By Dave Moorman, DynaSis

For decades, the technology world has described its industry as “Information Technology,” or simply, “IT.” There were IT workers, IT consultants, IT systems and IT companies―all of which were part of an ecosystem that stood alone and apart from “business.” IT systems enabled the preparation, storage and dissemination of business information, but few companies gave much thought to IT’s role in the business effort.

Over the past decade, however, companies and industry experts have begun talking about “business technology,” or BT, rather than IT. So, what is business technology? There is no official definition for the term and, in fact, it continues to evolve. However, the BTM Institute, a research think tank devoted to cross-disciplinary thought leadership, defines business technology as:

“The application of IT to deliver a business capability or automate a business operation―the result of configuring, implementing, applying and using IT to produce a business result.”

In other words, business technology is exactly as it sounds―the convergence of business directives and technological capabilities. Whereas the world might previously have thought of IT workers as ivory-towered geeks, working in the elite inner sanctums of their cubicles, business technology workers―also called business technologists―are deeply engaged with the company’s plans and objectives.

Have You Adopted Business Technology as an Approach?

BT-oriented companies understand that technology is a powerful mechanism for propelling business achievement; a tool to enable the attainment of corporate goals and results. They believe in measuring the performance of technology, not in terms of network availability or server uptime, but through key performance indicators (KPIs) tied to specific business strategies and goals.

This doesn’t mean that uptime and network reliability are not important. The ability of technology to carry out its missions is still paramount. However, BT-oriented firms incorporate technology strategy into their business planning and execution. They view their technology systems, workers and consultants, not as necessary adjuncts, but as value-add contributors to and partners in the company’s success.

Technology has always helped achieve business objectives, from reengineering processes and reducing costs to streamlining worker collaboration and communication. However, its value to the balance sheet has largely gone unrecognized, with management perceiving technology primarily as a cost center to be kept in check.

In a company that endorses business technology over information technology, that will no longer be the case. Technology will be a fundamental component of the business equation―technology and corporate blueprints and roadmaps will support each other and be inextricably linked. Furthermore, companies will be able to calculate the value technology should deliver and then benchmark the outcome against those projections. Such an approach may raise the expectations for technology, but it will also increase the rewards. If you’d like to discuss transitioning your firm from IT to BT (hint: it’s easier than you may think), give me a call.

By Dave Moorman, DynaSis

Numerous surveys and reports indicate that mobile devices can be enormous workforce productivity enhancers―with employees voluntarily extending the workplace outside the office. For example, a recent survey conducted by Fierce GovernmentIT and Market Connections found that more than 50% of federal employees achieved five additional hours, weekly, of device-driven productivity, much of which occurred outside the office.

Employees in corporate environments report similar productivity increases― per the 2013 iPass Global Mobile Workforce Report, 75% of mobile workers perform additional work tasks from hotels, airplanes, coffee shops or public transportation. Yet, not all companies―especially small and medium-sized businesses (SMBs) that may be technology challenged―reap the greatest possible productivity gains from mobility.

A number of factors can impede that goal, and one of them surprisingly, may be a shortage of Internet connectivity. Few companies think about the implications of Internet access for mobile workers, other than possibly to warn them against using public, unsecured Wi-Fi hotspots. Yet, connectivity is becoming an impediment to productivity.

Many wireless providers are discontinuing unlimited free data plans in favor of “set allowance” packages for a certain price, forcing workers to be more conservative with their cellular data usage. In BYOD (worker-provided device) scenarios, this situation is especially touchy, because workers may not be willing to give up precious data allowances for work purposes without proper compensation.

Cellular providers encourage smartphone users to access the Internet over Wi-Fi, but access to these networks is far from ubiquitous. In the iPass survey, 41% of workers said a lack of wireless coverage rendered them unproductive for at least 10% of their workday. That equates to 251 lost hours per worker, per year. A whopping 18% said the unavailability of wireless left them unproductive for 25% of their day, or more.

Based on the numbers, it’s likely that this Wi-Fi shortage is happening both inside and outside the office. To neutralize such a productivity threat, SMBs need to provide sufficient Wi-Fi access inside their offices. They also need to ensure workers can access corporate data as needed, via secure Wi-Fi or high-speed cellular Internet connections when they are out of the office―and compensate them for a reasonable amount of the expense. This may sound costly, but as little $20 a month buys a lot of additional Internet access. If SMBs gain one hour a week of productivity from that outlay, it’s more than paid for itself.

The key for SMBs that adopt mobile device strategies is to find that “sweet spot” where maximum productivity, security and cost effectiveness come together. With current technologies and the help of good advisors, achieving that goal isn’t difficult anymore. In coming months, I’ll offer more mobile productivity tips for your consideration. In the meantime, if you’d like to discuss mobility or connectivity issues your firm is experiencing, please give me a call.

By Dave Moorman, Founder and President, DynaSis

What are your IT plans for 2014? Do you know, yet? Have you completed the budgeting process? Do your 2014 plan and budget align with your long-term IT strategy?

If you haven’t finalized your IT plan and budget for 2014, you’re not alone. According to a December 2012 survey by Spiceworks, only 53% of small and medium-sized businesses surveyed begin IT planning and budgeting more than six months out, and 25% don’t engage in formal planning and budgeting, at all. 50% of firms, per the Spiceworks survey, let individual departments make IT purchases out of their own budgets when needs or problems arise, without going through the firm’s IT manager or department.

These statistics confirm what we hear from companies, every day. We find that many SMBs engage in reactive―aka crisis-based―budgeting, with little to no planning or strategic thinking.  Or, they have a budget and plan, but it focuses on new technologies they want to adopt (virtualization is hot right now) but fails to consider maintenance expenses, such as upgrades, license renewals, replacement cycles and other issues.

During the year, these SMBs often must expand their IT budgets to accommodate unplanned expenses. For many of these firms, such approaches make management uncomfortable, but it’s easier than finding the time to draft a formal, truly comprehensive plan.

Unfortunately, failing to plan for inevitable replacements and upgrades―or not planning at all―puts companies in IT fire-fighting mode, responding to situations and emergencies as they arise. Not only does it prevent them from aligning their expenditures with strategic business objectives, but it results in cost overruns and downtime.

If your firm has already completed its formal IT strategy, plan and budget for 2014, I congratulate you. If not, take a deep breath. You don’t have to go it alone. Professional, on-demand CIO experts can help you view the big picture and develop a realistic plan and budget for both future improvements and current replacement cycles.

They can help you budget to upgrade or update equipment before it reaches the point of failure, which is much more productive and cost effective. They can help you plan to take advantage of tax incentives, make purchases during the times of year when IT vendors tend to discount their merchandise, and sign up for volume discounts and other benefits to which you may be entitled.

Many companies save enough money by having a formal, properly researched and implemented IT strategy, plan and budget to more than cover the cost of technical experts they bring in for consultation.

If you’d like to learn more, give me a call. But don’t wait too long―The start of 2014 is barely four months away.

By Dave Moorman, DynaSis

Just as we were posting last month’s article about security, I came across an interesting document developed from actual “playbook” notes from a hacker. As a follow-up to my July security article, I wanted to arm you with more information and insight regarding how cybercriminals think and work.

Today’s Hackers Don’t Believe in the “Big Bang” Theory. Unlike the hackers of yesteryear, whose aim might have been to show off their skills or make a public statement with a highly visible breach, today’s cybercriminals thrive on anonymity. Their goal is to gain entry into your network and insinuate themselves into your systems and, hopefully, those of the vendors and customers that trust your company as a data exchange partner.

One method noted in the “playbook” is to hide malware in system folders and camouflage it to look and behave like system processes. Hackers want your systems to become comfortable with their presence. It’s easier to do more damage, undetected, that way.

76% of breached organizations need someone else―a regulatory body; a customer; their IT vendor―to tell them they have been compromised.

 Hackers Don’t Grab, They Leak: Successful hackers know that copying big chunks of your data from one network to another may set off red flags. Emailing it could also be problematic and may be prohibited due to internal security settings.

In his playbook, the hacker notes that most companies do not set their firewalls to block outbound Internet traffic, and that public web traffic can be one of the most effective conduits to achieve what cybercriminals call “exfiltration.” They do this very slowly, essentially leaking data out of the network in small packets that firewall monitoring systems will perceive as normal outbound activity. Increasingly, they disguise these leaks as “secure” transmissions.

More than 25% of all data exfiltrated by attackers is encrypted by the cybercriminals using the company’s own encryption processes.

 The playbook is filled with other hair-raising tidbits that I don’t have room to share here. All of them underscore the importance of encouraging recognition within your organization that these attacks can happen very surreptitiously. Executive leadership is often resistant to accept this fact, which is one reason so many companies are penetrated and remain that way for so long.

Network assessments are a great first step to determining if your company could be―or has already been―compromised. The majority of companies we assess―even those with a security solution in place (other than ours, of course) have undetected malware on their systems. To learn more about the playbook and how we can help you defend against it, give me a call.

By Dave Moorman, Founder and President, DynaSis

VoIP, or Voice over Internet Protocol (making voice calls over the Internet), has become almost commonplace. Many consumers and small businesses have adopted VoIP as their primary "traditional" telephone technology (in addition to their mobile service, of course). Some companies use VoIP and don't even know it. If your phone cord plugs into a modem and not a wall jack, you're using VoIP.

Sending and receiving calls over the Internet is convenient and inexpensive, but if you are not taking advantage of the benefits of cloud-based telecommunications, you are missing the real power behind the technology.

With a cloud-hosted telephony solution, information about your calls, contacts and preferences can be stored on secure cloud servers and tied in with calendars and other software. This enables a variety of value-added benefits. A few of the perks include:

• Find Me, Follow Me Services: Calls ring on all your phones at once or are routed to the phone where you are (simple systems do this through forwarding based on preferences you set; more advanced ones tie in with your calendar).
• Call Management: Although some personnel want every call getting through to them, others need selective call routing. Different classes of callers—or specific numbers—can be given priority in the queue, routed to specific individuals or be processed in other ways based on preferences you establish.

• Better Service: Call reports can identify if your customers get through to the right person, or anyone at all. Some cloud-based telephony solutions can connect with your inventory databases to allow customers to place reorders or request information, confirm if orders have been shipped, and retrieve other valuable information, often without human intervention at the time of the call.
• More Effective Sales Efforts: Additional reports can pinpoint how long sales people and other customer-facing employees talk on the phone with customers and prospects. Paired with closing percentages and monthly sales revenues, you can gain a real measure of staff effectiveness.

With cloud-based telephony, your "telephone switchboard" is in the cloud and it is more powerful than you ever imagined. Perhaps these features are already present in your current phone system but you are not using them. Or, you may need to upgrade to a more sophisticated but still affordable cloud PBX solution. A quick assessment of your current telecommunications environment by an IT expert will identify whether you require a new solution or simply need more training on your old one. To start the process, give me a call.

By Dave Moorman, Founder and President, DynaSis

Earlier this year (or in 2012), you may have seen articles that talked about the explosion of "Big Data"—the industry buzzword for extremely large pools of data that are difficult to manage with traditional tools. (Some pundits use Big Data collectively to refer to the staggeringly large amount of digital data man has created—and continues to create.) There's been talk about how fast it is growing, what a challenge it presents for storage and perhaps most importantly for businesses, how companies can efficiently structure and access it when it is so amorphous. The question is, does any of this apply to you?

Although large corporations are the ones being the most impacted by the growth and dispersion of data, Big Data is a topic that should interest the owners of small and medium-sized businesses (SMBs) as well. Have you noticed that over the years, more and more of the information you archive for reference purposes is becoming fractured in a variety of places, and you are having a hard time managing it effectively? Have you ever created a proposal or prepared for a meeting and thought, "If only I could find that article I read last week, but I don't remember where I stored it and I don't have time to look"?

Big Data is growing like gangbusters—according to IBM, humans now create 2.5 quintillion bytes of data every day. IBM also reports that 90% of the data existing today has been generated in the past two years. A lot of that is what scientists call "unstructured data," which is information that is not organized into in a formal, easily searchable, structured database.

Social media is a perfect example. In 2012, Facebook announced that it was processing 500 pettabytes of new data each day (along with 2.7 billion Likes, plus other user activities). Yet, try to search Facebook for a post you wrote a year ago and, unless you are an infrequent correspondent or can remember specific details about it, the task won't be easy. The information is still there, but it takes some effort for you to access it, even with Facebook's search tools in place. This, in a nutshell is one of the great challenges—and opportunities—of Big Data.

Here's the good news. With each passing week, more companies develop tools that businesses can use to effectively structure, store and access their data, from powerful backup programs and devices to business intelligence (BI) platforms that can mine your data for information you didn't even know you had and use it to help you make sound decisions. It's also become very affordable to use services, like hosted Microsoft Exchange (Outlook), that help you store and manage your email, contacts and other related information. (A surprising amount of data is now being stored in email archives and not written to local servers.)

However, even with these tools, it's important to have an operational roadmap for data management, including how and where you will store your data, how to get existing paper-based data into a digital format and how to decide what data is important enough to keep. Expert IT consultants can help you explore your data stores, make decisions about how to archive and access the information, and help you evaluate BI and other solutions that structure and manipulate your data to your firm's benefit.

From gaining actionable insights to reducing the incidence of fraud, efficient data management and usage results in a better bottom line for the majority of SMBs. If you would like to know more, give me a call.

By Dave Moorman, Founder and President, DynaSis

The increasing number of cyber attacks against governments and large, often multi-national corporations makes for great headlines (and deep concern on the part of these giant entities). Despite the best efforts of expert in-house IT teams, governments and big (often Fortune 500 or even 100) companies continue to have sensitive business and customer data stolen by individuals and organizations with bad intent.

The unsung story behind the headlines is that small and medium-sized businesses are increasingly becoming targets, as well. In its latest Internet Security Threat Report, security software developer Symantec found that 31% of targeted attacks in 2012 were on businesses with fewer than 250 employees.

Why, you may ask, are cybercriminals interested in SMBs? Don't larger firms offer more data to steal, and profits to make? While the answer to this question is certainly yes, the decision-making process for cyber-attacks isn't limited to the profit potential or the size of the data pool.

Think of it this way. You are given the opportunity to scale a 100-foot wall by any means and at the top of it is $500.  You can also climb a 10-foot hill and collect $50. While you may take the time to gather climbing gear and attempt to collect that big prize, you're certainly not going to ignore the easy target. The same is true for cybercriminals.

In this analogy, SMBs are the 10-foot hill. Most of them devote less money and resources to Internet security and protection, making them easy prey. Furthermore, today's sophisticated cyber-ploys often don't focus on one company, alone. Some of the most successful attacks have involved compromising machines at less-well-guarded companies and using them as "back-doors," gaining access to larger targets through trusted networks.

In other cases, criminals gain access to smaller businesses and then compromise their blogs or websites. When the target visits them, the attack code downloads to their machine or mobile device in the background. If the target has already marked the site as "trusted," the attack is that much easier to pull off. Web-based attacks increased by one third in 2012; many of them originated from the websites of SMBs. And of course, your data is valuable, as well. While you may not have data on 50,000 customers, if a cyber attacker can use automated routines to compromise 500 SMBs with 100 customers each, they've collected quite a bit of data with very little effort.

Attacks and their behaviors can go undetected for a long time, because they often show up only through slow Internet speeds or poor machine performance. And SMBs often have budgetary restrictions that cause them to ignore these performance issues for weeks, months and even years.

This doesn't mean that any performance issues are the result of a cyber-attack. However, it does point out the need to maintain robust defenses, including an actively managed security program (in-house or third party) that can stay up to date with emerging threats. In addition, network and system assessments (even for firms with security programs in place) can identify current and emerging problems. The final piece of the puzzle is to protect yourself from the inside out (many security "holes" are accidentally opened by employees), but that is a discussion for a different day. Stay tuned, and in the meantime, contact me if you would like to know more.

Hosted email, long the domain of large enterprises, is becoming much more common (and essential) for small to medium sized businesses (SMBs). With hosted email, a firm’s email archive is saved on a remote (cloud-based) server rather than on a local (company) server or users’ individual machines. As with their local variations, hosted email solutions also incorporate calendar and contacts features, and sometimes other collaboration tools such as chat.

Microsoft Exchange is by far the world’s most popular corporate email solution (51% of all business email, per Radicati Group), so traditionally, companies looking to free themselves from the complexity and aggravation of running an in-house Exchange server have looked to hosted Exchange. However, Google’s Gmail service, offered for businesses as part of Google Apps, is making inroads. If you are considering transitioning to hosted email (or moving from hosted Exchange to Gmail) following are a few factors to consider.

Migration: One of the reasons companies don’t engage in technology upgrades is fear of migration difficulties. Veteran hosted Exchange providers will have deep experience helping companies migrate their precious data stores (email; contacts; calendar) to a hosted environment. Google’s approach is largely “self-guided” and, in our experience, companies that transition their email stores to Gmail sometimes find the process arduous, even with professional help.

Remote Access: Workers want access to company email while at home or on the road, either from their mobile devices or a remote PC. Although Gmail is renowned for its accessibility, most hosted Exchange providers also offer a portal that employees can use to read and send email from any device with Internet access.

Mobile Integration: Here, the best choice depends on which devices you support. Exchange is supported either natively or via a third-party app for Windows, iOS, Android and BlackBerry. Gmail runs natively on Android, via Active Sync on Windows Mobile, and through a third-party app on iOS, but support for BlackBerry is minimal.

Security: Although Google offers users numerous options for keeping their email accounts secure (read a good article with tips for stronger security here), the reality is that Gmail is a target of hackers, as is the mobile platform natively associated with it (Android). Of course, any email account can become a target if employees share it indiscriminately. However, having a company’s email domain (e.g. abccompany.com) hosted on the domain of a third-party provider makes it harder for a hacker in possession of only the email address to figure out how to access that account.

Reliability: Reputable hosted Exchange providers operate world-class data centers with redundancy and multiple Tier-1 Internet connections. They guarantee―and deliver―99.999% uptime (the equivalent of six minutes of downtime each year). Google doesn’t have the long history of continuity that many providers have, and it suffered a partial outage as recently as April 2013. Furthermore, many hosted Exchange providers offer an automated, redundant backup service to guarantee email stores are never lost. To enjoy that benefit in Google Apps, you’ll need to install, run and manage a third-party app.

To learn more about hosted Exchange and/or email security and backup (available for on-premise Exchange servers, too), give us a call.

Anyone who reads about cloud computing on the Internet (or elsewhere) will eventually come across a discussion of private versus public clouds. This information is somewhat confusing, because the definition of private cloud varies. Initially, a private cloud was a cloud environment hosted behind the firewall of a corporation for its own benefit, with all infrastructure—network, data server, etc. owned and operated by the company and its technical staff.

However, in the years since cloud computing appeared on the horizon, many cloud providers have begun offering private clouds, as well. Here, the provider dedicates a server specifically to one company and may also establish a dedicated network connection for that server. This model is also referred to as a "cloud server" (this is the term DynaSis uses).

We're not going to discuss in-house private clouds here, because they are simply not practical for anyone other than very large firms. They require an enormous amount of technological expertise to manage, and unless a company has cloud security experts on staff, they are very difficult to secure properly. Recently, IT expert Jason Bloomberg offered some excellent arguments against private, on-premise clouds in his new book, The Agile Architecture Revolution: How Cloud Computing, REST-Based SOA, and Mobile Computing Are Changing Enterprise IT.

So, what about private, hosted clouds? With a private cloud run by a third-party provider like DynaSis (a cloud server), your company doesn't share server resources with other companies. If you are running high-bandwidth or memory-intensive applications, it is a good idea to have a cloud server. If you want to move all your corporate assets (applications and data) to the cloud but are worried about ensuring security for your IT assets, a cloud server with a dedicated access portal (like our, ITility by DynaSis Solution), will give you the peace of mind you need.

However, if you're only looking to host Microsoft Exchange in the cloud, then a public cloud scenario will work just fine. In general, both public and private cloud resources tend to be more secure than the on-premise IT setup of the average small or midsized company (unless they are using managed security services). Your choice of cloud environment should depend upon your needs, not your fears. Adequately assessing your current and future business plans—and choosing a high-quality IT partner that runs a best-practices data center—are the best first steps you can take when walking towards the cloud.

The practice of BYOD (bring your own device), where employees are allowed to use their personal devices for corporate functions such as email, has become incredibly popular. Unfortunately, new statistics are underscoring the fact that it’s a very dangerous practice if businesses don’t treat it with respect―and the problem is getting worse.

Per a June 2013 Mobile Security Survey Report from Internet Security firm Checkpoint, personal mobile device (PMD) usage on corporate networks is surging―96% of respondents said the number of PMDs on their networks is growing; 45% said they have five times as many PMDs on the network as they did two years ago. More than half of these firms (53%) reported that sensitive customer or corporate information is stored on mobile devices, up from 47% the year before. (This figure is probably low―in May 2013, CTIA-The Wireless Association reported that the percentage of employees using personal devices for company business is at least twice as high as the rate at which their employers report it.)

Given that 85% of companies store the majority of corporate data and intellectual assets on their networks (per the April 2013 BYOD and Mobile Security Report from the 160,000 member LinkedIn Information Security Community), having so many personal devices on a network could result in a serious data breach. For many firms, it already has. The Checkpoint survey also found that 79% of businesses experienced a mobile security incident in the past year. For 52% of them, the cost to mitigate it was more than $100,000.

In other words, if the age of Bring Your Own Disaster hasn’t arrived yet, it is looming on the horizon.

These statistics aren’t meant to scare you away from adopting BYOD. The productivity gains and cost reductions are undeniable. For example, Intel’s 2013 IT Performance Report indicates BYOD saves its employees an average of 57 minutes a day. VMware reported in February 2013 that it saved $2 million by going “all-in” with BYOD. Undoubtedly, cash-crunched, productivity challenged small and medium-sized businesses (SMBs) will reap big rewards, as well.

However, these same SMBs are also less likely to have the IT resources to implement and enforce a BYOD policy, so mobile security is a real concern. Numerous companies are touting end-to-end mobile device management platforms, many of which are complex and expensive to maintain. DynaSis proposes a simpler solution―make it easy for employees to access the corporate information they need, but hard to transfer it to their PMDs.

A remote workplace solution―where personnel access corporate networks through a secure portal and all data remains on the corporate network―is a great start. Add another layer of protection with firm, “no second chances” BYOD policies about data management and then wrap it all up with extra protections such as remote lock and wipe, and you will have eliminated the majority of BYOD challenges.

But don’t wait too long before you take action. Even if you don’t have a BYOD policy, employees are probably using their personal devices for company business without your knowledge. In the absence of a clear policy, they are also more likely to perform dangerous behaviors, such as altering security settings on their PMDs, sharing corporate passwords, logging onto unauthorized networks, and performing other risky behaviors.