As SMB’s, we are often the worst at implementing disaster recovery and business continuity plans.

Even if we ensure that we back up all data on the servers (and test it!)

Think of the following scenarios;

* a gas pipe is ruptured outside your facility, no access to the building for several days

* A minor fire in a building electrical room, again several days before people are allowed back in the building.

* A burst water main on the street.

These are not major disasters like the wildfires in California, or tornado damage.

But the end result is the same. You are out of your space for days.

Can your business keep running?

This article at smallbiztechnology.com lists 5 mistakes to avoid in disaster preparedness.

Have you thought about the number 1 mistake?

Put it off until tomorrow

Photo Credit D. Bjorn

You can subscribe to this blog by clicking the RSS icon on the Home Page!

In the first post on CI’s (Configuration Items)  I mentioned that you must give some thought to how granular you want your CI’s to be. I broke this post into two parts because it is complex and a definite information overload.

Because the more granular you choose your CI’s to be, the more complex managing the environment becomes.

The degree of detail used to describe each CI and its relationships to other CI’s can grow very quickly.

Not An Inventory

Configuration Management is not simply an inventory that you have of hardware and software.

An example I have used on this blog is receiving e-mail on your mobile device. To receive that e-mail many servers, devices, routers etc all must work together to ensure it works.

I also mentioned that I have used less granularity at edge of the network, with more towards the core. This is usually backwards for a larger organization.

Why?

In a larger organization, having very granular details on all workstations and laptops (the edge) can pay dividends several ways as your management tools can identify;

* exact hardware and software specifications – ie you are upgrading to a new program version, which machines are too old or don’t have enough RAM for the new version?

* Support teams have the ability to reduce troubleshooting time (and cost) when calls reach the service desk

So in these scenario’s we have identified issues or solved problems without having to physically visit or touch the device.

As I have worked with strong technology focused organizations, I don’t worry to much about personal computers or notebooks. (software developers change them just about every day as it is!)

And something as simple as a software developer installing an open source piece of software code, changes your CI.

So for these devices I keep it simple, I document my asset number (inexpensive asset tags can be obtained, one example is here), make, model, serial number, support agreements, contracts etc.

The core on the other hand, are the servers, routers, firewalls and other plumbing devices of the network.

On those devices I maintain a very high level of granularity. This lets me answer any detailed question regarding the configuration, specification or capability of these devices.

The CMDB

Large organizations can purchase tools and have full relational database systems that provide this map of all CI’s and the relationships among them.

I was lucky enough to have one of those tools at a previous employer (we made it!) but I have used simple tools such as Microsoft Sharepoint to good effect.

They key takeaway is to define the level that makes sense for your organization.

You can subscribe to this blog by clicking the RSS icon on the Home Page!

Analyze And Act

November 26, 2008

In an article titled; Ideas For Difficult Times, Del Chatterson states it bluntly;

..Be focused, be flexible, and be creative.
Analyze, decide, and take action. You and your business will be better for it.

Even here in Canada The OECD is now stating that Canada is, or will be joining the US in the recessionary figures dance.

In the SMB space, it can be downright gloomy just looking around.

As dark as the economy is, this can be the time to be thorough and evaluate everything in your business.

Your Market

Your market. Is there a new one, or improvements that can be made to the old?

Your Customer

Your customer touch points. Can we make it easier to talk with our customers?

I have touched on those same topics in several posts. As a Business Technology Manager I try to look at what can be done to improve the retention of existing, or acquisition of new customers.

I read a print article this week about a large ticket independent retailer that was staying in the black by aggressively pursuing an after sales service strategy.

Does your business model support that idea?

Maybe you install furnaces. Do wait for them to call you?

Or are you aggressively calling them for maintenance work?

Look at this organization, crucial.com. A commodity industry if ever there was one. They sell computer memory upgrades for your computer. But look at the web site.

Brilliant.

You run that little tool and it will show you how much memory your computer already has, and what type of memory that you can purchase for your particular model.

If you manufacture a serialized product; could that serial number present a customer a diagram, photograph, or schematic, with add ons or upgrades available?

Cutting costs is one thing.

Looking at how you sell, to whom you sell, and how easy you are to purchase from can raise the other side of the coin.

Revenue.



Photo Credit

You can subscribe to this blog by clicking the RSS icon on the Home Page!

SMB’s and Database Security

November 25, 2008

As a manager in the SMB space, maybe you use an accounting package such as Great Plains, maybe you use a manufacturing package, compensation package, or resource planning package.

You are familiar with the login screen that you type in your user name and password to access thae functionality of the appliaction.

But all of those applications utilize a database engine that stores the data in those tools.

Guess What

Those database engines have their own login ID’s and passwords. Not related to your program in any way.

Do you know what they are? Do you know who has access to them?

Because access to these acounts is access to all data in that financial package or manufacturing tool.

Yes – that includes the sensitive stuff.

Yes – that also includes deleting stuff.

As this article by John Hazard at eWeek states;

The survey recounts the DBAs’ concern over users with too much power to alter the data and upset the applecart.

*Sixty percent of respondents said they are powerless to prevent users from reading or tampering with sensitive information in financial, HR or other business applications.

*Thirty-one percent said users can bypass applications and gain access to application data in the database directly using ad hoc tools.

*Thirty-nine percent said they don’t have the monitoring capability to even know when such an event occurs. Another 25 percent couldn’t answer the question.

It could be relatively minor, (what is Jane’s commission cheque going to be?) or it could be major. 2.5 Million major.

And that can include default passwords that people forget to change.

Benefits, Not Features

November 24, 2008

Planning an IT purchase is not the same as planning to buy a car.

All the features available on a luxury car are useless, if the benefit you require is to push a snow plow through 3 feet of snow.

So when that tech vendor starts describing all the features. Ask what the benefits are.

It goes without saying, you need to know the benefits that you are looking for.

If you don’t know where you are going, any road will get you there.

Wrong Way

Wrong Way

Photo Credit

You can subscribe to this blog by clicking the RSS icon on the Home Page!

Getting Rid of the Rules

November 20, 2008

An excellent post by Mike Moran on his Biznology blog titled; Losing the Web Standards War? Tools, Not Rules

…What each of these techniques have in common is that they make following the rules easier than ignoring them

I actually read that post a few months ago, printed it and stuck it on my wall.

The same advice works in many places in the small business / medium business space.

Because as Mike elaborates, it may be a policy, a guideline, a process, a procedure; basically any method that we use to provide a framework for getting work done, or to use as a tool to improve consistency and reduce training costs.

In the SMB space, the harder we make it to screw up. The less screw ups we have to fix.

You can subscribe to this blog by clicking the RSS icon on the Home Page!

You Don’t Take Me Seriously

November 19, 2008

I know you don’t!

You are flying out Monday to meet Rick and his team, I know that you worked on that financial report on me all weekend. But you don’t know that my hard drive has about two more boot ups before it dies. Whether that second boot up happens on the airplane or his office, well, you won’t know until it happens.

What will you do then?

I want you to take me seriously!

Your presentation looks great! Really! you should knock the socks off that prospect.

Oh, I forgot to tell you, we little USB thumb drives are pretty small, and, well, when you went to pay for that no foam, low fat latte, I fell out of your pocket.

Hope you have a plan B!

You never take me seriously anymore!

So I’m old am I? It took you just a few minutes to transfer all your sensitive information from me to that fancy new phone! It was a piece of cake.

I hope you know that the chap on e-Bay that you sold me too likes me. He says you left a copy of all that sensitive info still on me. Not sure what it means, but he said something like pwned.

Is that bad?

Thanks to Rebecca Jestice who provided the seed for this post 🙂

You can subscribe to this blog by clicking the RSS icon on the Home Page!