We put the IT in city®

CitySmart Blog

Thursday, April 2, 2015
John Miller, Senior Consultant

Whatever your politics, personal, non-government, or poorly overseen government email accounts have plagued Hillary Clinton, Sarah Palin, George W. Bush, and many government entities such as the IRS, the Environmental Protection Agency, states, and municipalities. The root cause of many of these tortuously complex scandals and investigations is simple: Using personal email accounts instead of a government email account.

Just look at what happens when someone wants to access those emails. You may like or dislike Hillary Clinton, but it’s objectively a problem when she cannot easily produce information related to her role as a government employee. Plus, the risks of using personal email go beyond transparency. If your IT staff or vendor isn’t managing your email, who is? Your free email provider? Are they providing the right level of antispam, or backing up your emails? Not a chance.

It’s clear that open records laws and the push for transparency makes it less and less excusable to use personal email accounts for city business. If you’re still using personal email accounts at your city, ask yourself the following questions.

  1. Do you want to expose you or your employees’ personal email to open records requests? As Hillary Clinton said, she definitely doesn’t want to reveal her personal emails to the world—and she said that we can all understand that. Unfortunately, that’s not something auditors understand. That’s why she is receiving pressure to hand over her personal email server to a third party auditor to decide what’s personal and what’s business. Similarly, a third party auditor would have an absolute right to look at personal emails from city employees if an open records request required it.
  2. Do you want to spend excessive time and money processing open records requests for personal emails? Because personal email is not centralized and managed by your city, the time it takes to track down city emails from personal email accounts starts to exponentially increase. You might be out thousands of dollars in time and expenses tracking down and handing over the right information. It’s much easier to find and retrieve emails from a centralized city email server that only contains information related to city business.
  3. Do you want to increase the risk of your emails being hacked or increase your exposure to a virus? Personal email accounts are usually free email accounts. That means no one is managing them or ensuring that the proper antispam, encryption, and archiving policies and precautions are in place. While antispam measures have gotten better on free email accounts over the years, they are still not at the level of business-class email services. Using a personal email account opens up too many security risks from weak passwords to users clicking on a malicious email attachment by accident.
  4. Do you want to lose your email data when you are required to keep it? Several scenarios open you up to the risk of data loss related to personal email.
    • Your personal email is not part of your city’s data backup and disaster recovery data, and thus it’s not recoverable in case of data loss.
    • If an employee leaves, it becomes almost impossible and logistically thorny to make them hand over all of their information. You don’t have access to the email account, so what do you do? Ask them to forward 5,000 city business emails to you after they have been terminated? You might be able to get the information, but it’ll be ugly and likely incomplete.
    • Deleting a personal email account is 100% in the hands of the employee, not you. It should be the other way around. Only the city should have the power to activate and deactivate business-related email accounts
  5. Do you want an easy way to lock down email while still using mobile devices? One thing Hillary Clinton complained about was having to use two devices if she was to separately use her government email account and her personal email account. Today, cloud email allows you to use business-class email for your city, lock down that email for authorized users only, and allow people to access it with any device. So, if one of your elected officials complained about the annoyance of using two devices, let them know they can use one device. On that one device, they can easily access two different email accounts that keep their business and personal email separate—without having to use two devices.

If you feel behind the technology curve on email, you’re not alone. If people at Hillary Clinton’s level are wrestling with it, then it’s understandable that many other government entities are too. But now is the time to act. Auditors, lawyers, and the public are becoming less forgiving when public officials cannot provide emails about something critical to the public interest. Business-class email allows you to easily respond to open records requests instead of losing emails in the murk of personal accounts, and it ensures that employees cannot delete or misplace critical information.

To talk in more detail about email and open records laws, please contact us.

Thursday, March 26, 2015
Brian Ocfemia, Technical Account Manager

While states vary in their cybersecurity laws, it’s clear that the stakes are rising for cities to protect their data from loss or theft. Kentucky’s HB 5 is a great example of how states are starting to push for higher cybersecurity accountability, and other states are sure to follow. And it makes sense. With taxpayer dollars funding public services, it’s important that citizens know their information is protected if they are required to hand it over for taxes, public safety and municipal court requirements, business licenses, etc.

Ensuring that you’re cybersecure starts with certain information technology essentials. Whether you’ve neglected to invest in your IT for a while or are continually improving it year after year, it’s worth taking a look to see if you’ve got the right cybersecurity foundation in place.

  1. Encrypted, secure data storage. It’s great if you’re doing data backup and disaster recovery, and if you’ve invested in a business-class email and document management solution. But if you’re not protecting your data onsite, offsite, and in transit, then you leave it open to hackers. Any sensitive data transmitted from a city server or computer to another server (either in a data center or to a cloud service)—including all backups, email, and documents—needs to be encrypted. For security, we take the extra step of ensuring that offsite data is housed in United States data centers so that we are confident they are complying with our nation’s laws and regulations.
  2. Secure, authorized access to software. Software often gives access to sensitive information about people, businesses, and city operations. You don’t want that information exposed. That means any software needs proper user identification, authentication, and data access controls for anyone using it. Sometimes, software can introduce security risks if it’s very old or poorly written, and those issues either need to be addressed with your software providers or you need to invest in more modern, secure software.
  3. Ongoing security monitoring. Your IT staff or vendor need to monitor your environment on an ongoing basis to detect and prevent any unwanted intrusions. This kind of proactive monitoring helps identify any breaches or breach attempts as soon as possible so they can be addressed immediately. Specialized intrusion detection and prevention software exists to help IT professionals with this activity on behalf of your city.
  4. Physical and information security of hardware. Just as software should give secure access to only authorized users, the same goes for hardware. No unauthorized people should be able to access a server, desktop, laptop, or other mobile device that contains sensitive information. That means physically securing rooms in which hardware is stored. Your physical security will range depending on the sensitivity of the hardware, but every device should have some level of physical security to keep away unwanted intruders. To cover your bases, it’s essential to have a data backup and disaster recovery plan where you store data offsite in order to mitigate physical security breaches.
  5. Properly destroying records that contain personal information. Often overlooked, many cybersecurity breaches occur when cities dispose of servers, computers, and mobile devices without ensuring that all personal information is wiped from the device. An untrained person might think they can delete or reformat a hard drive, but information can still lurk in seemingly “clean” used computers sold to individuals or businesses. Your IT staff or vendor needs to make sure any electronic media information is completely destroyed. For document management, you also need to make sure you are archiving and purging documents based on your state’s record retention schedule.

Having basics such as data backup, offsite data storage, business-class email, document management, and IT professionals monitoring and maintaining your hardware and software will go a long way toward meeting most of your cybersecurity needs. In rare cases, you might need more specialized security such as encrypting single computers or building a private cloud, but investing in information technology essentials means most of your cybersecurity worries go away. While IT may seem costly sometimes, ask yourself, “What’s the cost of a data breach if citizens’ personal information is stolen?”

To talk more about cybersecurity, please contact us.

Thursday, March 19, 2015
Nathan Eisner, COO

In the early days, websites worked a lot like one-way brochures or printed material. You created something for someone to read, they read it, and the “transaction” ended there. Perhaps contact information or a next step existed, but it wasn’t that important. Websites simply communicated information to people, and that was that.

Today, fancy terms like “calls to action” and “conversion” are inescapable when talking about modern websites. All this means is that websites have become ways to get your audience to interact with you. In other words, you get them to do something. If your website shows signs that no one is taking action based on the information you provide, then it’s considered a failure or a wasted investment.

That’s why it might be easier to avoid measuring this kind of engagement, but you will serve citizens better if you pay more attention to “calls to action” on your website. In fact, you’re probably already seeing citizens engage more heavily with some parts of your website than other parts.

Here are some common calls to action that you may want to add, enhance, and improve on your city’s website.

  1. Pay. One of the most common “calls to action” that many citizens expect on city websites is to pay bills, traffic tickets, taxes, etc. online. The more you can direct people to pay through automated processes, the happier you make citizens—and the happier you make city employees. Offering online payments reduces the cost of staff time spent manually processing payments and reduces the risk of error from handling manual or paper-based processes. Plus, most citizens now expect some or all payments to be available online.
  2. Sign up. You may have an email newsletter, text message alerts, or even an online way for people to sign up to speak at city council meetings. Offering useful information or the convenience of signing up for a public activity online helps you stay connected with citizens. Make it easy for people to sign up. Avoid long forms and consider only requiring that people enter essential pieces of information.
  3. Click. Encourage people to explore and go deeper inside your website. Don’t overload people with information on any one page (especially the homepage). Instead, build your pages so that people are encouraged to click as they need more detailed information. For example, a government page might describe your city council on a high level. If people want minutes related to a specific meeting, offer an easy-to-find link to your archives where people can search for past meeting minutes.
  4. Search. Similar to how people use Google, your citizens are used to searching for things on their own on a website. Make sure your search box is easily seen and useful to citizens who look for information. On the backend, you may want to work with your website designer or IT staff/vendor to make your search box even more useful by anticipating what users will search for (e.g. an autofill function when someone types in a word or phrase) or suggesting related content to users based on their search terms.
  5. Follow. As you know, citizens may not necessarily go directly to your website for information. Instead, they will be led there through Twitter, Facebook, and other social media platforms. Provide easy ways for citizens to follow you on social media. On many websites, the follow buttons are an unobtrusive but still highly visible part of every page so that users always have the option to follow you on social media at any time. Growing your social media followers and fans is now an important part of citizen engagement.

You might think of more calls to action beyond the five listed above. No matter what they are, calls to action help get your citizens to do something, to engage with you. Signs of their activity will show unmistakable proof that your website is useful to citizens. You may also find that some calls to action are less popular, or that calls to action may be too hard to find. Fixing and tweaking the way you engage with citizens will go a long way toward improving the way you communicate to the outside world through your website and make it much more useful to people.

To talk in more detail about website calls to action, please contact us.

Thursday, March 12, 2015
Alicia Klemola, Account Manager

One of a city clerk’s most important duties is handling documents to follow state or local record retention policies. Because these policies usually follow from a law, it’s important that city clerks meticulously maintain their records. However, this job grows more challenging, especially as the volume of information increases so rapidly today. Paper documents, electronic documents, PDFs, emails, etc. all require retention according to strict rules.

To handle this kind of policy precision with such a high volume of documents requires that city clerks rely more and more on technology. If a city has not considered a modern document management solution, they may be surprised at the records retention benefits gained.

First, it’s useful to know two key things that happen with a document management system that will help your record retention activities.

  1. You, your staff, your document management vendor, and possibly (especially for large cities) content or information architecture consultants will help identify and organize your documents so that they are searchable and findable in your system. That may include organizing by department or categories such as accounting, budgeting, legal, personnel, etc.
  2. Your document management vendor will then help you apply your specific records retention schedule to your documents. That means classifying documents and setting times for them to be staged, reviewed, and purged. The technology will help you automate as much of this process as possible so as to eliminate any manual aspects.

If you still think that your current processes are fine and that document management might be overkill, consider the following benefits that will impact your work as a city clerk.

  1. Save time. Lots of time. Manually searching for electronic documents or rifling through paper documents is a long, time-consuming process. You’ve got a lot on your plate, and you don’t need to be endlessly searching for information. By automating specific aspects of the records retention process, you’ll be able to find and keep or purge documents much more quickly.
  2. If the document has been legally purged, then you don’t have it. Records retention laws are there for a reason. If you’re legally obligated to keep a document for five years, then it’s gone if you purge it after five years. By delaying or neglecting full adherence to the time limits, you risk introducing confusion and unnecessary work if someone requests a document that you still have even though you were legally allowed to purge it.
  3. Ensure full data backup and disaster recovery. On the flip side, you don’t want to be caught in a situation where you are supposed to have the document but you don’t have it because of data loss from flooding or a tornado. Modern document management systems often store data in the cloud so that files are accessible anytime/anywhere. This ensures both quick onsite recovery and full offsite recovery in case of disaster.
  4. Going paperless frees up physical space and helps the environment. Transitioning from paper to electronic documents can take an upfront investment of time as you scan all of your paper files. But the benefits are endless once this happens. No more threat of physical theft, lost paper documents, fire, water damage, etc. Plus, you free up valuable file cabinet and floor space while also “going green” to help the environment.
  5. Search and retrieve documents much more quickly. When all of your paper files are scanned and your electronic documents are organized to match records retention policies, then it’s much easier to search and retrieve files. That makes handling open records requests much easier and allows access to those documents 24/7 from any authorized person using their desktop, laptop, tablet, or mobile device.

As you can see, the benefits of applying record retention policies to a modern document management system has the potential to save you money, time, and hassle. Once implemented, you will find that the benefits ripple out much further than just affecting your role as city clerk. Other departments will enjoy the ease of finding documents more quickly, elected officials will like the quick responses to open records requests, and citizens will like the transparency. Many embarrassing city situations often arise when they cannot find information due to outdated document management methods. You’ll be ahead of the curve by applying best practices to your role as a city clerk through leveraging technology to help you do your job.

To talk about records retention in more detail, please contact us.

Wednesday, March 4, 2015
Georgia Municipal Association

Television shows such as The Walking Dead have placed the city of Senoia squarely in the spotlight. That means more tourists, more attention, and more demands on city services. Plus, stricter expectations of government entities about records retention, data backup, and cybersecurity led the city of Senoia to consider ways of quickly modernizing its information technology.

After looking at some costly options that would have addressed each technology area, Senoia took a look at the Georgia Municipal Association’s IT in a Box service. Not only did it fit the city’s budget, but the service also modernized many technology areas in one fell swoop including data backup, disaster recovery, and hardware.

Senoia City Clerk Debby Volk spoke to GMA about how IT in a Box—powered by Sophicity—helped modernize the city’s information technology, how it improved their response to open records requests, and why cities need to modernize critical aspects of their information technology before an emergency happens.

What made you decide to take a fresh look at the city’s information technology?

As a growing city, we needed to modernize our information technology on a few levels. First and foremost, we identified a need to more effectively archive our email. We also lagged behind in many technology areas such as data backup, disaster recovery, document management, hardware, and networking equipment. Other productivity issues, such as everyone having different versions of Microsoft Office, also made it hard to share documents and files with each other.

We did attempt to look at these problems in a piecemeal fashion, but the solutions were costly and required high cost IT consultants. Plus, we needed more responsive IT support without it breaking our budget. Sometimes it could take up to three days for someone to help us out with an IT issue, and that was becoming too long a wait.

How did you make the case to prioritize modernizing the city's IT?

First, it’s important that email archiving is modernized and as up-to-date as possible. The expectations attached to open records requests increase each year, and we wanted to make sure we could respond quickly without consuming many days of staff time. All cities are eventually going to need to modernize email archiving, and Sophicity provided a strong platform while also offering the ability to conduct the email searches. The mayor, city manager, and city attorney all saw that aspect as important.

Second, our city manager made some calls about IT in a Box after hearing that it was offered through the Georgia Municipal Association. He was very pleased about what he heard. Because Sophicity provided so many essential aspects of IT bundled together under a low price, it was really a no brainer—especially because we knew many other Georgia cities used it.

What results did you see from IT in a Box?

Our emails are now archived and they can be easily retrieved. When we receive an open records request now, Sophicity handles the difficult work of finding the emails. We sit back and let them handle it. Because it’s an enterprise class email system, we don’t have to worry about a host of problems that plagued us before. For example, even if a user deletes an email, it’s still archived and findable if it’s needed as part of an open records request.

Also, Sophicity modernized our information technology across so many areas. They helped us replace servers and network equipment, upgraded our software, and established 7 day a week helpdesk support. Our technology is now faster and more stable, and we’re able to do so much more than previously. If there’s a problem, we call Sophicity. If there’s a problem with a hardware or software vendor, Sophicity handles all communications. They work with those vendors to resolve issues and keep all software continually upgraded. Sophicity even came down onsite on a weekend in order to handle an important issue with our public safety’s technology.

This modernization has saved us a lot of time and allows for a predictable IT budget instead of reactive, unpredictable hourly charges. All of our Microsoft software is up-to-date and consistent, so we can all share files with each other easily. And probably most importantly, we’re prepared in case of a disaster. If a server crashes or even if a major disaster destroys our buildings, our data is recoverable and accessible in hours. Our data is stored both onsite and offsite, and Sophicity tests our backups on a regular schedule.

For other cities in similar situations, what advice would you give them about addressing their information technology issues?

Cities need to find an information technology solution that covers important needs from email archiving to data backup. Like insurance, it’s not a matter of if but when an emergency will happen. Cities need to find a solution to their IT needs before an emergency occurs. Luckily, we haven’t had an emergency but we now feel secure knowing that Sophicity handles such important needs with our data and technology. Things like email archiving and data backup are not nice-to-haves anymore. They are necessities. It’s good to know that GMA and Sophicity are taking care of us, and it’s one less worry for us here in the office.

Originally published on the Georgia Municipal Association website. 

Wednesday, March 4, 2015
Dave Mims, CEO

Our very own Nathan Eisner, COO of Sophicity, delivered training to cities on Cyber Security on Tuesday, March 3 in Waycross, Georgia and today in Moultrie, Georgia. Accompanied by Pam Helton from the Georgia Municipal Association, the training sessions focused on preparing city staff and elected officials with a non-technical foundation to ensure their cities are properly protecting their data.

For more information, take a look at the GMA flyer.

Thursday, February 26, 2015
John Miller, Senior Consultant

Body cameras for police officers have quickly gone from an expensive novelty to something that cities need to seriously consider. Even the President is now placing pressure on cities and pushing for financial incentives to help pay for body cameras. A recent article from The Arizona Republic points out that body cameras will actually become the norm within 10 years. Like it or not, these technology-intensive cameras will eventually become part of your public safety budget—if they aren’t being considered already.

While many articles focus on the cameras, the logistics, and the politics of body cameras, many gloss over the underlying technology. If you’re using, actively planning for, or discussing the use of body cameras for your police officers, then we want to offer up a few questions you need to consider that are easy to overlook.

  1. Are you able to back up your data and recover it in case of a disaster? You should be backing up your data anyway, but it becomes even more important to recover from a disaster with all body camera footage data intact. This means a form of onsite backup that provides at least hourly snapshots of your data for quick recovery (in case of a server failure) and offsite backup that ensures you can recover your data in case a fire, flooding, tornado, or other disaster hits your city. Explore cloud solutions that offer unlimited offsite data backup storage under a set monthly cost. Otherwise, your costs could skyrocket out of control if you pay by the gigabyte or have caps to your current data backup storage.
  2. Is your data encrypted and secure? You absolutely don’t want people hacking into police footage from body cameras. This is a good time to review your security. Your body camera data needs to be encrypted onsite, offsite, and while in transit between machines (such as uploading or downloading information). That way, the information will be useless to hackers if they happen to access it. Then, you need to make sure that your network security or cloud provider security follows best practices and is monitored and maintained by experienced IT professionals.
  3. Do you have clear data retention policies that are easy to follow? A modernized storage system can help you store, archive, and find data easily. It helps when your storage repository can help you automate some of the more tedious aspects of retaining and deleting data according to the law. Body camera footage will be requested and demanded by people when a sensitive case arises, and you don’t want to be caught without data that you should actually have on hand. At the same time, you want to clear away as much data as possible if you’re not legally required to keep or store it.
  4. Do you test your ability to retrieve and successfully back up your data? Even given the precautions above, you cannot assume that everything is working properly. You absolutely must test your data backup and security to make sure that you eliminate any severe risk of a data breach or data loss. We recommend testing your data backup and security at least quarterly to make sure that all of your body camera footage is recoverable in case of a disaster and meets information security best practices. It’s becoming less and less excusable (and more embarrassing from a legal and public relations standpoint) when cities claim that data is missing or unrecoverable.

While cities might fear the costs of having to invest in body cameras, the situation gives cities an opportunity to examine the state of their current technology. Many of the questions above don’t just apply to body camera data. Data backup, disaster recovery, record retention, data storage, encryption, security, and testing come into play with all city data and information. Luckily, many of the investments needed are more cost-effective than ever.

To talk about storage, security, and data backup needs for body camera data, please contact us.

Thursday, February 19, 2015
Brian Ocfemia, Technical Account Manager

We’ve all heard overblown technology claims, such as “Apple computers never get viruses.” But they do, and when they do there is outrage and possible backlash against what’s still a pretty good product. Similarly, we still hear claims such as the cloud being 100% reliable and that upgrades and maintenance don’t interfere at all with users. Then, when there is an outage or some downtime related to maintenance, the critics point fingers and claim that the cloud did not deliver what was promised. Often, they will also use that frustration as an argument that they want to go back to hosting their own servers and bring back their software onsite.

What’s happening here is common in the world of technology (and with many other things in life). A new technology legitimately improves upon a previous technology, but the expectations are set too high. So even if expectations reach 99.9%, critics will rip apart the 0.1% that caused it to not reach 100%. But if we’re accustomed to lower expectations from old technology, then something we expect to work 85% of the time will delight us if it hits 90%, even if that means higher costs and more risk than with modern technology.

A recent article on LinkedIn lays out some common points that people bring up to shoot down the cloud based on real but skewed data. The author points out three representative points that often cause a lot of doubt, but let’s look closer at these oft-heard claims.

“Azure experienced 92 outages totaling 39.77 hours for the year. As stated by Microsoft's own Chief Reliability Strategist David Bills, cloud service failure is, "inevitable".”

Reality: By focusing only on the total amount of downtime during the year, it’s easy to miss the high percentage of total uptime. If cloud services run 24/7/365, that means Azure’s uptime during 2014 was 99.5%. And Azure was actually the anomaly by a long shot. Other common cloud services such as Rackspace, Google Cloud Platform, Joyent, and Amazon Web Services all had higher than 99.9% uptime. From our experience, these performance results easily beat out most onsite servers and match or exceed most data centers. Cloud service providers invest in plenty of redundant power lines, generators, and Internet connections that ensure such high uptime for a variety of customers. Their resources far outpace most onsite setups and smaller data centers.

“A recent Verizon 40 hour cloud shutdown proved that cloud DC maintenance is not seamless in all cases.”

Reality: First, it’s important to note that this situation with Verizon is another anomaly. The article from which the author quotes clearly says, “For an industry that generally measures downtime in minutes or several hours, this was a long shutdown.” But who ever said maintenance was seamless? It may be less intrusive than traditional ways of conducting maintenance, but an occasional interruption or pause is not unheard of. Compare these brief interruptions with the amount of downtime, staff time, and IT maintenance costs of making updates to your current onsite servers. With cloud providers, you don’t even have to think about maintenance. You may experience an occasional few minutes of downtime, and a rare anomaly might lead to an outage for hours. But the way that cloud providers conduct maintenance is much faster, less interruptive, and less costly than traditional server maintenance—by a long shot.

“Cloud providers (CPs) have a commercial interest to hype to their potential and existing customers how easy it is to migrate workloads to the cloud.”

Reality: Sure, you will hear vendors do what they always do: sell and make everything sound easy. But the author mentions another important point: “One study conducted by BT found that 32% of enterprises don’t have the skills internally to manage cloud migrations.” While a cloud provider can help with the migration, you need a strong IT staff or vendor that has done these kinds of migrations many many times. The right IT professionals will help you:

  • Investigate your situation and review your business needs.
  • Create a plan for migrating your data, settings, and programs to the cloud servers.
  • Execute the migration by means of a rigorous process, including testing and participation with business stakeholders to ensure that all is well on the go-live date.

“Many enterprises assume that once they have signed a contract with the CP that their responsibilities end.”

Reality: Obviously, that’s an incorrect assumption for any hardware or software you would use. Even when traditionally buying software from a vendor that installs a server onsite, you still have to find space for that server, connect it to your network, and maintain that server. That’s why you would have your IT staff or vendor help with patching, updates, and upgrades. With cloud service providers, you still need IT professionals monitoring your cloud data and applications, alerting you to any issues, ensuring security (such as antivirus, antispam, content filtering, etc.), updating and patching the software, and tracking your cloud assets for reporting purposes. Your IT staff or vendor will also help you with any data migration needs or day-to-day technical help.

Overreacting to abnormal data about the cloud prevents you from making a good business decision. Overblown points will scare the less technically-minded away and encourage them to stick with less secure, more risky traditional technology solutions. The two most important points to remember are:

  • The uptime and reliability you will experience in the cloud far outpaces most traditional setups.
  • You will need experienced IT staff or a vendor to guide you through the technical aspects of a cloud migration and ongoing maintenance.

To talk about migrating to the cloud in more detail, please contact us.

Thursday, February 12, 2015
Nathan Eisner, COO

A recent article from Sarasota’s Herald-Tribune reported on a sensitive political situation concerning who manages the IT department within the city. While we’re not obviously speculating or commenting on the politics involved, it was striking to see the mayor quoted as saying, “We went through all these things that nobody, but nobody, understands. We have no way of knowing what goes on in the cyberspace games we're playing.” That lack of knowledge about IT from key city officials can have devastating consequences. Follow-up articles noted that onsite data storage was at high risk for a disaster and that the city faced dangerous security risks.

In many cases, we often see conversations about IT in which important stakeholders such as elected officials and even city management don’t fully understand IT enough to understand critical risks and make good judgments about technology investments. IT often doesn’t help by remaining obscure, technical, and tactical when explaining its activities to city officials and managers. While that strategy may buy IT time, eventually it risks political explosions like those seen at Sarasota.

Key stakeholders don’t need to be technical to understand IT. Instead, it’s important that they ask the right questions of IT in order to get a good non-technical, business understanding of IT’s accomplishments and any red flags. Even if you’re a technology novice, here are some questions that are important to clarify in order for IT information presented to city officials or managers to have the most impact.

  1. Each IT service needs to be explained in terms of business impact. No IT service should be so technical that you cannot understand why it is important and what it essentially does from a non-technical perspective. Some examples include:
    • Website management and maintenance: You invest in it to ensure that your website doesn’t crash or go down, and that users (both city employees and citizens) have technical support if something is needed related to the website.
    • Data backup and disaster recovery: You invest in it to ensure that no data is lost if a server fails or a disaster (like a tornado) hits the city.
    • Server, desktop, and mobile management and maintenance: You invest in it to ensure that technology problems are detected as early as possible, and that security patches and software updates are installed in a timely fashion to keep machines safe, secure, and up-to-date.
  2. Technical, tactical tasks need to be explained at a higher level. Many IT professionals either through obfuscation or inexperience often talk about what they do in terms of technical, tactical tasks. Rather than throw up your hands because you don’t understand the jargon, you need to ask questions that raise the discussion to a higher level. For example, if your IT staff starts talking about the technical aspects of server load balancing, simply ask them to stop, remind them that they are talking to a business audience, and to explain at a higher level that focuses on how the technology is impacting business performance. Is something about server load balancing causing downtime or crashes as a result of aging hardware? Or is the server load balancing just fine, meaning all systems are running normally? If the IT representative is unable to report at this higher level, you need to communicate with a more experienced person who can talk to business stakeholders.
  3. Understand the non-technical basics of alternative technology services. All IT services are not the same, and yet many non-technical decision makers think IT services are created alike. Again, it’s fine to not understand the technical details of various services, but some examples of what any city administrator or clerk overseeing IT should know is:
    • Understanding the difference between reactive, hourly IT service (only putting out fires) versus proactive, ongoing IT service.
    • Understanding the differences between servers providing you your software applications onsite, in a data center, or in the cloud.
    • Understanding the differences between manual data backup (such as tape or hard drives) versus automated onsite and offsite data backup accomplished through servers.
  4. Understand what happens when you underinvest in a service or fail to invest in it at all. We often see decision makers get so frustrated with the cost of IT and so, without understanding much about the service, it gets heavily cut, shortcutted by a cheaper vendor, or removed because it’s considered a “nice to have.” Ideally, you will want to understand things like:
    • Reactive, hourly service that only puts out fires will lead to high, unpredictable annual expenses, constantly crashing machines, and low employee productivity and morale.
    • Managing your own onsite servers introduces higher security risks, maintenance costs, and expensive hardware upgrades every few years.
    • Failing to automate and test your data backup leads to a high risk of data loss in the event of a disaster.
  5. Review IT reporting that focuses on non-technical, business critical information. If the reporting you receive from IT is full of technical data and reams of gobbledygook, ask for a version that gives an executive summary, high-level insights, and red flags related to business issues. For example, it’s helpful for you to know that the website uptime is 99.9%, that all data backup tests occurred and there are no issues, and that a server needs replacing because it is over five years old. You don’t need to know every single website metric, information about the daily backup logs, or server load balancing data. If your IT staff or vendor cannot provide clearer, non-technical reporting, then someone with more experience needs to report to you.

While the situation in Sarasota is extreme, it shows what can happen when ignorance about what IT does adds fuel to existing political fires. As a mayor or city manager, it may be tough to introduce the topic of IT to councilmembers who don’t have day-to-day operational knowledge. Yet, it is part of your responsibility to demand and receive information that makes sense, even if you have to go back to IT a few times to demand the right kind of information you need. More importantly, a lack of understandable, business-focused answers reflects a problem. Bad IT staff or vendors often hide behind technical jargon to cover up problems or inexperience. By asking the right questions, you expose these problems to light much quicker and allow all stakeholders to understand exactly what IT is doing.

To talk about IT communication in more detail, please contact us.

Thursday, February 5, 2015
Alicia Klemola, Account Manager

Like an old car, it’s tempting to use your desktop and laptop computers until the blue screen of death beckons them into technology heaven. After all, you invested a lot of money in those computers and you want your full bang for the buck. And while you might hear that best practices indicate that you replace all hardware every 3-5 years (and more like 2-3 years for laptops), you may think of that rule applying to the more important servers rather than the “less important” everyday computers that your employees use.

However, there are critical business reasons to replace your desktop and laptop computers that affect your bottom line both directly and indirectly. Here are five things to consider when taking a look at your aging desktop and laptop computers at your organization. 

1. The cost of new computers are often cheaper than maintaining old computers.

Old computers used beyond their typical lifespans become ongoing problems. It becomes expensive for your IT staff or vendor to constantly take care of problems related to the blue screen of death, lack of memory, slow or freezing performance, and security issues. Your staff time or hourly vendor bills can easily go beyond the $500 to $1000 it might cost to buy a new computer that will have much fewer issues.

2. Newer monitors are more power-efficient.

Your older computers may include clunky, huge cathode ray tube monitors that produce a lot of heat and consume a lot of energy. Add up this energy consumption across dozens or hundreds of computers and you’re talking about a lot of power costs. Newer LCD flat screens often cut that energy consumption per monitor by more than 50%, adding up to real cost savings.

3. Older computers mean using obsolete (and even unsupported) operating systems.

We’ve seen critical issues cropping up with organizations still using Windows XP on very old computers. While Windows XP is an extreme example, similar issues are on the horizon for Windows Vista (of which mainstream support from Microsoft ended on April 10, 2012) and even the current dominant Windows 7 (of which mainstream support ended a few weeks ago on January 13, 2015). The more you cling to older operating systems, the less useful and secure they will be for employees—and the harder for your IT staff or vendor to manage.

4. Newer computers are more secure.

As the information technology industry learns more about security and what works best for computer users, more security features are baked into newer computers that keep the user’s experience as safe as possible. Newer computers have operating systems that build in security features from the ground up and any additional security (such as antivirus) is much more easily managed by your IT staff or vendor. That means more built-in virus or malware prevention than older, less secure computers. The newer your computer, the less your cybersecurity risks.

5. Newer computers can handle modern software and Internet applications.

Even if your older computers are maintained well like an old classic car, you’ll still see employees having problems using modern software or Internet applications. Perhaps a new kind of software won’t work, or works slow. Or your employees can’t watch videos or load information from important websites. Older computers simply can’t keep up with modern software (similar to how an old smartphone can’t handle modern versions of GPS software). You’re crippling your employee productivity by having them use older computers.

These considerations should help you better make the business case to switch from older to newer computers. Many cities use these and additional reasons to help them replace computers, save money, and go green. Especially consider the cyber liability issues related to older computers. If you’re unable to follow current law because your older computers cannot handle basic security needs, then you open up the door to a lot of unnecessary legal risk. Saving money is important, but keeping your organization as secure as possible is even more important.

To talk more about desktop and laptop replacement, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |