CitySmart Blog

Friday, November 15, 2013
John Miller, Senior Consultant

While many cities agree that they need to store and back up their data offsite, we often get into a lot of complicated discussions about what “offsite” actually means. Isn’t “offsite” literally someplace that is not onsite at the building where you’re storing your information? Why doesn’t a particular “offsite” building count as offsite?

To help clarify what constitutes as “offsite,” let’s run through some imaginary but representative scenarios that we often hear when talking to cities. In these scenarios, we’ll assume the onsite data is stored at City Hall.

Scenario 1: We store our data backups “offsite” at the fire station down the street.

Why it’s not “offsite”: While you are storing your data in a completely different building, it’s too geographically close to City Hall. If a tornado, thunderstorm, or other weather disaster were to affect several blocks of the city, both City Hall and the fire station would be at risk of losing all data. Disaster recovery needs to account for a catastrophic disaster, so having your data stored “offsite” down the street is just not far enough away to constitute as true offsite data backup.

Scenario 2: We store our data backups “offsite” on a flash drive at the mayor’s house.

Why it’s not “offsite”: Even if your mayor is the most trustworthy person in the world, this is a bad solution from all perspectives. First, the mayor likely lives nearby, so the same proximity flaws from Scenario 1 apply. But you are also introducing other risks. What if the flash drive is lost or stolen? Where is the mayor storing the flash drive? On a kitchen table? In a vault? Near water or coffee or something magnetized? How do you know that the mayor isn’t storing the data somewhere else? What happens if the mayor is not reelected? Does the new mayor have to keep the city’s data at his or her house? Having a single person handling a portable piece of media like a flash drive and carrying it back and forth from home to City Hall, even if they’re diligently doing it every day, is way too risky.

Scenario 3: Our IT provider stores our backups at his house.

Why it’s not “offsite”: Not only is this completely unprofessional for an IT provider, but it’s like a worse version of Scenario 2. At least the mayor is someone elected to look out for the best interests of the city. An IT provider’s job is to get paid to implement data backup best practices that mitigate risk for the city. You may even know the IT provider, but in no way should you ever trust your data to reside at anyone’s house. The liability is enormous. What if you decide to sever relations with this IT provider? What if the IT provider gets angry and holds your data hostage? What is the IT provider doing with your data at home? How is your IT provider able to test and audit your data professionally? Any backups stored at someone’s house is a bad, bad, bad strategy.

Scenario 4: Our data backups are stored at a building about six miles away from City Hall.

This scenario is not as bad as the others, and it’s tempting to allow for such distance to constitute as offsite data backup. Another temptation connected to keeping data within driving distance is a sort of irrational feeling of security—if the data is close and you can drive to see it, it feels safer. But again, think of natural disasters. Earthquake. Tornado. Hurricane. Flooding. It’s not uncommon for such disasters to tear across wide swathes of a city. For true 100% disaster recovery, you need to make sure your data is stored much further away—quite geographically remote from your city.

So, if the above scenarios are not offsite, what does constitute offsite? As a general rule, offsite backup should meet the following criteria:

  • Data should be backed up in a secure facility. A secure facility means a professionally operated data center with full security and best practices applied. People’s houses are not a secure facility.
  • Data should be backed up in a geographically remote location far from where the actual data is stored. In other words, if there is a natural disaster such as a flood or tornado, the offsite backup should not be threatened as well. Six miles away is too much of a risk, so we recommend cloud data backup or at least having the data backed up in a completely different part of the country.
  • Data backups should be encrypted. While most cities pay attention to onsite data encryption, they often ignore offsite data encryption. Your offsite data backup needs just as much care as your onsite data backup. If it’s stolen, that data should be useless to the thief or hacker.
  • Data backups should be automated. That means no human involvement at all. Somebody from a city should not have to physically move backup media (such a flash drive) to an “offsite” location.

And today, you have a great opportunity to do offsite data backup right. With such cheap unlimited cloud data storage available, there are plenty of good and easy-to-setup options for offsite data backup. The costs have lowered so much and the quality of offsite data backup has risen so much that even smaller cities can affordably implement automated, encrypted, secure data backup.

To talk about offsite data backup in more detail, please contact us.

Wednesday, November 13, 2013
Clint Nelms, COO

Just like greeting and orienting someone when they walk into City Hall, a city’s website must do the same thing with its City Hall website page. Your City Hall page might also be called City Services or serve as the City Clerk’s page. However you organize your information, you need a page that introduces citizens to city administrators and directs them to your most important services.

While the content on this page should be basic and functional, you want to make sure you provide a good balance of relevant and thorough information. We see too many City Hall pages as only dry lists of names or lacking essential information. In this post, we provide some tips about what content you need for a successful City Hall page.

  1. Cover the basics. First, make sure you have all essential information about City Hall outlined. People will sometimes need to come to City Hall to pay bills, attend meetings, or talk to the city clerk. Provide the address, directions, and hours in an upfront place where they are easy to find. Many websites even use a simple Google Maps widget that allows people to see where City Hall is located and plug in their address to get directions.
  2. Create a brief welcome message. It doesn’t have to be long, but create at least a paragraph of text or a short video that welcomes people to the City Hall page. A welcome message brightens up the page, personalizes the information, and allows you to highlight any important points. Don’t write too long of a welcome message. People won’t read it, and it may force people to scroll down the page to get to the information they actually came to find.
  3. Offer quick links to popular services. If citizens commonly tend to ask about certain services, departments, or people, then provide quick links at the top of the page to help people get to that information faster. You might look at your website traffic or simply use your knowledge of what people ask about on the phone or in person to create a list of your top services. To be even more helpful, use language that people would use (e.g. “I need a business license…” instead of “Business Services”).
  4. Provide a directory to all services. Large or small, cities need to provide a list of people, departments, and services that citizens would contact or access at City Hall. Include phone numbers, extensions, and email addresses (or another way to electronically contact a person). To protect email addresses from getting picked up by spammers, you can spell it differently (e.g. sales AT sophicity DOT com) or use a form instead. Depending on your website design and programming capabilities, you can offer up your directory in many ways—but make sure that it’s easy to access and browse the information.
  5. Identify key leadership contacts above all other contacts. A citizen shouldn’t have to dig through a directory to find key City Hall contacts like the city manager or city clerk. Highlight these contacts above all others and include a headshot if possible. Not only is it helpful for citizens but you also create a better impression when you highlight your City Hall leadership. People feel more comfortable about a city when they feel they know their city manager and city clerk by name and face.

While function really takes precedence on this page, you want a few flourishes that show you’re a good host—like City Hall itself. Your City Hall is about business, steering citizens to where they need to go. But you also welcome them, smile, and engage them in some small talk before moving them on their way. Your City Hall web page works in the same way. Greet citizens, be helpful, and use the information you present and prioritize on your City Hall web page to send them on their way.

To talk about website content in more detail, please contact us.

Thursday, November 07, 2013
Brian Ocfemia, Technical Account Manager

A very nasty computer virus called Cryptolocker is circulating around businesses, government entities, and many other organizations. We’ve already seen one city infected with this virus and have heard of several other victimized cities. This is not something you want infecting your city’s computers.

To help protect you against the Cryptolocker virus, we’ll answer some common questions and offer some proactive tips—especially if you feel unprotected against viruses.

Cryptolocker Questions & Answers

What is ransomware?

Ransomware is one of the scariest viruses out there. We’ve become so dependent on our electronic data, either on our computers or in the cloud, that losing access to that data would be devastating. And hackers know that. So, they prohibit access to your data in exchange for a ransom. It’s the digital equivalent of taking your most valuable possessions hostage.

What does the Cryptolocker virus do?

It encrypts the hard drive of your infected computer, meaning you cannot access or read your data. A popup window will appear and you’ll read a ransom demand for money in exchange for what’s called a “private key” so that you can decrypt your hard drive. It’s like a hacker has a padlock on your data, and the hacker has both keys. Supposedly, if you pay the hacker it’s like they give you one key and you both open the padlock at the same time.

Should I pay the ransom to get my files back?

We typically do not recommend paying the ransom. The hackers will tell you that if the money is not paid within a certain amount of time (usually about 24 hours) then the private key is destroyed and the contents of your computer are lost forever. But these are criminals. Once they have your credit card information, what will stop the hackers from using your credit card information again (or even stealing your identity)?

So how do I get rid of the virus?

In the short term, an enterprise-level antivirus solution can easily detect and eliminate the virus. However, if you already saw the popup window demanding a ransom, then it’s already too late to unencrypt your files. You’ll lose your data, but the virus will be eliminated by the antivirus software.

In the long term, or even if you haven’t been infected by the virus, you want to take proactive steps to protect yourself from Cryptolocker and other viruses.

  1. Use an enterprise-level antivirus solution. Avoid free antivirus software or relying on city staff to manage antivirus software on their own computers. You need a more professional solution that is managed by IT professionals and updated regularly. Enterprise-level antivirus software also has better monitoring capabilities, often preventing viruses from ever affecting you. In the case of Cryptolocker, enterprise-level antivirus software would likely have stopped the virus before it started encrypting your files.
  2. Use antispam software. Since Cryptolocker can spread through malicious files in emails, you need ways to better block email before it gets to users. Many cloud-based email solutions have excellent antispam and antimalware software built in, or you can purchase enterprise-level software if you host your own email.
  3. Implement a regularly tested data backup and disaster recovery solution. In case the worst happens, having a data backup and disaster recovery solution in place—both onsite and offsite—will ensure that you have a backup of your files in another location that the hackers cannot reach. Do not simply use a free file storage service where files are synced—rather than backed up—across different storage locations. Access your files in one place, and back them up in another place. And test your backups at least once a quarter.
  4. Train city staff about basic online safety best practices. On a basic level, your city staff should be able to identify obviously suspicious email messages, avoid clearly malicious websites, and never give out their username and password to an untrustworthy source. Your city administration and IT vendor should be clear about how sensitive information is shared so that it’s easier for people to detect fraud when that process is violated.

If you feel unprotected against a virus of this caliber, please contact us. We will be more than happy to answer any questions you may have.

Tuesday, November 05, 2013
Dave Mims, CEO

GMA helps city procure equipment to start operations and launch website, data backup & disaster recovery, and email.

As one of the newest cities in Georgia, Peachtree Corners is located in fast-growing Gwinnett County in metro-Atlanta. Located near successful business clusters such as Technology Park and The Forum, Peachtree Corners is a planned community that is now the largest city in Gwinnett County. Like any new city, Peachtree Corners is creating everything from scratch – from its vision of the future to the most tactical aspects of its operations.

Challenge

From the start, Peachtree Corners needed robust IT to help them hit the ground running. Like most cities, they needed a website, basic hardware to help run operations, software licensing, and email. Without the basics in place early on, Peachtree Corners would not be able to effectively serve citizens—and these citizens would be watching this new city very carefully.

In addition, Peachtree Corners also had to think about ongoing costs that included data backup, disaster recovery, website hosting, website content management, hardware support, and access to a helpdesk. The city had not yet budgeted for longterm future IT costs, and the potential high cost of building an IT infrastructure seemed daunting.

Solution

Peachtree Corners solved these challenges by using the Georgia Municipal Association’s “IT in a Box” service. Powered by Sophicity, “IT in a Box” is a complete IT solution for cities and local governments. The service includes a website, online payments, onsite data backup, unlimited offsite storage of data backups, email, document management, Microsoft Office for desktops, server, desktop, and mobile management, vendor management and a seven-day a week helpdesk.

Results

“IT in a Box” helped Peachtree Corners:

  • Launch a high quality, user-friendly website.
  • Ensure a highly available and dependable email system.
  • Mitigate the risk of data loss through onsite and offsite server backups.
  • Procure and configure computers and network equipment needed to start operating.
  • Provide enterprise-level helpdesk support for its staff along with day-to-day technology monitoring and maintenance.

Peachtree Corners saved $66,459 of the costs typically spent launching a city network of their environment and size. “IT in a Box” helped Peachtree Corners establish a strong technology foundation and create a predictable IT budget.

Sophicity was instrumental in getting Peachtree Corners off the ground and running in regards to all aspects of IT. They provided the City with outstanding service in putting together the entire IT infrastructure from the desktop computers and servers to the security to protect it. The support team did an outstanding job during those first pivotal moments of setting up users for email, answering phone calls for support, and establishing security settings for each user based on their role with the City. Sophicity was also integral in helping the City build, launch and maintain our website. - Accounting Manager/Clerk of Court Brandon Branham
If you're interested in learning more, contact us about IT in a Box.

Print-friendly version of the Peachtree Corners, Georgia IT in a Box case study.

About Sophicity

Sophicity is an IT services and consulting company providing technology solutions to city governments and municipal leagues. Among the services Sophicity delivers in “IT in a Box” are a website, online payments, onsite data backup, unlimited offsite storage of data backups, email, document management, Microsoft Office for desktops, server, desktop, and mobile management, vendor management and a seven-day a week helpdesk. Read more about IT in a Box.

Friday, November 01, 2013
Alicia Klemola, Account Manager

As cities continue to rely more and more on technology, they also worry more and more about what’s called “cyber liability.” By not protecting electronic data in the right ways, cities can find themselves exposed to lawsuits, fines, and severe operational issues. For good reason, cities are increasingly worried about cyber liability.

But often, cities don’t know what they don’t know. What needs to be done to protect cities? While we’ve written about cyber liability in detail in the past, we’ll use this post to share three key insights that we heard discussed at a recent panel discussion at the 2013 Kentucky League of Cities Conference & Expo.

To start thinking about cyber liability, consider the following points.

  1. First, look at your data backups, since data loss is the most common cyber liability. Simply having the right data backup will save you the most worry about cyber liability. Yet, so many cities still have critical gaps in their onsite or offsite data backup. Cities need to address the following points:
    • Onsite data backup for quick recovery in case of something like server failure.
    • Offsite data backup in case of disaster like fire, flooding, tornadoes, or theft.
    • Testing data backup to ensure that it’s working. We still see so many cities that don’t test their data backup, and that lack of testing often leads to a greater risk of data loss.
    • Auditing data backup by providing documentation and evidence that your data backup is working.
  2. Assess the current state of your technology assets and ongoing maintenance. While tight budgets might be an excuse for not overspending on technology, that doesn’t mean you should neglect investing in the right technology. We see liability result from the following scenarios:
    • Minimal, reactive technology support. Fixing something only when it breaks is a form of neglect and increases liability.
    • Using cheap IT vendors that don’t document their processes, skip industry standard best practices, and host your servers in poorly maintained environments.
    • Poor security, such as lack of enterprise-level antivirus software, weak passwords and administrative credentials (which increases the risk of hacking), and poor configuration of your hardware and software.

    Poor, cheap technology maintenance increases your risk of viruses, hacking, malware, and other activities that lead to liabilities such as data theft, fraud, and other cybercrimes.

  3. If you’re a smaller city, you’re more susceptible to cyber liability. Big cities might receive more publicity when cybercrimes occur, but small cities are the most susceptible to cyber liability because they often don’t spend money to protect themselves. And many think they’re too small to be a target. However, hackers are quite sophisticated and they look for easy targets. Small cities don’t need a lot of technology investment to protect themselves, but at a minimum they need to make sure that:
    • The city’s website is hosted and secured professionally.
    • The city’s data is backed up both onsite and offsite, with regular testing and auditing.
    • The city’s technology infrastructure is proactively maintained and monitored for any issues.
    • The city has enterprise-level antivirus, antispam, and patch management software helping keep technology secure and up-to-date.
    Cyber liability is really only messy when you don’t prepare for it and suffer the end result of an issue like data loss or fraud. But when you simply invest in data backup and modern technology, most of your cyber liability problems go away.

If you’re still worried about the cost of such technology investments, we’ll leave you with two thoughts.

  • Even for small cities, the cost of important technologies has come down while the quality has gone up. If you’re worried about areas like data backup that used to be cost-prohibitive, you’ll be surprised at how affordable a basic solution costs today.
  • If you’re still wary of even adding these low costs to your city budget, think of this investment like insurance. While car insurance can be a bit expensive sometimes, the cost of an accident can be catastrophic. The same rationale goes for cyber liability. Invest in the right technology like insurance. Otherwise, it’s more probable you will experience a cyber liability incident, and the cost of dealing with that incident will far exceed the low monthly costs of investing in the right technology to protect yourself.

To talk about cyber liability in more detail, please contact us.

Tuesday, October 29, 2013
Dave Mims, CEO

Many cities and other government entities have rapidly made the shift from their old email servers and software to cloud email. Many of the reasons have to do with back-end technology aspects such as easier management, security, and data backup.

But cloud email is unique in that it’s a technology where you can actually touch and feel many of its benefits. Compared to older email services, there are some night and day differences you can actually see and experience that will have a tangible impact on your day-to-day work and operations.

Here are five features that we’ve noticed particularly appeal to city staff and administrators.

  1. No hardware. While this will matter more to city administrators or anyone who manages email servers, it’s still a revelation when email servers go away. One of the biggest hassles with traditional email has been its management. That includes servers to purchase, maintain, upgrade, patch, and restart when they crash. Hardware means IT staff, vendors, or even non-technical staff worrying about these machines on a 24/7 basis. Cloud email just requires an Internet connection. This aspect alone removes a lot of headaches.
  2. Anti-malware built in. Most cloud email vendors build anti-malware tools right into their software. This helps prevent most spam email from ever entering a user’s inbox and protects users from clicking on malicious attachments. In the past, cities would often need to install anti-malware software separately. This led to potential email / anti-malware software integration issues, and it involved separate software to purchase, manage, and maintain. With anti-malware built into cloud email, you don’t even have to think about it anymore.
  3. Instant messaging built in. Instant messaging used to be seen as frivolous and distracting by most businesses and government entities, and that perception may still carry into a few cities today. In addition, using instant messaging meant yet another software program to install and manage. Today, the novelty of instant messaging has worn off in a world of social media and mobile communications. Instant messaging is now really just a handy way to quickly communicate with colleagues and it’s built right into cloud email.
  4. Large files easily handled. One of the most annoying things about traditional email servers is the inability to handle large files such as images, zip files, or multiple documents. That’s because email servers could only handle so much load and it restricted the size of each email, along with restricting the total number of emails you can store. With cloud email, file sizes are rarely an issue because of significantly increased storage space. Cloud servers also easily handle emails with large attachments because of vastly superior server capacity.
  5. Integrates easily with mobile phones. While email on mobile phones isn’t new, the power of cloud email on mobile phones is revolutionary. In the past, you may have been restricted to a specific service (like Blackberry) which required its own server, or you may have struggled to connect your own email servers to mobile phones. If you dealt with your own email servers, that meant managing many mobile phones which all constantly accessed your email servers. Service could be sporadic, especially as so many different mobile phones presented unique access problems. With cloud email, mobile phones simply use an app, some log-in information, and you’re accessing email as easily as any Internet service.

While we’ve discussed the back-end benefits of cloud email in past blog posts, the user benefits are just as important in many ways. What strikes us as especially noteworthy is how many different kinds of software are now consolidated and leave very little for people to worry about anymore. Cloud email—like many kinds of cloud software—combines different pieces of important software and creates an easy-to-use experience while eliminating some of the annoying aspects of email that used to be so hard to manage. Overall, cloud email is that rare technology where your city staff can immediately experience the benefits.

To talk about cloud email in more detail, please contact us.

Thursday, October 24, 2013
Nathan Eisner, CMO

When we walk into cities for the first time and see unused servers or watch people using outdated software, it’s easy to blame these issues on vendors. We might hear “Our servers don’t work right” or “We were sold the wrong software.” To a certain point, vendors may shoulder some of the blame. Cities understandably want to make sure they are fully using their technology investments and that all technology is up-to-date and supported.

But such a situation signifies a deeper problem that also affects how vendors are managed—and that’s matching your technology to user needs. It sounds almost too simple on the surface. “Well, of course our technology meets user needs. People use it, don’t they?”

However, we find that a lot of technology was purchased without the buy-in of the city employees that actually use it. Sometimes, a vendor can do an excellent sales job talking about features, but failing to talk about the user experience. It’s only too late when you realize that the technology did not live up to its original promise.

Here are some user-focused questions we tend to ask when evaluating new and existing technology vendors for cities. These questions help make sure you’re only investing in needed technologies and that the cost of those technologies will be as low as possible.

  1. What are people’s biggest pain points? Just by interviewing users of technology, you can learn a lot about their biggest pain points and frustrations. Usually, many problems will come to light such as slow software, tedious workarounds from technology limitations, or computers that crash too often. Start with the fires that users are battling day by day and you will begin to uncover a good list of the weakest points about your current technology.
  2. What do users need to do? This is a different question and involves the goals or objectives of the work that technology should help people do. Ask the users about their roles and what they need to accomplish on a day-to-day basis. Also talk to department heads and even city leadership about overall business objectives. Technology is an investment that needs to help cities achieve a goal. If you lack clear goals or a connection between stated goals and technology, then your technology may not be helping you and might actually be wasting you money.
  3. What technology options exist to solve user needs? Without asking the first two questions, you risk purchasing or keeping technology that you don’t need. Once you’ve taken a deep look at user needs, you find yourself with a clear list of specifications that makes it much easier to shop for solutions and reevaluate your current solutions. This is where the help of an IT professional comes in handy. They have the experience to ignore flashy features and focus only technology solutions that solve your users’ problems.
  4. How will your technology investment really help users? Once you select a possible technology solution, review it with users, try it out if possible, and discuss user needs with the vendor. Sometimes the vendor can easily show time saved, costs reduced, or productivity enhanced. In other cases, the connection to user value or bottom-line costs can be murkier. Have the conversation and avoid getting caught in a sales pitch or features conversation. A vendor should be able to answer your questions about how a technology handles user needs and reassure you that the investment will pay off.
  5. Will your users need training or help transitioning to the new technology? Despite handling all four questions above, a final way that technology investments sometimes fail is when users don’t (or won’t) adapt. If people are used to doing something the same way for many years, it’s sometimes difficult to make a shift to a new technology. In other cases, even if people aren’t resisting it, they may be unfamiliar with the new technology and need training on how to use it. To make sure that your technology investment gels with users, offer training and a review of why this technology is important for their job.

Once you thoroughly understand your users’ needs, it becomes much easier to clearly specify what technology you need, talk to vendors about only necessary updates and features, and ensure that your investments are tied to a positive end result. Vendors usually are mismanaged when you’re not clear on what the technology investment is supposed to do or who is supposed to gain the most benefit from it. Since vendors will not necessarily look out for your best interest, you need to do your own upfront homework to make sure the technology is a fit.

To talk more about vendor management and user needs, please contact us.

Tuesday, October 22, 2013
Brian Ocfemia, Technical Account Manager

Mobile devices that work like computers. Software accessed from clouds. Servers disappearing because they’re no longer needed. Technology seems to have gone through another revolution in the past few years, and it’s understandable if the speed of technology has passed you by to some degree.

For many cities that are focused on budgets, operations, and citizen services, it’s easy to still think of technology as it was 5 or even 10 years ago. But while you might feel behind, you actually have a great opportunity to reevaulate your technology, save money, and improve the quality of your services without too much disruption to your city.

As we help cities modernize their technology, we often address the following areas where the old way of doing things is bloated and wasteful today.

  1. Labor. While we don’t encourage laying off IT labor arbitrarily, we do recommend taking a look at what kinds of work any IT employees, contractors, or vendors are doing for you. We find a lot of wasted time and money when IT labor is essentially in reactive or tactical maintenance mode, basically working as glorified IT repair people. Cities need to use technology to help a city achieve its vision, and that takes strategy and planning. Plus, many IT functions have become much more automated and easier to maintain with less people. If you’re not thinking “strategy” when you think technology, then you probably need to take a look at your IT labor.
  2. Contracts. In the old days, technology vendors often locked you into long-term contracts. That made sense because the hardware and software investments were significant. If cities were going to use a particular technology, then it made sense to use it for the long haul. (Vendors, of course, liked this arrangement too!) But now that hardware is needed less and less onsite, and software increasingly is accessed through the cloud (which reduces the cost of implementation), contracts have become shorter—and more like turning on a utility. Any long-term contract is fair game as a place to cut costs.
  3. Hardware. Because so many services can be accessed over the cloud through the Internet, it’s less and less sensible to purchase expensive hardware that you keep onsite. And the modern hardware that you may still need is much more robust and efficient in terms of memory, speed, and storage capability. Any city that still owns and maintains a lot of hardware may be able to reduce the number of machines and simplify their IT environment.
  4. Data centers. Data centers haven’t gone away. It’s just that data centers have gotten so good at the cloud level that it’s only for special reasons that you would need your own data center (or the use of a smaller IT vendor’s data center). An onsite or smaller IT vendor’s data center used to make sense in situations when you still operated on the model of owning and maintaining your own servers for a variety of software and services. Cloud data centers not only work on a scale that blows away the old concept of a data center, but they remove the technology from your care so that you no longer even worry about maintaining your own machines. That means no more expensive monthly hosting costs or onsite maintenance costs.
  5. Software licenses. Software used to be a giant hassle—expensive upfront costs, paying for servers to host the software, the logistics of installation, and ongoing upgrades and maintenance. That meant expensive software licenses to cover all of these costs. Now, so much software is now accessible through the cloud like a subscription. You turn it on and pay a monthly per user fee. That’s it. If you’re still paying expensive annual licenses for most of your software, then you need to reevaluate your current software as soon as possible.

Many cities that we’ve helped tend to have this kind of unintentional bloat from not realizing that technology has evolved rather quickly in just a few short years. But those same cities are happy because we find opportunity to cut the bloat, reduce costs, and increase the quality of a city’s information technology. If you haven’t taken a deep dive into your technology in a while, we encourage you to start with these five areas.

To talk more about simplifying your technology, please contact us.

Thursday, October 17, 2013
John Miller, Senior Consultant

Sometimes, organizations using consumer cloud software that stores files will think that same software is sufficient for data backup. But a recent article from Business Insider suggests otherwise. The article explains how a professor used Dropbox not only to collaborate with other people but also as a “backup solution.” One day, 200 files and 3,000 pictures were missing, along with a project where the files were only stored on Dropbox.

But what makes the story interesting to the layperson is that these files also disappeared from computers and an external hard drive where the professor thought she was backing up these files. The blame game then ensued. Were the files deleted? Hacked? Is it Dropbox’s fault?

Dropbox’s quote for the article is important for understanding how something like this can happen:

"We can say with confidence that this situation did not stem from any Dropbox issues. Dropbox users can choose to have files synced across their machines. In that case, all changes made on local machines, including deletions, are synced."
So what’s going on here? It’s actually quite simple.

Storing Files in the Cloud Does Not Mean Backing Up Files in the Cloud

The mistake that this professor—and many other users—make is equating file storage with file backup. On the surface, this situation looks like a backup issue. But when you sync files across computers, external hard drives, or mobile devices, you’re not really backing up those files. It’s just another storage and access point. If the files are synced, then deleting a file from one place will delete them in all places.

Ironically, the software worked exactly like it was supposed to work. While the professor synced files across multiple computers and devices, her crucial mistake was confusing storage and access with true data backup. To be fair, consumer cloud solution providers usually don’t go out of their way to tell people this. Such a message doesn’t help with their marketing, yet that absence of consumer information can mislead people as to the extent of how secure their files really are.

Bottom line: The sync feature becomes a gaping security hole in using consumer cloud solutions for data backup.

Now, How to Make Sure You’re Actually Backing Up Your Cloud Files

So, we’ve identified a common IT amateur flaw: using the same storage service for both data backup and collaboration. In the professor’s case, think about what can happen. You’re giving file access to your colleagues and students. One of them accidentally deletes a file. That deletion syncs to all computers and devices. And the more people who collaborate, the more the risk of accidental deletion increases.

The key is to clearly separate your collaboration space and the place where you store your backups. With collaboration, you often can handle that yourself—sharing a username and password, giving people access to documents, and providing the ability to make edits and upload files. But your data backups should be secured in an entirely different way. Only an authorized person should have the username and password to any backups. That way, if someone accidentally or maliciously deletes files, they can’t touch your backup location.

Now let’s look at how to separate data backup from collaboration.

Five Quick Tips to Avoid The Professor’s Fate

Although the professor did restore her files by a stroke of luck, you may not be so lucky. We have four important tips that will help you avoid such a situation.

  1. Use professional enterprise backup. Consumer-grade data backup or storage has severe setup and configuration limitations for businesses. With such important information that needs protecting, you don’t want to settle for the limitations of a free or low-cost consumer solution. Enterprise solutions have better management tools and options for customized backup.
  2. Have an IT professional set up your data backup. Mistakes happen, as the professor found out, if you do it yourself. There are usually technical data backup best practices that you will overlook, so let a IT professional guide you through the process of setting up your data backup.
  3. Work and collaborate in one cloud location. Use one cloud storage location to access, share, upload, download, and collaborate on files and documents. Here, users can have access and make changes without worrying about hurting anything.
  4. Back up to a different cloud location. Use another cloud storage location for data backup only. Set a backup schedule that makes sense (you can usually set it up to back up every few minutes or even a few seconds), but make sure you keep backups separate from the place where users access files. That way, if someone deletes a file, the backed up file will be untouched. Have an IT professional confirm you are truly backing up (and not simply syncing) files to this separate location.
  5. Test your backup. To know if your data backup is working, make sure it’s professionally tested at least once a quarter. This will ensure that there are no syncing issues and that your data backup will actually work in case of a disaster.

To talk more about data backup, please contact us.

Tuesday, October 15, 2013
Clint Nelms, COO

When you’re cleaning up your office or your house, you must make decisions related to the stuff you own. What do I throw out? What do I keep? How long do I keep it? Where do I store it? You might think about the rooms where you’ll store your stuff, or decide if you need the capacity of an additional storage location.

A new document management system forces you to make the same kinds of decisions. Often, cities are faced with process decisions that they’ve never made before about what they define as critically important documents, what they are required by law to keep, and when they can get rid of documents.

In this post, we discuss some of the main issues you will need to deal with concerning the storing and archiving of your documents when implementing a new document management system.

  1. Information prioritization. First, it’s good to examine your documents on a high level and ask yourself, “What is my most important information?” You’ll find that there is some information that you’re required to store and archive for compliance, open records requests, and other legal reasons. Other information will simply be critically important to the strategic operations of your city. By identifying what’s most important, you’ll also discover less important information that you can eliminate or only keep temporarily.
  2. Information format. Your documents will be in a variety of file formats, some of which will take up a lot of storage space. That’s why it’s good to know what’s important and not important. For example, a large amount of storage space is critical for police videos related to investigations, but would not be as important for hundreds of photos of a picnic event from 10 years ago. Files such as videos, audio files, and photos will require more storage space than Microsoft Word documents or PDFs. You also need to account for any paper documents that need to be scanned and placed in your new document management system.
  3. Information organization. Basically, you’ll find that your documents fall into three categories:
    • Non-electronic: These would include paper documents, photographs, VHS tapes, or other non-electronic documents that you need to have in your document management system. That means you need tools to help you convert these into electronic files such as scanners or VHS-to-DVD converters.
    • Unorganized electronic information: This would include emails, documents scattered across various people’s desktop computers, or files stored across different servers that are not organized or labeled with any information to help people find them in a centralized place.
    • Organized electronic information: This includes documents that are already organized and labeled in a centralized place where people can search for them and easily identify what they are. For example, a document might be found in a clearly labeled folder and tagged with searchable information that identifies the author, title of the document, and date published.
    By assessing how your documents are currently organized, you will get a sense of how much work is needed when you upload them into your new document management system. The more organized your documents, the easier it will be for people to find that information. (Read our post about adding metadata for a more in-depth look about adding structure to your documents.)
  4. Information location. At this point, you’re looking at the best options for storing your data. The most cost-effective and scalable solution tends to be cloud storage. We’ve constructed solutions where cities pay a low monthly fee for unlimited data storage, which can help take away the worries of running out of space. That doesn’t mean you should use that unlimited storage space as a dumping ground for all of your information. The best practices listed above are still applicable, or you won’t be able to find and use your information effectively. Another option (especially for extremely sensitive information) is to store your information on onsite servers that you or a vendor help manage and maintain. If this is the case, then you need to worry about storage space—especially when the amount of your information grows over time.
  5. Information disposal. You should not intend to keep all of your information forever. By deciding what’s trash, what’s only kept temporarily, and what information can be retired after a certain period (e.g. seven years), you can keep your storage space down to a minimum and your information as uncluttered as possible. While sometimes cities may need to be warned about deleting information too early, we usually find the opposite problem—cities keeping too much information. They are often surprised to find that even the law doesn’t require them to keep information for decades. Work to set up an archiving and disposal schedule that makes sense for each type of document.

While tackling the problem of document storage and archiving can be a difficult task at first, the efforts you take—even if they are minimal and high level at first—will be well worth it. Ultimately, you want to make sure your documents are stored in a centralized place, archived as needed, and disposed of when they are no longer needed. That way, your employees will be able to find relevant information easily and you’ll be prepared for open records requests, compliance requirements, and other situations where ready access to your documents is important.

To discuss document storage and archiving in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 |
Contact
Contact a Sophicity Consultant Now To Find Out How We Can Help Reduce Your IT Costs Go
bottom