We put the IT in city®

CitySmart Blog

Thursday, March 15, 2012
Dave Mims, President
Americans are using mobile devices to accomplish everyday tasks from making phone calls and taking pictures to visiting websites and paying bills. According to the *Pew Internet & American Life Project, 88 percent of American adults have a cell phone. As of February 2012, most of those cell phone owners are actually using smartphones. About six in 10 adults (63 percent) go online wirelessly and according to the 2011 Mobile Year in Review on MobileFuture.org, more smartphones were purchased in 2011 than PCs.

So, how do you communicate with your citizens? Business and government agencies alike rely on mobile technology. A recent report from Government Technology states nearly 60 percent of state and local IT professionals surveyed expect their respective agencies to spend more money on mobile devices and services in 2012.

DuPage County, Ill. has come up with a great mobile solution. The DuPage Green Grid is one example of how local government is using mobile technology to communicate with its citizens. The DuPage Green Grid identifies alternative fuel stations, car share location and buildings certified by the Leadership in Energy and Environmental Design (LEED) program throughout the area. Designed as an app, it is based on GIS technology and is available to residents for free.

Local governments nationwide have actually caught onto the trend. Last year, Sacramento County launched its first app, which spotlights the health scores of nearby eateries. Various counties also have produced snowplow apps so residents can track what roads have been cleared before venturing out into snowy conditions. 

According to Mobilefuture.org, one billion apps were downloaded each month worldwide in 2011. Eight trillion texts were sent last year and there was a 166 percent increase in Facebook mobile users in the first half of the year alone. Your citizens are viewing the world from a much smaller mobile lens. Since they are, make sure they see you!

* Brenner, Joanna. Pew Internet: Mobile. Pew Internet & American Life Project, February 23, 2012, http://www.pewinternet.org/Commentary/2012/February/Pew-Internet-Mobile.aspx, accessed on March 13, 2012.
Friday, March 9, 2012
Clint Nelms, Network Infrastructure Practice Manager
We don’t need to look too far back to recall a recent natural disaster. When it comes to local governments, there are a lot of things to consider and for which to prepare when it comes to natural or man-made disasters – including what happens to your city’s critical data when something goes wrong.

Losing critical data can hinder not just the city but also the businesses in the community. Even with that as a backdrop, many local governments don’t have the contingency plans in place to protect their cities’ valuable data – whether the loss stems from a hurricane, earthquake, snowstorm or even something much less dramatic like a busted water pipe in the building.
  • What are you doing today for data backup? Are we still swapping tapes after a nightly backup?
  • Who is checking our backups?
  • Are all of our servers being backed up?
  • Who in our community will be impacted if 'this' city server crashed?
  • How fast can we be back operationally if 'this' city server failed?
  • Are we ready if a disaster occurred? What is our plan? 
  • When did we last check our backups? Could we recover if it were necessary?

The reality is that an ounce of prevention is worth a pound of cure as far as data backup goes. Rather than waiting for the worst and hoping for a good outcome, consider frequent backups and offsite storage that is actively monitored, managed, and tested.
Friday, March 9, 2012
John Miller, Network Infrastructure Manager
There’s an old quote or phrase that states, “we have met the enemy and it is us.” Although the quote didn’t address technology concerns, in the world of IT security issues, the quote is rather applicable. In fact, many local governments and organizations are vulnerable to IT threats because of employees.

Employees are not deliberately posing threats to their organizations. The issue is a security threat called social engineering defined as a type of fraud in which the bad guys obtain information or computer system access through trickery or deception of an individual. 

Nearly 50 percent of businesses have suffered social engineering attacks according to recent report by Dimensional Research. The same report shows that 34 percent of respondents also are not educating employees of such dangers. 

Ignorance is Not so Bliss
Poorly trained employees are a major concern in the world of IT security. In fact, educating them about possible threats is the first step in addressing the issue. According to Network World, every employee is a viable target. Eighty percent of those scammed aren’t the executives in the C-suite with access to all of a company’s data. It is the “regular” worker bees who provide easy access to the fraudsters.

Educating employees and thinking like the hackers will put your local government ahead of the game when it comes to social engineering. Moreover, if you can think like a fraudster, you can take the necessary steps to prevent breakdowns.
Once employees are “educated”, take steps to keep them aware and send out regular reminders about policies such as limited or no visitation of social media sites and restrict use of company email for personal reasons.  

Who is at risk
Some local governments may think they are immune to security issues or that hackers only target the big guys. Not true. In a recent issue of Government Technology reported that an Arkansas’ sheriff’s office website had been hacked and that it was one of 70 law enforcement agencies in several states that had been victimized by hackers.

Take the time to roll out the necessary policies and training to minimize the risks to your local government and find out what other security solutions may help stem social engineering.
Tuesday, March 6, 2012
Kevin Beaver, CISSP
It’s as predictable as the rising sun. Organizations often spend effort and money securing their more visible systems such as Web applications, databases and the like but often forget about their “lowly” email servers. Sure, email servers aren’t all that sexy and there’s certainly not much to them compared to, say, a Web-based ERP system. But this leads to the common assumption that they’re not a target for hackers, malware and rogue employees looking for ill-gotten gains.
There are a few issues with this approach:

1. Your email server is critical – arguably the most critical system on your network. We’ve all experienced email being unavailable. Spread that pain across your entire organization – especially if email is down for a considerable time – and you’ve got quite the dilemma on your hands.

2. Your email server has vulnerabilities just like any other system on your network. From weak email account passwords to missing patches to outdated anti-malware protection, there are numerous weaknesses that can put some of your most sensitive information at risk. All it takes is someone with free tools and minimal skills to scan for and exploit vulnerabilities on your server. Weak passwords can be exposed on webmail systems with even less effort. Malware propagation is a given that affects everyone.

3. Regardless of whether you believe you’re a target or really have anything of value that the bad guys want, you are and you do. It may not be sensitive emails and files shared on public folders but instead processor cycles and network bandwidth. Many of the attacks today are not intended to access critical information but rather so the bad guys can setup shop and use your system to attack others.  

If you don’t have the proper resources to properly manage the security of your email server – or your network overall – then outsource the hosting and management of it to a reputable cloud provider who can. 

You cannot secure what you don’t acknowledge. Make sure your email server is included in your ongoing information security testing. In the end, if a computer system has an IP address or a Web URL then it’s fair game for attack. It’s up to you to take the proper steps for minimizing the risk of a security incident and then prepare yourself and your organization for when something does go awry. You’ll never have 100% security and that’s okay. Just avoid being one of the organizations that has zero percent. 

About the author 
Kevin Beaver is an information security consultant, expert witness, and professional speaker with Atlanta-based Principle Logic, LLC. With over 23 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around information risk management. He has authored/co-authored 10 books on information security including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at www.principlelogic.com and you can follow in on Twitter at @kevinbeaver.
Wednesday, January 18, 2012
Dave Mims, President

While cloud computing has been generating buzz for the past several years, this technology will continue to gain in popularity in 2012 – especially among city governments. Leveraging cloud-based technology eliminates capital and operational expenses associated with servers, software licenses, maintenance fees, project labor for software upgrades, and, more. Other benefits of the cloud include:

1. Lower, affordable, monthly costs for exactly what is needed. Pay monthly for needed hardware, software, and services. IT is scalable – add or subtract users as necessary, and the cost is adjusted on the fly.

2. Clear, transparent ROI. Information technology has matured into a transparent reportable investment. A cost analysis of the money spent for traditional hardware, software, and services can be outlined and compared against a flat monthly operational-cost model. When this cost analysis is performed, many cities often uncover an opportunity for instant cost savings.

3. Included, no-cost hardware and software upgrades. With “pay as you go” IT service models, there is no longer any worry about upgrading hardware or software. With a city’s monthly costs, all upgrades are included.

4. Minimized risk of data loss and security breaches. With an IT environment that is monitored and maintained with consistent, upgraded, quality hardware, software, and services at a monthly cost, the burden of data retention, security, and maintenance falls upon the service provider. Recovering from theft or a disaster can be much quicker and more cost effective for the city.

The Changing Face of IT

Many cities have over-spent, under-spent, risked data loss, slowed employee productivity, and jeopardized the completion of major projects during the last few decades while wrestling with information technology. As IT has evolved through mainframes, desktop computers, the 1980s software explosion, and the 1990s Internet explosion, the last decade found nearly all organizations having to harness information technology in some form. Like everyone else, cities have had no choice but to learn and wrap their minds around information technology’s revolutions and evolutions.

“Pay as you go” IT services, reflected in flat monthly operational costs (versus expensive upfront capital costs), will lead to high quality, low cost technology infrastructures for cities. A January 2009 article entitled “Buyer Beware” from Public CIO states:

Despite [service issues from vendors], government organizations still turn to the private sector for help with their IT management. This trend will accelerate as workers currently managing legacy systems retire, organizations update technology, enterprise-wide software applications are implemented and shared services arrangements are adopted, infrastructure and applications become more complex, and securing talent at government salary levels becomes more difficult.

Information technology is evolving toward more of an operational cost and less of a capital cost. This involves “pay as you go” monthly fees for hardware, software, and services that can be turned off and on, saving significant money for a city’s IT budget – and overall bottom line. An expensive upfront capital cost is often an obstacle for cities when they wish to invest in essential IT infrastructure. With a series of smaller, more predictable payments, it is easier to justify such costs to city decision makers.

As can be seen, anyone concerned with a city’s IT budget needs to seriously consider cloud computing as a tool to reduce costs and save money. And with increasing budget shortfalls and greater calls for transparency, the time is ripe for cities to reexamine their IT budgets and find ways to save hard dollars through these emerging technologies.

Five Questions to Consider
1. Have you ever discussed the city’s information technology spending in terms of money saved each year (ROI)?
2. Identify a list of hardware and software upgrades you need. Is the upfront cost of this hardware and software prohibiting you from moving forward with upgrading the city IT infrastructure?
3. Look at your city’s IT budget. Are most of your costs related to capital expenses? Operational expenses? “Services” expenses? Do you know where the money allocated for your city’s IT budget is clearly going, and why?
4. Can you say with confidence that all servers, workstations, and network infrastructure components in your city are 100% current with patches, antivirus, antispyware, and security protection? If not, why?
5. Can you say with confidence that the city is not in danger of data loss or significant down time to critical applications at Public Safety or City Hall? Are there risks for security breaches?

As you enter a new year, are you confident in your city’s security infrastructure? Are you taking advantage of available technology to streamline IT costs and operate more efficiently? There is still time to examine your IT infrastructure and make the necessary changes for 2012.
Thursday, January 5, 2012
Todd Snoddy, Senior Software Developer
I recently wrote a quick blog posting regarding things to consider when making the decision to develop a native or web-based mobile app.  Once a decision is made to develop a mobile web app, the developers given the task of implementing that app will likely need to consider which mobile devices their web app should target, and how the content should be displayed on devices with different resolutions.  Should the content scale automatically, or should the developer implement multiple views optimized for different resolutions?  One good reference that I came across which discusses this in more detail is located here: http://mobiforge.com/starting/story/mobile-web-content-adaptation-techniques.
Like many problems in software development, there is no “one size fits all” solution.  The article mentions a “hybrid approach” that provides good results, but it introduces some complexity and additional effort, so there are some tradeoffs to consider which will impact development time, cost, and user experience.  The bottom line is that making the decision to develop a mobile web app is just the first technical decision among many.  Unless the phrase “money is no object” applies to your project budget, you’ll want to consider your target audience and try to identify that “sweet spot” of which devices should receive a premium user experience, and then have a fallback plan for how other devices should be handled.  Lastly, don’t forget to test on multiple devices too.  HTML should be admired for trying, but there is no such thing as a “write once, run everywhere” technology.
Wednesday, December 7, 2011
Clint Nelms, Network Infrastructure Practice Manager
Do you know anyone who has had their email address compromised?  Have you started to receive spam emails from friends or family members?  Unfortunately this sort of compromise has become more and more prevalent.

Incidents like these indicate someone has used a password guesser to gain access to your mailbox.  Spammers do this to get your address list. They then blast out spam to everyone in your contacts.  Besides being a hassle, this sort of breach makes you feel like your privacy has been violated.  

How to Fight Spammers
Many online services such as Hotmail, Yahoo!®, and local services such as BellSouth are under attack constantly.  Once your account has been compromised, what do you do?  
  • Contact friends and family and tell them not to open any suspicious emails or links from your compromised account.  
  • Immediately change your password. Use a complex password with letters, numbers, a capital letter and a special character such as a dollar sign.  
  • Contact customer support and let them know your account has been compromised.  
What about prevention? 
Google has launched a service called, “2 factor authentication.”  In this configuration you need to authorize a computer before it can be used to check your email, this includes tablets, smart phones, and etc.  To verify your account, you can ask Google to text a verification code to your cell phone. Once you receive the text, log into your mail account on a new computer and you will be prompted for that code. 

The service also creates custom passwords to be entered into smart phones.  In this case, your smart phone uses this code instead of your actual password to check your mail. Although this method is a bit cumbersome, once set up, you will have the peace of mind to know that your mailbox is much more secure and that access to your mailbox can only be accomplished from a device you have authorized.  

For more info on how to set this up, click here.
Thursday, December 1, 2011
Clint Nelms, Network Infrastructure Practice Manager
Forced with budget cuts, local government agencies have turned to cloud computing to streamline their IT needs, lower hardware expenses and improve accessibility and mobility to necessary data. 

In a special report on cloud computing, The Center for Digital Government, in partnership with Public CIO, compiled a list of five government cloud success stories, two of which are at the local government level. 

  • Problem: One year ago, the state of Wyoming was operating 13 different e-mail platforms in its executive branch. Each system required dedicated staff to maintain it, and myriad platforms meant the state lacked a shared address book across all agencies. 
  • Solution: In less than nine months, the state has migrated to a single cloud-based solution, and moved 10,000 state employees to the new platform. The move will save the state more than $1 million annually, but cost reduction is not the only benefit. State employees are able to collaborate in ways that were not possible before. 
  • Problem: What builder isn’t troubled by permit requirement delays? 
  • Solution: By moving to a cloud-based solution for issuing permits, Oregon is dramatically accelerating the approval process for contractors, builders and developers. Oregon’s cloud solution will eliminate jurisdictional confusion and time-intensive paper chases. 
  • Problem: Four years ago, Nebraska was nearly ready to replace its creaky electronic applicant tracking system with a new application. 
  • Solution: Fourteen months into its cloud implementation, Nebraska has a new, more efficient and flexible paperless applicant tracking system, and an entire human capital suite that includes learning performance, succession and compensation management; a better benefits enrollment process; e-procurement; and a core human capital database. 
Hudson County, N.J. 
  • Problem: Ten years after September 11th, disaster recovery remains foremost in county officials’ minds. 
  • Solution: A private county cloud that took just eight months to build now provides back-up for all critical data and applications. Even if county offices are compromised, personnel can log in from any location and keep things going. The Hudson County IT Division’s plan is to offer servers on demand to all the towns in the county, turning its private cloud into a community one.
Nashua, N.H. 
  • Problem: For 30 years, Nashua, N.H., used an internal IT system that had, like a monster in a science-fiction movie, spread its tentacles into every agency in the city. 
  • Solution: When this system was replaced with a hosted ERP solution, city managers are able, to see integrated numbers that show what’s really happening in the city, find and eliminate waste, and change processes when needed. 
The report also takes a deep dive into the evolution of cloud computing technology, identifies the emerging trends, and discusses the exciting implications it has for the future of service delivery. Click the link below to read the results.

Tuesday, November 22, 2011
Scott Miller, Network Engineer
Pin Up the Folders You Use Most 

Windows 7 allows you to “pin up” the folders you use most on your taskbar. Simply hold your mouse over the favorite folder, right click, and drag the folder onto the taskbar. Windows 7 automatically pins itself to the Explorer Jump List. To open the folder, right click on the Explorer icon and select the folder you want.
Tuesday, November 15, 2011
Brian Ocfemia, Network Engineer
The Windows Logo Key
The mouse proved to be a lifesaver for users who want an easy way to navigate Windows' graphical user interface.  Unfortunately, it's not always the most efficient way to interact with your computer.  There are several keyboard shortcuts that can help you save time.  However, one of the most underused keys on the keyboard is the Windows logo key   (found between the CTRL and ALT key).  There are many things that you can accomplish by using this key.  To start with, you can open and close the Start menu just by pressing the Windows logo key .  You can display the desktop by pressing Windows logo key  + D or open Computer by pressing Windows logo key + E.  You can even open any program on your taskbar by pressing the Windows logo key and the number that corresponds to the position of the application on the taskbar (i.e. Windows logo key  + 1 launches the left-most application on the taskbar, Windows logo key + 2 launches the second left-most application, etc...).  For more information on keyboard shortcuts that can make your daily computing easier and more enjoyable go to: http://windows.microsoft.com/en-US/windows7/Keyboard-shortcuts.
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 |