It's been a while since my last blog and I have no excuse. There have been plenty of changes though, all for the better. Now working with a business partner under the new name of Freeman Clarke, we have merged our separate companies in to one and have forged a relationship with The FD Centre that has out rocket fuel in our tank.
The partnership with The FD Centre confirms that the time of the Fractional IT Director has come and my co-founder and I are pioneering in this space. In previous recessions companies cut IT to make ends meet, this time they are seeing IT as a way to drive out of recession, gain new revenue streams and improve existing ones. The problem being is that these grand ambitions are not sustainable without good understanding of IT and its capabilities. This is exactly where Freeman Clarke are, we provide IT Directors with a wealth of both small and large company experience on anything between a day a month and a day a week and take ownership of of technology at board level with only the client's interests at heart. That's the kicker: We're independent, we're agnostic and we have no other products to push and thus no hidden agenda. We're want to help make companies successful through the judicious use of technology and thus fulfil our own passion - making sure people and companies achieve their goals.
We're looking for CEOs and Owner/Managers who recognise they need external board level advice to make their IT sing, if you're that person, get in touch.
Thursday 14 June 2012
Friday 23 March 2012
The Basics of Mobile Device Security
It's come to light recently that NASA has lost around 48 laptops over the past few years, all of which did not have any security protection, not even encryption. For a large company, this is unforgivable, they should know better. Even for a small company, really there should be no excuse not to put in place basic protection for your mobile assets.
However, the task gets more tricky now that there's a growing BYOD (Bring Your Own Device) culture sweeping the office. When people use their own devices, what right has the corporation got over the device? I think it comes down to two basics:
If you can answer "Yes" to either of those questions then regardless of who owns the device, you and your company must insist that the device has certain security capabilities implemented. I would insist that they have:
If the person who's device it is declines to implement these requirements, then you must decline access to your company's network and data, it's as simple as that. The IT department needs air-cover from the CEO to ensure people don't creep round to the back-door and get access by pulling a favour.
If you want to go a few steps further, I'd suggest two other requirements:
However, the task gets more tricky now that there's a growing BYOD (Bring Your Own Device) culture sweeping the office. When people use their own devices, what right has the corporation got over the device? I think it comes down to two basics:
- Does the device attach to the company network, i.e. actually sit inside the corporate firewalls?
- Does the device hold, store or manipulate company data, i.e. data that is owned by the company?
If you can answer "Yes" to either of those questions then regardless of who owns the device, you and your company must insist that the device has certain security capabilities implemented. I would insist that they have:
- User-ID/Password Secured Login: No computer should hold company data that isn't at least secured from prying eyes by a password to log in. This goes for mobile devices as well as computers - most now have the ability to use either a passcode or swipe-code (not just the basic swipe) to enable access.
- Anti-Virus/Mal-Ware & Firewall: Another basic, but many people don't bother. For Windows based devices, it's absolutely essential, but even on devices that are supposed to be safe (Apple/Linux), you should probably insist on it.
- Data Encryption: This should go hand-in-hand with the system log in requirement. Most systems have the capability to encrypt data, it should be insisted upon.
If the person who's device it is declines to implement these requirements, then you must decline access to your company's network and data, it's as simple as that. The IT department needs air-cover from the CEO to ensure people don't creep round to the back-door and get access by pulling a favour.
If you want to go a few steps further, I'd suggest two other requirements:
- Tracking Software: Individuals can implement tracking software on their devices very easily, many are free private use. Prey being a good example.
- Remote Wipe: More devices are now getting the ability to instigate a remote wipe, but there are also 3rd party applications that will do the remote wipe for you.
Thursday 1 March 2012
How to find good developers
Most of the time, those who need developers are not themselves going to be developers, so when you're the CEO of a small company in need of a developer, how can you go about finding the right developers with the right level of experience for your website, application or mobile app?
Firstly, let me make things clear with regards to applications. If you're not considering commercial off the shelf packages rather than inventing it yourself, then you're mad, In all likelihood a package already exists to do what you want to do. No, really it will. Go look and save yourself a lot of heart-ache.
Now, if you're still determined to develop something yourself, you need to be sure that you're getting the right person or people to do it for you. So, how do you know? You're not a coder, you've probably interviewed and assessed many, many individuals in your time, but from the interview process you'd never know whether they can code or not. Here's some news: You don't need to because someone else knows for you.
If developers are who they say they are then they'll have a long list of happy and successful clients. Taking the time to take up references is the way to ensure that you get someone who is capable of delivering what you want.
The important bit is not to take up just one reference, but to take up several, maybe as many as five. It should only take you about half an hour to do all five, it's not a big time-waster. You need to take up several because developers can always find one client who'll say they were great, but if they're not that great, they're going to struggle to find five who'll be willing to sing their praises.
On top of that, here's the kicker: The actual development skills the person has will probably end up the least important part of someone's package for you. If your developer can't communicate, can't take your hazy, high level requirements and produce what you really wanted, can't manage their time properly and give you accurate estimates and deliver on time, then you don't want to work with them. Guess what, all this can be gained from the interview and a few decent telephone conversations with the candidates references.
So, don't get hung up on coder technical tests, go talk to their clients recent and in distant past and do a decent face-to-face interview. That's the best way you can find out how good someone is going to be for your company, not by them getting more than seven out of ten on a technical test.
Firstly, let me make things clear with regards to applications. If you're not considering commercial off the shelf packages rather than inventing it yourself, then you're mad, In all likelihood a package already exists to do what you want to do. No, really it will. Go look and save yourself a lot of heart-ache.
Now, if you're still determined to develop something yourself, you need to be sure that you're getting the right person or people to do it for you. So, how do you know? You're not a coder, you've probably interviewed and assessed many, many individuals in your time, but from the interview process you'd never know whether they can code or not. Here's some news: You don't need to because someone else knows for you.
If developers are who they say they are then they'll have a long list of happy and successful clients. Taking the time to take up references is the way to ensure that you get someone who is capable of delivering what you want.
The important bit is not to take up just one reference, but to take up several, maybe as many as five. It should only take you about half an hour to do all five, it's not a big time-waster. You need to take up several because developers can always find one client who'll say they were great, but if they're not that great, they're going to struggle to find five who'll be willing to sing their praises.
On top of that, here's the kicker: The actual development skills the person has will probably end up the least important part of someone's package for you. If your developer can't communicate, can't take your hazy, high level requirements and produce what you really wanted, can't manage their time properly and give you accurate estimates and deliver on time, then you don't want to work with them. Guess what, all this can be gained from the interview and a few decent telephone conversations with the candidates references.
So, don't get hung up on coder technical tests, go talk to their clients recent and in distant past and do a decent face-to-face interview. That's the best way you can find out how good someone is going to be for your company, not by them getting more than seven out of ten on a technical test.
Thursday 16 February 2012
Planning for Business Continuity
People are usually great in a crisis, heroes appear, resolve the problems, get things back on track. But, why does a business have a need for heroes in the first place? A business should be forward looking enough to spot the potential crisis or outage. However, business continuity is far from sexy, particularly when everything working just tickety-boo.
So, business continuity planning is not just about having a plan for when things go wrong, it's central plank is to ensure that where there is business risk, appropriate mitigation is put in place. For instance, a business completely reliant on their CMS should have redundancy built in and no single points of failure whilst a business that uses a CMS in a small area of their business should not need such belt and braces. Horses for courses.
So, think of business continuity as two separate things:
So, business continuity planning is not just about having a plan for when things go wrong, it's central plank is to ensure that where there is business risk, appropriate mitigation is put in place. For instance, a business completely reliant on their CMS should have redundancy built in and no single points of failure whilst a business that uses a CMS in a small area of their business should not need such belt and braces. Horses for courses.
So, think of business continuity as two separate things:
- The pro-active removal or reduction of risk within the business and,
- Plans for dealing with a risk if it turns in to an issue.
- Single points of failure: If a single point of failure will significantly reduce the ability of the business to operate then it should be addressed, pragmatically. There's no point in implementing something that costs an arm and a leg that will only be used less than once a year.
- Siting of systems: Consider carefully siting of systems, for instance, siting an Email server in the office rather than the data-centre is convenient for staff, maybe, but if office internet links go down the company is far more cut off from the outside world than they would be if the Email server was sited in a data centre.
- Data back-up: This is simple: Make back-ups, regularly, keep an up to date set off site in a safe and secure place and test them regularly. It doesn't have to be sophisticated and indeed some of the cloud offerings are so cheap or free that it's a no-brainer nowadays.
Monday 13 February 2012
Technology to Drive Us Out of the Slump
Kevin Peesker from Dell has written a great article on the Business Zone which outlines how technology is the special fertilizer that will enable a company to grow. I agree with all of it, it's really good stuff and it's good to see it finally acknowledged that technology will be key to companies driving out of the slump.
What's not detailed though is exactly how the technology outlined is going to get in to a company and deliver the detailed benefits. There's a brief piece at the bottom of the article about how you can go about getting going, but it really doesn't even touch the sides of the requirement.
A CEO taking this on and trying to deliver it all is going to fail nine times out of ten. It's not worth the risk. To really take and deliver on the benefits outlined in this article, a CEO needs to find an expert. This is where GreenBOLD comes in, we provide corporate experienced IT Directors who can really make a difference and get the technologies outlined in the article implemented and delivering the benefits.
For more information on what we can do, please visit our website.
What's not detailed though is exactly how the technology outlined is going to get in to a company and deliver the detailed benefits. There's a brief piece at the bottom of the article about how you can go about getting going, but it really doesn't even touch the sides of the requirement.
A CEO taking this on and trying to deliver it all is going to fail nine times out of ten. It's not worth the risk. To really take and deliver on the benefits outlined in this article, a CEO needs to find an expert. This is where GreenBOLD comes in, we provide corporate experienced IT Directors who can really make a difference and get the technologies outlined in the article implemented and delivering the benefits.
For more information on what we can do, please visit our website.
Monday 6 February 2012
Reasons for Changing your IT
There are many companies out there that just muddle along with their IT. I'm always amazed how often when I talk about IT being a "necessary evil" how many company directors nod and smile ruefully. It really doesn't have to be this way, IT should never be seen as a necessary evil, particularly in today's world where IT is all pervasive. IT should be a positive benefit to a business, an enabler and even driver of revenue.
Today, Tech Republic have published a Top 10 list of warning signs that you need to change your IT landscape. I suggest you read it and if you can check off two or more of the items, it's time to really look seriously at your technology and work with someone to get it resolved.
I think the most telling is 5) Your falling way behind your competitors and 9) You can't support telecommuters.
It really is that simple. Technology in today's business will help drive revenues if you do it right. However, it isn't enough just to implement a change, you've got to do the right change and make sure the change delivers.
One company I know invested £100k in changing their IT landscape, but unfortunately didn't use someone experienced in these kind of implementations and in the subsequent 18months after the project finished they lost at least £250k of revenue simply because the IT systems they'd put in to boost performance had not delivered. Now they're having to spend more to get things put right. It's sad to see so much money wasted.
So, the first thing on your list to "doing it right" needs to be finding an appropriate expert. The right experts do not exist inside support and service companies, they will have their own interests at heart. Instead, an independent expert with a history of helping companies turn things around in the technology department is what you need.
Suffice to say that my company provides such a service. We are independent, we have plenty of successful IT Change programs behind us and we stick around afterwards to make sure it all actually delivers on the promise.
If you read the Tech Republic Top 10 and recognise your company's IT status in that list, get in touch for a no obligation discussion.
Today, Tech Republic have published a Top 10 list of warning signs that you need to change your IT landscape. I suggest you read it and if you can check off two or more of the items, it's time to really look seriously at your technology and work with someone to get it resolved.
I think the most telling is 5) Your falling way behind your competitors and 9) You can't support telecommuters.
It really is that simple. Technology in today's business will help drive revenues if you do it right. However, it isn't enough just to implement a change, you've got to do the right change and make sure the change delivers.
One company I know invested £100k in changing their IT landscape, but unfortunately didn't use someone experienced in these kind of implementations and in the subsequent 18months after the project finished they lost at least £250k of revenue simply because the IT systems they'd put in to boost performance had not delivered. Now they're having to spend more to get things put right. It's sad to see so much money wasted.
So, the first thing on your list to "doing it right" needs to be finding an appropriate expert. The right experts do not exist inside support and service companies, they will have their own interests at heart. Instead, an independent expert with a history of helping companies turn things around in the technology department is what you need.
Suffice to say that my company provides such a service. We are independent, we have plenty of successful IT Change programs behind us and we stick around afterwards to make sure it all actually delivers on the promise.
If you read the Tech Republic Top 10 and recognise your company's IT status in that list, get in touch for a no obligation discussion.
Wednesday 25 January 2012
IT Security: Changing Responsibilities
It's time for another of my motorbike analogies... This time on the topic of IT Security.
In a car, it's all about secondary safety - when you've had an accident, the metal cage, the seat-belts and the air-bag are all there to keep you safe. The car has become responsible for your safety. In contrast, when you learn to ride a motorbike, the instructors are at pains to tell you that keeping safe on a motorbike is all about primary safety: Don't have the accident in the first place. In other words, nothing else is going to take ownership of your safety, it's in your hands and your hands alone.
I strongly believe that IT Security needs to be like motorbike safety: Do everything you can to ensure that the incident doesn't happen in the first place. The question is, how do you get primary safety in the workplace rather than needing to rely solely on secondary safety?
I think it's simple: Primary Safety is about process, policy and training. Above all though it's about treating your employees like adults, giving them a sense of their own responsibility to keep the company safe and giving them the tools to enable them to have that responsibility. I'm not advocating removing secondary safety services, but if someone has no responsibility then they don't care about it because it's someone else's responsibility if things go wrong, not theirs and the risk of an incident is thus higher.
Investing in primary safety, giving people that responsibility and the tools to enable that responsibility will greatly reduce the likelihood of an incident happening in the first place.
If you want a non-motorbike analogy for this, there's clear evidence* of this on Kensington High Street in London. The council decided to remove all street furniture, place the bicycle bays in the middle of the street and take away all the railings. Madness you say, all that safety equipment gone, accidents will go up! No, not at all. Because pedestrians were handed back responsibility for their own safety, they were more careful and accidents involving pedestrians dropped by 44% over 2 years (the London average in comparison was a 17% drop).
The good news is that both IT Security and old-fashioned physical security are evolving fast and we're quickly getting to the stage where employees can be involvement in their own on-line safety. Over the next year or so, I think we'll see a dramatic change away from a policed security model to a community owned security model and as a result there'll be fewer incidents and people will enjoy a better working environment.
Here's to Primary safety!
*Look 2/3 the way down the article.
In a car, it's all about secondary safety - when you've had an accident, the metal cage, the seat-belts and the air-bag are all there to keep you safe. The car has become responsible for your safety. In contrast, when you learn to ride a motorbike, the instructors are at pains to tell you that keeping safe on a motorbike is all about primary safety: Don't have the accident in the first place. In other words, nothing else is going to take ownership of your safety, it's in your hands and your hands alone.
I strongly believe that IT Security needs to be like motorbike safety: Do everything you can to ensure that the incident doesn't happen in the first place. The question is, how do you get primary safety in the workplace rather than needing to rely solely on secondary safety?
I think it's simple: Primary Safety is about process, policy and training. Above all though it's about treating your employees like adults, giving them a sense of their own responsibility to keep the company safe and giving them the tools to enable them to have that responsibility. I'm not advocating removing secondary safety services, but if someone has no responsibility then they don't care about it because it's someone else's responsibility if things go wrong, not theirs and the risk of an incident is thus higher.
Investing in primary safety, giving people that responsibility and the tools to enable that responsibility will greatly reduce the likelihood of an incident happening in the first place.
If you want a non-motorbike analogy for this, there's clear evidence* of this on Kensington High Street in London. The council decided to remove all street furniture, place the bicycle bays in the middle of the street and take away all the railings. Madness you say, all that safety equipment gone, accidents will go up! No, not at all. Because pedestrians were handed back responsibility for their own safety, they were more careful and accidents involving pedestrians dropped by 44% over 2 years (the London average in comparison was a 17% drop).
The good news is that both IT Security and old-fashioned physical security are evolving fast and we're quickly getting to the stage where employees can be involvement in their own on-line safety. Over the next year or so, I think we'll see a dramatic change away from a policed security model to a community owned security model and as a result there'll be fewer incidents and people will enjoy a better working environment.
Here's to Primary safety!
*Look 2/3 the way down the article.
Subscribe to:
Posts (Atom)