Posts

IT isn’t just about filling seats

No matter the size of your business, no matter what the product or service, your company is at least partially reliant on technology to survive and function in today’s marketplace. It is just unavoidable. A significant portion of everyone’s business is online in some fashion or other. And internal operations and administration are dependent on databases, servers on-line access, etc. A large and diversified company has the depth of staffing to fully support all of its IT infrastructure needs. Unfortunately, this is not the case with small- to medium-sized businesses, and it is absolutely not the case for recent startups struggling to get a foothold in the market. SMBs are generally forced to focus all of their resources on the operations that drive revenues. For example, how many small firms have a trained human resource practitioner on board, even though the lack of one can leave them vulnerable to a number of legal and staffing issues? Very few. They just don’t have the resources to devote to anything that isn’t sales or a critical line operation. The same tends to be true for an IT infrastructure support staff and the personnel “required” to support it 24/7.

The question then arises, how does an SMB begin to bring on the necessary resources to support their IT needs? A common solution is to bring on a generalist who will act as the IT director/manager and then that person will bring on additional, more specialized staff as revenue growth permits.

This is a pretty standard model for addressing IT support needs for a growing SMB. But does that really make the most sense? The issue with this model is that it follows a typical, hierarchical company org chart, but doesn’t necessarily meet the needs of a SMB. The IT demands of a typical company are very diverse, and one individual doesn’t have the depth and breadth of experience to significantly support every corner of your IT infrastructure. When resources for IT staffing are limited, creating the IT department that covers everything can be unrealistic. Building out this traditional model takes time and resources to make sure you have the IT support that possesses all the diverse skills needed to meet the many requirements of a sound IT infrastructure. As a result, this model may not truly meet the immediate/urgent needs of a developing or transforming organization. The alternative IT support is not from an organizational chart approach but from a risk management one.

What do we mean by a risk management perspective? For any business, but especially a smaller one without deep pockets, the consequences of some disaster may mean the end of the business. As a result, risk evaluation becomes critical. There are an endless variety of events, from mishaps to major disasters that challenge your viability. Risk management inventories all of the possible risks that could befall the organization and places them in a hierarchy of significance. At the top are single points of failure disasters or extreme events that would shut down the business, at least temporarily. Risk management then works to channel limited resources toward mitigating the most serious risks. How does this reflect on how you bring on IT support in your business? You bring on the support, either through hiring or an MSP on the basis of where your IT infrastructure is most vulnerable, not on the basis on “positions’” to be filled. This is a different approach and more appropriate for a SMB that has limited resources.

/by

Risk assessment: A Value model

Risk assessment means looking at all the conditions, situations and threats that exist that could damage or bring down your business. Risk assessment is all about identifying the external and internal threats that exist and measuring the likely consequences if that threat becomes reality. A data security risk assessment would identify what data you have, how you use it, how confidential it may be, how it is affected by regulations and the ways it could be compromised. A major focus of a data security assessment is cybercrime.

In terms of developing an IT staff, the alternative approach to building out a team is to determine your IT staffing needs in terms of risk assessment. That means evaluating risk and directing staffing resources to those areas where the risk is greatest and the consequences most severe. Basically, it is an evaluation on the ROI of your IT staffing in light of identified risk. In particular, what is the return on your risk management investment? The goal is to evaluate risk in light of business and operational consequences. Put simply, which point of failure leads to the most destructive consequences. Once that is determined your limited IT resources can be directed at those most critical areas.

In the short term, you can try to find the specific applicants that have what you need to plug the holes. Is that workable given the challenges to hiring? The market is very competitive.

The alternative is an MSP. Using a Managed Service provider for at least some of your most critical needs can be a very effective way of targeting your IT resources to where you are most vulnerable.

You have more freedom to move resources to where they are most needed.

Opting for an in-house IT team limits you in terms of scalability. You cannot just add or reduce the strength of your IT team anytime. Choosing a managed services provider, however, provides the flexibility to scale up or scale down your IT investment to suit your business needs.

You are better prepared for IT emergencies

Having a service contract with an MSP helps you tackle IT emergencies better because you get access to top-level IT expertise. An MSP’s core business is IT so they are naturally more knowledgeable and up-to-date when it comes to the latest IT challenges, including cybercrime. Plus, an MSP can deploy more resources if need be to solve your IT emergency, helping your business get back on its feet sooner.

You will be ahead of the curve

The IT industry is constantly evolving. The in-house IT team may find it challenging to keep up with the latest trends and norms of the IT industry as they will be caught up in managing the day-to-day IT activities at your office. Also, IT is a very broad field, and only a diverse IT team has the depth to cover all of the different areas. With an MSP, you don’t have to worry about how technology is changing. A good MSP will not only be up-to-date with the latest in tech but also advise you on what tech changes you need to make to stay ahead of the curve.

The lesson for hiring IT is that you should focus resources, be they in-house or external, on the areas where your business is at highest risk from a single point of failure or a cyber attack. Not all IT needs are equal, and traditional models don’t always recognize this. A Managed Service Provider can also assist you in determining a hierarchy of your IT needs.

/by

Roadmaps for Data Security and for Strategic Planning

It is time you were encouraged to stop looking at the technology you use to run your business as just some reliable piece of invisible infrastructure that hums along in the background.

Instead, business owners should look at technology from a strategic perspective. What can technology do to support business in the future? How can new technology help your present business evolve and adapt to new market demands and customer expectations? For instance, AI is a new technology that may create serious disruption in many industries. Failure to think into the future could put a business at a disadvantage. Unfortunately, most small businesses face two challenges that make it difficult to incorporate new technology into their strategic plans.

    1. In-house staff focus more on maintaining existing technology – For many SMBs, in-house IT staff resources are limited. As a result, much of their time and attention must be focused on putting out fires and handling emergencies. Beyond that, day-to-day maintenance and support of your IT infrastructure is probably stretching them past the breaking point.

 

  1. Leadership expertise in SMBs is concentrated entirely on running the business and growing revenues. Very simply, SMB leadership’s skills are in their specific industry. Management needs to be focused on the product or service and driving revenues. The issues get back to “core competencies.” A business that gets distracted from its core competencies may damage its focus on quality and meeting customer expectations.

Because of these two challenges, SMBs tend to not integrate technology into long-term strategic planning. They simply don’t have the luxury of devoting resources to IT planning. There is a solution, however. An MSP has the depth and breadth of resources that you could never hope to build and manage internally. To do so would drain management focus and be financially unsupportable.

What can an MSP bring to a small business? Here are six areas where an MSP can help a small business act strategically and integrate technology into long-term growth plans.

Building a Technology Roadmap

At the heart of a technology roadmap is this question: “Can technology improve the delivery of products and services or improve qualitatively the nature of the product or service itself?” A technology roadmap works to develop a complete, concrete answer to this question. It is a long-term planning document that defines how and what technology should be incorporated into the growth of the business. Individual parts of a roadmap will address specific aspects of the company’s technology such as software development, infrastructure upgrades, digital transformation, and product innovation. A technology roadmap that includes product innovation is especially important. The roadmap may also include research and development initiatives.

Creating a Security Roadmap

A security roadmap is the result of a risk management analysis. By analyzing the vulnerabilities in your IT infrastructure, including cyber security threats, an MSP can create a security roadmap that identifies all the actions that need to be taken to fortify your IT infrastructure as much as possible. Like a technology roadmap, it is a specific plan for ensuring that your data, network hardware and software remains safe from cybercriminals. Data is critical to your business. It is proprietary and it is also very vulnerable to theft. A data breach can be a real threat to the viability of your business. The legal and reputational consequences can take down a small business. A security roadmap can include:

  • Determining what regulations govern your data (HIPAA, GDPR, FERPA, etc.)
  • Developing access protocols
  • Training employees about human vulnerabilities to cybercrimes, such a phishing
  • Creating effective backup procedures, which are a particularly important defense against ransomware attacks
/by