Posts

Evaluating Your IT Department? Take This Checklist!

The role of information systems professionals in the modern workplace is rapidly evolving as cloud solutions provide more affordable options. Businesses of all sizes are now evaluating their IT needs in order to determine whether they are operating as efficiently and effectively as possible.

IT expertise is more important than ever, since businesses rely on their applications and devices to conduct business each day. But automation has also made it possible to operate with minimal staff, which is good news for smaller businesses with limited budgets. As you work to evaluate your own IT department, here’s an all-inclusive checklist for your consideration.

Security and Network Support

The security of your data, applications, and websites is crucial to your success as a business. One data breach can cost your business thousands of dollars in fines and loss of customers, as well as damaging the reputation you’ve worked so hard to build. As you evaluate your IT department, take a careful look at your security as a top priority.

„       Anti-malware measures—Are measures in place to make sure your servers and devices are safe from malware and hacking attempts?

„       Employee education—Does your business actively work to educate employees on the importance of responsible online behavior and password management?

„       Disaster recovery—Is a Disaster Recovery Plan in place to protect your business?

Application Support and Security

If your employees access in-house applications in the course of conducting their work, those applications must also be protected and supported.

„       Password management—How are passwords issued and managed for your applications? Is immediate help available when employees need a password reset or issued?

„       Training and support—Is training available for new employees? If an employee has a problem using the application, is that help available? Are employees satisfied with the level of support they’re receiving?

„        Upgrades and bug fixes—Can employees report issues with the application? If so, how quickly are they resolved?

Desktop Support

Once the backbone of an organization’s IT department, desktop support has dwindled in recent years. Thanks to remote desktop software, support can be outsourced and conducted by phone or live chat. Is this support sufficient?

„       Problem resolution—If an employee experiences difficulty with a system, how is support provided? Are employees satisfied with the quality and turnaround time of this service?

„       On-Site support—When new equipment must be set up or hardware problems are reported, is on-site support available? Are employees satisfied with the quality and turnaround time of this service?

This checklist can help you determine what changes you need to make in your IT department, if any. Whether you decide to maintain current staffing levels, to outsource, or to increase the quality or quantity of your IT staff, a checklist can help decide where you’ve been and where you should go next.

Could Co-Sourcing Be the Right Choice for Your Business IT Needs?

handshakeEven in an era of professional IT services, businesses aren’t yet willing to get rid of on-site IT staff. In fact, those support and development team members are usually crucial to business operations. They have years of experience and knowledge that can’t be replicated by a third-party provider.

But as businesses see the value in outsourcing services to talented service providers, a new term is emerging for the hybrid model seen in many companies today. Co-sourcing is the process of having a company’s IT department work in cooperation with third-party services to ensure a company is armed with the tools it needs to succeed.

What is Co-Sourcing?

Co-sourcing is a compromise between on-site support and outsourcing, with businesses choosing to retain some or all technology staff while still sending resources to the cloud. With co-sourcing, a business sees IT outsourcing as a partnership, rather than a process that requires full reliance on vendors. Co-sourcing gives the business a greater sense of control, since they’ll have on-site representatives looking out for their needs.

Business Meets Technology

In many instances, businesses are finding that on-site technology staff become more business-based, working on such tasks as business development and project management. Menial, everyday tasks can be offloaded to the third-party vendor but those tasks crucial to business development can be handled in-house. An IT team can take over the task of finding and overseeing deployment of great apps that can improve administrative tasks, for instance, while the vendor handles daily server backups and system updates.

As the cloud eases the burden on IT staffs, many are choosing this co-sourcing model, leveraging technology team members to put IT to use in business processes. This can provide personnel to handle everything from data analytics to user experience testing. All of this will put businesses in a position to tackle the technology challenges ahead without compromising day-to-day computer and network support.

Cloud Services Need More Data Security Transparency for Better Risk Management

Customers of commercial cloud computing services, notably SaaS (software as a service), are realizing serious data security holes in the contractual provisions of what is acclaimed by many as a practical cost-cutting IT solution. The IT market analyst Gartner has released a comprehensive report pointing out some discomforting oversights in cloud computing contracts which it characterized as containing “ambiguous terms” involving the maintenance of data integrity, confidentiality, and data recovery after a system failure leading to loss or compromised data housed in remote cloud computing servers.

The Problem Uncovered by the Garner Report

The situation has highlighted risks to data security that has led to jitters among cloud service customers while making it more difficult for service providers to rationalize the risk they expose their clients to without any clear contractual provision that can allay their data security fears. According to the Gartner report, 80% of IT professionals overseeing the contractual purchase of cloud services will remain dismayed over the inadequacy of data security protection in SaaS agreements with providers up to the year 2015.

The analysis section comprising the main body of the Gartner Report has sub-section titles that clearly indict the current state of SaaS contracts in the area of data risk management. It cautions cloud users not to use SaaS contracts as a “Hedge against Risks,” and not to be complacent in assuming that these contracts provide the company with “Risk Transparency” or the “Adequate Service Levels for Security and Recovery.”

At the moment, there is no standard or consensus among cloud service vendors on how best to provide the proper data security commitments. SaaS vendors would naturally want to expose themselves to as little commitment as possible. Among them, a single failure that compromise data security could affect several hosted customers so that even modest compensation costs could easily rack up. As a result, most cloud providers deliberately avoid such contractual obligations, some preferring to provide less expensive penalties in the form of services in kind in the event they fail to live up to any part of the SLA.

Putting in the right SLA provisions

According to Alexa Bona, VP of the prestigious firm, cloud service users are getting frustrated over the lack of transparency provided by current and prospective cloud service providers in risk management. She added that at the very least, cloud users should ensure that the SaaS agreement they enter with providers contain a provision that allow for an annual 3rd party security audit and certification, as well as the option for a unilateral termination of the contract should the provider fail to perform such measures.

Cloud customers should demand that SaaS providers respond to audit assessment as required in mitigating the risks. Bona refers to the Cloud Security Alliance (CSA) whose “Cloud Controls Matrix” in spreadsheet form effectively provides a comprehensive model listing the necessary control objectives considered by CSA participants as having high priority in cloud computing security. The more users demand this level of commitment, there is a higher chance that service level standards will improve, and covering data protection risks can become common practice among vendors through regular assessments as simple as service questionnaires, responses to 3rd party audit assessments, and client’s own on-site audit checks.

The report’s analysis section ends with the admonition that users should not assume that SaaS contracts have enough data security and recovery provisions in their service levels. This has obviously been the case so far and users reviewing their contracts with cloud service providers are recognizing the loopholes that expose them to the risk of data losses and recovery problems they didn’t have before going into cloud computing.

IT professionals responsible for procuring cloud services must ensure that their SLAs contain specific provisions that contractually obligates service provides to meet company expectations in protecting data from external attacks, theft and implementing data recovery. The Gartner report recommends that SLA provisions should include data recovery objectives, recovery time thresholds, and data integrity measures with sufficient penalties if missed. IT service procurement executives should ensure that there is enough security commitments in writing which, at the bare minimum, provide for regular penetration assessments by 3rd party security auditors, and an obligation to correct any potential problem uncovered by such audits. Needless to say, failure to act on the audit assessments should give customers the option to cancel the contract as well as demand a meaningful monetary compensation for any failure to address shortfalls in the security audit.

The risk implications to the business have driven IT professionals in the areas of data recovery, security, business continuity, and standards compliance to voice their concerns in the purchasing process when getting into commercial cloud services. Bona sees their active participation from here on in reviewing contracted SLAs to ensure that such agreements hold up to the company’s data security standards by having sustainable deals for adequate risk management on the part of cloud service providers. Lastly, Bona advises that cloud customers should seriously consider 2-3 year fee liability limits, instead of the usual 1-year period, along with procuring added risk and liability insurance policies whenever possible.