of monitoring and maintenance may not be included—or it’s at a minimum threshold that doesn’t meet your level of quality.
  3. Better data backup and redundancy. While most cloud software is backed up by default, enterprise cloud service data backup is more customized to your city environment. With free cloud services, data backup may not even be guaranteed. If you lose a file or something happens to your data, you may not even get a person to help you with your individual problems. With enterprise cloud services, you have dedicated staff making sure your data is backed up and that you’re able to recover files from a small glitch to a major disaster.
  4. Better support. While we’ve already touched on this in the above examples, it’s worth dedicating a paragraph to the importance of support with enterprise cloud solutions. Free is great until there is a major problem. That’s why despite the massive use of free cloud services, there is no one to call if you have a problem. This is where the rubber meets the road in a business environment. Individuals tend to get by with this annoyance, but your city employees will have problems with email, documents, and software as part of their work. When you hit a wall, you are helpless. Enterprise cloud services ensure you have robust helpdesk support that takes care of more complicated technology problems.
  5. Better adherence to compliance and regulations. One of the reasons the state of Texas chose cloud services from Microsoft is that the company followed strict government compliance and regulatory demands. With free cloud services, you’re rolling the dice on compliance. Who has access your cloud data? Who is taking care of it? What happens if you get an open records request or a legal issue comes up? Enterprise cloud services should accommodate your compliance needs and have a team of people ready to answer your questions or take action on your behalf.

If you use free cloud services as part of your everyday life, it’s tempting to think they will also translate easily into your city. But as many government entities have learned the hard way, you lose much more than you gain. At best, you’re sacrificing discipline, process, and standardization, which confuses employees and disrupts productivity. At worst, you could suffer significant legal and financial woes by relying too much on a service that doesn’t offer personalized maintenance and support.

However, enterprise cloud services doesn’t mean huge expenses. The services can still be relatively inexpensive within the context of a professional IT team supporting your overall environment. At root, the problem is less the cloud and more the support behind it—which you absolutely need at a city.

To discuss enterprise cloud services in more detail, please contact us.

Tuesday, June 04, 2013
John Miller, Network Infrastructure Manager

In our last two online payments posts, we discussed firewalls, passwords, and data protection. Next, PCI DSS compliance requires “vulnerability management.” That means taking a deeper look at your antivirus and network security. Unfortunately, for many cities those areas are woefully inadequate—leaving cities open to attacks.

Cities that want to offer online payments cannot have security holes and gaps that risk malicious access to payment data. That means ensuring that a city’s antivirus and network security is enterprise level without breaking the bank. Luckily, there are some common sense, cost-effective basics to follow that ensure your security fundamentals are ready for online payments.

Two Antivirus Essentials

While we’ve written extensively about antivirus in the past, you really need to worry about two key aspects.

  1. Apply an enterprise antivirus solution on every computer. Don’t rely on free antivirus software, or for employees to individually maintain their own antivirus updates. By enterprise, that means your IT staff or vendor is monitoring your antivirus software at all times. They are receiving reports about threats and keeping your antivirus up-to-date. Every computer needs to have this enterprise solution applied, since all it takes is one infected computer to affect an entire IT environment.
  2. Proactively manage and audit your antivirus software. Once you install antivirus software, you cannot assume it works automatically. It helps to audit your software regularly, ensuring that the software is installed on any new machines, confirming that it’s installed on every machine at all times, and making sure all antivirus licenses are current so that you’re able to apply any updates.

Three Network Security Essentials

With antivirus taken care of, you also need to think about security for your entire network. Focus on three network security essentials.

  1. Set up proactive monitoring and alerting. Every city network needs to have 24/7 monitoring and alerting to flag any security issues. Your IT staff or vendor needs to always be analyzing your network data to detect any denial of service attacks, unauthorized access, or suspicious data patterns. Don’t rely only on automated monitoring. Make sure your IT staff or vendor is always reviewing and analyzing the data.
  2. Apply all necessary patching and updates. We always want to think this is obvious, but we’ve seen too many city environments where security patches and updates are just not happening. Server and workstation patches regularly address security problems, and software updates often include security fixes along with bug fixes and enhancements. If you are not applying patches regularly, you’re exposing your network to unnecessary security risks.
  3. Use content filtering. While content filtering can be controversial, it helps to provide additional network security. It’s especially useful in sensitive environments, such as cities, where a data breach can have massive financial and legal implications for the public. All it takes is one person clicking on the wrong website and submitting password information unwittingly to give a hacker access to a city’s systems. Content filtering allows people access to safe websites but restricts access to malicious or unknown websites.

If your city wants to offer online payments, it’s essential to make sure you have a solution addressed for each point above. The scary thing about security is that it’s usually weakest on the front lines. You might have powerful servers or a data center that’s locked down, but a person’s workstation or laptop might be completely open to attacks. You need to make sure your network security extends to each and every person’s computer, and that means making sure all computers are protected with antivirus, monitoring tools, patches, and content filters.

In our next PCI DSS compliance online payments post, we’ll look closer at access – and how to assign authorized access to the right users while keeping out any unauthorized users.

If you want to talk about security for online payments in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 |