Discover Your IT Blind Spots. Emerging Technology Trends & Threats

Transcription

1 Discover Your IT Blind Spots Emerging Technology Trends & Threats

2 IT blind spots are hidden (or silent) pieces of information within a business environment, that typically go unnoticed until it is too late. These blind spots are encountered in the form of employee dissatisfaction/turnover, competitive losses, inefficient processes, runaway IT expenses, sustained downtime or a significant cyber breach.

3 1 Inconsistent IT Feedback Your loudest employees are disproportionately influencing your IT Investments. Create an IT customer satisfaction feedback process that does not reward the loudest employees. Instead, allow their feedback to be put into the proper context. Create a data driven process by establishing an annual survey that requests feedback on your: Business Processes (Where do we have inefficiencies or bottlenecks?) Key IT Investments Training & Proficiency Use a simple satisfaction scale and survey tool to create a baseline. (1) Extremely Dissatisfied, (2) Dissatisfied, (3) Average, (4) Satisfied, (5) Extremely Satisfied Strive for 80% satisfaction on key technologies that are the backbone of your business. For respondents answering average or below, ask them for additional information during the survey. Use one of many inexpensive survey tools that are available on the Internet such as etc. Communicate the results of your IT survey as a part of your Strategic Planning process. Demonstrate to your employees that this process will help to influence how IT Investment decisions will be made in the future. Later communicate how their feedback led to new IT Investments.

4 2 Lack of (or poor) Training Making IT Investments without a training strategy, will lead to poorly utilized solutions. Most companies rely solely on cross-training for their IT solutions Only as good as what the instructor remembers and their current level of motivation. Training guides are usually outdated and do not match the business processes. Work arounds are manifestations of poor training I did not know the software could do that. Align training with the business process that they are helping to execute Show how their activities are supporting a larger process to provide the right context. Create a non-punitive culture around asking questions why are we doing it this way? Statistically speaking, good IT training leads to the following improvements (IBM Survey): 19% improvement in employee satisfaction and engagement. 14% improvement in productivity. 17% improvement in customer satisfaction. Create a simple method for creating training materials and content First Business Example: On a recent Salesforce.com implementation, we used short (2-3 minute) video clips to demonstrate the functionality of the system. We used a tool called Adobe Captivate ( which can be learned quickly to author custom training videos. These can then be edited in the future if the system changes.

5 3 Total Cost of Ownership (TCO) The true cost of your IT Investments are buried somewhere in the balance sheet. Do you know how much you have and are willing to invest in your IT solutions? Align your IT Investments to your key business processes to create better visibility. Organize Investments for both client facing processes and internal processes. Measure the performance of your IT Investments Capture all costs associated with IT Investments Initial Implementation Costs (OpEx & CapEx) Licensing or Subscriptions Upgrades Costs or Enhancements Renewal Increases Customizations Integration Data Migration Software Maintenance Hardware Maintenance Business & IT Resource Utilization (Use Blended Rate) Measure both Business and IT performance associated with these Investments Establish process based metrics for your IT Investments Measure employee satisfaction Measure IT service/support turn-around-time

6 The app revolution is going to push the limits and capabilities of your current legacy software. 4 Outdated Software 1.2 Million Apps and over 100 Billion App downloads (Apple App Store) Specific purpose, ease of use and intuitive (limited/or no training required) All of your legacy software will be put through this new simplification filter Legacy CRM Solution for First Business High level of dissatisfaction with legacy Microsoft Dynamics CRM Solution Was deemed to be difficult to use which led to low/poor user adoption Hard to find and enter information quickly Not viewed as a daily use tool Case Study: First Business implementation of Salesforce1 Designed a simple and standardized sales process across all business lines Used the Salesforce1 user interface across all platforms: PC s, Laptops, Phones & Tablets Integrated Business Intelligence and Marketing Automation solution. Standardized design allowed for productivity metrics to be more transparent Will allow for integration to other legacy business processes in the future Request the development roadmap for your key legacy systems Are your software vendors planning to develop new user interfaces (UI) for their products?

7 Caveat Emptor - Let the software buyer beware. 5 Software Promises Information Asymmetry: Defects in the good or service may be hidden from the buyer and only known to the seller. Remember that software can actually do anything all it takes is time, money and resources. During the procurement cycle, ensure that your key needs are met through demonstrations. Research is the key to making good IT purchase decisions. The leading vendors of any IT solution will always market their rankings associated with Gartner s Magic Quadrant ( or Forrester s Wave ( The leading vendors will allow you to download these white papers for free, which will show you an analysis (pros and cons) of all of the vendors in that space. Conduct blind reference checks if possible. IT vendors will always give you their best references to call for feedback on their product/service. Use their website to find references that they did not provide to you and contact their CIO or CFO directly for candid feedback. Case Study: First Business implementation of a Business Intelligence (BI) Tool BI Tools like Qlik, Tableau and Birst are in high demand. These tools are all dependent on the underlying source systems that produce your data. BI vendors will show you a one-time snapshot of charts based on stale data.

8 6 Avoiding The Cloud Proven cloud technologies will save your business money and make you more efficient. If you have not yet embraced a Cloud Strategy, start with the proven technologies (Forbes): 66% - /Messaging [FB: Microsoft Office365] 61% - Collaboration/Conferencing Solutions [FB: Microsoft Office365] 50% - CRM / Salesforce Automation (SFA) [FB: Salesforce.com] 47% - Human Resources [FB: ADP HRIS] 39% - Content Management Systems [FB: Evaluating] 38% - Customer Service / Call Center 36% - Business/Data Analytics [FB: Birst] 35% - IT Infrastructure Management 36% - Financial Management (AP, AR, etc.) [FB: Evaluating] 31% - Security Management [FB: Dell SecureWorks] 30% - Enterprise Resource Management 25% - Supply Chain Management 25% - Compliance Management 19% - Product Life-Cycle Management If you are concerned about Cloud security, there are ways to protect your information assets: There are many good vendors and consultants that specialize in this space, since one size does not fit all.

9 Your IT environment may have single points of failure. Just ask. IT Departments/resources are typically over extended and holding the pieces together What exists in your IT environment today, that could disrupt multiple systems/processes? Single points of failure never matter until it is too late and the problem is realized. Develop an open/candid dialog between IT and Management regarding known Risks. These Risks can disappear overtime due to employee and vendor turnover. This will lead to discussions on how to best mitigate this risk including the need for redundancy. 7 Unspoken IT Risks The following are the top areas to discuss regarding IT single points of failure Power: What is (or is not) protected in the event of a major power outage? Voice/Data Circuits: If we loose circuit X, then we loose major process/service Y. WAN/LAN Electronics: If we loose device X, then we loose major process/service Y. Premise Cabling: If we loose backbone cable X, then we loose major process/service Y. Servers: If we loose server X, then we loose major process/service Y. Storage: If we loose (or run out of) storage system X, then we loose major process/service Y. Fire Suppression: Do you have overhead water sprinklers near key pieces of equipment? Administrator Passwords: How many exist, how are they controlled and what is the backup plan?

10 Allowing weak passwords across your IT environment could lead to your first cyber breach. Implementing and enforcing complex passwords should not be negotiable This is the weakest link from a Cybersecurity perspective. Do not allow for a ease of use debate to occur on this topic. You should also look to enforce complex passwords for your key applications. Free password cracking tools are routinely used by cyber criminals and security professionals Tools such as L0phtcrack ( can exploit weak passwords within seconds. Your System Admin can also use this tool against your environment, to show you were you may have immediate vulnerabilities. 8 Weak Passwords Complex passwords can be enforced by a System Admin and should have the following: Minimum requirement of 8 characters and now moving to 10+ characters Uppercase and lowercase letters Numbers and symbols Move away from single dictionary words to long phrases with a mix of the above attributes Consider using a password safe App on your Smart Phone, which can encrypt this information Make sure it is reputable and has an industry track record (e.g. LastPass)

11 You will never stop every phishing attack, which can open the back door of your network. Over 1 million new malware threats are being released on a daily basis You will never be able to stop everyone from clicking on a phishing attempt. SPAM Filtering and Anti-Virus Software will not catch every malware exploit. Many of the variants are exploits that have existed since Clicking on these links will deliver an exploit to that device, creating a back-door to your network. 9 Malicious Phishing templates were once very generic but are now very sophisticated Social Media s (e.g. Facebook, Twitter, LinkedIN, etc.) Encrypted Mail Envelopes UPS/FedEx Delivery Notifications Unsubscribe Links Parking Fine Notifications Bank Notifications Fraud Alert Notifications Invest in end point threat detection and monitoring If you have a firewall blocking the front door, you also need something to protect the back-door.

12 Hackers use home computers to gather intelligence for broader attacks against businesses. Most individuals are not aware that their PC may already be compromised In 2014, there were 12.7 million Identity Theft Victims with over $16 billion in losses. Common problems associated with home networks/computer security Wi-Fi routers are left with the original default Administrator password (e.g. =password). Most individuals do not use Anti-Virus software at home. Not receiving and applying security patches automatically for Windows. Turning off the software firewall in Windows to get something working. Most free games/apps downloaded will contain malicious exploits. Browsing to various sites that will download exploits in the background. 10 Your Home PC What can be done? Ask someone with experience (or hire someone) that can help you to secure your home devices. Think about what you are storing and accessing on your home PC related to your company. Webmail, VPN access, Citrix access, file access, etc. Enroll in Identify Theft protection. It will be the best $10/month that you will ever spend. I personally know 3 individuals that had their Identity stolen and this service took care of the entire process of remediation from start to finish.

13