What are managed services?

BellRing.png

As the world around us changes, so do the terms we use to describe things that have been around for decades.  This phenomenon is very noticeable in the political arena with the advent of changing terms to be “politically correct”.  I’m not going anywhere near political topics in this blog, but you get the point.

Terms are also changed in the business world, often by someone in marketing trying to put a new spin on an otherwise old subject.  One prominent example today is the cloud.  Cloud can mean a lot of different things to different people, but the basic definition is moving computer systems or software applications outside of your office or home into an offsite datacenter or datacenters.  Anyone using iCloud to store their photos or music is using the cloud.  However, cloud hosting is nothing new.  Software and systems have been housed offsite in datacenters for years.  In the 1980’s and 1990’s this type of service was often referred to as ‘offsite hosting’, ‘colocation’ or simply ‘hosted services’. 

Like cloud, managed services have been around for decades with different names.  Today, an entire industry has been built around managed services.  The companies who provide managed services are called Managed Service Providers or MSP’s.  Managed Service Provider is most often used in the technology industry.  Gartner* defines Managed Service Provider as the following:


A managed service provider (MSP) delivers services, such as network, application, infrastructure and security, via ongoing and regular support and active administration on customers’ premises, in their MSP’s data center (hosting), or in a third-party data center. MSPs may deliver their own native services in conjunction with other providers’ services (for example, a security MSP providing sys admin on top of a third-party cloud IaaS). Pure-play MSPs focus on one vendor or technology, usually their own core offerings. Many MSPs include services from other types of providers. The term MSP traditionally was applied to infrastructure or device-centric types of services but has expanded to include any continuous, regular management, maintenance and support.


As usual in our field, the definition includes an overabundance of techno babble.  In a more generic sense, the definition of managed services is using a third-party company to provide a business process or service traditionally performed within the company using company employees and resources.

Managed service companies make money by charging monthly fees for the services they provide with the intent of providing a stable and predictable cost that can be budgeted for by the customer.  This is the “continuous, regular management, maintenance and support” in the Gartner definition.  In most cases, the monthly cost of managed services is far less and at a higher quality than attempting to hire and operate internally.

Before managed services, outsourcing, fractional services, and consulting were common synonyms used to define the service.  In my opinion, over time, primarily due to a small percentage of poor-quality providers, outsourcing and consulting were cast in a negative light with lower quality results and higher costs.  The industry needed to distance from the negativity and managed service provider was born.

However, managed services come with its own challenges.  It can be very nebulous and generic to many in the business world. 

At its core, managed services are about taking a business process or portion of a business process and hiring an external firm to provide those services and do so with higher quality, typically at a lower cost when compared to hiring a team of employees to do it internally.

Although Managed Services and Managed Service Provider are often attributable to the technology industry, the concept applies to the entire professional services industry.  Each of these services can be aligned to a business process needed by any company running a business.  The amount of ongoing need for a service is dictated by the type and size of the business itself.  Although many have not embraced using the managed services moniker for their services, the concepts are the same.  Some common groups of managed service providers include:

  1. Accounting

  2. Legal

  3. Marketing

  4. Advertising

  5. Human Resources (HR)

  6. Information Technology (IT)

Each group can have many specialty services within them.  Customers may have the option to choose the type and amount of managed service they need for their business.  Using the example above:

  1. Accounting

    1. CFO services

    2. CPA services

    3. Bookkeeping

    4. Month end close and reporting

    5. Accounts payable

    6. Accounts receivable

  2. Legal

    1. Contract creation

    2. Intellectual property

    3. Employee disputes

  3. Marketing

    1. Collateral creation

    2. Logo design

    3. Website design

    4. Writing copy

  4. Advertising

    1. Ad creation

    2. Ad purchasing

  5. Human Resources (HR)

    1. New hire processes

    2. Termination processes

    3. Payroll services

  6. Information Technology (IT)

    1. Helpdesk services

    2. Network management

    3. Systems and services management

    4. Security

    5. Cloud management

The customer has the choice to choose what service and amount is right for their business.  As a company that has provided technology services for the past 20 years, we have seen the ‘preferred’ terminology for what we do change from consulting to outsourcing to managed services.

At Fluid, our Managed Service Provider offering means we take over the day-to-day and ongoing technology needs of our clients, including managing their other vendors (often a pain point).  It is an all-inclusive plan purposely designed to alleviate the risk, stress, and pressure related to managing technology. 

From our clients perspective, our MSP plans simply means someone else is handling all their technology needs and they can focus on running their business.  Our clients also know we will proactively keep them secure and provide advisory services to help ensure technology is being used to maximize productivity and align to their company business objectives.  In reality, we strive to help the company use technology to grow and make more money.

Whether its unlimited helpdesk support with excellent service and response time or complicated migrations of systems to the cloud, we have a relationship built on trust that allows our clients to lean on us while they run the business.  We manage their technology operations top to bottom as if we were an employee.

Our most important metric we measure in relationship to our clients is client satisfaction.  If our clients aren’t 100% satisfied in the service we provide, regardless of the type of task, we are letting them down.

Managed Services can be a very powerful tool when understood and used properly to enhance any company’s business.  If you want to learn more about Fluid’s managed service offering give us a ring or click here!

 

* Source: Gartner IT Glossary https://www.gartner.com/it-glossary/msp-management-service-provider

Artificial Intelligence – It’s all Toilet Paper

AIGraphic.png

Disclaimer, I am not an AI expert or AI scientist or developer, so my opinions are solely my own.

According to www.toiletpaperhistory.net (yes, it’s really a site), the first official toilet paper was introduced in China in 1391, but the first mention of using paper dates back to the year 589 AD in Korea.  In Colonial America, the common means was corncobs (ouch).  Then in 1857, Joseph C. Gayetty invented the first packaged toilet paper in the United States in 1857.  It’s been pretty much the same ever since.  We may continue to use toilet paper, but we’ve given up the ever so tedious task of pushing buttons on our remote to asking a device to do the chore for us. Insert subtle tie in to AI here.

According to www.world-information.org, artificial intelligence, the link between human intelligence and machines, was not widely observed until the late 1950’s.  For most of us, the term remained in hibernation until much more recently.  The term AI is now in full consciousness, thrown about 24/7 in countless ways.  Most of us now associate AI to retail products in use by millions of people and households.  The best known big players include Amazon Alexa, Google Assistant, Microsoft Cortana, and Apple Siri.  Anyone starting a sentence with “Hey Google..” or trying to trick “Siri” into saying something dirty know the drill.

AI can be a really good thing, or not.

When surfing the web there are times AI is useful when it makes suggestions for me based on my tendencies, but I find it more on the creepy side when I’m on a website or using social media and an ad suddenly pops up for something I happened upon in the past 5 minutes. 

AI is also used behind the scenes in more nefarious ways.  Bots, or programmatic robots, can create social media posts with specific content targeting a specific audience without any human intervention.  Look no further than the alleged Russian interference in the 2016 election and the Facebook – Cambridge Analytica data scandal.

AI has increased in use and impact exponentially and will continue to do so, some say faster than the exponential improvements achieved in general computer processing, aka Moore’s Law.  AI is being deployed in every aspect of our lives personal, business, political, social.

Where does AI ultimately lead?

Anyone who has seen the Matrix trilogy knows when machines take over it’s not a good thing.  So how realistic is it really?  The creators of AI tout how it will meaningfully improve people’s lives.  The potential impact in healthcare alone are astounding. Many believe AI has barely begun and many more who believe it has reached major milestones viewed to be decades away. 

One of the primary limitations is not AI itself, but access to it.  Anyone in the U.S. now expects to have access to the internet, the primary driver for AI expansion, anywhere, anytime.  Global access, buoyed by improvements in wireless access, has increased significantly in the past 20 years.  Per an International Telecommunications Union* 2017 estimate, internet users worldwide increased from 16% in 2005 to 48% in 2017.  The region with the lowest usage is Africa, which makes sense given the geopolitical nature of the area. But I digress. The point is, internet usage and technology will continue to expand.  Just as the squid looking sentinels in the Matrix spread in millions to wherever it can reach, I would expect AI to do the same.

What if AI progresses at a pace exceeding anyone’s expectations?

Autonomous cars, drone deliveries, robotic surgery, flying cars, military strike drones are all in the now in terms of time.  What will the next 20-30 years bring?  If history is any indicator, it will certainly be interesting.  In the last 50 years man set foot on the moon and introduced a smartphone with more computing power required for that historical mission.  Looking at my own experience, I only must look to the last 25 years from the time our first daughter was born.  Just in her lifetime we have essentially experienced many of the game changing technology and AI advancements we use today.  And that’s only what we humble civilians know about.  What about all we don’t know?  I’m not suggesting you run to Area 51, but there is a side we don’t see.  What will happen in the next 25 years?  How will it impact the next generation?

If AI improves and does what it is supposed to do, become super intelligent with autonomy, as AI continues to learn and enable ‘good’ outcomes there lay an opposing ‘bad’ outcome.  And if AI improves itself exponentially, it’s conceivable there is a tipping point where AI itself becomes the controller and not the controlled.  This is where it gets very interesting and scary.

What happens when AI is smarter than us and becomes frustrated by our decisions and starts making decisions of its own?  Or more likely, AI decisions are misaligned with human decisions. The interconnection of ‘all things’ is being sold to us as a great thing, so much more efficiency and productivity.  But what happens if all those interconnecting ‘things’ start making decisions on their own and collectively?  We humans become a nuisance, slow and inconvenient.  Considering the military aspect if AI, it gets dark pretty quickly.  If one of our enemies develops AI capabilities faster than us (think of the nuclear weapon history), will they not use it for the larger betterment of humanity or use it to strike as quickly as possible?

Humans are in control of the planet because we are the most intelligent. The more AI advances towards super intelligence and autonomy, control may shift, requiring more care using it.  No one really knows the future of AI and its timeline, but it’s certainly worth planning for. 

We may have more advanced bidet’s, but we will still need toilet paper and I’ll still get in my car and have it tell me the best way to get home.

  

Source: "ICT Facts and Figures 2005, 2010, 2017". Telecommunication Development Bureau, International Telecommunication Union (ITU).

Microsoft Windows: End of the World (Support)

EndOfSupport.png

Companies like yours need to keep up with strict business, compliance and industry regulations. New threats have made it harder than ever to secure data and applications. With end of support for Windows Server 2008 (including R2) and Windows 7 operating systems approaching, the time to prepare is now, not in December.  Waiting will not make it go away.

Although you can certainly make logical arguments upgrading and modernizing applications should and will lead to improved capabilities and efficiencies for end-users, in this case not upgrading introduces significant risks to the company.

End of support means the end of critical security updates, opening the potential for business interruptions. Worse still, without regular security bulletins it is impossible to guarantee protection against hackers or malware.

Unfortunately, the technology world still communicates in technical terms not easily understood by the business community.  This is still the case with Microsoft’s announcement regarding the end of support for products.  Simply stating an end of support date looming for Windows Server 2008 (including R2) and Windows 7 doesn’t mean it resonates with the business community using those software applications.

The first question often is…

What do I need to do about the end of support?

… when the first questions should be:

What products are impacted by end of support?

What do these products do?

Do we currently run or use any of these products?

So let’s take a step back and answer those questions.

What products are impacted by end of support?

  1. Windows Server 2008/R2 January 2020

  2. Windows 7 January 2020

  3. SQL Server 2008/R2  July 2019

What do these products do?

  1. Windows Server 2008/R2 – is the foundational software used by most companies to manage their users, assign security permissions to users and groups, and support other software sitting on top of this foundation.  The scope and impact is company-wide.

  2. Windows 7 – is the operating system software used by end users on their individual desktops/laptops and support other software sitting on top of this foundation, for example, Outlook, Microsoft Office.  The scope and impact is the end user.

  3. SQL Server 2008/R2 – is the database software other software uses for database functionality, for example, Great Plains, industry specific software.  The scope and impact is company-wide.

Do we currently run or use any of these products?

To know if you are using any of the solutions impacted by end of support, you should rely on your technology department or provider to conduct an assessment of all the systems currently in use and provide a report showing the current versions and usage of those products.

Once you have a report, whether you have 1 or 100 systems impacted, you should then use the information to develop a plan for addressing each one.  Some systems may take months to address, so having a plan sooner than later will save management potential stress and sticker shock.

What to expect.

Let’s assume you’ve had an assessment done and determine you have 4 servers running Windows Server 2008 R2 and 25 workstations/laptops running Windows 7 Professional.  Developing a plan for addressing them should be tailored to your specific business, budget and system use.  Workstations may be replaced quickly, where servers may take months.

Cost is not the only factor.

Using our example, a ‘refresh plan’ should be defined for every workstation running Windows 7 Professional.  If the workstations are 4 years or older, it may make more fiscal sense to replace them with new machines running the latest Windows 10 operating system.  If the machines are still acceptable from a performance specification standpoint, it may make sense to upgrade the machines to Windows 10 Pro from Windows 7 Professional.  Aside from the costs related to these options, consideration should be given to how employees are using those machines and what potential improvements might be gained from a machine replacement versus upgrading only the software.  To avoid a large capital expenditure (CAPEX) cost at the last minute in December, you may want to spread out the purchase of replacement machines over the next 5-6 months.  A simple method is to take the number of machines, 25 in our example, and divide by the number of months remaining before you want them all replaced.  It is now June, so assuming replacement needs to be completed by January 1, 2020, purchasing 4 machines a month July through November and 5 in December would have them all replaced by year end, spreading the cost over time.

Migrating servers from Windows Server 2008 R2 requires more analysis and planning because typically servers are running mission critical software applications for the business.  It is not best practice to upgrade a Windows Server operating system as you typically would with a Windows end-user operating system and in most cases, it would be recommended to migrate to a new installation.  Some standard questions to consider during planning include –

  1. What business software is running on the server?  Will that software run ‘as-is’ on a new version of Windows Server 2016 or will it require an upgrade as well?

  2. Is business software running on Windows Server 2008 R2 that is NOT supported by later versions of Windows Server and will not run on later versions?  Should the business software be replaced with software more current and supported?  Should we continue to run the software on Windows Server 2008 R2 knowing the significant security risks?

  3. What impact will downtime have on the business related to migrating servers?

  4. Can they all be migrated during a single timeframe (likely a weekend) or does it need to be a phased approach?

  5. Does the server hardware need to be replaced along with the Windows Server software?  If so, what are the options now available that may not have been available 2-5 years ago?

  6. Will our customers and vendors be impacted by any of these changes?  What notices should be sent prior to the changes?

Don’t wait.  Get help.

If all this seems overwhelming, you’re not alone.  Many companies read the headlines and do nothing about it because it’s just too much to contemplate and is a major distraction to normal business duties.  Because of the very real security risks, this is one of those times procrastination can really hurt the business exponentially more than the cost associated with addressing the issue. 

You don’t have to do it alone.  Fluid has been working all year and will continue to through the end of the year to do the heavy lifting for companies.  From the assessment, planning, recommendations, obtaining necessary quotes, working with third-party vendors, and implementation, we try to do as much as possible to keep the business running.  We will take on the tasks management and operational staff don’t have time to deal with.  The additional benefit is knowing it will be done with technology proficiency and discipline many companies simply don’t have in-house.

If you do not know if ‘end of support’ will impact your company, you are at risk.  At a minimum, knowing your exposure should be a top priority.  Waiting until December may make the holiday season more stressful than it needs to be.  If you need help, we’re here to do so. 

You can reach Fluid at 866-802-9848 or via email at secure@fluiditservices.com

 

Understanding the Cloud

WhatTheCloud.png

In 2019 you would think the business community would have a good understanding of cloud computing. Reality is much different.  As I speak with business owners, management, and users, the “cloud” is still a nebulous concept more than a solution.  It’s certainly not understood well enough to know how to maximize the value of the cloud based on specific business use cases.  This knowledge gap is a source of business risk as well as lost potential business value.

I’ve written many blogs on cloud computing the past 5 + years and “hosted servers and software”, the stepping stone to the cloud, prior to that.  We have learned a great deal during that time, but one constant remains – there is always more to learn because the technology changes so rapidly.

At Fluid, we have a “cloud first” philosophy where any solutions kept on premise in the office requires a valid business case; a 180 degree change in philosophy from 7 to 8 years ago.  Today, it’s not just about determining if the cloud is a good fit, it’s about selecting the best type of cloud solution with the most optimal deployment.  This requires a deep technical understanding of cloud solutions, well beyond the glossy sales brochures.  Just keeping up with current technology is a full-time job, add the need to understand new disruptive technologies and how they impact the value proposition and you quickly realize it takes a disciplined commitment and process involving many people with varying skill sets.

The barrage of marketing buzzwords around cloud attempting to clarify things actually add to the confusion – public cloud, private cloud, hybrid cloud, software-as-a-service, platform-as-a-service, infrastructure-as-a-service, cloud disaster recovery; the list goes on.

To simplify things, let’s look at a few types.  These definitions and descriptions can be scrutinized and argued among vendors, experts and engineers, but that is not the audience.  The ones needing the most help in understanding the cloud are the business buyers and users.

Public Cloud

These are the big ‘logo’ guys: Microsoft Azure, Amazon AWS, Google Cloud, etc.  These companies, as you would expect, have behemoth cloud infrastructures and solutions that literally span the globe.  These are typically shared environments that are highly complex requiring senior engineers and architects to properly design and deploy.  Their sheer size can provide benefits in cost and deployment with geographical flexibility.  Each have their own rules to abide by.

Private Cloud

These are typically smaller players that have their own cloud infrastructure in smaller geographical areas.  The advantage of private clouds is greater flexibility and control.  Because they aren’t aligned to the major public cloud companies, which are also ‘product’ companies, they have the ability to host solutions that may not be a good fit for the public cloud.  In addition, some companies prefer the private aspect of knowing more about where their information is stored, how it’s managed and, in many cases, more secure.

Hybrid Cloud

The hybrid cloud is just that, a hybrid that utilize more than one solution.  This can include hosting components in the public cloud and others in the private cloud.  It can also be a mix of hosting some solutions onsite with others in the public or private cloud.  Hybrid cloud solutions are typically very ‘business use case’ specific.  For example, an engineering company with very high processing requirements for CAD drawings may use solutions on premise and back up the data to a private or public cloud.

Software-as-a-service (SaaS) should also be mentioned because a vast majority of companies use SaaS solutions alongside others.  For example, if using Dropbox for file sharing and hosting accounting systems in Microsoft Azure is using SaaS for Dropbox and public cloud for the accounting system.

Licensing is a beast!

Invariably, when companies evaluate cloud solutions they focus primarily on the core of the solutions: what will run in the cloud, how much processing power do we need, how much storage is required, how can remote users access it easily from anywhere.  What is often glossed over is the software licensing requirements.  Abusing software licensing rules even unintentionally is not something to take trivially.  The volumes of rules, requirements, and options is literally a wormhole requiring multiple jobs in itself. 

Be wary the sales rep that says licensing is ‘all included’ or ‘nothing to worry about’.  The costs associated with licensing can double the cost of a cloud solution and more if not done properly.  Every software solution has licensing rules and regulations, many of which are specific to usage not just in the cloud but the type of cloud. 

We have a half dozen different licensing programs and certifications just to cover Microsoft licensing in the cloud.  Just multiply that by the number of software providers and it’s a book no one wants to read.  But someone must read it and understand how to weave all the various licensing options into the blanket that best covers your business.  Make sure your provider understands licensing and make sure you understand licensing enough to be comfortable your business is properly covered.  It’s too good to be true is a cautionary motto to follow.

As I was writing this blog, I received an email from a cloud customer, who is the business owner of a food manufacturing business.  In his email, he forwarded dialog with his ‘local tech provider’ questioning every aspect of the cloud setup, software licensing, etc.  It was clear the customer provided the invoice detail to the tech to be a second set of eyes to confirm he had a good solution, which is never a problem.  Transparency with customers should always be the standard protocol.  Interestingly, every line item the tech questioned and provided feedback on was incorrect.  If the end customer followed this advice they would be woefully non-compliant and given dangerously bad information.  This exchange of information proves the entire point of this blog.  Even technical people providing advice don’t understand the cloud technologies with dire consequences. 

Choosing the wrong provider and partner can be disastrous to the business.

The challenges businesses face today is not if a cloud solution will be a good fit but finding the expertise to determine the best solutions available to the business and, more importantly, the ability to execute and implement the solutions.  There are hundreds if not thousands of IT companies, managed service providers (MSPs), etc. happy to sell cloud solutions without the in-house knowledge required to design, implement and support the services properly. 

The problem is exacerbated because the typical business ‘buyer’ does not have the knowledge to ask the right questions to confirm the ‘seller’ has the skills required to meet business needs.  Migrating to the cloud is not an easy task, regardless of what the sales pitch says.  A vendor skilled in doing migrations will have a defined, disciplined migration process and experience to make the migration as painless as possible.  Every flawless plan has unexpected issues to be addressed.  This is where your vendor earns their keep.  If the vendor doesn’t have migration experience and skills, the wheels can shoot off well beyond frustration and become a major disruption to the business with outages and downtime.

Public cloud is… well, public.  So what?

Microsoft Azure publishes its cloud pricing to the public, as well as a “pricing calculator” to use to estimate potential cloud costs.  Easy right?!  Think again.  You must know this stuff at so many deep technical levels and layers it will make the most tech savvy run for the hills.  As a Microsoft Cloud Solution Provider (CSP) we have dozens of “portals” we must navigate just to manage our customers Azure and Office365 accounts and environments, and we are the experts.  This scenario plays out for the other 800 pound gorillas as well.

Proceed with caution… it’s one thing to sell, quite another to advise, implement and support

What is the real implication?  The cloud has come a long way and continues to improve with better tools, automation, and solutions.  But notice I did not say support.  One major lagging necessity is good (not even great) support from cloud providers.  Every cloud provider will require you purchase support, even if it’s buried in the pricing.  What they don’t tell you is the quality of the support.  It’s only when you make that initial call for support that you realize it’s going to be very long day.  Again, this stems from a lack of skills and experience to deliver on both the technical side of the house and customer service.

It is very disheartening to witness how these powerful technologies can improve and enable business only to be poorly understood by those who position themselves as experts to support it.

No one becomes a cloud expert overnight.

We have invested over 10 years of countless hours, millions of dollars, and hundreds of deployments in the cloud.  It wasn’t and isn’t easy to do. It requires a different level of commitment I’m sorry to see many in our business not obligate themselves to.  We owe it to all those we serve not only to understand the technologies, but educate in business terms the value, the many options, and ultimately find the right solution for the situation.  There is an entire segment of business soured on the idea of the cloud because of poor advice, execution, and support.  I only hope with the right partner they can find their way back to today’s possibilities.  Cloud is definitely not a fit for everyone and never will be, but it shouldn’t be swept off the table because we didn’t do our jobs.

Does anyone really understand Office 365?

Office365Question.png

I was recently asked to provide training for Office 365.  This innocent request is like asking for training on airplanes.  The wide variety in types along with new releases with new features is a moving target.

Just when you think you’ve finally turned the corner to understanding Office 365, Microsoft releases half a dozen new products in a flurry to get them in the marketplace.  This has been a recurring theme over the past three years, seeming with no end in sight.  Trying to keep up is a daunting task, Microsoft itself often can’t answer questions about their own products.  They certainly lack any consistency.

This puts a tremendous strain on companies like ours who recommend, implement and support Office 365 products.  If our experts have a hard time keeping up and understanding the products, imagine what is like for a business trying to determine if Office 365 is right for them.

To make my point, let’s just scratch the surface of Office 365.  There are roughly seven bundled versions of Office 365 license types for business use.  Within each of these license types are “included applications”.  This is where it really gets interesting.  The Office 365 E3 license includes the following applications and services:

  1. Outlook

  2. Word

  3. Excel

  4. PowerPoint

  5. Access

  6. Publisher

  7. Exchange

  8. OneDrive

  9. SharePoint

  10. Teams

  11. Yammer

  12. Stream

Many of these applications and services may be recognizable and some completely foreign.  Understanding and using some of the more obscure applications and services are a luxury only attainable with an internal IT staff dedicated to Office 365.

This list is not near the end of it, not even close.  There are hundreds of additional add-on products and services to Office 365 for specific purposes.  Here is a very short sample:

  1. Visio

  2. Project

  3. Phone System

  4. Audio Conferencing

  5. Advanced eDiscovery

  6. Advanced Threat Protection

  7. Kaizala

  8. Intune

  9. Cloud App Security

  10. Meeting Room

  11. Enterprise Mobility + Security

  12. Dynamics 365

  13. Power BI Pro

  14. PowerApps

  15. Azure Active Directory

  16. Flow

  17. Windows 10

  18. Microsoft 365

Each of these products has multiple options and features to choose from.  In addition, there is an entire Office 365 Marketplace with thousands (over 2500) add-on third-party applications.  You get the picture.

Here’s a link to see for yourself: https://bit.ly/2JpXKkK

Adding frustration, many of these products change names (as with the Skype for Business change to Teams) and are released without, in my opinion, being fully vetted for any problems or bugs.  The general public ‘doesn’t know what they don’t know’ and may try deploying solutions that don’t meet the business need, don’t work reliably, or both.

It’s not all negative

Office 365 has provided a wealth of valuable productivity solutions at very affordable prices making them now attainable for the smallest of businesses.  When understood and used properly, business productivity and value can increase dramatically.  But there’s the rub.  The products must first be understood and then implemented properly with adequate training to take full advantage.

Consider again the original request: provide training for Office 365.  To train for Office 365 there must first be training on the Office 365 family of products and ecosystem to determine what is relevant for the business.  Care must be taken to understand and delineate mature and robust products from recently released ‘bleeding edge’ products.

It’s our job to understand and keep up with Office 365.  Internally, we must continually deploy and test new products to understand them, learn what works well, what doesn’t, and where they fit within business use cases.  Teams and Voice is a great example.

Skype for Business changed to Teams and added voice plans last year.  Teams is included in many Office 365 licenses and Voice is included with the E5 license or as an add-on.  We migrated from Skype for Business to Teams and from our previous voice provider to Microsoft Voice last year.  Transitioning voice services to Microsoft was not for the faint of heart.  Will our number transfer (port) correctly?  Will the voice quality be acceptable? Will the auto-attendant have the features we need?

Surprisingly, the migration of our voice services to Microsoft was easy and the quality has been excellent.  A pleasant surprise.  The migration to Teams was not as smooth.  Teams is a great application with an abundance of really great features consolidated in one place.   It has improved our collaboration and productivity while allowing us to shed products.  Answering a call within Teams and then sharing files, sharing screens and instant messaging during the call is awesome. 

The ‘gotcha’ with Teams has been SharePoint.  Transitioning our files to SharePoint was very time consuming and the change in ‘look and feel’ and how files are accessed has been difficult.  There have been painful performance and accessibility issues, including some downtime.  But we now know the details to better advise our clients through real world use.

Providing education and advice on Office 365 products prior to purchase and implementation will reduce the amount of surprises and frustration.  Ensuring every user understands the capabilities proactively will also reduce the amount of support requests related to the roll-out.  Time spent up front will pay dividends towards a smoother implementation.

Wash... Rinse... RETREAT

Panorama.png

It’s spring time, and that means many things – March Madness, bad allergies, baseball, spring break, and for the Fluid IT team, spring means; it’s time for our annual company retreat!  About ten years ago, the entire Fluid crew started traveling an hour and a half east of Dallas for the spring retreat weekend, and it has now become a welcomed tradition. It’s an opportunity for the team to spend time away from the daily grind at the office to recharge our batteries, bond, discuss our relevance as a company, and, most importantly, have fun!

What began as a one-day event, years ago, has become a 3-day celebration that everyone in the office excitedly anticipates. On Friday, as everyone, (including their dogs), spills out of their cars, the excitement and buzz increases as the team comes together once again.  You can simultaneously feel tensions release and happiness fill the air as we gather around the fire.  It’s amazing to watch people, who work together more than they are apart, change as drastically as the landscape between the Dallas concrete cityscape and the rolling piney woods of east Texas. The work mentality melts away and the fun begins. 

We often hear how important a company culture is to performance, retaining employees, learning, having fun, etc.  Without our annual retreat, we would be eliminating an important aspect of our culture, which allows us to hang up our “work hats” and connect on a more personal level. 

Team1.jpg

During the day, some like to spend their time hiking, fishing or just enjoying the beautiful outdoors, while others like to play games, read, or watch movies.  But, the most anticipated and inspiring aspect of the retreat is the nightly gatherings around the firepit.  While smores and a favorite beverage are always a hit, it’s the ‘real’ discussions, that happen organically throughout the night, that allow us to connect on a deeper level.  With music playing in the background, topics ebb and flow effortlessly from work to favorite movies, politics, religion, home life, personal stories, future goals, family, etc. – peppered in with jokes and lots of laughter of course.  It’s a safe environment where everyone can just be and be present.

The food is almost an event within the event.  The second night of the retreat, we all cook and eat an enormous, southern feast. There’s something about cooking for, and with, the team that develops comradery and proves that teamwork is alive and well beyond the workplace…especially when it’s Texas bar-b-que. A belly full of ribs accompanied by a second night of good conversation and laughter around the firepit, is a great way to spend the last evening.

FirePit.jpg

The 2019 retreat brought a few surprises with major thunderstorms and a power outage on Saturday (not so rare for Spring in Texas). Fortunately, the sky cleared just in time for everyone to enjoy another chilly night around the firepit, topped off with some smores and impromptu poor dance moves. Sunday turned out to be a gorgeous, sunny day. While driving away, with azalea’s and wood duck’s in my rear view mirror, I was reminded just how special the “it” we have is.

 The tangible and intangible benefits of our retreat should not be underestimated. Teamwork and company culture are paramount for the success of any company – especially an IT company. Since we are tasked with solving complex technology problems for clients, the Fluid IT team must often collaborate and share ideas to come up with the best solutions. Without the respect, support and good chemistry that our team has for one another, we would not be able to effectively help our clients. Also, when employees feel valued and supported by management and co-workers, the overall company performance strengthens immensely. Work can be challenging and stressful at times, so the retreat allows me to show appreciation for the people that make this company so great, while also further enhancing our estimable culture!

Finally Four!

TTechLogo500.png

Time to take a break away from “business” and to more important topics - college sports!

As a proud Texas Tech alum, I am used to years, even decades, of the perpetual pain and anguish associated with being a Tech fan.  There have been bouts of teasing greatness, with some real bragging rights when the women’s basketball team won the national championship in 1993.  In the 26 years since, Tech, with teams in all major sports, has had many close calls towards achieving national recognition.  Tech fans can be proud of the many conference championships, a great achievement in itself, over the years.  However, winning a national championship in the more hyped football and basketball sports has remained elusive.

In the ‘football is everything’ state of Texas (yes, it’s a real thing here), Tech has remained middle of the pack, never really a perennial loser or winner.  During the Mike Leach era, Tech football won 56 games, which was only bested by Oklahoma, Texas and Nebraska during that same period.  This included an 11-2 record in 2008, capped off with a Cotton Bowl loss during a stretch of 11 straight bowl appearances.  Many schools would love to have such a history, but in the state of Texas it is never enough.  With the new BCS playoff system and perennial powerhouses of Texas and Oklahoma, Texas Tech is on the outside looking in.  With yet a new football coach in 2019 we begin another round.

Reason for hope: basketball

What has been very interesting during this same time period is how Texas Tech basketball has held its own.  Unlike the middle-of-the-road football program, basketball has experienced higher highs and lower lows.  The team posted a 30-2 season in 1995-96 and an 8-23 record just 8 years ago.  The first taste of progress in tournament play came in 1996 with the first sweet 16 appearance.  Since that time, the team made the tournament only to exit early, each time leaving fans wondering what if.

Enter Chris Beard

Much has been made of Chris Beard’s rise to basketball prominence in the last few weeks and the unusual circumstances related to his hiring and arrival in the Hub City.  In three short years, Beard has taken the team to new heights with the first elite eight appearance last year to this years magical run to the Final Four. 

What makes the Final Four appearance more interesting is the way Beard built the team, not from Top 100 recruits, but from transfers, international players, and homegrown talent.  Like football, Tech basketball can’t compete with larger schools to bring in top national recruiting classes, so creativity and unorthodox methods are used to build a team. 

Many of the players point to a pre-season retreat Beard organized as the glue that brought the team together and encouraged them to fight for each other instead of the temptation to achieve individual stats to boost their own prospects.  You can read an excellent article published by the Dallas Morning News here https://sportsday.dallasnews.com/college-sports/collegesports/2019/04/04/preseasonteam-building-retreat-became-launch-pad-texas-techs-rise-final-four

Landing in Lubbock

As the Final Four contests quickly approach, we fans are busy buying everything Tech to show our support (many websites are already sold out of team fan gear), as we anxiously await 7:49 p.m. CST tomorrow to have the courage to make it through what is sure to be a nail biter.  I thank Chris Beard for landing in Lubbock and making it fun to be a Tech fan.  He certainly deserves the Big 12 and AP National Coach of the Year honors.  But now the secret is out and the world has noticed.  We can only hope he doesn’t fall prey to another Tech fan fear – the coaching curse.  It’s a given having a successful coach will garner attention from many blue-chip programs looking for a proven winner.  Add winning in Lubbock and the microscope becomes stronger.

In the meantime, I will enjoy the rarefied air of the moment along with thousands of Tech fans.  Could it be after 30 plus years of waiting we will witness a Tech men’s national champion?  Only time will tell.

Breaking News: IT Can Actually Save Money

GlobalMapDollar750.png

Headline: IT Saves Money for Company!

Wouldn’t it be great to see more headlines about the positives of IT rather than all the negative press about cyberattacks, privacy concerns and cost overruns?

If you are a small to mid-sized company, you are probably using one or multiple vendors for IT services and support (i.e. phone system, cable/network, internet, IT guy, etc.).  You may even have an internal “IT guy” or IT staff that works with one or more vendors to deliver IT services.

At Fluid, we state we will, not only, provide excellent support services (which should be expected), but we also provide valuable strategic IT services to help reduce IT costs, improve productivity, and implement technology that will support overall business objectives.  Unfortunately, companies have received poor support services for so long that they don’t believe there is any way money can be saved and productivity can be improved by working with an IT services partner.  Most businesses are used to the reactive support model, which often does not resolve the root cause of issues.  When a need arises, IT personnel fixes the problem as quickly as possible so that users can do their jobs.  But, the root of the problem is often ignored, and the same issue will usually occur again.

Go beyond the basic blocking and tackling

Providing quality support/helpdesk services is at the basic level, and any IT services provider should be excellent at it.  But, beyond basic support, we see the real value in approaching technology strategically and proactively, and ensuring that the right people are focused on the right things.  Also, properly managing all third-party vendors, on behalf of a company, requires a balance of the right staff, the right skillset, and most importantly, an in depth understanding of the business.  We’ve built our MSP business model based on the premise to deliver on those promises.

Focus on the whole, not the parts

When working with technology vendors and partners, each one typically only focuses on their piece of the puzzle, never expanding beyond to see how it fits into the rest of the business.  Our approach is opposite, which results in tangible benefits.  We take over the management of all third-party vendors to ensure that everyone is working towards singular goals that align with the overall business objectives.  Also, most companies don’t want to deal with other vendors, but their IT personnel doesn’t do it for them either.  I can’t count how many times I’ve heard C-level executives say “I don’t want to waste my time calling ABC vendor. I can’t understand all the technical jargon, and I don’t want to.”

Case Study: Saving money and adding value through strategic management

To understand the possibilities, here is a real business case:

One of our clients recently acquired another company.  As part of the acquisition, there were all the normal integration components, which required areas for optimization. But, there were also other critical projects.  The company needed new cabling/wiring for all locations, as well as a new VOIP internet-based phone system, and upgraded internet service.  At each location, cabling, voice and internet service, was provided by a different vendor.

Most companies, in this situation, would allocate a staff member to manage all the vendors. The staff member may have some technical acumen, but not enough to truly know what to look for in order to manage each vendor effectively.

In our client’s case, as in most similar situations, all the vendors were dependent on the other for implementing their services.  The internet service had to be increased to meet the new phone system requirements, and the cabling had to be in place to provide the necessary “ports” or wall jacks for the phone system.  The number of total ports, in each location, drove the need for new networking equipment. 

As they should, our client wanted and expected that all the pieces would be done correctly so that they could walk in the office, and everything would be configured and working correctly.  The challenge is, every piece must be not only done correctly, but also timed in a way to minimize unnecessary ‘dead time’.

As their technology partner, we stepped in to manage all the vendors, and what we found was frightening.  The cable vendor had provided a quote for both locations based on a walkthrough with one of their staff.  They presented a quote that was over $20,000 for the job.  Once we evaluated it more closely, we found an abundance of new cables that were unnecessary.  This was not the fault of the cabling vendor, they were doing what they thought was right, based on what the staff member told them.  The staff member didn’t have the knowledge to understand the technical details, and how things would work with the new phone system.   

CostSavings150.png

We saved our client over $25,000 on one project

We evaluated the cabling proposal and conducted calls with all other vendors, to ensure that everyone understood their piece and dependency on one another.  After our evaluation and walkthrough at each location, the cabling cost dropped from $20,000 to $6,000.  A substantial savings of $14,000 in one-time CAPEX cost.

We took the same approach with the phone vendor and the internet service provider.  Internet service providers (ISP) are always happy to sell you more bandwidth.  Again, like the cabling, the ISP worked with a staff member to determine the bandwidth required.  As before, the staff member lacked the necessary understanding to calculate what would be required.  Working with the phone vendor, we calculated what the maximum bandwidth usage could be. Then, we compared it with the actual usage reports, which allowed us to calculate a more accurate estimate of internet bandwidth needs.

Through our evaluation, we found that the company could start at a lower bandwidth level and confirmed that the bandwidth could be increased very quickly if necessary.  So, rather than buying more bandwidth than needed ‘just in case’, they were able to get what they needed with the ability to increase.  We ended up saving them over $500 a month in OPEX costs – which adds up to $6,000 per year.

We took the same approach with the phone vendor and found the number of handsets was too high, which resulted in additional savings in both one-time CAPEX and monthly OPEX.

Lastly, the additional cable drops and phone system required the purchase of new networking equipment to connect everything properly.  If the initial figures were used from the cabling and voice vendors, the company would have purchased more expensive networking equipment than necessary.  This also resulted in additional savings of over $5,000 in one-time costs.

The total savings were significant – over $25,000 in one-time costs and $1,500 in monthly costs

By working with and managing all vendors, we were able to help our client save a substantial amount, while also ensuring that each vendor would implement the right solution and do it correctly.  For a small to mid-sized business, spending money on technology can cause a major strain on finances.  Without our involvement and management, the company would have spent money it didn’t really have on solutions that would have been excessive and completely unnecessary.

Your Managed Services Provider can and should save you money and improve productivity

I’m sure other MSP’s say they offer strategic services and can save you money, but we’ve found that the reality is very different.  Unfortunately, most MSP’s don’t have the staff or skills required to manage all third-party vendors effectively.  Anyone can say they can do it, but can they prove it with actual numbers.

Destination Unknown – Cybersecurity without a defined objective is a path to disaster

TechMgmt.jpg

Destination Unknown – Cybersecurity without a defined objective is a path to disaster

Vacation time!

Let’s start this cybersecurity discussion by taking a little vacation – or at least pretend to take a vacation. Before going on vacation, people usually plan for the trip ahead of time.

Scenario 1: Planning for a vacation.

When planning a vacation, most people take the following steps:

  1. Determine the budget.

  2. Choose the destination.

  3. Decide when to go on vacation (busy season, hot, cold, vacation days available at work, etc.).

  4. Decide where to stay (choose hotel, condo, Airbnb, etc.).

  5. Choose mode of transportation (plane, car, boat, etc.).

  6. Book flights, rent car, plan your driving route, etc. 

  7. Book babysitter, dog sitter, house sitter, etc.

  8. Plan activities while on vacation.

  9. Begin the journey to the destination.

  10. Arrive at the destination.

  11. Have fun!

All the above has a cost element to be considered, which can cause the vacation plans to change.  Ideally, a budget would be created at the beginning of the process to help with planning the vacation and determining what is and is not doable. Although, a budget should be the first step in the planning process, people oftentimes choose a desired destination, and then adjust the budget accordingly.

Another important step when planning a vacation, is to do enough research to make informed decisions and properly budget for each part of the plan, especially if traveling to a new destination. People will often turn to friends and/or family for suggestions and input when planning a vacation, but friends and family may not be able to give the best advice. For example, how could they recommend a hotel if they’ve never been to the destination? 

Therefore, it’s also important to utilize outside resources for information and contact experts who are able provide information on destinations, price, pros and cons, hotels, activities, etc. The hard part is knowing who to trust. Some “experts” are more concerned with selling certain products or services even if they may not be the best option. So, it’s usually a good idea to gather information from various people and resources before making informed decisions.

Cybersecurity Time!

If the same logic is applied to businesses when choosing cybersecurity solutions, it reveals a dangerous tendency. 

Scenario 2: Choosing and implementing the best solution and level of cybersecurity

When planning for cybersecurity implementation, business leaders should take several steps:

  1. Determine the budget.

  2. Choose the level of security needed for the business.

  3. Analyze each security element to understand what it does and doesn’t do.

  4. Based on the analysis, determine the priority and order for implementing each element.

  5. Determine who will be responsible for assessing the solution options.

  6. Decide when to begin implementing the security solutions.

  7. Decide who will be involved in the implementation process.

  8. Plan the implementation process and any impact to the business (downtime, users, etc.).

  9. Ensure all relevant parties have been informed, then begin implementation.

  10. Implement the solution and test (sometime in phases or using pilot groups).

  11. Complete implementation and make the necessary adjustments.

  12. Conduct a post-review of the project to determine areas for future improvement.

Planning a Vacation vs. Planning Cybersecurity Implementation

While planning a vacation can be challenging, it is exponentially more difficult to plan and implement cybersecurity. 

When planning a trip, people usually have some sense of what the budget should be or at least know what they can and cannot spend.  Most businesses don’t even have a budget for cybersecurity, so there’s no starting point.  In fact, most companies don’t even have an IT budget, so they certainly don’t have a security budget.

While understanding the purpose for each part of a trip, the reason for it, and pros and cons is relatively easy, understanding the different levels of cybersecurity is not easy at all. Due to the technical nature and the complexity of cybersecurity, it’s difficult to educate CEO’s (buyers) on the different levels of cybersecurity. Translating technology and then articulating the risk/value can be extremely challenging.

Also, like the “experts” people may consult when planning a vacation, many “cybersecurity experts” try to sell solutions to businesses that may not be the appropriate solutions and/or security level. In addition, many IT professionals don’t know how to implement or even determine the best security solutions.

Start with Communication

CEO’s and C-level executives:

  • Cybersecurity is extremely complex, so it’s always wise to consult with multiple experts during the planning and implementation process.

  • When in doubt, ask: If you need more clarification, ask questions until you understand. Ask your IT resources to use analogies or imagery to help you understand.

  • Stay as involved as you possibly can before, during and after the implementation process.  

If you are an IT professional:

  • Before drowning the CEO with cybersecurity jargon, find a way to communicate and educate in terms that the management team can understand: Like the “vacation scenario”, try using analogies, imagery, etc. to explain technology.

  • Don’t be afraid to seek advice from external resources and/or other IT professionals. Technology is complex, and constantly evolving. So, it’s impossible to have all the answers.

Effective and consistent communication is imperative for businesses to appropriately address technology and cybersecurity risks. 

The following provides ways to help overcome this challenge in order to effectively plan and implement cybersecurity:

Define, Determine and Decide

As the diagram below illustrates, there are various levels of cybersecurity.

Step 1. Define and understand each level.

  • Because it includes technical jargon, this diagram may need to be explained in a way that business management and users can understand.

Step 2. Determine what level of security the company currently has.

  • None, Basic, Advance or Comprehensive

Step 3. Decide on which security level to target during implementation.

  • Keep in mind that it takes time and money for a company to start from “None” and move directly to “Advanced”.  So, when trying to decide on a level, remember 80% of all security incidents are due to employees. When in doubt, start with solutions that will address employee driven risks for prevention – AV, training, email ATP. 

SecurityLevels.png

Step 4. Implement, monitor and communicate

·         Once the desired level is agreed upon, begin implementation and continue to monitor and communicate the current state of risk as the company progresses towards the desired cybersecurity level.

·         Using a simple diagram, like the one below, is a helpful tool to use when explaining the progress of implementation to management. 

This diagram illustrates an example of an organization that has a “Yellow risk level” while also showing what has been completed and what has not.

SecurityStatus.png

Step 5. Update management on an ongoing basis

  • Once a communication method is in place, it’s important to update management on the cybersecurity status on an ongoing basis. 

The diagram below is another example of a helpful communication tool to use when explaining the cybersecurity status to management.

SecurityCommunication.png

Embrace the journey!

Effective cybersecurity management never ends. Therefore, if security solutions and levels are not proactively monitored, the risk level can move from Yellow to Green and then back down to Red.  Firewall failure, equipment beyond end-of-life, anti-virus expiration, etc. can cause immediate changes in risk levels.

Cybersecurity is about continuously mitigating risk and keeping businesses from going out of business.  But, in order to successfully mitigate risk, a disconnect between management and IT cannot exist. The IT industry continues to struggle with effective communication – especially when it comes to cybersecurity. Because of this, over 58% of all cyberattacks target small to mid-sized businesses and over 60% of businesses that are hit with a cyberattack go out of business.

Albert Einstein defined insanity as doing the same thing over and over again and expecting different results. It’s time for the technology industry to stop the insanity of ineffective and/or complete lack of communication with business owners and executives about cybersecurity. 

It’s important to take a step back to understand the ‘why’ then work on the ‘what’.  Create a communication method that works for the business, then begin focus on the ‘how’ and ‘when’ to take the appropriate action.

 

Engage Workspace

Very exiting times for one of my colleagues, Chelsea Green. Chelsea, CEO of Engage, recently announced the formal launch of Engage Workspace, a new shared office center focused solely on attorneys.

There are many ‘shared workspace’ companies – some, like IWG plc (formerly Regus), have been around since the ‘80s. But, the “shared” office model has been rapidly increasing in popularity over the last decade. According to Forbes.com, shared workspaces will host more than 3.8 million people by 2020. WeWork now has 502 locations since opening their first shared office space in 2010.

But, what makes Engage so unique is that it is designed specifically to cater to the requirements of independent attorneys and small law firms.

From the Dallas Morning News article:

https://www.dallasnews.com/business/real-estate/2019/01/29/coworking-center-targets-legal-eagles-new-north-dallas-shared-office-location

“The new Engage Workspace in North Dallas is targeting attorneys with its co-working facility in the landmark Campbell Centre complex on North Central Expressway.

The just-opened workspace is designed to accommodate more than 60 attorneys with workstations, offices, meeting space, office equipment and other amenities.

So far, the co-working operation takes up a full floor in the building, but Engage says it hopes to expand to additional floors of the iconic gold Campbell Centre II tower.

"Independent attorneys and small law firms represent nearly half the legal industry," Engage CEO Chelsea Green said. "With continuing market changes and technology advances, that looks to accelerate over the next several years.

"With Engage, we have created an office environment that has the familiarity of a traditional law office but with the greater independence, flexibility and efficiency of an executive suite or co-working space."

Green and partners Jim Chester and Darin Klemchuk opened the co-working center Jan. 1. Chester and Klemchuk are both partners in the Dallas law firm Klemchuk LLP.

The owners are planning to upgrade this spring with a new coffee bar and more collaborative space.

"Attorneys are a perfect fit for the Engage office space model," said Chester. "Law practice is collaborative by nature, and attorneys benefit from networking with other lawyers to share referrals and resources."

Stephen Holley of Holley + Co. Real Estate negotiated the office lease for the co-working center with Barbara Houlihan of Peloton Commercial Real Estate.

Shared office providers now occupy more than 1.5 million square feet of building space in North Texas. Co-working firms are one of the fastest-growing sectors in the office industry.”

What is not mentioned in the article is that the Engage Workspace will also provide the level of technology, IT support and cybersecurity necessary for attorneys.  All companies require technology and cybersecurity, but attorneys have the additional challenge of needing to collaborate and exchange information externally while also keeping their practice and data isolated and secure. Engage understands this, often overlooked, requirement and will include it as a part of their service.

At Engage, attorneys will be able to be as productive and efficient as possible, while knowing their data is secure. Each tenant will also be provided with ongoing IT support from a team of technology experts.  The blend of amenities, technology support and cybersecurity, creates compelling value that independent attorneys and small practices typically would not be able to take advantage of.

For more information, visit www.engagelawspace.com.

 

Is your business as safe as you think it is? What you need to know to keep your company secure.

With the increase in cyber threats, coupled with the confusion and lack of knowledge about cybersecurity, how do you know if your company is secure?  How do you know if you’re doing the right things at the right time?  The whole topic of cybersecurity is overwhelming and there’s not anything “fun” about it. So, it’s easy to avoid, but at what real risk to the company?

Monsters!

CyberMonsterDespite all the statistics that point to the fact that businesses, without the proper security measures, will likely suffer from a cyberattack, cyber threats are still being viewed as scary, but unlikely to occur. Most businesses still see a cyberattack as the monster under the bed, and cybersecurity as protection against the highly unrealistic possibility that there will ever actually be a monster under the bed. But unfortunately, these “monsters” are very real, and the number of attacks continues to escalate. It’s critical for businesses to have the correct security measures in place to keep the “monsters” from being able to even enter the front door.

One security solution does NOT fit all

Be cautious of cybersecurity providers who offer the same solution to every client. Every company is different, so expectations should be set based on many factors: size of the business, type of business, industry, etc. Also, no two businesses require the same IT solutions, support, software, or hardware. So, having tailored and specific IT security is crucial.

Is your business insecure?

If you’re reading this blog, then you’ve been warned! Now, what are you going to do about it? If you want to keep your business safe from cyber threats, knowing your risk level is a good first step to take before addressing each risk.

The following questionnaire addresses this by asking some basic questions that any business owner or management team should be able to answer.  While some of the topics are technical in nature, the questions are driven from a focus on the business itself.Questionnaire

Cybersecurity Preparedness Questionnaire

Answer each question below and tally your score. After completing the questionnaire, total your score to determine the level of risk for your company.

Yes: 0 points  No: 5 points  Unsure: 5 points

  1. Do you have a cybersecurity budget review annually?
  2. Do you have a written information security policy signed by every employee?
  3. Has your company reviewed its cybersecurity policies and procedures within the last year?
  4. Do you have a person designated as your security officer?
  5. Do you have a written incident response plan that is reviewed annually?
  6. Have you tested your incident response plan within the last 12 months?
  7. Do you know if you have any compliance or regulatory requirements?
  8. Have you defined the level of cybersecurity needs based on your business and compliance requirements?
  9. Have you provided security training to your employees in the past 12 months?
  10. Do you provide security training to employees on an annual basis?
  11. Can you employees identify sensitive information that could compromise the company if stolen?
  12. Do you know where your sensitive data is stored?
  13. Do you have cyber insurance that is reviewed annually?
  14. Are employees prevented from administrative privileges on your network or computers?
  15. Does your company have an acceptable use policy?
  16. Does your company consistently enforce policies around the acceptable use of computers, email, internet?
  17. Do employees regularly update passwords on company-issued computers/devices?
  18. Do your employees lock their computers when away from their desk, even for a few minutes?
  19. Do all your computers have anti-virus software that is regularly updated?
  20. Does your company have data backups onsite and offsite verified at least once a year?

Low Risk: 0-10 Moderate Risk: 15-25 High Risk: 30-50 Escalated Risk: 55-100

What now?

Once you’ve identified your risk level, what now?  If you answered “unsure” to any of the questions, do the necessary research to confirm the answer.  Once you have a “Yes” or “No” answer for every question, you will have a better idea of your true exposure and can begin prioritizing which areas to address first to mitigate the risk.

Don’t put your head in the sand!Headinsand

If you didn’t score a 10 or below, then getting to the green, (low risk range), won’t happen overnight. It takes time and, most importantly, full commitment and buy-in from ownership and senior leadership. But, as I mentioned, cyber threats are not imaginary monsters. So, don’t pretend they don’t exist and hope that nothing bad will happen. At Fluid, we understand the process can be overwhelming. Even determining the priority of what to do first can be a challenge. Luckily, we have a team of experts dedicated to cybersecurity. So, please feel free to reach out to us for help. Don’t wait until it’s too late!

Happy #$%@ New Year’s!! My Money is Gone!

HoodedHackerThis scam is downright scary!

Time is of the essence on this blog, so I tried to find a title that will grab your attention. I hope it did. I don’t get overly dramatic in my blogs, but this one is warranted for how bad it is. I also try to use graphics to break things up a bit, but I didn’t want to spend more time trying to make things “artsy”.

If you’re going to read anything, please read this. It might just save you thousands of dollars.

A small business owner and close friend of mine, we’ll refer to as “Joe”, texted me on December 22nd, (yes, right before Christmas), livid he had been conned out of thousands of dollars by a very elaborate and well executed scam. Now Joe is no dummy and pulling one over on him is no small task, but the detail these scammers deployed was no match for even an astute businessman.

So what happened?

The target, Joe, uses Chase Bank for his business and personal finances, which becomes important later.  All the money in both his personal and business accounts was stolen within minutes! How?... Joe gave the hackers the information they needed to steal it.

The chain of events.

Joe received a call from Chase Bank’s “Fraud Department” stating there was suspicious activity on his account, and transactions were made in a foreign country. Joe then explained that had recently been to Mexico on vacation – a common destination when you live in Texas.

Being a diligent and rightfully cautious person, Joe checked the number calling him and it matched the phone number on the back of his Chase credit card. The hook was set!!

The “Chase representative” stated because there were fraudulent attempts on his account, he needed to close both accounts, personal and business, and transfer the money to new, “safe” accounts. Then, the representative said he would text Joe a code for him to read back, which once again came from a legitimate number.  A two-factor authentication, using texted codes, to a mobile number is common practice, and no cause for alarm.  The representative then used this code to access both accounts and change the real password, one the hacker could then use.

In real time, the hacker used the common online payment app, Zelle, to clean out both personal and business accounts. It should also be noted that the scammer on the phone spoke excellent English and sounded legitimate, which is another well thought out tactic and different from the obvious “rich uncle” accents from Eastern Europe or other countries.

Worst nightmare!

Now being suspicious, Joe went into a Chase branch location and they verified that it was, in fact, NOT Chase. The real Chase representative mentioned this was the second time in a few days they have dealt with this same scam.  Panic now set in!

Pain and no gain.

While in the branch location, Joe had to immediately close all his accounts, open new accounts, while simultaneously working with the bank’s fraud department to try and reverse the transfers to get his money back.

When the Chase fraud department did their initial forensics, they discovered the transfer was made using a relative’s name.  This means the hackers gained full access to the account information, including the list of approved people and accounts to transfer money to and from.  Because the hackers chose a relative as the person receiving the funds, Chase would not escalate until Joe could confirm and ‘prove’ funds were not transferred to the family member as a legitimate transfer. The hackers purposely chose a family member knowing it wouldn’t get escalated.

It’s important to note that the phone number showing on Joe's caller ID matched the number on his Chase credit card.  At one point, Joe hit ‘call back’ feature on his phone to automatically dial the Chase number, which was directed back to the fraudsters (a tactic called number spoofing). The Chase fraud department advised Joe to always manually dial the number and not use the automatic call back feature on your mobile phone to ensure that you’re calling the correct number. In addition to closing his accounts and opening new accounts, Joe also has to identify and contact the numerous legitimate personal and business vendors and payers he works with to update their new account information.  More pain.

At the time of this blog, the success of reversing the scam is unknown. The bank stated it would take up to 30 days to determine if Joe would get the money back. To add insult to injury, Joe is also now locked out of online banking for 60 days.

This is one of the most elaborate and well thought out cons I’ve ever seen, requiring multiple people who know exactly how people use banking, and more importantly, people who know exactly how banks and their fraud departments work.  They were always one step ahead of the victim and I’m certain there are more to come!  So be diligent, be doubtful, beware.

Recession Obsession

If you’ve been alive 10 years, you’ve been through a recession – the Great Recession actually.  If you’ve been alive 20 years, you’ve been through two recessions.  30 years on the planet will give you…you guessed it, three recessions.  Although recessions do seem to be cyclical, they don’t always happen every 10 years. Over the last 50 years, there have been 7 recessions.

Gas Lines and Baby Food Jars

RecessionThe ramifications of a recession also change over time. Being 53 years old, I recall my grandparents saving every coffee can, baby food jar, and plastic container to repurpose and use for storing things throughout the house.  As products of the Great Depression, they were raised to literally save everything.  I can also distinctly recall having to wait in long lines for gas during the recession in the 1970’s.  My father and I would park the car in line at the gas station and go to the nearby strip mall to kill time for two hours while we waited for the line to move.

Although not a recession, I recall Black Monday in 1987 when the stock market dropped over 22%.  I was working at a financial planning firm at the time and that was not a good day, and not just because it was Monday.

Dot Bomb Bubble Burst

In the early 2000’s, the dot com bubble burst, and turned into the dot “bomb”.  It seemed like anyone with a web-based idea was given millions of dollars in funding without having to show any DownGraphprofits (a scenario which still occurs today).  eToys.com, Webvan.com, Pets.com, and many more all wiped out almost overnight.

Most recently, we can all recall, if not relate, to the Great Recession that occurred in 2007-2009 when the housing bubble burst due to the subprime mortgage crisis.  The term “government bailout” became a major thorn, and the nemesis for many household brands.  Many are still recovering from this economic meltdown. However, the prosperity over the past 10 years has dulled some of the sting.

But, some are now warning us that the great run we have enjoyed may be slowing down, and we’re potentially headed for a recession.  Search Google for “Recession 2019” and you’ll find blue-chip names discussing the very likely possibility that a recession is looming.

Before it's too late!

CrisisI have owned a technology company, Fluid IT Services, for the past 17 years, and we felt the impact of the 2007 recession – but in an interesting way.  We provide IT solutions and support for small to mid-sized businesses, and the cost of our services is typically less than the cost of one full-time employee. Although we lost the clients who unfortunately went out of business, we gained new clients who needed to cut costs and couldn’t afford full-time IT staff.

We certainly had to cut costs ourselves and manage everything more tightly, but we were okay because our risks were spread sufficiently, and we provide a service that is “recession friendly”.  We continued to grow as the economy improved, but always with a keen eye on our market segment and the economy as a whole.

As the economic signs, signals, metrics, statistics, etc. started showing a downturn, we’ve used it as an opportunity to get our business in order.  It’s much easier to evaluate all your people, processes and technology-related costs, and make sure that your business is operating as efficiently as possible, before things go south.

Every company has and uses technology (IT) constantly. Most companies today wouldn’t be able to function without IT.  But, when times are good, costs related to IT (and other business functions) may not be closely monitored because sales and revenue can cure many ills.  However, it’s best to ensure your IT house is in order before the times get tough and budgets get tight.

Start by asking questions

An analysis of your current IT spend at a detailed level, may be as exciting as watching paint dry, but it’s crucial when dollars tighten. IT cost analysis can also be difficult. Even knowing which items to include when analyzing your IT spend can be confusing. I’ve found that it’s easiest to start by asking questions…

  1. What are my costs for internet, phones, software subscriptions, IT support, computers, etc.?
  2. What hardware needs to be replaced soon? How much will it cost to replace?
  3. What costs can be reduced or eliminated?
  4. What costs are a bare minimum to keep the lights on?
  5. When was the last time I evaluated all my contracts related to technology and what are the terms? Being locked into an expensive 5-year contract at the beginning of a downturn is no fun.

Good news...

We can help! At Fluid, we help companies analyze their IT costs almost daily. So, we already know where most of the IT costs are found, where the skeletons are buried, what is reasonable, and what is outrageous.  As a provider of outsourced IT services for small to medium businesses, we have to know these costs because we’re responsible for managing them in order to be a good steward with our clients’ hard-earned money spent on IT.

We also take it one step further by using a more proactive and strategic approach to IT. We will hope for the best, but also help you plan for the worst by discussing current and future business needs, goals and “what if” scenarios. Once we have this information, we can provide guidance on ways to cut IT costs and suggest solutions that will generate revenue, and specifically align with each clients’ business plan.

Don’t be afraid to say you don’t know and bring in experts to help you understand your costs.  It will reap rewards now and help you sleep better when economic conditions do change.  Feel free to call Fluid IT, we love this stuff!  Our main objective is to help people with their businesses and see IT in action!

Ho, Ho, Ho No! I've been hacked!!

With the holidays upon us, it's not only the kids getting excited.  Hackers also love the holidays and the gift of giving takes on a whole new meaning.  Increasing malicious activity during the holiday spending spree is no coincidence.  Don't be a victim!  Take some tips from this blog by IBM SecurityIntelligence to be more diligent.  Hacky Holidays?

Cybersecurity - "You can't handle the truth!"

I’m a guy who likes sports and movies, and my wife tells me that I’m constantly quoting sports analogies and movie tag lines. Guilty as charged.  So, why do I do that???  Because I can quickly state a movie quote or sports reference to explain a situation to someone, without having to spend an hour doing so. If I tell someone “you just fumbled”, knowing this person likes or understands American football, he or she will immediately know they made a mistake.  Notice how I stated ‘American football’ lest I confuse it with the round ball version and defeat the very purpose of my analogy.

ManYelling

The problem is, if I use my linguistic mojo on people who don’t follow sports or movies (yes, those people do exist), I not only don’t get my point across, I confuse them.  Many times, I get that tilt-of-the-head puppy look and then a nod, never asking me to clarify what I meant.  It’s surprising how many people never ask the question – I don’t understand, what do you mean?

This can be very frustrating and even a cause for escalating arguments and disagreement later.

To clarify, here’s an example of a recent conversation when discussing a company project…

Me: “We’re at the one-yard line!  It’s time to punch it across the goal line!” Colleague: “Got it!  You can count on me!”

A week later…

Me: “So that project was completed, right?” Colleague: “No, I’m still working on it.  I need to add some more detail." Me: “What!  I thought I told you and we agreed this needed to be done asap!? Like yesterday.” Colleague: “Oh, I’m sorry.  You didn’t tell me it was urgent.” Me: “I did tell you it was urgent.  Remember ‘the one-yard line’, ‘the goal line’?” Colleague: “Yeah I kind of recall something like that.” Me: “Then why didn’t you get it done??” Colleague: “Why are you yelling at me?  I have no idea what you meant.” Me: “Why didn’t you ask?

And the downward spiral continues.  The frustration level for everyone is extreme.  Worse yet, the project was not completed, and the company suffers.

I see this same scenario over and over again as it relates to technology and business – especially with cybersecurity.

Get serious about cybersecurity SecurityGuard

Articles are published every day stating how businesses aren’t taking cybersecurity seriously enough only to be completely ignored.

I constantly come across articles that give real statistics showing how businesses think they are secure, yet they have recently been breached or compromised!  How is that possible?  Why do businesses, led by extremely smart people, continue to ignore the very real threat that cybersecurity breaches and hackers can easily compromise their business’ livelihood?  Why do they continue to have incidents, and not learn from them?

Some studies show, many business owners rely on their insurance policy to save them instead of protecting their assets proactively.  I believe some of that is true, but I believe the real issue is a complete disconnect in communication.

The danger of miscommunication

MiscommunicationThere is a very real and dangerous disconnect in communication between business and IT!

I read an article recently that was trying to get businesses to understand the importance of cybersecurity and the importance of communication between IT and business.  Here is how the article begins…

 

ArguingDigital transformation is happening rapidly in every industry. As companies move toward software-defined infrastructures (SDI) connected to powerful cloud ecosystems, they can tap into the near-real-time intelligence from the data gathered from every edge of their business, helping to drive faster business decisions and changing the way they serve their customers.

Rapid transformation, however, without a solid plan, can produce cybersecurity vulnerabilities. As infrastructures go virtual, security models need to shift. To avoid serious risks and security management issues, companies need to identify challenges, strategize, collaborate, pilot, test, and evangelize. *

 

Did you have to read it twice?  Did you understand even part of it?  What exactly is ‘every edge of their business’?

“Trust me, Greg, when you start having little Fockers running around, you'll feel the need for this type of security.” Meet the Parents, 2000

Yes, I did it, I used a movie line from the great film “Meet the Parents” to make my point.  If you haven’t seen the movie, you have no clue what I’m talking about.  Business leaders have not seen the cybersecurity movie!!  They don’t understand a word coming out of your mouth (another movie reference).

Don’t allow technology to get lost in translation

LostTranslation

In all seriousness, business leaders have not taken the time and do not have the time to learn all the parlance of cybersecurity.  Yet, we keep pummeling them to death with cyber techno-speak.

The reality is, both business and technology leaders have a responsibility to their companies, their employees, and themselves to learn enough about each other to make the conversation relevant.  I can keep showing business owners all statistics. But, most of them still don’t properly plan for or budget for cybersecurity, and most will only do so after they’re hit with ransomware or have a breach.  But what is ransomware?  What is a breach?  What do they look like? What is the actual cost to the business now and in the future?

This is not a one-sided issue. IT professionals also need to learn how to translate technology jargon into terms that business owners can understand.

The same case can be made for IT experts making an effort to understand the language of business and understand the impact they are having.  When business owners and leadership speak in terms of EBITDA, CAPEX, OPEX, Life Time Value, Gross Margins, Net Margins, Cash Management, etc., they are speaking a language immediately understood within the group, but many times foreign to the IT group.

At some point, business owners, leadership, and even board members must work with IT experts to start taking cybersecurity more seriously.  Both parties must be willing to have an open dialog where each is not afraid to ask questions, educate and translate into terms each party can understand, to make better business decisions.

If you want to have a discussion regarding your business and how the cybersecurity landscape impacts your company now and in the future in a language you can understand, contact us! We will be happy to advise and educate you in this increasingly complex space.

May the force be with you!

 

* AT&T Cybersecurity Insights Vol 7

We've moved everything to the cloud, we don't need IT staff or support.

It’s Fall, the weather is cooler, football is in full swing and we finally moved all our systems to the cloud.  No more worrying about having the deal with all that techie stuff.  Life is good! vectorstock_3501851

 

“We’re in the cloud, we’re all good.”  We hear this all the time from business owners. The number of companies using cloud services for all their business software is increasing. With no servers and software in the office, many people have the misconception that any hardware still onsite, requires no attention.

So, when asking owners and CEO’s about their IT needs we get the quick “We’re all good, everything we have is in the cloud.”

This misconception is not only inaccurate, it is extremely risky.

While it is true that cloud solutions can mean computers in the office, laptops and desktops may not need to be as beefy because all the work is ‘in the cloud’, the fact remains there are still devices, and more importantly, users that will require the same level of IT support and responsiveness from their IT staff/provider.

Security is a primary concern when in the cloud.

In the “old days”, users would login to software and systems running on servers in the closet.  When there were issues, the IT guy would come to the rescue, and they would take systems down to do maintenance, upgrades, etc.  Having your software in the cloud can be very easy to use, convenient and appear to not need the same ongoing care and feeding, which can be mostly true and a great advantage of the cloud.  But that one first step – logging in, is still a critical component to ensure proper security is in place for accessing systems now in the cloud.

Managing security is still a core requirement for every business and with the “sprawl” of cloud solutions, many companies use multiple cloud applications requiring multiple logins and passwords.  On the other end of that cloud application is a user that still requires support when things go wrong, or when they want to add something new.

Users still exist and need to be supported

Seemingly simple cloud applications like DropBox still require security settings, user settings and support in a business environment.  You probably don’t want all employees to have access to sensitive HR data.  Users still must be added and managed, printers still stop working (the bane of my existence), and laptops and desktops still fail.  Assuming there is no need for IT support, puts the company back into reactive mode, only addressing needs after something happens.

Reverting to reactive support is a step backwards in user productivity

Most of what IT does is under the water line.  Like the propeller and rudder on a boat, you can’t see them, but they are required if you want to move forward in a precise direction.  Technology is only visible when the business and users are accessing it.  Much of the cloud is below the water line and appears to work on its own, but it still requires the skilled engineers and technicians to ensure everything is working to meet the business goals.

When you add the ongoing and more visible needs of the end-users, having good, proactive managed IT support and security is a MUST! Therefore, even when everything is in the cloud, having the right IT support can make the difference between success and failure.

What you don't know CAN hurt you!

BlindMan Cybersecurity continues to be a real problem for small to mid-sized (SMB) companies because they honestly believe it will not happen to them.  To make matters worse, in a recent article by Dark Reading, 51% of SMB leaders are convinced their companies are not a target for cybercrime.  You can read the article here.  With the large number of security incidents we respond to within the SMB community, it is very surprising and discouraging businesses continue to ignore cyber threats.

Small to Mid-Sized Companies Do Not Act Until AFTER They Have Incurred Multiple Cyber Incidents

Unfortunately, what we find is that companies take preventative action only after they have been hit multiple times.  You read that last line correctly.  We see companies have an incident, incur very large unplanned expenses to deal with it, and continue to 'do nothing' until they are hit again and again.  I have to believe this is primarily due to the lack of understanding of the real risk of cyber threats at a business level, coupled with it being a blind spot in business management - I don't know what I don't know.

The Security Industry is Partly to Blame

The cybersecurity industry is partly to blame for the lack of understanding and visibility in the business community because, as an industry, cybersecurity continues to communicate in very technical jargon and terms business owners and management simply cannot understand and do not have time to try and figure out.  This creates a disconnect between the business and the very solutions available to proactively address mitigating the risk related to cyber attacks.

If business owners were armed with information showing what is actually occurring within their business on a regular basis, communicated in terms they can understand, not only would they enable the experts to help remediate issues proactively, they would have detailed information on employee behavior and actual traffic moving in and out of the business.  Security reports provide extremely valuable and powerful information which can be used not only to thwart cyber threats, but also create and enforce general company policies on how business assets are being used.

You can see sample report showing one month of actual data obtained from proactively deploying and monitoring security here Security Report

I believe if business owners could SEE what is actually happening, they would be much more likely to address the very real cyber threat risk.  At a minimum, they would have to decide to do nothing knowing bad things really are happening.

 

Your Cyber Security is Failing!

managed-security-services  

When you take a course in school or work and you get 100% on the test, it’s a great feeling.  Perfection!  How smart are you!  When you get 100% on every test, every time, you have truly mastered the subject and are clearly an expert.  It’s something you might even want to boast about to your friends; what an accomplishment!

But what if the scenario was turned 180 degrees and you received a 0% on every test.  Your feelings are completely opposite.  You are discouraged, frustrated, even embarrassed.  Your confidence is shot and you certainly don’t want to be bragging about it to your friends.

This is the scenario we see in cyber security.  When we deploy our cyber security solution for a new client, we have a very methodical process for the implementation and configuration of the solution based on the clients’ needs.  Part of the process includes continually capturing real-time data and then reporting those findings on a monthly basis.  We review these security reports with our clients so they can see and understand what is actually happening in their company.

Every company fails security 100% of the time!

What we have found interesting is that we find an issue or issues that need immediate remediation 100% of the time.  Think about that for a minute.  Every single time for every single client they fail.  This is not something the company wants to deal with, it is very frightening to them, and they certainly do not want to boast about it to others.

Often times we have already remediated issues in real-time as we are monitoring their security, but many times it takes working with the company management to determine what they want to do.  As an example, if we find a company computer suddenly is trying to broadcast malicious content out through the company’s internet connection, we will be immediately notified, shut-down and ‘clean’ the identified computer.  We certainly do not want to wait until the end of the month to address the issue.

Other issues are more dependent on what the company management team wants to do.  During our initial monthly review of the report, there are often issues related to how employees are using company systems.  For example, employees are accessing inappropriate websites, usage of social media sites such as YouTube, Facebook and Pandora are excessive and saturating internet bandwidth.  We also see attempts to access the company network from other countries, such as China, Romania, North Korea, etc.  In these cases, the company management almost always is shocked and says “We don’t do business with those countries!  Why are they trying to access our information!?”.

This is an example where we need to have a discussion with management to confirm what is legitimate and what is not.  Using our service, we can block websites and countries permanently and selectively, or the company may want to write and issue an Information Security Policy that states what the company policies are for appropriate use.  In the latter case, the issue is handled through policy and not technology.

You can’t address what you can’t see

In all these cases, the primary issue is that companies without proper security in place are in a state of being blissfully ignorant.  They do not see anything going on so they assume everything is good.  Once we shine a light on security, their eyes are wide open because they can now see what is actually happening.  Having the information allows us, working with the company, to address and remediate issues.

The larger implication is companies without proper security are playing with fire.  While some issues are not extremely damaging, it is only a matter of time when a malicious event becomes a major security incident the company must respond to.  Imagine you are a health provider, law firm or any company (since every company has sensitive and private information) and find you have a breach and private information has been leaking out of the company.  The status just went from green to red, requiring significant and immediate effort from many different people – the incident response plan.

The point is, in today’s world, it is better to know and have a planned response than to continue to be in the dark.  We know 100% of companies we work with will have issues to address, we also know most companies continue to operate in the dark believing it won’t happen to them.  As scary and uncomfortable as it may be, I would certainly rather operate from a position of knowing rather than taking the chance and hoping nothing will happen.  After all, we know from actual data, ‘nothing will happen’ actually never happens.

Security Delivered in a Box

With news of breaches occurring daily, cyber security has been forced to the forefront of every business.  The challenge is cyber security is a very complex subject to address with many layers using names confusing even to technical people.  Trying to decipher and understand all the layers and what is appropriate for your business is nearly impossible without a team of experts to guide you along the way.  Often the result is having multiple vendors provide different layers of security that do not work well together, are difficult to manage, and ultimately more expensive. For this reason, Fluid spent a year researching to find a better way.  What we found was very interesting.  There were many security companies offering specific pieces of an overall solution – one vendor offering a firewall, another offering anti-virus, and another offering cloud based security, and so on.  This was the very overly complex scenario we were trying to avoid.

Using this knowledge, Fluid developed a set of solutions to address each layer of security in a unified way that can be centrally managed, while in turn reducing the number of vendors involved and related cost.  The result is security in a box, a menu of security solutions to address each layer of security with options for increasing security levels to meet the specific needs of a business.

You are covered from the end user to the cloud!

SecurityInABox

The primary aspects in a consolidated solution had to include the following –

  1. Centralized management of all security devices and software
  2. Consistent ongoing management and monitoring of security events for remediation
  3. Proactive notification of threats
  4. Detailed monthly reports showing actual data related to the specific client environment and usage
  5. Inclusion all necessary hardware, software, and support renewals (firewalls, network switches, wireless access points, cloud based firewalls, etc.)

Whether it’s 3 devices or 3,000, Fluid can procure, configure, implement, and manage security using a single standardized process.

The results for our clients have been fantastic!

After implementation of the service, we review the initial monthly security report with our clients and without exception, the report shows activities they had no idea were occurring.  Not only do they have visibility to what is actually happening in their business, they now can do something about it.  Whether it is through creating a company policy or having Fluid systematically block certain traffic, the business is now in control.

In addition, because the service is all-inclusive and standardized, it can very easily scale as the company grows.  We have many clients that open new branch offices around the country and we can very quickly deploy the solution to those locations and add them to the overall solution.  In addition, each location receives its own monthly security report, so analysis and action items can be done at the location level.

The reports are an extremely valuable tool for ongoing cyber security monitoring and remediation.

SecRpt1

Visibility to outside attempts to infiltrate company systems allows specific geographic based controls.

SecRpt2

A primary role of any cyber security is to block malicious attacks and intrusions.  Monthly reports show details on specific attacks.

SecRpt3

If a deeper inspection is needed, we can even go to the user level to analyze what is occurring.  This has been especially helpful for situations where there may be one or two rogue users that need to be addressed.

SecRpt4

Unfortunately, employees are the number one source for security incidents.  Knowing what they are doing is necessary to continue to improve security training and make adjustments to security policies.

SecRpt5

Fluid’s Security-as-a-Service includes everything you need, out of the box, to secure your business!  Contact us now to learn how 214-245-4118 or wade.yeaman@fluiditservices.com.

Does you technology department know your business? They should.

vectorstock_1260341-FluidLogo-01 I have been in the technology business providing technology services to small and mid-sized businesses for over 20 years and surprisingly through all the change, there is a serious gap I continue to observe…

The technology department does not know the business

Whether using in-house technology staff or an outside technology provider, I find the technology group may know what business they are in, but they no little else.  The obvious question is – how can a business get the most out of technology when they do not fully understand the business?

Signs your technology department is not involved enough in the business

  1. A representative from technology is not included in business strategy sessions
  2. The business does not have a technology steering committee or similar group
  3. The technology staff do not know all the software the business is using and more importantly why
  4. Business management makes technology decisions without proactively including the technology department

If you have any of these occurring in your business, you are not getting the most out of your technology function.  As a result, technology may be adequately supporting the business, but they are not provide the real value – enabling the business.  This creates a very real gap between the business and IT that is overlooked and unattended.  In fact, in most cases it is a case of “I don’t know what I don’t know”.

Most small to mid-sized organizations do not have a Chief Information Officer (CIO) or access to one

Any large organization has a dedicated CIO with dedicated staff with the primary objective to be an integral part of the business strategy process to ensure technology continues to align to the business and provide tangible value on an ongoing basis.  Small to mid-sized organizations have the same need and can obtain the same value, they just do not know to include it or assume it may be too expensive.

While true that a full-time CIO often is cost prohibitive for small to mid-sized organizations, there is little reason why this valuable service cannot be obtained on a fractional ‘as needed’ basis.

Business Strategy Model

Although admittedly simplistic, the graphic below shows how business strategy works from the top down, from development to execution.

vectorstock_15134295-FluidBlue-ClearBackgroundIn real terms, the same model is used for technology (place “technology” in front of each level and you have it).

Most technology departments and providers deliver the bottom half of the pyramid and do so really well.  However, this is just the basics any technology department should be expected to deliver.  What is missing is a defined approach to address the top half of the pyramid.

As shown in the following graphic, the top portion of the model is often overlooked or missing in technology delivery.

vectorstock_15134295-FluidBlueGray-ClearBackground

Technology departments and providers lack a refined method to deliver strategic services

The reality is most technology departments and providers do not possess the experience or skillset to deliver the high-level strategic services.  Complicating matters, it is not a skill that can be simply ‘turned on’.  It takes years of hands-on experience working with business senior leadership along with various strategy methodologies to provide these services.

A defined repeatable methodology and process is required for IT strategy delivery

At Fluid, we have a proven methodology for addressing the strategy gap to work with our business partners to deliver technology at a strategic level.  In almost every case, our clients have never experienced this level of strategic service.  In fact, most require training to take full advantage of the benefits.  Once we engage with the business, the senior management not only welcomes the service, they devour it at an increasing level.  What we call virtual CIO services becomes an addiction for the business.  The results are tangible and IT value increases from a necessary business function to a strategic business enabler.