We put the IT in city®

CitySmart Blog

Tuesday, February 4, 2014
Dave Mims, CEO

With so many recent advances in website design, email software, and social media, the importance of online website forms are often overlooked. Yet, they remain one of the best ways to capture information and serve citizens.

Online forms are not great for every situation. When used in the wrong place (such as having someone fill out a form to read an article), they can annoy people and cause them to leave your website. But for situations such as general contact submissions, specific customer service requests, and questions targeted for a department (rather than a specific person), online forms can be a great tool.

With online forms now easier to create and implement on websites more than ever before, we’ve shared some benefits that may get you thinking about how to use this helpful tool on your website.

  1. Collects data in a centralized place. If people are contacting a city employee or department via email, the emails can get scattered across a variety of people’s individual or group inboxes. Even a contact@city.com email address can be spread across a variety of people’s email accounts and the responsibility of answering can easily get lost. With online forms, you can collect citizen requests and communications in a centralized place. Then, it’s easy to find, assess if someone has responded, and close out the communication transparently.
  2. Ensures data consistency. If people contact you through email with a specific kind of request, they may not include the right information. That means it can be difficult to help and you might have to waste time asking the person for additional information. With an online form, you can ensure that you capture specific information such as first and last name, a phone number, location, a clear description of the problem, etc. Every incoming communication then gives you a basic set of information to work from when handling a request.
  3. Reduces unnecessary emails. When people are desperate or in need of contacting you, a lack of online forms means they are tempted to send an email to somebody—anybody! You already receive enough emails during the day that clutter up your inbox. General requests from people visiting your website can add to that burden and increase your daily emails unnecessarily. Use online forms to route general requests from citizens and other website visitors into a separate repository.
  4. Increases customer service. While we still recommend providing specific city employee names and emails on your website in case someone needs to contact a particular person, online forms help streamline communications between citizens and cities for general customer service requests. A short online form can make a website visitor feel there is a customer service process in place and that someone will respond to them within a certain timeframe. With emails, it’s more of a gamble if someone will respond or not, especially if a city employee is out of the office or on vacation.
  5. Creates mobile friendly communication. Especially if an online form requires some basic information and even some dropdown menu choices, you can provide mobile-friendly methods of communication with online forms that work well with smartphones and tablets. For example, an online form for reporting a pothole would work great for mobile devices since people would discover potholes while out and about. Since mobile device adoption continues to drastically increase, having easy ways to submit a request or question to a city through an online form can benefit your citizens.

A recent Mashable article listed online forms as a great alternative to email in certain situations, signifying that online forms definitely remain a great tool to use on your website. Take a look at common questions that inundate your email inboxes, customer service requests that typically take place by email or phone, and forms that you have tied up in PDFs or paper. Then consider if online forms might be an easier way to deal with these requests for information while also increasing customer service for citizens and easing the email burden on city employees.

To talk about online forms in more detail, please contact us.

Thursday, January 30, 2014
John Miller, Senior Consultant

While there are many data backup solutions out there, they can be misleading when you think they all do the same thing—completely and flawlessly back up your data. If you believe that they all work the same way, it can be a rude awakening when a server fails or disaster hits. At that point, you might find yourself unable to recover or piece together your data into a reasonable working condition.

For cities, data backup needs to go beyond consumer-grade backup or a cheap automated solution requiring little oversight. Why? Here are a few things that a data backup solution does not automatically cover.

  1. Data organization. We’ve seen many situations where a backup solution is in place but the data is quite a mess. From tape to consumer-grade backups, it’s not terribly convenient to get your data back in the equivalent of an unorganized pile of papers on a desk. While the data backup solution may back up the data, you need to think about how you organize the information so that it’s easy to find, sort through, and restore quickly to working condition. Otherwise, you might be staring at a pile of tapes or oodles of unorganized computer files and wonder where to begin.
  2. Data comprehensiveness. Without planning, a data backup solution may not back up every single bit of data. For example, many forms of consumer-grade data backup have file and data limitations. They might exclude important operating system files, applications, or third-party software that you will need backed up. Your city likely needs a more sophisticated backup solution assisted by some IT planning to help identify and ensure that every critical piece of data is backed up.
  3. Data storage. You may use a new data backup solution that you like and then hit a wall: data storage limitations. The backup software may have physical storage limitations (such as tape or disk) or simply become pricy the more storage you use. With storage space so cheap today, you should be able to find a data backup solution that accommodates as much storage space as you need. It’s also important that employees are storing their data to some kind of centralized location. Otherwise, the data backup solution may not be able to reach local hard drives on desktops, laptops, tablets, or smartphones.
  4. Data backup testing. One of the major failure points for most organizations’ data backup is a failure to test their solution. Data backup software will not tell you to test it. That is a business process that you need to do to ensure that it’s working. When you test, you identify problems such as failures to back up certain kinds of data, corrupted files that don’t work, and any other problems with how the data is organized. You want to discover any serious problems during a test, not after a disaster.
  5. Data restoration. The data itself won’t do you any good if you don’t have the appropriate equipment and the right expertise to make sure the data can be restored to an operational level. That means ordering new servers and computers, transferring the backups to the new equipment, and working out any disruptive issues resulting from the restoration process. Sometimes, we’ve seen situations where the data might be in a pile of tapes, the city might not know what server they should order, and different hardware and software vendors might give conflicting information about what to do. It helps to have IT staff or a vendor who understands how your data backups all work together holistically in order to coordinate a complete data restoration across the entire city.

The important point is that data backup consists of more than just the act of backing up data. There are a variety of important processes that must take place around this activity, and some upfront planning and organization helps customize your data backup solution to your particular situation. Never assume the data backup solution is “just working.” Make sure you have IT professionals helping you organize, test, and restore data while guided by an overall plan.

To talk about data backup in more detail, please contact us.

Tuesday, January 28, 2014
Brian Ocfemia, Technical Account Manager

Like many other forms of technology, the modern website continues to evolve at a rapid pace. We know that cities don’t need websites that are as complex as Amazon’s or Facebook’s, but we do see a lot of cities with either no website or what’s now termed a “brochure website” or static website. Those websites tend to be obsolete and outdated, presenting limited, unchanging information to your audience that is difficult to update and might require special coding to change.

While modern websites offer a lot of complex features, there are some basic features that a city website should have that create the greatest efficiency for both technical and non-technical users alike. To demystify the basic elements of a modern website, we’ll outline how it’s hosted, how content is created and updated, and how online payments are handled.

Website Hosting

Modern websites are not just simple pages to display. They involve a lot of memory, storage, and databases in order to do things like edit and update content yourself, offer dynamic content (i.e. information that automatically changes on your website), present decent graphics and visual presentation elements, host files such as video or audio, offer the ability to integrate with other software and applications, provide search capabilities, and give you the ability to scale up by adding pages, information, and data.

That means your website needs some form of server to host all of these various parts and pieces. Depending on the complexity of your website, you may host your website on a server onsite at your city, in a data center, or through the cloud. Part of website hosting ensures purchasing a specific website domain (e.g. sophicity.com). When people type in that domain name, it translates on the back end to a specific numeric website address—like a unique physical address. That’s how people then get to your website, connecting with your website server and accessing pages.

It’s important to understand the strengths and limitations of each website hosting option. For example, it may be difficult and expensive to maintain your own onsite web server, and a cloud hosting option may be more robust, cost-effective, and provide anytime/anywhere administrative access if you need to make changes.

Content Management System

Modern websites have evolved to help non-technical people manage the information that is displayed on a website. Many years ago, technical webmasters controlled all of the content and display through coding. That meant anyone without technical know-how could not add or update website content.

Today, websites usually include a “content management system,” which is a back-end part of the website software that allows you to create, upload, edit, and update content by yourself. Ideally, the interface is easy enough for you to use so that if you know how to use Microsoft Word then you can use the content management system. It’s meant to be user-friendly because it’s often essential today for non-technical people to update websites with timely, up-to-date content.

Content management systems also allow you to set permissions for different users so that unauthorized people can’t alter important parts of your website. And while there are more complicated website content features including tagging, metadata, archiving automation, search engine optimization, and security management, the bottom line is that a content management system takes the power from technical people and puts it in the hands of non-technical people.

Online Payments

As more and more people become used to paying online (and even using tablets and smartphones to make payments), they expect that modern websites will accommodate online payments. Many city services are such a routine part of people’s bills and payments (utilities, property tax, parking tickets, etc.) that the ability to pay online is a sensible thing to expect on a website.

The capability for a website to provide online payments basically ensures that a person can transact business over that website. To do this, the website needs to contain an online payment interface (usually webpages that include forms that people can fill out and submit) that allows people to sign up for services, set up billing preferences, send payments, and receive various communications. When credit card or checking account information is exchanged, a special software known as a “gateway” ensures that payment information is approved and coordinated between the city, the credit card company, and the customer’s bank.

Both your website and the gateway software vendor need to provide high standards of security, especially when dealing with sensitive information such as credit card or social security numbers. Part of setting up online payments includes following the Payment Card Industry Data Security Standard (PCI DSS) which ensures that all sensitive information is secured, encrypted, and protected.

Moving to a Modern Website

When evaluating if you need to upgrade your city’s website, it’s good to first see if you are behind in providing a website that serves your citizens in a convenient way. You might be challenged by an expensive, difficult-to-maintain web server. Your city staff may not be able to upload and update website content. Or you might not be offering online payments at all. If so, it helps to get up to speed about modern web hosting, content management systems, and online payment options in order to see if you can improve your website experience for citizens and city staff alike.

To talk about website modernization in more detail, please contact us.

Thursday, January 23, 2014
Clint Nelms, COO

Even budget-conscious cities often have a temptation to stay up on new technology by purchasing what other cities use or what the media says is essential to have. When we sit down with a city for the first time, we sometimes find hardware, software, and other technology tools that may be exceptional and robust but that sit mostly unused, not serving the needs of the city for the money they’re paying.

Unfortunately, technology has a history of being sold on features and benefits that were often crammed into organizations to fit the product, instead of the product adapted to meet the needs of the organization. Today, with so many technology advances continually occurring, it helps to review the timeless principles of looking at your current technologies through the lens of your users. Then, if you do make a decision to change your technology, you’re doing it based on user research rather than peer pressure or gut instinct.

Ask yourself the following user-focused questions as you’re evaluating either current or new technology.

  1. What do your users need to do? While an obvious question, it’s often overlooked when cities start shopping for technology. It’s good to get a sense of how people use technology on a day-to-day basis. Some city staff may only use it on a limited basis, such as basic features of a word processing or accounting program. Other users may have complicated day-to-day tasks such as using GIS mapping tools or public safety video software. Drill down to what they actually do with the software.
  2. What pain points do users experience? At the same time, you need to figure out where people have trouble carrying out their day-to-day tasks. Is the current software too hard to use? Does it lack essential features needed for their job? Are they using tortuous manual workarounds because their software doesn’t do what it’s supposed to? Uncovering pain points helps you figure out real user struggles that are costing you lost time and productivity.
  3. What city business goals will affect what users will do in the future? It’s also important to look at the vision and mission of the city, including any goals set by city administration that might change how users will work in the future. Cities are always evolving, introducing new projects and changing the way they operate. Ask yourself if any city goals will affect users, and if technology may be needed to help carry out those goals.
  4. What technology tools and solutions best fit user needs? Taking what you learned from 1, 2, and 3 above, you now have specific information that you can use to evaluate technology solutions. It is very important to start evaluating new technology once you’ve collected the earlier information. Otherwise, you’ll be too tempted to make a gut decision and be swayed by vendor benefits and features that may not actually solve any problems for you. For example, if your users only need basic features for accounting software, you won’t be lured by expensive accounting software with bells and whistles that you don’t need.
  5. How much training will users need? Sometimes, even technology that users need and that seems cost-effective might fail if user training and support isn’t properly taken into account. Is the technology easier to use? Harder to use? How many days, weeks, or months will it take until users are comfortable with the new technology? Any new technology introduces change and will disrupt people’s routines and habits for a brief period of time. To make sure any new technology gels at your city, incorporate the right amount of training and follow-up support.

By focusing on users of technology, you will answer many questions that help you shop for just the right solution or tool. Again, notice how the questions above are technology-agnostic. They ignore cool benefits and features, focusing only on what users need and how any business objectives may impact those user needs. With this information in hand, you will have better conversations with technology vendors as you evaluate solutions. Overall, you’ll reduce costs as you use this information to eliminate wasteful technology.

To talk more about technology user needs, please contact us.

Tuesday, January 21, 2014
Alicia Klemola, Account Manager

A city’s planning and development website content must cover a wide range of information from visionary multi-year plans to specific questions about building permits. Managing city growth is complicated, but the content on your city website should simplify that complexity by making it easy to find information about land use, zoning, building permits, development projects, and much more.

Since many city websites tend to provide too little information or an information dump of PDFs for citizens to laboriously sift through, you’ll be ahead of the curve if you apply the following tips to your planning and development content.

  1. Create pathways to information for common questions. While you may offer a lot of planning and development information, people tend to ask common questions such as “How do I get a building permit?” or “How do I schedule an inspection?” Make sure that you provide easy-to-find answers either on your main planning and development page or by featuring links to those answers. From dealing with citizens, your experienced city staff should be able to tell you what questions people tend to commonly ask.
  2. Extract useful information from lengthy PDFs or long blocks of text. It might seem easier to just provide links to PDFs of lengthy planning and development documents that you’ve already created. But while easier for you, put yourself in the mindset of a citizen. Would you want to go sifting through 20- or 50-page PDFs looking for the right information? With some upfront work extracting the most useful information from PDFs and paper documents, you can create citizen-friendly planning and development content that truly helps citizens. Do the work so that they don’t have to.
  3. Provide highly visible contact information. Because of the complexity of planning and development questions, it’s inevitable that people will still need to call people at the city to get questions answered. Make sure you provide that contact information in a highly visible place on your main planning and development page. If different questions require different experts in your city to answer them, break them out by topic or task.
  4. Give helpful, proactive answers. Sure, it’s helpful to provide purely functional information about zoning or a permit. But you’ll be even more helpful if you guide people through difficult processes and even give them tips. For example, the City of Austin provides some guidance on how to select a contractor within their planning content. You might provide some information about what to do when planning to build, tips on passing an inspection, or an overview of a handling a special scenario (such as food trucks).
  5. Be transparent about major planning and development news. For your more visionary projects involving planning commissions and official decisions from city council, make sure you provide all important information in an upfront timely manner. Citizens can become angry if it seems like a city is hiding information about annexations, rezoning, rights of way, building demolitions, or new buildings. Since planning and development decisions can impact citizens for years, even decades, you need to use your planning and development page as a communications vehicle to keep citizens informed.

While these tips follow the basic principles of website content like many other city pages, your challenge for the planning and development page is complexity. Take some time to sit down with both your planning and development department and your communications person to sift through all of the information and what to prioritize that best helps citizens. Remember, your citizens will not know your policies, rules, and regulations as well as you. It’s up to your planning and development content to do a lot of heavy lifting in providing answers when citizens need them.

To talk about your city’s planning and development website content in more detail, please contact us.

Thursday, January 16, 2014
Nathan Eisner, CMO

It can be frustrating to use a document management system but then never seem to find what you want. It’s like trying to find a reference in a lengthy book using an index that lacks the words and phrases you’re looking for. At that point, a book full of useful information becomes useless if you can’t find specific information quickly.

Document management system indexing works by the same principles. Uploading documents is the easy part. But work and planning needs to be done to make sure you index documents enough to make them findable. This becomes especially crucial for open records requests, timely information needed for a city council meeting, or specific information that may be stored within hundreds or thousands of similar documents.

While an IT vendor can help you with some of the technical aspects, keep the following tips in mind to help you index your documents and save hours of wasted time having city staff futilely search for information.

  1. Have at least one unique identifier per document. Whether it’s a unique invoice number, a social security number, or a file name, there should be at least one unique identifying field that no other document can have. Without unique identifiers, you might confuse documents or enter duplicate information. For example, each utility customer’s bill might have a number identifying the specific bill. That way, if a customer wants to discuss a specific bill, they can reference the bill number.
  2. Create metadata to help you search for documents. We’ve talked about metadata in more detail in other blog posts, but the important point is to create some fields and data that you fill in about documents as you upload them. Your document management vendor can work with you to implement what fields you’d like, but you need to decide what fields are important to capture from a business perspective. For example, you might require that all files have a title, author name, department, and short description of what the document contains.
  3. Make sure you use consistent terminology when labeling documents. When filling in metadata about your documents, make sure you use consistent terms and vocabulary. For example, a document shouldn’t be labeled “Police” in one place and “Public Safety” in another place if you are intending to refer to the same department. Agree on consistent terminology so that people don’t hit an unnecessary roadblock when searching. If you’re worried about people using similar terms to mean the same thing, talk to your document management vendor to see how you can direct alternate searches to a main term.
  4. Don’t just rely on the document management system’s automatic indexing features. Just because the document management system automatically indexes your documents doesn’t mean those automated results are very helpful. You’ve probably searched for terms on Google that bring up search results that, on the surface, look just like the other search results. But those results are not user-friendly or helpful because Google pulled whatever it could from that page—even if the description is meaningless. Document indexing works the same way—you have to help it out to make it really useful for city staff.
  5. Don’t forget to index non-text content. Label images, audio files, videos, and other non-text files with indexable metadata in order to make it findable and searchable. It’s a standard feature in most document management systems to allow you to label these files with metadata including names, descriptions, and numbers. If you’ve ever looked for a photo among hundreds when they are all named Pic00001, Pic00002, etc., you know the frustration of no indexing. But if a set of photos are all labeled by a particular event (such as a picnic) with people identified in each one, it then becomes easy to find photos of events and people through search.

Making sure that you can index and find files easily in your document management system gives you a taste of how massive a challenge search engines like Google have on a daily basis. We produce so much digital information today that what starts as a seemingly modest list of documents can soon become unmanageable. But with the right indexing planning and ongoing filling in of the right fields for each document or file, you are on the road to making your information as findable and searchable as possible within your document management system.

To talk more about document management indexing, please contact us.

Tuesday, January 14, 2014
Dave Mims, CEO

When most people want to avoid computer viruses, the common wisdom says to focus on your antivirus software. Of course, that’s a sensible strategy since the purpose of antivirus software is to stop viruses from ever infecting your computer. This report from KUTV in Salt Lake City, Utah is typical of the kind of advice that’s usually dispensed in lieu of a particularly nasty virus attack.

Only at the tail end of this report, buried underneath advice about antivirus software and even paying a ransom to criminals in order to get a businessperson’s data back, do we hear about data backup. Even more than antivirus software, data backup is actually your best antivirus protection.

Even Microsoft said in a recent post that “the most important tool for dealing with ransomware is to make sure computers are backed up.” Why? Let’s look at the reasons.

  1. Even the best antivirus software doesn’t catch every virus. New viruses are created by people every day, and it’s difficult for even the best antivirus software to keep up with every single one. If you only depend on antivirus software, some viruses may slip through if they are very new (which are usually the most damaging when they break out) or written by professional criminals to bypass the software. No antivirus software will protect you 100%.
  2. Employee error is still the source of many virus outbreaks. No matter how good your antivirus software, you may still get a virus if an employee clicks on a malicious website or email attachment. While sometimes your antivirus software might step in to prevent a virus from activating, it’s much harder to prevent a virus if an employee takes a completely voluntary action (such as opening a file). This is why phishing is such a popular scam because it tries to get a person to take an action that bypasses antivirus software.
  3. A virus can encrypt, corrupt, or destroy your data. Once a virus is activated, any number of things that happen to your data. A recent ransomware virus encrypts your files and threatens you to pay a ransom. Other viruses corrupt, damage, and even destroy your data. An antivirus program might be able to get rid of a virus once it infects your computer, but it won’t be able to get your data back.
  4. Your entire computer might need to be wiped clean or decommissioned. In more serious cases, we’ve occasionally had to completely wipe a computer clean of data or decommission it in order to ensure that a particularly nasty virus is gone. When that happens, your data is gone forever if it’s not backed up. Ask yourself if you’re prepared to recover your data in case of this scenario, just as in a worst-case disaster recovery situation.
  5. Online storage often just syncs, rather than backs up, data. If you’re relying on cloud-based storage software, be careful if it syncs your data across a variety of different access points. For example, if a ransomware virus encrypts your files in one place, it will encrypt them in every place if you sync your files. You need a separate data backup solution in place to make sure that you are backing up files in a completely different location than how you normally access your files. That way, if a ransomware virus encrypts your files, you can rest assured that your files are okay in another location.

Data backup is a more fundamental and important way to prevent the effects of a virus outbreak than even antivirus software. We recommend making sure you have a data backup and disaster recovery solution in place, combined with an enterprise antivirus solution that is managed by IT professionals.

And even though the businessperson in the TV clip paid the criminals that held his data hostage, we recommend to never pay a ransom! These are criminals. It is not guaranteed that you will get your data back, and they may also use your credit card information to commit identity theft. With data backup in place, you won’t even be tempted to pay a criminal for your information.

To talk about data backup and antivirus software in more detail, please contact us.

Thursday, January 9, 2014
John Miller, Senior Consultant

We get a lot of questions about the possibility of switching to free or low-cost productivity software. The argument usually goes like this: We don’t use all of the features in our current productivity software and the licenses are expensive. Therefore, can we use the free software that most of us use at home?

On the surface, free or low-cost productivity software seems to do the same things that your more expensive software does. Plus, compatibility usually isn’t too much of an issue since it’s easier than ever to convert document types.

But like any business decision, there are a lot of factors to weigh about considering what productivity software you use. It may seem like all tools do the same thing, but you’ll hit walls or levels of frustration that affect your employees if you take a cost-cutting shortcut without proper analysis. Here are some questions to ask if you’re considering reevaluating your current productivity software suite.

  1. What productivity tools do you use most on a daily basis? Different cities may have different needs depending on complexity, departmental demands, and levels of presentation needed. How in-depth do you use word processing? When you give presentations, do you need standardized or complex features? When assembling spreadsheets, how complex do your formulas and data analyses need to be? Smaller cities may have less complex needs while cities with more departments or data-heavy demands may need more complex software.
  2. Do you need desktop versions of the software? Cloud-based productivity software is sometimes only accessible through the Internet. If that scenario does not work at your city, you’ll need to look at options that include offline access to documents and files. It’s a fair request that you might want employees to access and work on files and documents if there isn’t access to the Internet, either due to an Internet outage or lack of Internet access in public places.
  3. What is a reasonable cost per user? As you assess how specific features and benefits map to your city’s needs, weigh those features and benefits against the cost per user. Some productivity software suites are one-size-fits-all, which may be less or more than you need. Other suites seem to offer almost too many options but show flexibility and scalability. For example, you don’t want a 300 user plan if you have 25 users, so look for a plan that matches your size and needs. And also consider what else you get with the suite that may justify the price (such as email, video conferencing, instant messaging, etc.).
  4. Does the software’s privacy policies meet the requirements of your city? Free or low-cost productivity software may also be accompanied with minimal privacy policies such as the vendor sharing user information to third parties or using algorithms based on your email content to generate ads. When looking at productivity software options, make sure you understand what the vendor does with your data. Is their privacy policy vague? Do they appear to have policies built around the needs of businesses and government?
  5. How much storage do you get? While 15 GB might seem like a lot of storage space for an individual user, it won’t be enough for a city. Each city’s storage needs will be different for cloud productivity software. How many files do you currently have? How many files do you plan to generate each month, quarter, or year? Depending on your storage needs, you can plan ahead and take this information into account when looking at options. And definitely compare different options. Storage is cheap today, but that doesn’t mean some vendors might be more stingy with storage space than others or charge you too much for excessive storage space.

By asking the questions above, you’ll be well on your way to understanding your productivity software needs. If you’re lucky and do your due diligence, you might find some substantial cost savings in going from expensive capital expenses and software licenses to an operational expense cloud subscription model with cheaper storage space. But before you simply switch, tempted by cost reductions, make sure you have the right productivity software suite for you.

To talk about productivity software in more detail, please contact us.

Tuesday, January 7, 2014
Brian Ocfemia, Technical Account Manager

In no way do we dismiss the fact that cloud software has security risks, despite the significant advances made in this area. It’s well known that vendors have been able to reassure major local and state government entities that security is robust enough to take care of high-level needs. The state of Texas is a popular example, but a recent article by BWWGeeksWorld shows plenty of examples of state and local government entities using the cloud for sensitive departments such as public safety.

But when research, surveys, and our own industry experience and observations look deeper into concerns about cloud security, the root problems are often much deeper than questions about cloud software encryption or how a vendor stores data in the cloud. As competition and IT maturity improve the security behind most cloud software, we find that alleviating those worries doesn’t even compare with the threat of existing security problems at cities.

Let’s take a closer look at what we should really worry about.

  1. Despite concern, IT leaders underinvest in IT security. It’s easy to pick on a new technology and ask harsh security questions. Find one little flaw, and you’re ready to discard the whole thing. But discard it for what? In a recent article for Readwrite, author Matt Asay refers to a 2013 Society of Information Management IT trends study when he says, “IT security ranks as the second-highest priority for IT leaders, yet is the 14th largest IT investment.” Chances are, if IT leaders at large companies are underinvesting in their IT security, you are too. What we find is that it’s easier to show concern and worry about imaginary security problems from new software rather than directly addressing current security problems. Worry about security needs to be matched with dollars and action.
  2. Lack of underlying IT management creates permissions and access problems. Many security problems stem from poor IT management. That includes processes and monitoring of who has permission to access specific data, information, documents, and files. You can have the best built-in security features in a piece of software, but if the wrong people are allowed to access it or the access points are weak (such as from weak or no passwords), then that extra security won’t do a bit of good. In a blog post for Information Security Magazine, author T.K. Keanini says, “Security teams need to know what applications, data and workloads are moving into cloud environments, where that data resides at any particular time, who is accessing that data and from where.”
  3. Cities often don’t create a non-technical security policy. Many technology-related security failures stem from non-technical human errors. While every human-related security breach cannot be prevented, cities can help establish a good foundation by outlining an acceptable use policy, providing training on how to deal with common security breaches (such as falling for spam or phishing attacks), clarifying internal procedures (so that people aren’t tricked into giving away passwords to a third party), and describing how your security policies will be enforced.
  4. Cities already take huge security risks in the name of cost and expediency. We see many cities use free email service providers, employees downloading random productivity software onto individual computers, and unmanaged software sitting on computers across the organization. And there are other risks. In an article for PandoDaily, author Rick Spickelmier says, “Of the 404 breaches and 9.1 million records lost so far in 2013, 272 or roughly two thirds involved lost, stolen or discarded devices (computers) and paper records, insiders, payment fraud and unintended disclosures.” Cloud security risks are extremely minimal compared to security breaches stemming from poor hardware and software asset management or an overreliance on paper documents. Spickelmier goes on to say, “If employees stored more information in the cloud and less on computers, laptops and vulnerable company servers, many of these leaks would not have been possible.”
  5. Clinging to legacy systems increases security risks. As a reaction against the cloud, we sometimes see cities worried about security yet sticking to their aging legacy hardware and software. However, aging legacy software is unfortunately full of security holes. It’s often not officially supported anymore, meaning a lack of security patches and upgrades. Few people have the technical expertise to maintain it, and even if it’s well-maintained, it will lack modern security features. (Remember, hackers always grow more sophisticated, and software has to keep pace.)

Again, these observations aren’t meant to ignore or obfuscate any concerns about cloud software security. Our point is that cloud software security has matured so that many older concerns are lessened by how vendors build in essential aspects such as encryption, run the software at rigorously maintained data centers, and comply with many stringent requirements that accommodate everything from the federal government to healthcare. Stacking that progress up against some of the security gaps often found at cities, we argue that any cloud security conversations need to be reframed. How does cloud software security compare with your current security investments, policies, and procedures? Answer that question, and you’re on your way to understanding how cloud software can improve upon your current security.

To talk more about cloud security, please contact us.

Friday, January 3, 2014
Clint Nelms, COO

If it seems like we’ve been writing about the benefits of cloud software and technology a lot, it’s because this technology has a far-reaching effect into so many important areas that impact cities. And no area could be more important than keeping city operations running in case of a disaster.

In a recent article from InformationWeek Government, the author talks about how the General Services Administration (GSA) experienced disaster in the form of Hurricane Sandy. A few years ago, lost power and flooding would have meant destroyed email servers. But with its email in the cloud, GSA employees worked remotely from home and coffee shops until they could return to their offices.

More importantly, services kept running despite near total disaster at GSA offices. While it’s fun to talk about how the cloud reduces costs and gives your workforce more remote access to city information, its true power shines in a disaster. Here are a few ways that happens.

  1. No information is lost. With offsite data backup stored in the cloud, your data is protected even during the worst disasters. For example, Hurricane Sandy threatened an entire section of the Eastern United States across several states. “Offsite” data backup in a building a few blocks from a city or even in the same state may not be good enough in such a disaster. With the cloud, your data is stored in geographically dispersed data centers across the country (and sometimes across the world). No matter the disaster, your data is safe.
  2. You can access your information with power and Internet access. In the case of GSA, while there may have been loss of power at its offices, power and Internet access was not gone everywhere. If employees could go to an area where there was power and Internet access, they could access information such as email. Cloud software potentially covers more than just email, so that access may also include your desktop, documents, and critical software (e.g. accounting). If you can access your information, you are able to keep operations going.
  3. Any device can access the information. While similar to the second point above, it’s worth mentioning that cloud software specifically makes it easy for any device to access the software. Just a few short years ago, remote access may have entailed inferior access to information, complicated VPN connections, and limitations based on servers and software. With cloud software, any device becomes an access point. If employees’ work desktops or laptops are damaged, they can use personal workstations and mobile devices to access city information.
  4. The city can stay connected to citizens. Let’s assume your website is hosted in the cloud (rather than threatened by disaster from only being hosted onsite or in a nearby data center). That means your website never goes down. If citizens are able to access your website (or even social media such as Twitter), then you can communicate the latest emergency updates and information. Cities can either shine or fail spectacularly in a disaster, and it’s a time when citizens will most need you. Keeping communication channels open through cloud hosted websites and using social media can help you stay connected.
  5. If you can work, then you can provide services. As long as city employees can communicate with each other, plan, strategize, and act, then the city is not shut down. Sure, you may face physical challenges such as destroyed equipment, blocked roads, or limited access to critical facilities. But a city is truly down when the people are out of operation. Cloud software helps city leaders, managers, and employees provide as many services as possible, keeping city operations running, and helping citizens with specific needs. The faster city employees can regroup and collaborate, the faster the city is operating at full capacity again.

When you think about your disaster recovery and business continuity plans, be sure to consider cloud software if you haven’t invested in it already. As you can see, the benefits in a disaster are invaluable—from making sure your data isn’t lost to being able to serve citizens despite significant damage to buildings and resources.

To talk about disaster recovery in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 |