Category Archives: Managed IT

Can a Small/Mid-Size Enterprise Afford IT Strategy?

Among other insights, a Deloitte Consulting survey of the perception of CIOs found that less than half of IT executives view their CIO as a strategist. And, only 10% of IT executives view their Chief Information Officers (CIOs) as a “revolutionary” who does things like uncovers new markets and revenue streams, translates IT for business, and interacts with C-level executives.

These are the kinds of expectations placed on CIOs today. They are being asked to contribute at the boardroom table and to the business’ bottom line. This is happening in companies of all sizes – and it’s just as relevant to expect IT to contribute to business strategy in a small- or mid-sized enterprise (SME).

IT Strategy for the SME

An SME is not likely in the position of being able to support a CIO function and organization. (Refer to this cost model for an IT department). In reality, a full-time CIO is probably not necessary for such companies, either – but IT strategy likely is. Very few businesses today are able to operate effectively without significant support of information technology. And we’re not just talking about PCs, laptops and a website!

An IT strategy is critical if your organization has any of these goals:

  • Compete in mobile markets
  • Pursue a robust social media strategy
  • Offer products and services via the cloud
  • Become more competitive by reducing costs and increasing operational efficiencies
  • Incorporate deep analytical features into products and services
  • Drive performance through business intelligence and analytics

The Virtual CIO

A virtual CIO is an ideal solution to ensure that an SME can meet goals like those listed above. A vCIO is a business and technology expert who provides CIO-level strategy, guidance and support to an executive team as an outsourced consultant.

Having a vCIO ensures that an organization’s IT strategy is aligned and positioned to help drive the business forward. Just as a Chief Financial Officer bears the responsibility of the finance department’s performance, the vCIO is responsible for ensuring that information technology investments and services also contribute to an organization’s performance.

The profile of an effective CIO is an individual who understands both the technology and the business. The role must create alignment between and company’s technology investments and the business’ strategic goals.

Technology in the Driver’s Seat

More and more, technology is driving new markets and is critical for businesses to succeed today. If your small- or mid-sized enterprise has doubts about whether its IT investments are doing any heavy lifting for the business, talk to us. We offer a vCIO service as well as a complete end-to-end managed IT service offering that makes strategic IT attainable for SMEs.

You can get started today with a Free IT Audit >>

Advertisements

How to Avoid Top 10 IT Mistakes Committed by Small- and Mid-Sized Businesses

– Dean Tremblay, Partner

In this article on BrightHub, GFISecurityLabs’ David Kelleher talks about common IT mistakes that small and mid-sized business (SMB) customers make. Avoiding these pitfalls is possibly the best reason for an SMB to outsource its IT to a dedicated managed IT service provider.

Below, we take Kelleher’s Top-10 list as a jumping-off point and describe how we help our SME clients protect themselves from a variety of business risks with proactive, outsourced IT management.

Connecting systems [such as new computers and mobile devices] to the Internet before hardening them.

Part of our managed IT service is to provision gateway access controls (a.k.a. firewalls) to protect internal IT systems. We also provide anti-virus and spyware controls to all of a customer’s connected systems.

Connecting test systems to the Internet with default accounts/passwords.

When we provision new computers, mobile devices and other connected systems on behalf of our clients, changing default passwords to strong, secure passwords is part of our process.

Failing to update systems. Security holes exist in your operating system and no software is perfect.

We provide both native Microsoft patch management as well as patch management from third parties for targeted applications, such as Adobe products, Java, QuickTime and others. This is part of our standard managed services offering because we believe strongly that it needs to be done.

Failing to properly authenticate callers.

Most of our clients provide us with a list of authorized individuals who are allowed to initiate changes on their networks. Where required, we can also use a challenge/response protocol to authenticate individuals who contact us for helpdesk support on behalf of a client organization.

Failure to maintain and test backups.

At Tango, we believe that any IT service is rendered irrelevant if excellent backups are not maintained. To protect client data from disaster, we regularly back up business data and we validate that the backups are successful on a daily basis. We also perform a test “restore” process once per month for any client engaged with us under a managed services contract.

Failure to confirm that your disaster recovery plan actually works.

We provide backup and disaster recovery services for SMB clients. In our experience, most SMBs do not have disaster recovery or business continuity (DR/BC) plans in place and find it too expensive to justify the cost of, for example, maintaining two completely redundant IT infrastructures with fail-over. Our cloud services offerings substantially reduce these costs and make DR/BC accessible to small and mid-sized customers.

Failing to implement or update virus detection software.

Tango implements a “defense and depth” strategy of protection against viruses, malware, spyware at the email server, the network gateway and the desktop to ensure that your systems are fully protected. This is another core service in our managed IT service offering, no exceptions!

Failing to educate users. Users need to know exactly what kinds of threats are out there.

In our managed IT service industry, end-user knowledge (and lack thereof) is perhaps the most common area of risk that affects our customers. A lack of awareness or sophistication can lead to users opening their systems to viruses, spyware, phishing and other threats. The solution is to mitigate risk through ongoing end-user training. In addition, Tango builds client IT architectures such that end users are removed from critical decision-making processes. For example, next-generation firewalls and email security applications remove most of the risk from vulnerability attacks. But, education is still the first line of defense!

Trying to do it all yourself.

Even if you have an IT resource on staff, it’s simply not realistic for an SMB to effective manage all aspects of IT effectively. In a previous article about knowing when it’s time to hire an IT resource <link once that blog is approved & posted>, I outlined that four skill sets that a corporate IT department of any size must possess, and provided an ROI/budgeting model to help you determine how best to fill those needs. Chances are good that a partially or fully outsourced managed IT service model will make the best sense for your business.

Failing to recognize “insider threats”.

Any malicious, untrustworthy or disgruntled employee presents a risk if they are not properly monitored. If you operate in a strict regulatory environment or have other reasons to be concerned about insiders hacking, stealing or selling your sensitive business and customer data, there are a number of checks that we can build into your IT architecture and roadmap. This may include implementing monitoring measures on specific systems, devices or network resources. It may also require high-security physical restrictions on employees who enter and leave your premises. Our IT strategy and virtual CIOservices can be leveraged to provide expertise, insight and solutions to these and other big-picture IT concerns.

What You Can Do Now

To evaluate your organization’s IT security against these and other potential risks, contact us for an IT security audit.

When It’s Time to Hire an IT Resource for Your SME

“When should I hire a full-time Information Technology (IT) person?”

Every small- and mid-size enterprise (SME) owner asks this question at some point. It is partly a marker of the importance that information technology has assumed in business of all kinds. From – desktop computers to wireless devices, business systems and servers, IT is both a critical function for most businesses as well as a competitive differentiator.

Given the increasing importance of IT to business, the question, “Should I hire a full-time IT person?” is typically raised as the business approaches the 40 to 50 staff-member size. Before that time, a variety of approaches to IT management are often used:

  • The IT role is filled part-time by another technically inclined staff member, one of the owners or partners.
  • IT functions are overseen on an ad hoc basis by service providers like Geeks-For-Hire.
  • End users are largely responsible for selecting and managing their own computer systems and software.
  • Commonly, some of the IT systems are outsourced to a variety of disparate vendors, which internal IT staff do not typically have the skills to manage these various vendors.

To answer the question correctly, it’s important to identify your SME’s IT needs and requirements, as well as to evaluate the complete, or loaded, cost of hiring.

Identify Your Needs

Your IT needs will be based in part on your type of business and the industry that you operate in. For example, accounting firms, law firms and health care providers must be able to demonstrate that their IT infrastructure and maintenance meets industry-specific standards in terms of data security, backup and disaster recovery.

Other industries do not have such regulatory requirements, but businesses may determine that IT systems and the business/customer data that these hold is mission critical to the business. Or, a business may recognize technology as a competitive differentiator – indeed, technology can provide competitive advantage by enabling new, more efficient or very innovative business models, or by dramatically reducing operating costs.

Whatever your industry, the IT needs of the majority of businesses today can generally be divided into four unique categories of skill set. These are:

  1. Help Desk Staff. Typically comprise 80% of the IT requirement. Provide front-line support to end users. Are professional, polite, competent and empathetic to end users.
  2. Network/System Administrator. Typically 10% of the IT requirement. Work in the background to keep servers and the network running.
  3. Network/System Engineers. Typically 10% of the IT requirement. Plan and deploy complex new systems and technologies as required.
  4. Chief Information Officer (CIO). Typically 5% of the IT requirement. Understands both the technology and the business. Ensures alignment between a company’s technology investments and the business’ strategic goals.

A single individual is unable to adequately fulfill all four of these roles. Each requires a different skill set, personality type, emphasis and relevant accreditation. When determining your business’s IT needs, consider each of these four areas and weight or prioritize their value to your business.

Evaluate the Loaded Cost

When hiring their first full-time IT resources, businesses generally underestimate the actual cost of having that function in house. Following is a calculation that you can use to evaluate the loaded cost of establishing an IT department at your business:

Annual Cost Item Notes
$80,000 Annual fully loaded cost of internal IT resource salaried at $50,000(To obtain loaded cost, calculate annual salary multiplied by 1.25*)  The internal effective utilization rate of that employee is typically 75%**
$10,000 – $15,000 Additional outsourcing services,
excluding IT projects
Examples of additional services include: server administration, server and application trouble shooting, network security, and others that fall outside the scope of an IT help desk resource.Examples of IT projects include: Business Intelligence projects, Intranet, Collaboration, new application deployment, etc. 
$95,000 Total annual IT support cost @75% effective utilization rate
 
*Depending on the accounting method, the following may (or may not) be included in the loaded cost: vacation, insurance, office space, etc. Various industry statistics estimate the loaded labour cost at between 20 and 30%, so we have used 25% in this calculation.
**Utilization depends upon the individual’s productivity; we feel that this is a conservative estimate and actual productivity may fall below 50%.

Business people will recognize a distinct business disadvantage in this math – the decision to establish an internal IT department is a costly venture with poor effective utilization of resources. SMEs that realize that they cannot realistically afford an internal IT department – but are unwilling or unable to continue in ad hoc fashion – are increasingly outsourcing or partially outsourcing their IT functions.

A Managed IT Service Model for SMBs

A “managed IT service” model provides businesses with outsourced IT functions in one or more of the four IT skill sets outlined above. In some cases it is possible to outsource all four functions to a single managed IT service partner. The benefits of outsourcing include:

  • Achieve 100% utilization of dollars spent on IT resources and match IT costs to needs.
  • Leverage qualified, expert resources in all IT functional areas without loaded costs.
  • Establish a stable IT budget through managed IT service retainers.
  • Remain educated about and confident in your IT service, systems and network through monitoring and reporting.
  • Benefit from industry best practices learned and leveraged by a dedicated IT provider.
  • Benefit from industry and cross-industry experience.
  • Ensure that vendors are being managed by experienced experts who have both technical knowledge and the big picture in mind.

At Tango Technology Group, we offer IT outsourcing especially for small- and mid-sized enterprises. Our practice areas include outsourced Help Desk, System Administration, Network Administration, Engineering, and a virtual CIO (vCIO) function. Our structure enables us to provide SMEs with fully or partially managed IT services in addition to guidance to ensure alignment between your business and IT strategies.

To learn more:

Don’t Let Your Business Become a Statistic in the Year of the Data Breach

– Dean Tremblay, Partner

Online security threats to organizations reached an all-time high in 2011, according to software security firm, Internet Identity (IID). In fact, IID has named 2011 “the year of the data breach” and cites these market shifts as drivers behind the increased threat:

  • A new black market makes it easy to obtain software whose sole purpose is to steal data
  • Increased sophistication of cybercrime
  • Malware proliferating due to increased smartphone use

When companies as well capitalized as Sony suffer major data breaches, it’s common for small- and mid-sized organizations to contemplate their own potential security risks. While most organizations in the 50-250 employee range have implemented security measures through enterprise firewalls and secure data backup, many have no idea if the protection they are relying on (and paying for) is airtight.

When you implement organizational security, backup and disaster recovery systems, you should also implement a system of accountability for those mission-critical operations. Too often, organizations seek out our help only after a major failure – such as a security breach or data loss – has occurred. To be fully protected, an organization must have a reporting procedure in place, as well as a proactive alert mechanism, to remain ahead of any potential risks to data security.

Another frequently overlooked aspect of IT security is alignment between the technology in place and the business. You may wonder what one thing has to do with the other, but it’s really quite simple:

  • If your business strategy is outgrowing your security infrastructure, you’ll be at risk
  • If your business model is shifting but your security infrastructure remains static, you may be at risk
  • If the way your employees, partners, suppliers and customers communicate with one another is shifting but your security infrastructure was architected in 2008, you’ll be at risk

At Tango Technology Group, our Managed IT services offering – which can include network and data security measures – includes proactive alerts and informative reports. Most importantly, we also work with our clients to review their business strategies and changes, ensuring alignment between the business and its enabling infrastructure – including online and data security.

I’d welcome the opportunity to talk to you about ensuring the integrity, security and alignment of your business data. Contact me at: dtrembla(at)tangotechnologygroup.com.

More information:

2012: How Your Small/Medium Size Business Will Benefit in the Year of the Cloud

– Dean Tremblay, Partner

Information technology think tank, IDC, has made its annual technology predictions for 2012. I’m not surprised that they’re predicting that cloud services will begin to take leadership in the enterprise technology mix.

IDC anticipates that “the strategic focus [will shift] from building infrastructure to the creation of application platforms and ecosystems,” and notes that “the battle for enterprise platform dominance is just getting underway with established players like IBM, Microsoft, and Oracle facing serious challenges from Amazon, Google, Salesforce.com, and VMware.”

Cloud services – whereby IT infrastructure and business applications are delivered from a centralized location rather than from a server farm at your premise (much the way we receive electricity service) – represent a major opportunity for small- and mid-size organizations:

  • They make enterprise-level applications and products more accessible to organizations >500 users
  • They reduce capital expenditure and minimize physical infrastructure (and the specialized human resources needed to maintain it)
  • They support on-demand provisioning of new applications as you need them

As you plan out your business for 2012 and beyond, cloud-based services should absolutely be considered as part of your business (not just your technology) mix. Consider how you can leverage cloud-based applications to improve sales and marketing productivity; to reduce operating costs; to support the rapid roll-out of new products, services and promotions on demand.

Here are just a few examples of how some Tango Technology Group SMB clients are benefitting from cloud-based services:

  • Implementing professional contact relationship management (CRM) without deploying new servers
  • Collaborating enterprise-wide and effectively managing documents without additional capex
  • Communicating more productively through company-wide contact and schedule management without an Exchange server

You can read IDC’s complete technology predictions here – then talk to me about what it all means to your company. I’m always excited to talk to small- and mid-size businesses about how technology should be deployed to deliver serious BUSINESS value. dtremblay(at)tangotechnologygroup.com