We put the IT in city®

CitySmart Blog

Tuesday, November 27, 2012
Clint Nelms, COO

A few months ago, a report by OPSWAT made the rounds that pointed out a few interesting insights about how antivirus software is currently being used. More and more people are using free antivirus software, and the report suggests that people believe they are getting the same protection with free antivirus software as they would with an enterprise antivirus solution.

The protection afforded by free software such as Microsoft Security Essentials is actually pretty good, so the problem is really not in the quality of software offered by a lot of these free antivirus providers. The problem—especially for a city— lie in three key areas that relate to liability:

  • Configuration. We find that the same OPSWAT study shows that most antivirus software is configured incorrectly. It may be good software, but it’s useless if configured incorrectly.
  • Management. Many organizations relying on free antivirus software do not ensure that all desktops and servers have it installed and working properly.
  • Prevention and Quarantining. Sometimes a virus gets through, and its severity can easily compromise a person’s computer or an entire network. People sometimes think they’ve caught and eliminated a virus, but viruses can be deceptively nasty and linger on a person’s computer.

The following story is inspired by a real incident that we encountered a few years ago. To protect the city, we had to significantly change many of the details, but the essence of the story is the same.

Cyber Liability for a Virus Attack: Mid-Sized City Manager’s Office

Imagine you’re the city manager at a mid-sized city. You have access to some of the city’s most sensitive information, including some of the city’s bank accounts.

You’re sitting at your desk and the phone rings. It’s the local bank that handles most of the city’s funds. He informs you that someone has accessed the city’s bank account and attempted to withdraw money.

When the city investigated, it discovered that a virus on the city clerk’s computer opened it up to remote access by a criminal somewhere in the world. The city clerk’s computer did not have antivirus software. Unsecured, the virus infected her computer and the criminal attempted to withdraw money.

A lack of antivirus software at the city led to a virus that compromised the city clerk’s computer, which could have led to stolen funds. Embarrassing, to say the least. Frightening, at most—especially when state and local law enforcement had to expend resources to track down the attackers.

Tips For Preventing a Virus Attack From Compromising Your City

A city is high stakes business, with employees handling sensitive information that cannot be risked with free, unmanaged antivirus software. Because of the city’s relationship to its community, issues related to compromised data from a virus can have a negative impact on many citizens and businesses. Here’s how to avoid the fate of the city manager.

Install antivirus on every computer. Such a basic practice, but so often neglected. There’s more to the picture than just installing antivirus software, but at the very least make sure you have something in place. It’s better than nothing.

Get an enterprise solution. An enterprise antivirus software solution means that:

  • Someone is monitoring the software and all virus threat activity.
  • The software is managed by your technology staff or a vendor.
  • It’s up-to-date at all times.

That means your liability is greatly reduced when an enterprise antivirus solution is in place. Equipped to handle any and all servers and workstations, enterprise antivirus software can oversee complex technology environments and protect your most sensitive information. Plus, an enterprise solution is more proactive. Even the best free antivirus software more often takes a reactive approach.

Make sure experienced technology staff or a vendor is managing the antivirus software. Experienced professionals ensure your antivirus software is installed on every server and workstation, updated regularly, and monitored for any red flags. You should always know:

  • Who is monitoring for viruses?
  • Who is reporting to you about viruses?
  • How often are they monitoring and reporting?

Train staff about viruses. Basic user education—such as avoiding going to certain websites, clicking on suspicious emails, or opening unknown files—can help prevent what is usually the most common way viruses get into an organization.

Audit your antivirus software. That means confirming that antivirus software is installed on every machine (servers and workstations) and that all licenses are up-to-date.

We hope you enjoyed our three part series on cyber liability. We encourage you to read Part I and Part II. If you want to discuss in more detail any city liability issues and how to prevent them, feel free to contact us.

Friday, November 16, 2012
Nathan Eisner, Network Manager

Often, we’ve seen cities get excited about the prospects of a new document management system—only to find out their printers and scanners cannot keep up with their document demand. We tend to see two common situations at cities:

  • Printers and scanners unable to handle document management demand. These might be cheap laser or inkjet printers with either limited or no copy and scan abilities. We often see larger cities struggling with smaller, inexpensive printers and scanners when trying to scan massive amounts of documents.
  • Expensive multifunction printers with magnificent capabilities that are not being utilized. These machines can print in any way imaginable, copy, scan, fax, and coordinate with email and your network with ease. They work fast and have the potential to take care of every need. The irony is that we often see these expensive multifunction printer investments (sometimes in the $10,000 price range) for small cities that really only use it as a photocopier.

How do you know if your printer and scanner matches your document management needs? Here are 5 key questions to ask:

  1. What printer and scanner capabilities do I already have? Can you maximize your existing investment? If you have an expensive multifunction printer, it often has excellent scanning abilities that connect well with a document management system. Your IT staff or vendor can work with the multifunction printer vendor’s support team to help figure this out for you.
  2. What if I don’t have adequate document scanning abilities? Five or six years ago, a document feeder and scanner was very expensive. Today, for only a $200-$300 investment you can purchase a document scanner that works fast and meets your document management needs. We’ve equipped cities with such inexpensive scanners to help them scan documents, lessening the time it takes to get their documents electronically filed away.
  3. How do I make sure I’m connecting all of these technical pieces together—document management system, printer, scanner, network, servers, and workstations? Indeed, there are many parts and pieces that often impede progress when they all don’t work together! Start by establishing a relationship between the printer/scanner’s support representative and your IT staff or vendor. Make sure you understand all of the features you can use to maximize your investment and how the equipment integrates with your network and document management system. Often, cities buy the equipment, underutilize it, and don’t take advantage of support agreements. Your IT staff or vendor should be able to leverage this support relationship to make sure all parts and pieces connected to your document management system are humming like a machine.
  4. Who needs these document printing and scanning capabilities? At a small city with less than 10 employees, one scanner or even a basic multifunction printer might be enough for the entire staff. At larger cities, you might want a dedicated scanner for people such as the finance officer, while larger multifunction printers might serve each department.
  5. How fast do I need to scan documents? Speed is very important depending on your needs. If you have large amounts of documents that need to be scanned every day, 5 pages per hour would obviously not cut it. You don’t want a slow scanner creating a backlog of work. Assess your scanning needs (such as how many documents you’ll be scanning per day or week) and look at your scanner’s speed rating (pages per minute). Also, make sure there is an auto document feeder so that you do not have to manually feed documents.

Having the proper printing and scanning equipment is an essential part of ensuring that your document management system investment works optimally. To discuss this aspect in more detail, feel free to contact us.

Wednesday, November 14, 2012
Randy Weaver, Business Development

From October 24 to October 26, the great city of Valdosta hosted this year’s Georgia City-County Management Association (GCCMA) conference. From my experience, this organization hosts some of the best municipal conferences to attend in Georgia. Valdosta provided a great backdrop for this event, hosting dinner in its newly renovated downtown as well as providing tours to the nearby Moody Air Force Base. GCCMA also presented a great segment on Valdosta’s downtown redevelopment project.

The event was attended by more than 60 city and county managers. After sitting in on many sessions, talking to a variety of city and county managers, and taking a lot of notes, I collected some of the key takeaways and themes from the conference.

  1. Stress is weighing down city managers. The fact that the keynote presentation focused on stress shows that the rough economic recovery is forcing city managers to work harder, longer, and under more pressure. Doing more with less is difficult, and managing that stress was a key topic during the conference. Walt Stasinski, President of Potential Unlimited, did a great (and entertaining) job talking about stress and ways to remedy it.
  2. Information technology too often falls upon city managers as another “hat” to wear. Adding to their stress, city managers or assistant city managers are often stuck handling information technology. Often, they have trouble hiring for an IT role and finding people with the appropriate education to handle their most sensitive city operations. IT vendor management is an especially unfortunate time drain. That’s partly why we tend to help cities run small or large projects often just to handle the vendors—whether it’s a fiber optic project or networking computers in a new building. City managers have shown interest in alternative options to IT hiring because of these concerns.
  3. Cities are overpaying for websites. Many cities have continued to put out RFPs for websites expecting to pay anywhere from $10,000 to $50,000. Of course, many vendors will oblige that budget! Cities need to be educated about lower cost website options that can handle all of their needs—from a modern look and feel to sophisticated functions such as online payments. Incorrect website budget expectations are causing cities to waste money.
  4. Making city employees happy is more important than ever. Some of the sessions focused on better ways to negotiate employee contracts to help attract and retain talented employees. As cities go through rough times with hard-hit budgets, the last thing city managers want is for their best employees to go on strike or leave to go work someplace else. Some solutions that were discussed involved managing these potential problems earlier rather than later, and exploring ways to strategically outsource some work to keep employee hiring stable yet flexible.
  5. Pension plan questions need answers. The Great Recession made many people question their pension plans, and those questions still ripple down the road as the economy recovers. Quite a few people were hurt from the stock market crash, and a few sessions focused on helping city staff build sound retirement plans to take care of not only themselves but also their families. As a key part of attracting long-term talent to cities, pensions and retirement plans cannot be ignored.

Overall, attending the GCCMA conference was a great experience. I feel lucky to have talked to and learned from so many admirable city and county managers working hard and doing the best for their cities throughout Georgia. Despite their stresses, they are stepping up to the task of managing their cities. By networking with their peers at conferences like these, they end up sharing best practices and hard-won experience with each other. I can’t think of a better investment of time.

Thursday, November 8, 2012
Dave Mims, CEO

Just like many small businesses, we see a lot of cities that still have old websites with too much outdated content. Usually, these are signs that the city does not have an easy-to-use content management system (CMS) to update website content.

Technology has moved forward so quickly that it’s easy to think that websites still need a technical webmaster to handle everything related to the website. However, most websites today are managed and updated at very low cost by marketing and communications departments with almost no technical expertise.

Here are five things that your website content management system must allow you to do in 2012. If you cannot do these things, you are severely limited in your communications efforts with citizens and wasting too much time on what should be simple tasks.

  1. You must be able to create and publish your own content. A “webmaster” who still uploads all of your content along with handling every technical aspect of your website is a major red flag. A “wearing all hats” webmaster is not needed in 2012. So many content management systems exist that make creating and publishing content as easy to use as Microsoft Word. In addition, citizens expect updated, fresh content about news, city council meetings, and events. If your last news item or city council meeting minutes on your homepage is more than 3 months old, it reflects poorly on your city.
  2. You must be able to update your content anytime, anywhere. Content management systems today are convenient because you can log in from anywhere—home, the office, a coffee shop—and update content. This is especially useful because of the nature of content today. People expect fresh content. When news hits, you should be able to update your website instantaneously from wherever you are. You shouldn’t be stuck without the ability to update until getting into the office at 9 a.m. the next morning.
  3. You must be able to set roles and permissions. Obviously, you don’t want all employees to be able to change your core website content. That’s why setting roles and permissions is standard in most content management systems. You can make sure that some people are administrators, some can update only certain parts of the website, and some can only create and upload content for approval. This keeps content creation flexible and easy while still limiting who can alter the website.
  4. You must be able to collaborate and share the most current versions of content. Good content management systems allow you to collaborate on a piece of content without confusion. Let’s say I’m working on information about a community event downtown. I can upload the event information and then another person can review it and make changes. If someone else also wants to review it, it is clear what the latest version is and who modified it.
  5. You must be able to centralize and organize content. The great thing about a content management system is that all content is centralized and organized. You can review all recent news items, city council agendas, city council minutes, event items, and any other content uploaded to the CMS. Good content management systems organize content by category—by topics (news, events, etc.), type of content (articles, blog posts, etc.), and tags (tax information, public safety information, etc.). This way, it’s easy to keep track of all content that has been published or that is still pending review.

If your city cannot easily do any of these things right now with its website, then you might be delighted to find many compelling, low-cost content management system options on the market that will literally transform the way you create and publish website content. A website that remains updated and fresh shows vitality for your city, and as trends move more toward better and better content on websites, you need to be able to demonstrate that your city is always communicating with its citizens.

To discuss content management systems in more detail, please contact us.

Tuesday, November 6, 2012
John Miller, Network Manager

One of the most common scenarios we see when cities are struggling with document management is when employees rely too much on email for sending, storing, and revising documents. You’ve all felt that pain, right? Which version is the most recent version? When did I send that file? Uh oh, I need that document from two years ago—let me check my archive email folder…

An excellent infographic from KnowledgeTree has been making the rounds, and it quantifies some of the impact of email on document management. We selected some of the stats that particularly struck us as significant – and alarming.

  • 90% of documents are revised more than two times. That means a lot of documents need to be swapped back and forth between various people.
  • 46% of people share draft documents via email.
  • 59% of people gather feedback via email.
  • KnowledgeTree says, “Using email to gather approvals adds a day and a half delay compared to a document management tool.”

Clearly, this reflects a lot of time wasted, frustration, and slowed productivity. No wonder city clerks often tell us they appreciate a document management solution that saves them time and money, while making everyone’s jobs easier. Email alone just does not work for document management.

Switching to a document management tool helps alleviate many of these email inefficiencies.

  • Finding Documents Instead of searching your unorganized email for documents, a document management system centralizes documents and makes them easy to find.
  • Never Losing Documents What if you need an important document for an audit or a legal reason and...you could have sworn it was in your email. With a document management system that scans and stores all city documents, the responsibility of keeping and accessing documents becomes a citywide function and policy – and not relying on employee email inboxes.
  • Better Audit and Open Records Readiness During an audit or open records request, searching emails for information is a costly and logistical nightmare. A document management system makes you audit ready and quick to access any needed documents.
  • Automating Workflow With email, sending off documents for revision and feedback can get haphazard and chaotic. Who is reviewing what, and when? What’s the most recent version? Automated workflow capabilities enforce simple rules, including locking out documents to everyone but the person editing, requiring various steps of a review process to be followed, and ensuring that proper approvals are made to all documents.

If you’d like to talk more about the benefits of document management versus email, contact us.

Thursday, November 1, 2012
Clint Nelms, COO

As cyberattacks continue to affect cities, cities are finding not only their defenses weak but also their knowledge about cybersecurity to be minimal. It’s difficult to keep up, but the consequences of not keeping up are costly. Hackers recently stole $400,000 from the city of Burlington, Washington, and phishing attacks continue to increase in complexity—with often lethal results.

GovTech recently featured a great resource for local government called the Center for Internet Security based in Albany, New York. It’s not only a good website for cybersecurity resources but also for communication between different cities to help share information.

In examining the Center for Internet Security’s website, we were impressed to see various guides targeted toward non-technical decision makers such as elected officials, administrative officials, and business managers (such as finance officers). We wanted to highlight a few of the guides we found most beneficial for cities.

Getting Started

The Getting Started guide is an excellent overview of cybersecurity for those who have not dealt with the topic head on before. Some key insights include:

  • “Cyber security is a business function, and technology is a tool that can be used to more securely protect information assets.” It’s important to understand that it’s a business function, rather than just a technology “nice-to-have.” If you think about cybersecurity more like insurance, your mindset is more aligned with its business importance.
  • The threat of cybersecurity means local government shutting down. The report makes it clear that if a city’s website goes down, data is lost, or information is stolen, then the city becomes fully compromised. These are risks too great to ignore.
  • The guide provides a “Top Ten Cyber Security Action Items” list with excellent prioritization of key cybersecurity activities. We especially like the practical advice about recognizing a problem, recommendations on dealing with a cybersecurity problem, and extra tips about physically securing equipment and hardware (including disposal).

Erasing Information and Disposal of Electronic Media Guide

An often overlooked but important area of cybersecurity, this guide has some excellent non-technical information about how to erase and dispose of sensitive data. Some key insights include:

  • The guide points out that “deleting files does not erase information.” We’ve found that many non-technical users and decision makers believe that deleting information means it’s gone. It’s not—which is especially important if someone steals a device, or a laptop is reused by an employee who should not have access to sensitive information that may still be on it.
  • Data erasing and disposing techniques are discussed, which give an idea of the complexity and seriousness of this activity. The guide recommends using an expert contractor or vendor if no one on a city’s IT staff has experience professionally erasing and disposing of data. This ensures you comply with all laws and regulations around data disposal.
  • An easy-to-use matrix is provided that covers what method you should use to erase and dispose of data for various media types (hard drives, printers, copiers, fax machines, CDs, DVDs, USB drives, tapes, cell phones, etc.).

Secure Credit Card Payment Process

Because so many cities have shifted to online payments, it’s clear that this is an extremely sensitive area that hackers often try to exploit. This guide gives a great non-technical overview of this complex area.

  • The guide describes basic online payment industry standards. If the acronyms PCI-DSS, PA-DSS, and PTS sound unfamiliar, this section is a must read for city officials.
  • Many cities think that they are not considered merchants or, that if they use a third party payment vendor, that these payment compliance laws do not apply directly to them. Think again. The guide discusses how local government is responsible for following payment compliance – even when using third parties.
  • In blunt, stark terms, the guide justifies any costs of compliance. It’s easy to tune out vendors who talk about compliance but then tell you it will cost money to upgrade hardware and software (which may require some fundamental changes to your server and workstation maintenance). But, again, think of it as insurance. What happens if citizens’ credit card information is stolen? The cost—both direct and indirect—is too high to risk.

We recommend visiting the Center for Internet Security’s website, taking a look at the information, and getting more involved with them. Also, if you want to discuss any of these areas in more detail, please contact us.

Tuesday, October 30, 2012
Dave Mims, CEO

A recent article in the Guardian featured an interview with Dominic Campbell, the idealist who started FutureGov. As someone who worked in local government early in his career, he grew jaded by many things—one of which was IT budget bloat.

The article explains some of Campbell’s key frustrations:

Campbell, 32, is scathing about the public sector IT establishment. He first came across the corporate purveyors of costly, grandiose systems as a local government trainee in Barnet in 2002. [...] [Campbell says,] “...I became aware of these huge, expensive IT systems which were not value for money, which were not doing the job they claimed they would do, were slow, and involved ridiculous amounts of time telling people they were stupid, because they couldn't use a stupid system." Local government's fatal attraction to these IT systems (he describes them as "one big rip-off") was symptomatic of the reasons why he left the municipal world.”

While he’s talking about local government in the United Kingdom, the same problems exist for local government in the United States. Largely, it’s a lingering aftereffect from the IT explosion of the late 1990s and 2000s when organizations were conditioned to think of their problems as only solvable by “IT systems.” These “IT systems” were billed as “solutions” by vendors looking to make LOTS of money—but often without precisely solving an organization’s needs.

Today, many of these systems are expensive overkill, and they’ve been disruptively challenged by current technology trends (such as cloud computing). However, if it is not your job to keep up with the speed of technology, you (and many vendors that want to persuade you) may still think a giant “IT system” is the answer to your needs.

To help you better prevent system bloat in your IT budget, here are some key places to assess what you currently have and see if some cost savings are in order:

Website Hosting and Maintenance

This is probably one of the easiest areas to cut costs, especially if you haven’t reexamined your website in the last three to five years.

  • If you still have a “webmaster,” that’s a major red flag. Webmasters are now considered almost obsolete. There are so many content management systems that make updating website content as easy as using Microsoft Word.
  • Examine your annual website hosting fees or at least see if you’re spending excessive IT staff time and money maintaining your own website. Shop for other options, even if you think your website hosting fees are reasonable. You’ll be surprised.
  • If you haven’t updated your website in many years because you think it would be too expensive, or you have gone through a costly redesign at some point with little discussion about the needs of your staff and end users, then you are likely in a position to reevaluate your website costs.

Tape, Disk, or Other Manual Backup Systems

Even if you are using a very good tape, disk, or other manual backup system, you’re wasting money. Automating data backup and getting rid of physical storage devices helps you decrease liability and save money. We also find that these cumbersome and costly manual systems often fail basic data backup testing and auditing requirements, usually because the manual aspect introduces too many possible points of failure. People forget to back up the data, fail to test the backups, or handle storage media improperly.

Email Servers

With so many powerful and low cost email cloud options offered by major companies (Google, Microsoft), it’s often overkill to have your own email servers and licenses. While we like Microsoft, we recommend even getting rid of your Microsoft Exchange servers and using their cloud solutions instead. The cost savings, scalability, and security is much better than the hassle of managing your own servers.

Document Management Systems

Be careful about bloat here. There are many document management systems that are simply overkill. We recently wrote an article discussing some ways to evaluate a document management system vendor. Basically, you need a cost-effective and agile solution to:

  • Scan, store, and archive documents.
  • Set access and authorization rights.
  • Automate document workflows.
  • Access documents anytime/anywhere.

If you sense that you are paying too much or that there are zillions of document management features you’ve never used, you want to shop around.

Online Meeting and Conference Call Software

If you are paying a large chunk of money for conference call software, it’s likely a waste. There are many free or low-cost systems with the high quality software and communications technology you need to conduct conference calls. Often, cities are sold expensive conference call systems with excessive features that they never use. A trusted IT vendor can help recommend some free or low-cost software that meets the needs of cities.

Of course, there are many other line-of-business systems you should challenge (such as accounting, public safety, court, etc.) that may be wasting your money. But the areas discussed above are some of the foundational, key areas of technology spending where we often find most sources of IT bloat. By cutting this bloat, you save taxpayer money while also increasing the return on your technology investments.

Contact us if you’d like to discuss any of these areas in more detail.

Friday, October 26, 2012
Dave Mims, President

Recently, Fairfax County, Virginia experienced a notable failure in its online payment system when the website went down on the day of an important tax deadline. According to the article, the county handled the situation poorly—telling citizens they would still be charged late fees despite the online payment option being unavailable. Obviously, citizens were angry. The county later relented and provided an extension.

With revenue and money on the line, the failure of an online payment system can be one of a city’s most embarrassing and noticeable failures. Many online payment vendors exist, and the breadth of choices and costs can be overwhelming. On the most basic level, though, a city cannot simply choose the cheapest vendor or be wowed by features. At its core, you have to know it’s going to work and truly serve citizens in a high quality fashion.

We have provided ten questions to ask your online payments vendor—whether you’re already using one or you’re looking for options. There are plenty of questions to ask beyond these—especially considering your business processes, desired future payment capabilities, and specific features—but these questions cover the basic fundamentals that are too often glossed over when looking for an online payments solution.

  1. Where is the website hosted? Is the online payment system part of your existing website? Or will it send citizens to a third party website? You want to make sure you know enough details about where the site is hosted to make sure it is meeting your needs and adheres to best practices.
  2. Will the online payment experience be seamless for the customer? Will it feel like customers are still on the city’s website, without an abrupt jump to another website? Abrupt jumps on a website can cause customer wariness. The online payment system should either plug in seamlessly, or website design and development resources should be available to make that transition smooth for customers.
  3. What is the guaranteed uptime of the online payments site? A robust cloud solution should push this to near 100%, but ultimately you want to make sure something as service-focused as paying online is working nearly all of the time. If you are hosting your own servers or using a data center, make sure you vet the hosting provider thoroughly. If peak times, such as the day when everyone is likely to pay their bill, crash the server, then that is a major red flag.
  4. What is the security of the online payments site? Cities should expect the same security from an online payments vendor that they would expect from their personal online banking. That means an industry standard level of encryption, strong authentication, strong passwords, regular auditing, and the ability of the vendor to provide documentation proving that they are testing their security controls on an ongoing basis. In addition to these basic technical requirements, it should also be clear who can access and change any payment information. Permissions and access need to be controlled with sufficient rigor and protection.
  5. How is the data backup and disaster recovery? If a server goes down, what is the time to recovery? Again, having a cloud solution helps immensely, but any online payment system should have significant data backup, disaster recovery, and business continuity.
  6. How is customer support? If people experience technical problems, how is the technical helpdesk in terms of responding and resolving those problems? Customers should not be left hanging with issues, and the most common user issues should be resolved by clear forms, helpful error messages, and ways for users to help themselves.
  7. What is the system’s ease of use? An online payment system should be easy to use, understand, and navigate from step to step. Using clear simple English (instead of technical jargon), it lets people know what step they’re at in the process and orients them at all times. Your most non-technical user should be able to use and understand it.
  8. Are there a variety of payment options? A good online payment system should provide a variety of payment options such as checking accounts, multiple credit cards, etc. It should also remind customers that they can also pay in person or by phone. Sometimes if people balk at using an online payment system, they resort to the phone or in person in panic. Provide as many options as possible to reassure citizens.
  9. Are logins and passwords easy? The login and password process should be easy, and it should not be a problem in case someone forgot a username or password. Capchas and difficult login credentials should not be an obstacle to using the online payment system. Otherwise, less people will use it.
  10. Is administrative access easy to use to resolve problems? Can someone at city hall make sure simple problems are resolved? You should not have to rely on technical support for simple problems such as a customer filling in a form incorrectly or disputing a simple billing error.

While we can only speculate about the source of Fairfax County’s online payment issues, from our experience we’ve seen similar problems occur when there is poor website hosting, lack of planning for peak use times, and a lack of strong technical maintenance and support. These kinds of problems are preventable if you have the right IT infrastructure in place to handle your customer demand.

Contact us if you’d like to discuss online payment systems in further detail.

Thursday, October 25, 2012
Clint Nelms, Network Infrastructure Practice Manager

A few months ago, we wrote a blog post about severe weather threats. Those continual threats highlight the need for every city to consider and implement a serious data backup solution. Since that post, Hurricane Isaac came hurdling through the Gulf of Mexico and threatened many of the same areas that Hurricane Katrina compromised back in 2005. Right now, Hurricane Sandy is projected to hit New England and threaten many of its cities.

Too many cities still have ineffective data backup and disaster recovery solutions. They may still use tape backup, manually back up data with disks or tape, or keep all of their servers onsite. They may consider an offsite backup solution as storing data in a different building or in a bank vault a few miles away. Considering the nature of disasters, these solutions are not good enough to meet the high standards of modern data backup and disaster recovery best practices.

Instead of simply finger wagging about best practices, let’s imagine a nightmare scenario and how it would play out. Then, let’s examine that same scenario through an “ideal” lens—that you can easily make a reality.

The Nightmare: Long Time to Recovery and Permanently Lost Data

Let’s say a disaster affected your city. It doesn’t matter what—a hurricane, severe thunderstorms, wildfire, a tornado, fire, or theft can all have the same impact. These are also relatively common scenarios, and not hard to imagine. We’ll assume you’re doing at least some data backup. (If you aren’t backing up any of your data, it’s clear what would happen in case of a disaster).

Let’s say that all of your servers are located onsite. Your city clerk takes tape backups to a bank vault every week. In the disaster, your servers are lost or destroyed. They are no more. Based upon our experiences from assessing many cities over the years, here is a sample scenario detailing what you can expect to happen:

  • First, you need to order new servers. Based on the time it takes to order hardware, expect about 3-4 weeks until they arrive.
  • The city is out of business until the servers arrive. Even though the city manually backed up its onsite data onto tape, it has no offsite or remotely accessible data to rely on while the new servers are in transit. For 3-4 weeks, the city is reliant upon any services that are paper- or cloud-based. It will have to set up some temporary processes of dealing with data (e.g. property taxes, fees, payroll, etc.) until the servers arrive.
  • Finally, the servers arrive—three weeks after the disaster. It’s time to get the tape backups loaded onto those servers.
  • You recall that the city clerk does a weekly manual backup on Fridays. Since the disaster happened on a Thursday, you realize you have no data from the previous Monday through that Thursday. You’re starting off realizing you’ve permanently lost four days of data.
  • After loading the tapes and transferring the data (which takes a long time), you eventually discover that about 30% of the tapes fail. There goes 30% more of your data. When you probe into the matter, you find out that no one on the city staff was testing the data backups. They had just assumed the tape backups were working.
  • You are able to restore about 70% of the city’s previous data, but it takes a while for everything to restore properly. The city’s IT staff person and IT vendor had not done disaster simulations, so they run into a variety of technical issues as they try to get the data up and running.

Finally, eight weeks after the disaster occurred, 70% of the city’s data is now running and functional. But eight weeks is a long time. The city wound up losing 30% of its data, was out of commission for 3-4 weeks while the hardware arrived, and then spent 5 more weeks until the 70% of the saved data could be used with full functionality.

You never need to find yourself in this situation. Let’s look at the ideal—which is actually reality for many cities following disaster recovery best practices.

The Dream (That You Can Easily Make a Reality)

Your situation: You have onsite and offsite data backup. It runs automatically and is handled by an IT vendor. You test often and simulate a disaster on a quarterly basis. Your disaster recovery plan covers all possible disaster scenarios, from a simple server failure to a full catastrophe.

In the disaster, your servers are lost or destroyed. They are no more. Based upon our experiences assessing cities over the years (especially from the cities we work with), here is a sample scenario detailing what you can expect to happen:

  • Since your backups are hourly, your last data backup snapshot was from 11 a.m. on Thursday when the disaster hit.
  • Since you have offsite data backup, your data is stored in two separate data centers thousands of miles away from your city.
  • The city calls the IT vendor after the disaster hits. New servers are shipped to the city, fully loaded with the city’s data.
  • Those servers arrive 24 hours after the disaster. They are fully functional and ready for operations.
  • These servers work like a charm, since they are regularly tested and audited.
  • While the city does not have a functional City Hall, it has decided to set up in a room at the public library as a temporary location. Since all email, document management, and website data is stored in the cloud, these services were not affected by the disaster. Employees have been accessing these services at home or at the library through a simple broadband Internet connection.
  • For all intents and purposes, other than losing their physical building to a disaster, the city is running and fully functional.

One week after the disaster occurred, the city lost only a miniscule portion of its data (any data that was not saved after the last hourly snapshot at 11 a.m., Thursday). The city only had to worry about electricity. Once electricity was restored, the city just needed Internet access for most services (those based in the cloud) and only waited 24 hours for its onsite non-cloud servers to arrive. Within a week, it was almost as if a disaster had not occurred.

Some simple investments in data backup and disaster recovery ensure that a city is a leader—up, functional, and helping citizens from the minute the disaster occurs. When a city loses all or most of its data, it cannot help citizens when they need the most help. Make sure you have a workable, comprehensive disaster recovery program in place. Contact us if you feel your disaster recovery is lacking.

Wednesday, October 24, 2012
Dave Mims, President

Georgia Municipal Association helps city stabilize data backup, disaster recovery and email

The City of Flowery Branch, Ga. is a cozy community nestled on the banks of Lake Lanier with its history dating back to the late 1800s. Despite the town’s historical charm, Flowery Branch needed its network infrastructure to catch up to modern technology.


Antiquated and unreliable, Flowery Branch’s IT services concerned city officials. The stability and security of the city’s email, server hosting and data backup affected city operations and jeopardized the ability to recover from a disaster.

However, costs to implement and maintain technology upgrades also alarmed Flowery Branch’s city leaders. In their technology assessment, hardware, software and labor expenses to upgrade technology were higher than what the city had budgeted. It seemed like a lose-lose situation.


Flowery Branch engaged with the Georgia Municipal Association and utilized its “IT in a Box” service.

Powered by Sophicity, “IT in a Box” is a complete IT solution for cities and local governments. The service includes a website, data backup, offsite storage, email, document management, Microsoft Office for desktops, server and desktop management, vendor management and a seven-day a week helpdesk.


By leveraging vendor management, which is included with IT in a Box, Flowery Branch’s telecom contract was renegotiated creating a potential savings of $203,886.90 over a 10-year period. In the first year alone, the city saved $39,035 (or 48 percent) of the costs typically spent modernizing a network of its environment and size. These savings helped Flowery Branch stabilize its technology and create a predictable IT budget.

Additionally, “IT in a Box” helped Flowery Branch:

  • Mitigate the risk of data loss through onsite and offsite server backups
  • Ensure a highly available and dependable email system
  • Move to a faster Internet connection
  • Decrease spending on telecommunications services
“The City of Flowery Branch certainly feels as though we gained a partner in working through our IT issues. Sophicity has been responsive in showing us options that made operational and fiscal sense.”
— City Manager Bill Andrew

If you're interested in learning more, contact us about IT in a Box.

Print-friendly version of the Flowery Branch, Georgia IT in a Box case study.

About Sophicity

Sophicity is an IT services and consulting company providing technology solutions to city governments and municipal leagues. Among the services Sophicity delivers in "IT in a Box" are a website, data backup, offsite storage, email, document management, Microsoft Office for desktops, server and desktop management, vendor management, and a seven-day a week helpdesk. Read more about IT in a Box.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 |