We put the IT in city®

CitySmart Blog

Friday, August 23, 2013
Nathan Eisner, CMO

In the early wild west days of computers and the Internet, swapping copies of software among friends and family was common. After all, software was easy to copy and share, and who was going to catch you? This habit lingered well into the 2000s, even in businesses, educational institutions, and government entities, until software providers became much stricter about enforcing piracy laws.

However, both from old habits but also the current mentality that many things on the Internet should be free (news, music, videos, etc.), many people at cities sometimes think that using unlicensed software is okay—especially if the justification is to save money.

Whether your software is unlicensed, copied illegally, or purchased from an unauthorized reseller, you actually run a significant risk when you use pirated software. Primarily, you face three major consequences.

  • Your software may not work. First, using unlicensed software brings a practical risk of not working at all. Many software providers have created more and more aggressive software activation processes that protect themselves from piracy. If you try to run software that isn't activated by a certain process or use it beyond whatever free trial period you were allowed, it's not uncommon for that software to stop working altogether. And if you try to activate the same license more than once, you may get denied from using the software.
  • You will not receive any customer or technical support. Having problems with your software? Need to call customer service? Tough luck. Today, software is not just about the hard copy of the program or application. It’s the upgrades, customer service, and ongoing support that most software requires. Even your IT staff or vendor will have trouble helping you if you have problems with your unlicensed software, and they will recommend that you purchase legitimate copies to avoid any technical problems.
  • You open yourself up to lawsuits and fines. This warning may sound extreme, but it’s not. In fact, this issue has become a major legal issue that information technology departments must address for their organizations. Lawsuits and serious fines do result from businesses and cities using pirated software. I worked for a company about 12 years ago that was audited by Microsoft and forced to pay over $800,000 to avoid a lawsuit. The reason? They were using pirated Microsoft software. An executive even got fired over this issue.

If these warnings have you worried about the state of your software, we offer a few tips that address most of the common scenarios that cause cities to accidentally purchase pirated software.

  • Do not copy any software or purchase unlicensed versions. Not much needs to be said here. Copying software or knowingly purchasing unlicensed versions is pirating in its truest form. Only purchase software from the manufacturer or legitimate resellers.
  • Buy and use the correct software version for your needs. Pirating goes beyond simply illegally sharing software with a friend or coworker. For example, if you purchase a student version of the software instead of the regular version in order to save some money, then you are misusing the software. For cities, make sure you buy versions that match your needs (business version, government version, software best suited for a particular number of users, etc.).
  • Pay close attention to software licensing rules. Your IT staff or vendor needs to provide you clear information about the licensing rules for your software. For example, some common software packages allow a licensed user to install their software on up to 5 devices belonging to that specific user. You cross the line into software pirating when you have 5 different users sharing software intended for one user. Follow any rules prescribed by the software provider.
  • Buy new hardware and avoid used hardware. To save money, cities sometimes purchase used servers or computers. But that hardware may contain illegal copies of software. We recently wrote a post about the risks of purchasing used equipment that outlines why it is not only a bad investment but also opens up liability if you’ve unknowingly purchased pirated software.

To save a bit of money, you don’t want to take the risk of a lawsuit or fine by illegally using software. Beyond the risks, it’s simply a better investment to use licensed copies of software. You receive the best quality versions, software upgrades, technical support, and customer service—all of which help make the use of your software more productive. Plus, your IT staff or vendor can easily help you when you run into issues, since they can work with the software vendor to resolve them.

To talk more about unlicensed versus licensed software, please contact us.

Tuesday, August 20, 2013
Brian Ocfemia, Technical Account Manager

If your city unfortunately ever gets a virus or malware attack, it’s easy to panic. That’s exactly what the Economic Development Administration did in a recent report outlining how they made a series of bad decisions in reaction to a malware attack. Those decisions were based on inaccurate information and included destroying IT components (such as keyboards), replacing IT infrastructure, and incorrectly following procedure.

While an extreme case, there are several lessons here that are good for cities to keep in mind during a security crisis. After all, crises are moments to test whether your policies, procedures, and people are well-equipped to handle your most challenging technology problems—such as a virus or malware attack.

  1. Gather and analyze information. Sounds simple, but the Economic Development Administration thought there was a widespread malware infection. There wasn’t. Getting hit with a virus or malware still means you need to breathe, stay calm, and assess the situation. What servers and workstations appear to be infected? What happened to indicate that the city was infected or attacked? What does data from the servers or monitoring software indicate? Take the time to evaluate any data you can glean from the attack.
  2. Isolate the problem. Unlike the Economic Development Administration, you want to isolate where the problem appears. Is the virus or malware infecting one computer? Several computers? Are there any servers and workstations that don’t appear to be infected? If you can isolate the virus or malware to specific machines, then you can focus on just those machines. Otherwise, you might find yourself damaging equipment or losing data unnecessarily.
  3. Surgically eliminate the problem. In some cases, that might mean completely decommissioning a computer. In other cases, an IT professional might need to go into your server’s most sensitive files and eliminate the virus. Like any “surgery,” there could be some collateral damage, which is why it’s important to also have data backup and disaster recovery. Don’t just rely on an antivirus or antimalware program to remove the threat. Viruses and malware are clever enough to often avoid detection and they can linger on computers even after they are supposedly removed.
  4. Follow a process. An IT professional should not go into your network like a gunslinger, do something mysterious, and then tell you the virus is gone. And you should not throw people at the problem, all of whom are working separately, until someone seems to solve the problem. Follow a clear process set by your IT staff or an IT vendor. That should include the steps above along with more detailed steps such as following checklists that instruct where to look for the infection, using scanning processes to thoroughly ensure detection and elimination, and conducting a post-elimination investigation to make sure the threat is really gone.
  5. Report on the virus with full transparency. Without getting into geeky technical details, your IT staff or IT professional needs to report, clearly and concisely:
    • The source or origin of the problem.
    • Why the problem occurred.
    • What equipment (servers, workstations, and software) have been damaged or rendered unusable.
    • How the problem was fixed.
    • Any repercussions to the city.
    • Recommendations on preventing the problem in the future.
    This report may suggest additional training for city employees (especially about why they should not click on suspicious websites and emails), investments in better antivirus software, and updates to security policies.

Overall, cities can be well-prepared to deal with a crisis such as a virus or malware attack. Of course, prevention is best: 24/7 monitoring and alerting, enterprise-level antivirus software, and clear security policies and training for city staff. But if the worst happens, damage can be contained by having experienced IT professionals apply best practices and processes to addressing the problem.

To talk more about dealing with virus and malware threats, please contact us.

Friday, August 16, 2013
John Miller, Network Infrastructure Manager

It’s called antivirus, so it must protect you against all viruses. Right? Don’t we wish.

Unfortunately, there is more to antivirus protection than just installing antivirus software on your personal computer. It’s better than nothing, and having it installed and working on your computer is critical when defending against the worst virus atrocities on the Internet. But simply installing consumer-grade antivirus software on individual computers will not protect you against viruses at your city.

So why isn’t consumer-grade antivirus software good enough? Let’s find out why.

  1. Antivirus software only works when the software provider publishes updated definitions for a virus. What’s a virus definition? It means the antivirus software provider has identified a virus, determined how to prevent it, and provides what’s known as a definition that recognizes the virus if it somehow appears on your computer. That means unless the antivirus software provider stays rigorously up-to-date and constantly pushes updated definitions to your computer, then you may not be protected. Cheap or free consumer-grade antivirus software may not be rigorous enough. Plus, virus definitions are typically a yearly subscription. If you let your subscription lapse, then the definition updates will stop installing.
  2. Virus creators usually outwit basic antivirus software. Those who create viruses are often one step ahead of the antivirus software providers. That’s why even the best antivirus software requires daily definition updates to stay current. But a virus creator’s best weapon is to disguise viruses as software applications or files that your antivirus software will not detect (since they look normal). Most people tend to get viruses by doing things like clicking on an email that looks like their online banking website, or clicking on a software installation file that might be for a game that they uploaded. Many of those links and files will not look suspicious enough to be detected.
  3. Most antivirus software is reactive, not proactive. That means your antivirus software will often not prevent a virus from installing on your computer. Instead, no action is usually taken until the virus is already on your computer. The worst viruses are clever and can disable your antivirus software before taking destructive action on your computer.
  4. Most viruses originate from a person’s voluntary action. Consumer-grade antivirus software definitely protects against common, amateurish viruses that may pop up during normal Internet browsing. Unfortunately, most viruses we see began when a person got fooled—which is exactly what a virus creator wants. Make sure that your city staff is trained on the following basics:
    • Do not open email from somebody you don’t know. Especially do not open attachments or click on links within unknown emails.
    • Do not click on ads you see on websites.
    • Do not download and install free software or games unless it is from a well-known and reputable source.
  5. Consumer-grade antivirus software lacks the rigor needed at cities. Because of the sensitivity and importance of information at a city, enterprise antivirus software is needed to fully protect the city. Installed at the server level (instead of the desktop level), enterprise antivirus software ensures that an IT professional monitors your environment for virus activity at all times and that it’s always up-to-date. Despite people’s best intentions, they are too distracted and focused on their day-to-day jobs to handle antivirus software on their computers.

So, just because you have antivirus software on your computer does not mean you’re protected from viruses. City employees still need to use common sense when opening emails, files, and attachments. And while antivirus software isn’t perfect, the best antivirus software for cities is professionally monitored and kept up-to-date without users having to worry about their individual computers.

A virus can be absolutely destructive, and we’ve seen a single virus originating with just one user threaten to shut down an entire city’s operations until it was removed. Make sure that you are as protected as possible so that your city stays operational.

To talk about antivirus in more detail, please contact us.

Wednesday, August 14, 2013
Clint Nelms, COO

Now that we’ve discussed the key PCI DSS compliance topics (vulnerability management, data protection, network fundamentals, and authorization), what happens next? Once you take care of these important security issues, you need to keep these areas front and center at all times. That means continually monitoring all of your online payment security data, testing your security regularly, and creating an information security policy for your city.

While ongoing monitoring and testing can involve some time, money, and resources, the efforts pay off. In this post, we cover five key areas that you need to stay up on, and why.

  1. Proactive 24/7 security monitoring and alerting. You can’t wait for threats and unauthorized access to happen. When you build or reconfigure your network and set up access, you need to make sure that only the right people are accessing your online payment systems. Account for which employees have access (and which do not), but also keep in mind those who might have temporary or limited access (such as an IT or software vendor). Don’t simply give out admin passwords to whoever needs them. Create specialized usernames and passwords to easily track those with temporary access—and then delete those user profiles when they’re done. Otherwise, you create too many ways for people to access your data from the outside.
  2. Monitor for unauthorized threats and attacks. Obviously, you also need to be on alert for hackers and unauthorized users who want access to your system for malicious reasons. We’re sharing this tip second instead of first. That’s because if you have no proactive policy for knowing which people can access your network, then it’s harder to figure out if you’re being hacked or attacked by an unauthorized user. If you know who is supposed to be accessing the system and can see it clearly in your network logs, then security threats will be more easily identifiable.
  3. Test your security, harshly. Don’t be kind to yourself when you’re testing your online payment security. Remember, you need to be ahead of hackers and those wishing to access your information for malicious reasons. Make sure you look for vulnerabilities with your servers, workstations, networks, software applications, cloud services, and mobile assets. Security testing may include penetration testing, which simulates an attack on your network and analyzes what would happen in the case of a real attack.
  4. Fix and improve any security gaps. Always work to improve your security. While the world of information technology moves fast, security moves even faster. This is an area you don’t want to lag behind. Maybe you need a new firewall, maybe important data is not currently encrypted, or maybe you don’t know the names of all users accessing your data. Take the time to assess the results of any ongoing testing and make fixes along the way. It’s usually when a city has been coasting on the same security assumptions for a long time that something goes seriously wrong.
  5. Create a user-friendly information security policy. Don’t aim for a thick binder that gets filed away and never looked at. Talk to other cities that have created a successful information security policy and use it as a model, but also think about the particular needs of your city. What kind of online payment information do you use? Who needs access to that information? Think about:
    • Document and database access
    • Types of payment information you store
    • Password policies
    • Use of IT resources (such as computers that contain or access sensitive information)
    • Information that employees can and can't share over email or the phone
    • How personal laptops and mobile devices can and can’t be used
    • Any special access privileges.

    Outline laws and the repercussions of breaking those laws. Create a user-friendly document that outlines important points at a high level, and separate out employee information from technical or legal information. Make it easy for employees to go to the sections that pertain to them.

Is this a lot of work? Yes. But since we’re dealing with measures that protect your citizens’ credit card and payment information, the efforts are necessary and worth it.

Read our past articles covering all PCI DSS standards by clicking on any of the links below.

Online Payment Security - Two Network Fundamentals

What It Means to “Protect” Your Data

Securing Your Technology for Online Payments

With Online Payment Access, You Want No Surprises

To talk about online payment security in more detail, please contact us.

Friday, August 9, 2013
Dave Mims, CEO

In a recent study conducted by Evolve IP (and reported in IT Business Edge), the findings from talking to over 1,000 financial decision makers along with IT professionals showed a clear gap of cloud acceptance. For those executives and IT directors who make financial decisions about whether to invest in the cloud, 70% believed that the cloud has value. Only 53% of IT professionals said the same thing.

Why? Should we be concerned that the “IT professionals” value the cloud less?

One significant reason that the IT professionals valued the cloud less was a failure to fully understand the benefits of moving from capital expenses (mostly upfront one-time investments) to operational expenses (such as a monthly fee). They also appeared to have concerns about cloud reliability and performance, which appears to showcase a more technical understanding of the cloud than the executives have.

So should you invest in the cloud? To merge both the insights about the positive financial benefits along with alleviating the technical concerns, we’d like to add to the dialogue about this study by pointing out some important considerations.

  1. You can safely eliminate many expensive capital expenses with the cloud. At this point in time, the cloud has been tested with everything from virtual servers to website hosting. You simply don’t need to buy as much hardware as you did in the past. A big part of IT expenses that hurt cities (or prohibit cities from investing in IT) are the upfront expenses needed to purchase expensive hardware and software licenses. The cloud moves this model to an operational expense model, where you eliminate hardware and pay for services over the Internet like a subscription.
  2. Total cost of ownership goes down. Essentially, total cost of ownership (TCO) is the cost of your IT expenses across the lifetime of your investments. For example, if you buy a server, the TCO would include not only the cost of the machine, but also the software, labor, warranties, electricity used to run it, the cost of downtime if it breaks, the building space it takes up, etc. While it’s overkill for most cities to calculate TCO for IT investments, it’s a real concept that does affect a city’s bottom line. Cloud services simply reduce TCO by eliminating many of the costs associated with purchasing, maintaining, and decommissioning a piece of hardware over a period of 3-5 years.
  3. Cloud services are more reliable than maintaining your own hardware and software. It’s safe to say that IT professionals are a bit self-interested when it comes to accusing the cloud of being unreliable. The reality is that IT professionals who have not embraced the cloud will find their skills obsolete as non-cloud services go away. We’ve discussed in the past that the cloud is even more reliable than what cities can do for themselves. Cloud vendors feature state-of-the-art data centers, plenty of redundancy (which helps with uptime and data backup), and security (both physical and digital).
  4. Cloud service performance has set new industry standards. Sure, occasionally we see an outage now and then from a cloud provider. But they are becoming few and far between—certainly fewer incidents than the performance of traditional IT departments onsite at a city. Much of the cloud’s power emerged when high-speed Internet became the norm. Once that level of service was in place, devices (laptops, smartphones, tablets, etc.) could all stay connected to the Internet and access services easily—much easier than relying on a city’s dedicated servers for services. Add the power of anytime/anywhere access, minimal installation logistics, and near constant uptime, and you see why cloud services outperform most dedicated services that cities could provide by themselves.
  5. Most significant technology vendors are wholeheartedly moving to the cloud. Microsoft, the company that once had a monopoly in the world of PCs in the 1990s and that still dominates the user experiences of most computer users, is shifting most of its services into the cloud. That includes tried and true city software such as Microsoft Exchange for servers and Microsoft Office for desktops. An article from Infoworld in April 2013 lists other heavyweight IT vendors such as IBM, HP, and Oracle that are all moving their software to the cloud. This is not a fringe trend.

The Infoworld article goes on to state that because the cloud has been so effective at reducing costs, less money is being spent on traditional IT hardware and software. Like typical economic spirals in the past, that means the cloud will only become more prevalent as an industry standard while traditional hardware and software eventually will fade away.

Change is often confusing and difficult, but the cloud is for real. As you can see, this is not something to be on the fence about—especially with so many of the leading indicators pointing in one direction. Your city will benefit financially and improve its IT reliability and performance by considering cloud services.

To talk about cloud investments in more detail, please contact us.

Wednesday, August 7, 2013
Nathan Eisner, Network Manager

It’s fair to say that most cities must operate with tight budgets. Making any investment requires a lot of prioritizing and debate. As one of the more expensive investments on a city’s list, information technology often needs to prove its value. No matter how positive the benefits IT investments can bring, the monetary value must show itself too.

Historically, IT has always had trouble proving its value. That’s because, on the surface, it is an operational cost. Operational costs tend to look like cost centers that don’t save you money or provide a return on your investment, despite being necessary costs. At the same time, just because IT’s value isn’t immediately obvious doesn’t mean it can’t be shown.

Whether you’re evaluating existing IT investments or considering new ones, the following areas can help you understand how to get the most value.

  1. Saving money and slashing waste. The most obvious area to start is the one that cities like the most. Cities often do not realize how much they may be wasting on website hosting, data center costs, or telecom. IT changes so fast, and one of the rules that tends to stay true is that technology gets better as costs go down. It’s good to have an IT expert evaluate new technologies against your existing technologies at least annually in order to find ways to reduce costs. If you haven’t audited your IT in years, then you are probably ripe for saving some money.
  2. Insurance and disaster protection. Probably the most important source of IT value are any technologies that help you avert disaster. Primarily, this will be your overall data backup and disaster recovery strategy. Lost data or failure to submit to open records requests can lead to expensive lawsuits, fines, and investigations. On an operational level, it can be expensive to recover lost data that resulted from inadequate data backup. The cost of dealing with such disasters is monumental. Compared to the minimal costs of a good data backup and disaster recovery solution, the investment definitely pays off—even if you avert just one disaster.
  3. Opportunity cost. This is where you think you’re saving money by not spending money on basic technologies, but you’re actually losing money. You might not have a website, which affects how citizens and businesses perceive your city. You might use obsolete hardware, which means that your city cannot use modern software and Internet applications. You might use a free email address, which opens you up to legal and compliance issues. By underinvesting in critical IT, you are actually losing money by hindering progress or failing to put the best face on your city.
  4. Productivity and improving citizen services. Citizens expect their taxpayer dollars to help continually improve city services. Attracting and retaining talented city staff means giving them the tools to help work on important municipal projects. By investing in the right hardware, software, and infrastructure, you enable your city staff to accomplish more. Department projects are doable. People can find documents easily. City staff can collaborate and work remotely. And citizens can take advantage of the end result such as online payments, videos of city council meetings, or online forums and social media to express their views and concerns.
  5. Return on investment tied to long-term city projects. Most ambitiously, information technology proves its worth by helping city leaders figure out what long-term projects are doable. Having a skilled IT expert at the table when your city discusses revamping an accounting system, building a new website, or digitizing public records helps you understand solutions that may be cheaper than you imagined. Sometimes, it may seem like a project will be cost-prohibitive, but IT will tell you otherwise. On the other hand, IT can also warn you from delving into projects that might be overly expensive or wasteful.

If you’re needing to make the business case for IT at your city, or if you’ve been skeptical of investing too much in IT, we recommend starting with area number 1 above and working your way down to number 5. By gaining some easy wins first, you are often better able to justify additional investments in the future if you’ve shown that you’ve already saved your city money.

The most important point is that you need to see how the cost of IT is outweighed by the value of IT. It’s one thing if you reject a “nice-to-have” piece of software because it isn’t a fit at this time. But if you reject things like data backup or have your employees working on old, unsupported operating systems (like Windows XP), then you’re not tying needed IT investments to their value. You’re just looking at cost. Look at value too. That’s the way you will truly be cost conscious.

To talk more about IT value, please contact us.

Friday, August 2, 2013
John Miller, Network Infrastructure Manager

While larger cities may have already populated their websites with content, we routinely encounter many smaller cities that are creating website content for the first time. Either these cities have had no website or they’ve used a very outdated website in a purely functional way for many years.

In the past, we’ve talked website design, templates, and content management systems, along with also discussing the various audiences that cities need to address. But on a more granular level, cities also seek guidance about the kind of content they need to create—page by page.

Content for each city will be customized and different, but there are some general guidelines about what cities should write for each page. We’ll cover key pages over the course of a series of blog posts, starting with the most important page—your homepage.

Since your homepage is the most trafficked page and the place where people will most likely get their first impression of your city, you need to make sure you have the right content to meet a variety of needs. Here are five essential pieces of content you need for your city’s homepage.

  1. Easy to use navigation. Since people will be looking for content, you need to make sure your navigation tabs (either at the top or sides of your website) easily steer people to various areas of your website. Don’t clutter your navigation or have too many confusing names for sections of your website. A good example would be tabs such as News, Events, Departments, Mayor and City Council, and Services. You might even have tabs for audiences, such as Citizens and Businesses.
  2. Services information. Make sure that service information is easily accessed. We’ll talk about marketing and public relations below, but do not forget that most citizens will be using your website in a functional manner. They don’t necessarily want to see pretty pictures or videos—they want answers to questions. Make sure that common service questions are highlighted and that citizens can find links to tax, fine, license, utility, and other payment information.
  3. Events and meetings. Listing events and meetings in a calendar or simple list does two things. First, it provides transparency about city business such as city council meetings, public function events that the mayor is attending, and other government meetings of interest to civic-minded citizens. Second, an events calendar also shows the city’s economic and community vitality. Listing public events such as farmers markets, new business openings, or holiday festivities is both informative and good public relations for the city.
  4. News, news, news. We’ve emphasized this kind of content in previous blog posts, but we’ll say it again: sharing regular news is one of the best signs of a city’s vitality. You are driving away businesses and future residents when it looks like your city has nothing going on—either from no news or a last news items dating from 2011. News items are all around you - new city initiatives, new businesses, business anniversaries and accomplishments, college and university activity, K-12 accomplishments, health and wellness initiatives, etc. The list is endless. You need at least one person staying on top of news items and regularly posting them to the homepage.
  5. Quality photography. While we stated above that pretty pictures aren’t everything, you still need to pay attention to your visual content. Consider a small investment in upgrading the visual quality of your website. Think about it. You’re making a first impression on a future resident or business researching your city. High quality photography of your city that highlights your downtown area or a scenic nearby landscape will have a greater impact on how people perceive your city than lower-resolution photos, generic clip art, or photos that are too small to see clearly.

If you start with these five elements, your homepage will go a long way toward doing the job it needs to do. If someone visited your city and arrived at City Hall for the first time, wouldn’t you greet them? Show them around? Talk to them about useful and relevant things? Tell them what’s best about your city? That’s what your homepage needs to do for online visitors.

To talk about homepage content in more detail, please contact us.

Tuesday, July 30, 2013
Clint Nelms, COO

When cities finally take the leap and start using a new document management system, many questions arise that have nothing to do with the technology. While document management systems have a lot of slick features and benefits, they don’t solve your business process and policy issues concerning your documents.

While the art of document management can become extremely technical and complicated, especially if you have a large volume of documents that need categorizing and storing, we have provided some questions that will at least help get you thinking about where to start.

  1. What documents do I have? Before throwing documents into your new document management system, use this situation as an opportunity to assess what documents you have. Where are they stored? How many do you have? Which are the most important? The most used? Get a sense of the type and quantity of documents you have. If you have a large volume of documents, you may want to perform a document audit.
  2. How will I organize my documents? After examining what you have, you may discover a lot of junk that is outdated, obsolete, or worthless. Get rid of any documents that do not have a purpose. For those remaining documents, begin deciding how you will organize them in your document management system. If you don’t have many documents, you may want to organize them into simple folders. If you have a large volume of documents, you may consider organizing with metadata.
  3. Who will maintain your documents? While your IT staff or vendor might provide some technical help and assistance with your document management, they are not the people who should be deciding how best to continually organize your documents, ensure that city staff use the document management system appropriately, and retire documents on schedule. Someone should oversee your document management maintenance from a business perspective and make improvements to the user experience over time.
  4. How long will you keep your documents? If laws dictate that you only need to keep documents up to a certain time, then make sure those documents are deleted when that time is up. For less legally bound documents such as policy and procedure manuals, software guides, city staff memos, or other content that simply becomes outdated, make sure expiration dates are set so that these documents can be deleted or archived on a certain schedule. It’s best to keep your document management system full of fresh, relevant content.
  5. What is your process for deleting and disposing of documents? Since government documents can undergo high scrutiny, you need to make sure you have a clear transparent process for disposing of electronic documents. You cannot just hit delete. Consult with an expert contractor or IT vendor to make sure that you are deleting and disposing of documents effectively and appropriately, following any legal requirements. You don’t ever want to say you don’t have a document anymore, and then find out it was actually still on someone’s hard drive or on a server somewhere.

Acquiring a new document management system is exciting. It provides centralized storage, protection from disaster, better organizational capability, and easier search tools. But a mess of documents transferred to a document management system will still be just a mess of documents if you don’t think through the questions above. If you take the opportunity to review your business processes before transferring your documents, then you will better maximize your document management system investment.

To talk more about document management system best practices, please contact us.

Thursday, July 25, 2013
Dave Mims, CEO

Buying used products is great for many areas of life. Used cars, books, or furniture are usually good investments and relatively low risk as long as the quality is still high and the items can be used for a long time. Used servers and workstations are an exception to this rule. They are not only bad investments but also dangerous investments.

Why dangerous? It may seem like you are saving money by purchasing used hardware. After all, you might acquire newer model servers and workstations that you might not normally afford—for only a fraction of the cost. And as long as these machines seem to run properly, it can feel like a great deal.

Here are some dangers that accompany used server and workstation purchases, and why you should avoid such investments.

  1. Used machines are usually obsolete. Unlike used cars or furniture, information technology changes quickly. By the time you purchase used hardware, those machines are often obsolete. You’re getting the tail end of a hardware investment that you will have to replace soon anyway. Part of a responsible technology investment is using machines that meet current user and software needs. Purposely buying hardware that is lagging in modern features and functions is not a smart use of money.
  2. Hardware lifecycles are 3-5 years. People tend to overestimate the lifespans of servers and workstations, thinking they should hang onto them until they are no longer usable. However, computers have a typical lifespan of 3-5 years - maximum. If you buy a quality new workstation and maintain it properly, you can expect it to last as long as 5 years. A new bargain-basement workstation will usually last only 3 years. Used hardware lasts even less time than a new bargain-basement workstation. That means your machine will be worthless in less than 3 years.
  3. There is no “Carfax” for computers. Perhaps one day we will see the equivalent of Carfax for servers and workstations. Until then, you will not know the history of the used machines that you’re buying. You’ve worked with computers, and you’ve seen others work with them. You see on a day-to-day basis how much “abuse” servers and workstations take—physical damage, wear and tear, software installed and uninstalled, viruses, spyware, etc. Has a glass of water ever spilled on your used machine? Has it been infected with malware? What was the machine primarily used for? You don’t know, and that’s a huge risk. And keep in mind that most used servers and workstations are not professionally wiped clean of past data.
  4. You may be using illegally purchased software. We see many people unknowingly using illegally purchased software on used equipment. If you’re using an unauthorized copy of the operating system (such as Windows) or any software installed on the server or workstation, then you are liable for the illegal use of that software. Cities need to be careful and use only authorized, licensed versions of software so that they are not pirating or stealing.
  5. Your total cost of the hardware investment usually negates the savings. You may buy your cheap used servers and workstations only to find that they need additional memory, storage, software, or peripherals. As we noted above, your hardware is already lagging behind technologically, so you will need to invest in upgrades to make sure you can use current versions of software, browse the Internet without issues, and make sure you have enough room to store files and data. You may even need to buy items like monitors or keyboards if they don’t come with the machine. After these additional purchases and upgrades, your so-called savings suddenly becomes even less.

Buying used hardware is risky even for individuals. There are many horror stories about computers purchased on Craigslist or even from friends where too many things went wrong and ruined the purchase. For cities (and any professional organization), the risks are even greater. And the investment is entirely unsound.

Budget tightening should not lead to desperation or shortcuts. Plan out what hardware you need, understand the best investment to maximize over 3-5 years, and buy new. New machines give you the highest quality, the most modern equipment, the right software and peripherals included, and the best bang for your buck.

To talk more about buying hardware, please contact us.

Tuesday, July 23, 2013
Nathan Eisner, Network Manager

A recent research report from Veeam (a provider of virtualization and backup solutions) points out a number of problems that small and medium businesses are having with data backup and recovery. Since a city’s IT needs often parallel the needs of small and medium businesses, we think that some of these numbers are worth highlighting.

  • 1 in 6 (17%) data backup recoveries do not work.
  • Only 8% of small and medium businesses test their data backup.
  • e-Discovery is too expensive for 65% of small and medium businesses.

As SMBs are struggling with these issues, our experience shows that cities struggle with these issues even worse. We find similar patterns in the quality of data backup, the lack of rigor and testing, and an ability for cities to respond to open records requests effectively.

Using this excellent report as a foundation, we wanted to draw out some points that we think are relevant for cities when they confront similar data backup issues.

  1. Struggles with the cost of data backup management, licensing, and storage. Just like SMBs, cities struggle with the cost of data backup. Depending on the solution they are using, it often takes IT staff or vendor time to manage a solution, the software licenses are expensive, and the data storage costs often force cities to limit what they can back up. Data backup costs have come down as the technology has gotten better. We recommend that cities look at solutions that take advantage of cloud backup (which requires less management time), monthly subscription costs (instead of annual or multi-year software licensing), and unlimited data storage options.
  2. Improperly setting up and maintaining a data backup solution. Just like SMBs, many cities sadly try to set up and maintain their own data backup solution—with mixed results. While data backup management costs from vendors might seem like something to skip, you don’t want to try to do it all yourself. Many cities use backup agents but fail to manage them properly, leading to slow and failing data backups. If your data backups seem to take too much time and you cannot guarantee that they will work, then you need a professional to handle them.
  3. Testing and auditing your data backup. While knowing only 8% of businesses test their data backup is shocking, this shock also applies to cities. Many cities still do not regularly test and audit their data backup. That means when a server failure or disaster hits, they risk losing important data forever—financial data, public safety data, online payment data, etc. Testing should take place at least quarterly and simulate a disaster. You should pass that test with flying colors and have audit documentation to prove it. City data is just too important for anything less.
  4. Simplifying your IT environment to help reduce data backup needs. One interesting aspect of the report is its acknowledgement of how IT complexity affects your data backup needs and costs. If you have not performed an IT asset audit and simplified your environment, then you may have too many (and possibly redundant) servers and workstations, too many applications and software that you’re managing, and too many “do it yourself” IT management tools that often conflict and confuse each other. We often untangle complex IT environments by reducing hardware, moving certain software applications into the cloud, and simplifying the overall management of a city’s data and IT environment. This simplification makes it much easier to back up data.
  5. Understanding the trend that small organizations now have large organization IT needs. In the Veeam report, its President and CEO says, “More and more, SMBs are being subjected to the same IT challenges and business pressures as large enterprises. As such, any disruption to their IT infrastructure can have severe consequences.” Smaller cities may have gotten away with less technology a few years ago, but with high-speed Internet so prevalent, the Internet now a source of primary information for people, and the demands for modern business requiring fast information processing and response, it’s becoming less of an excuse for smaller cities not to have basic enterprise technology. At a bare minimum, cities are expected to have a functional website, document management that allows for easy search and retrieval, a professional customized email address, and a data backup solution that insures that data will not be lost.

Again, while the Veeam report focused on SMBs, cities also need to pay attention to these trends. An enterprise technology environment with cost-effective and tested data backup is not out of reach. However, cities are stuck with or have been burned by vendors over the last 5-10 years who have gouged them with the high costs of annual fees, licenses, and add-ons to their services.

But even in the last two years, IT has changed drastically and the quality standard has risen. Cities need to reevaulate their current data backup solutions and really look at the cost, current assets, and maintenance. If any of the above points seem to indicate any gaps, then it’s time to address those gaps so that you can increase your data backup quality while reducing costs.

To talk about data backup in more detail, please contact us.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |