There is a place and time for sharing. Share your color crayons, share your toys… share your feelings with those you love. But when it comes to business technology and infrastructure, sharing isn’t always the best approach. Some things you should just keep for yourself… like the servers you use for hosting business desktops, desktop applications and business data.
When we first began the journey of bringing small business desktops and applications like QuickBooks to the Internet, the “cloud” was not yet a thing. Hosting providers put up servers in racks in data centers, installed software and stored data on behalf of customers, and did their best to find ways of making the service affordable. Elastic resources, massive scalability and built-in redundancy (which are benefits of a real cloud fabric) were not generally available nor were they even remotely affordable. Because the hardware, networking and other resources that make up the hosting infrastructure is costly, it is important for the hosting service provider to be able to spread those costs across the entire customer base.
In most cases, this meant creating shared servers where many customers run their applications and store their data. Even when a provider suggests that a customer has a “private” server, there is still a good chance the server is using shared storage and/or networking resources made accessible in the environment.
Sharing can be a good thing or a bad thing, and it often depends on the behavior of those involved. In shared application hosting environments, particularly desktop hosting environments, there is a lot of potential for intentionally and unintentionally causing problems that can and will impact other users and customers on the platform.
A simple provisioning error might allow a user to see data belonging to another company or have access to applications or services they should not.
With shared resources, bad actors and intruders can often escape permission boundaries, attaching to network shares and other computers on the platform.
Malware accidentally introduced by an innocent user from one company could easily penetrate the entire system, following paths to data storage locations and other servers, spreading the problem to many customers and systems and even data centers.
If you are operating on the compromised system you are at risk, even if the compromise wasn’t initiated by one of your users or from within one of your applications.
In the realm of QuickBooks hosting providers, the issues around sharing infrastructure and resources have created some very difficult situations for hosts and for their customers alike – especially when it comes to dealing with computer viruses, malware and ransomware. A few high-profile events, as well as numerous incidents which have flown under the radar, have revealed just how damaging the shared approach can be.
With the IRS, AICPA and other agencies issuing increasingly strong guidance for tax and accounting professionals to protect client information, finance professionals should strongly consider the risk introduced through shared hosting service arrangements and evaluate if it is greater than the costs of having a more private system.
Cloud platforms available today are fully matured, delivering scalability and agility at price levels that are affordable even for very small businesses. No longer solely for enterprise enjoyment, real cloud solutions and delivery models can be used by small businesses for desktop and application hosting without compromise. Every business deserves their own cloud, and we know how to make that affordable.
Cooper Mann works with teams deploying on the Microsoft Azure platform, offering an agility in design not previously available with legacy computing approaches. Because every delivery is absolutely private to each customer, the solution can be scaled up (or down!) on demand to suit the specific needs of the individual business. More important is the fact that each customer operates separately, so any bad behavior the system may suffer from is their own.
Over the past few weeks, I have received calls from clients that have current versions of QuickBooks (2017, for example), but the software isn’t able to update because the customer doesn’t have a maintenance plan for the software. QuickBooks displays the message saying updates are available, but the user isn’t able to download the updates and receives a message indicating that they do not have a current or in-force subscription.
Intuit is making it clear that maintenance and support is not longer an option with QuickBooks. Not having maintenance means not getting updates, and not having updates means parts of the software and its connected services stops working. Now, even your desktop QuickBooks is exclusively subscription-based.
When discussing how a business operates – how folks in the company go about the business of getting work done – the conversation almost always boils down to a discussion of the problems, conditions and challenges to consistently getting the work right and on time.
No mud. No flow. We got to go. (Deepwater Horizon, 2016)
Sometimes the focus is on people and other times it is on resources or processes, but the underlying context is that there are kinks in the line which interrupt the flow. When the flow is interrupted, bad things can happen.
The flow in business is the workflow: those strung-together processes which make up the work and form the operation.
The workflow guides workers in the performance of their jobs, informing them about who is supposed to do what when, and sometimes even why.
Structured and managed workflow drives the 3 E’s in business: Efficiency, Effectiveness and Evolution.
In almost every discussion about structuring work and documenting processes and procedures, the terms “efficient” and “effective” come up. In fact, it is hard to have a conversation on these subjects without running into those terms. Most organizations recognize that worker efficiency and process effectiveness are guided and informed by structured workflows, so desk reference guides and operations manuals become the norm. What may be somewhat less obvious is the evolutionary aspect of modeling business workflows, where improvements small and large may be uncovered or identified at any level of work while it is being described and modeled. A solid workflow management system serves to remove any memory impairment in a business, memorializing not just the process but its result as part of the historic record of the business. This data assists in supporting ongoing process evolution, ensuring continued alignment with changing business conditions and goals.
Modeling the operation and applying conditional elements like timing and resource availability can make the difference between useful guidance and a semi-useful handbook of procedures.
As business conditions change so does the workflow. Unlike with printed manuals, the software system that is used to structure workflows and provide worker guidance can also supply data necessary to support change. Using a software solution to manage workflow creates an agility in the business that is necessary to make meaningful adjustments when it matters –prior to or with change, rather than far after.
This article is the 3rd in series, and focuses on how business workflows are supported and informed by the right software solution. Even more, that activity tracking and process controls should be part of the structure and foundation for worker activities, where workers perform their job functions while the systems that guide them capture meaningful information regarding those activities and transactions.
The thesis is that creating structured workflows not only informs workers what is expected of them and when, but the act of creating and updating the workflows helps identify disconnected processes, finds missing process data, smooths cross-functional transitions, and identifies missing or ineffectual policies. There are numerous conversations and interactions that wrap around or influence every activity and transaction. The goal is modeling the business and workflows in a way that not only defines worker activities but also connects those activities (transactions) to the related documents, contacts, policies and other data involved or impacted.
Whether there are a few or many individuals involved in the business, there are tasks and activities which must be performed in particular order and manner.
For a few people to efficiently and effectively manage the work, it is essential that there be clarity in what should happen and when and by whom it is to be done. It may seem that crafting workflow systems to guide these activities could be overkill, where a few people could communicate directly and let each other know what and when. Really, it only seems that way and typically only when things are going just right. Change a factor or condition or make an individual unavailable to perform the work and things can change dramatically. What was once a seemingly straightforward operation becomes mysteriously ineffective when critical players or information are no longer available.
Without structure to guide and support the entire organization, any part may fail to perform when the essential elements holding the process together are removed. The result is dis-satisfaction with the work as well as the result. In the end, it means reduced performance reflected as lower productivity, lower work quality, lower customer satisfaction levels, and lower profits. As with any legend or lore, details in the “tribal knowledge” are lost over time and what was once trusted and workable ultimately fails in the face of progress.
These truths became the focus of a conversation with Jerie Harrell of Small Business Solutions LLC (SBS) based in Huntsville, Alabama. Jerie works with Bob Crook, also known as “QB Bob,” and his team of certified consultants offering on-site and remote setup, training, instruction, and ongoing maintenance of QuickBooks financial solutions for small to mid-sized businesses. SBS prides themselves on forming long-term relationships with their clients. According to Jerie, the team “is always there after the sale; we don’t walk away after a customer buys from us”.
“I often tell clients we are like an Oreo cookie, with the accountant on one side and the client business on the other” Jerie says. ”We’re the creamy center that holds everybody together and makes things work together. The client’s business is more efficient and gets things done faster with our support, and the accountant gets better data”.
Keeping things coordinated with the consultants, supporting clients and managing ordering and other activities keeps Jerie very busy most days. Layer into those responsibilities the added requirement to plan for expansion and train new personnel and the workload gets even bigger. There is a lot of information to manage, lots of procedures to work through, and the regular work needs to be done completely, accurately and in a timely manner or the machine breaks down and customers don’t get the products or services they need when they need them. Just thinking about taking a vacation or maybe even retiring causes chills to run up and down her spine because Jerie knows she has more work to do before that could really happen. This is where the discussion about workflow and process support really started.
Jerie knows that you have to “keep things simple and keep the flow simple” in order to get everyone to participate. Her background in process analysis and improvement is really helpful to the business, because it enforces the understanding that things need to be fully documented and communicated clearly. “If you get things written down.. the processes and procedures, then the staff can be more efficient and effective. They get more work done, production goes up, sales go up, and then you can hire more people. “
Speaking of hiring new people, this is another area that Jerie knows she needs to address and is among the reasons for looking at a structured workflow system. Also, while the idea of retirement sounds increasingly attractive on some days, the challenge is that Jerie’s job has been developed over many years and there isn’t a comprehensive guide to how she does it all. She has created a way of working and a flow that meets the needs of the business, and transitioning all that knowledge is no small endeavor. “Having things structured and documented is the key. I always have procedure manuals on every desk, but that doesn’t cover everything. The workflow, time management, and the underlying processes should be visible to others because even if a key person isn’t available, business still has to go on”.
Synergy Enterprise is a business management solution from the Dutch software company Exact (www.exact.com).
Looking at CRM and workflow solutions, and specifically at the Synergy Enterprise system from Exact Software, is the next big step in solving the workflow problem and setting up the business to learn more from its activities.
“Transparency in the workflows and processes allows you to analyze them, identify bottlenecks and where improvements can be made” says Jerie.
“It’s like TQM (Total Quality Management) embedded in the CRM: you manage from the bottom up. When I look at CRM, I really see workflow. It’s everything in the business: everyone is a customer… even your boss is a customer, and the goal is to provide great customer support throughout the organization. I try to help inform management about work performance, but there are a lot of issues that are intertwined. How do you measure that without a good system?”
Summing things up, Jerie suggests that implementing Synergy in a business might be similar to using something like Google Analytics to analyze and understand website activity. She asks “why not track the activities performed in everyday business? Why did the customer not buy from you and what needs to happen to change that outcome? You need to know more!”
All three E’s are there, and I couldn’t have said it better myself.
Make Sense?
J
Series Introduction: Fringe to Foundation: Aligning Business Goals and Lifting Business Performance through Digital Workflows
Article 1: Every Business Deserves a Chance to be Better
QuickBooks 2018: Changes You See and Updates You Can’t See
QuickBooks 2018 has been released, and there are a number of beneficial enhancements and changes to the application that many will find very useful. Sometimes it is the little things – like a past-due stamp that can be printed on invoices when they are re-sent to a customer – that can make getting the work done just a bit easier. Being able to search the chart of accounts is another thing that doesn’t sound like a big deal, but becomes one when you just can’t remember the account number you’re looking for. Frequently having to scroll through the list of accounts is taking more of your time than you’d think it would.
For the most part, it looks like there are some nice and needed changes that come with QuickBooks 2018. These changes address some functionality and usability issues (like supporting multiple monitors) and are visible to the user. There are also other important changes that come with QB 2018 editions that aren’t quite as visible.
All editions (Pro, Premier and Enterprise) in the US, Canada and UK got some common updates, including:
Multiple monitor support
Search in the Chart of Accounts
Cash/Accrual toggle on reports
Past Due Stamp
Keyboard shortcuts for copy/paste lines in transactions
Secure Webmail option
For folks using payroll, there are now useful reminders for payroll tax liabilities, and for accountant edition users there is now the ability to merge multiple vendor records. An exciting feature for many users of QB Enterprise is improvement to the sales order fulfillment process, including support for mobile (un-tethered) barcode scanners.
The changes that remain less visible to the user are primarily component updates and security improvements. Additional encryption for certain PII (personally identifiable information) fields, version updates of framework and database components, and reliance on Internet Explorer v11 are among the items addressed. While these are not visible changes that impact the program functionality directly, they are necessary to keep the product up to date with Windows platform and to modernize the security in the product. In particular, users should pay attention to the requirement for Internet Explorer v11. While Microsoft continues to promote Edge as the power browser for Windows 10, it is Internet Explorer v11 that QuickBooks requires.
It is important to note that Intuit‘s support for 3rd party applications is sometimes impacted with QuickBooks updates, particularly when it comes to security, encryption and unattended access to QuickBooks data. Changes made to how QuickBooks encrypts stored credentials (among other things) caused many 3rd party solutions to lose their ability to connect to and sync data with QuickBooks while unattended (like a middle of the night sync, when nobody else is working). Many applications had to return to a user-attended sync process, where a user in QuickBooks had to manually initiate the sync which allows the application to connect to QuickBooks and run. With the release of QuickBooks 2018 this issue remains, which means that you should check with your 3rd party software provider regarding any possible automation changes or additional configuration that might be required due to the update.
For those running QuickBooks in a server-based or hosted environment, there are a few additional considerations regarding some of the changes in QuickBooks 2018. Some of these items represent known technical limitations of working in a terminal server/RDS/hosted environment, and sometimes they’re limitations or restrictions based on the technology being used and how it is applied. It is in this area where the suggestion that hosted QuickBooks will work EXACTLY as the program does when locally installed is not entirely true.
Multiple monitor support, for example, may or may not be easily handled by your hosting provider or remote access solution. In particular, if you access your hosted service as a Remote Desktop or Virtual Desktop, you may have only one actual Window (the remote desktop window) to work with. Even if your hosted QuickBooks were to attempt to open multiple popup windows so you could move them to different monitors, you’ll still be limited to the dimensions of your remote desktop. If the remote desktop doesn’t span over multiple monitors, then the QuickBooks windows that open in the remote desktop window won’t either.
The option to keep a user logged in to QuickBooks is another item that may not be useful or workable in a hosted environment, and isn’t necessarily a great idea even if running QB on a local computer. This option keeps the user logged in to the QB “instance” which can make working with lots of company files a bit faster and makes loading/unloading QB seem faster because it doesn’t really unload or shut down. While it may be convenient to eliminate the wait times during these login processes, the offset in security risk and problematic application functionality may be higher. Leaving a user connected to QB for a fast login means that an unattended PC becomes a vulnerability as someone could access the app and files without having to enter credentials every time. In a hosted environment, the functionality tends to leave QuickBooks running in a user session, often causing the user to be unable to launch QuickBooks if they log off and back on to the host system (getting the message that QuickBooks is already running or the company file is already open).
Support for 3rd party integrations varies in hosting environments, too, but the granting of administrative permissions to users is largely consistent: users do not get administrative permissions. This means that some applications which require Windows administrator permissions to run cannot be easily handled in a hosted delivery. Additionally, applications that run as services on the computer, and particularly those with controls accessible via the task manager, are difficult to manage in a hosted environment because users are generally not able to access the task manager on the machine to start or stop running services.
Among the most challenging items to support in a hosted environment are mobile and handheld scanning devices. Mobile scanning devices have become essential tools for inventory and product management, providing users with the ability to rapidly access item information by simply scanning a barcode. Manually keying in data increases the potential for errors, but also requires a machine with a keyboard be nearby. With mobile scanners, workers are able to input item information regardless of whether they have a computer nearby or not (which is often the case in a warehouse or out on the shop or store floor). The software sees the barcode scanner input as though the data were typed in, which eliminates input errors and failed lookups by ensuring the item number is correctly entered every time.
Where the challenge with a hosted solution comes to play is in communicating between the hosted software (QuickBooks in this case) and the scanner device. Usually, a scanner must be able to “see” the computer running QuickBooks on the local network. The scanning device, like a networked printer, is able to communicate directly with the PC on the network so it is able to work with the software running on the PC. When the QuickBooks software is running on the hosting provider’s computers, the mobile scanners in your business location aren’t able to “see” the host computers on the local network so they may not be able to communicate.
The time for software upgrades is also the time to take a look at how you’re implementing the software to ensure that your business has the most effective and easy to manage system possible. Rather than simply installing the new version on top of the old, consider whether your systems and software might be handled in a more cost efficient and useful manner.
If you’re installing the new QuickBooks editions in-house, maybe it makes sense to take a look at doing a server-based approach, which reduces the number of software installs required, centralizes the access and applications which makes managing the system easier, and creates a single system to back up and administer.
If you’re looking to eliminate the burdens of installing and maintaining your software, backing up your systems and dealing with hardware issues, moving to a managed hosting solution may be the right answer.
Software upgrade time is the right time to explore these options, giving your business the opportunity to test out new delivery models and services without impacting the production system. There is always some element of risk in updating applications, so it is important to make sure things are ready before starting the process. Make sure all systems are fully backed up, and make sure you have the tools necessary to re-install the old versions of your applications just in case there are changes you can’t work with or problems you didn’t expect. If you’re not sure the best way to approach upgrading your QuickBooks system, contact me and we’ll find the right answer together.
Outsourcing IT to a cloud service provider can be tremendously beneficial for a business. The model allows an organization to offload not just IT infrastructure costs, but also the costs associated with developing and maintaining all of the practices and processes involved in managing and maintaining the infrastructure and systems. There is tremendous responsibility in handling everything from platforms and infrastructure to creating best practices for maintenance, management of scalability and growth, forecasting bandwidth requirements, implementing and monitoring security compliance, creating effective and comprehensive disaster recovery plans,and more.
The question which begs to be asked is whether or not HIPAA, PCI/DSS or any other compliance requirements, and the complexities, risk and legalities that come along with them, can also be outsourced to the CSP. For that matter, can any real level of responsibility be fully outsourced, where the liability for non-performance or noncompliance is also fully shifted?
Ummm. No. It is still your problem.
What too many companies really don’t understand is that they aren’t eliminating risk by moving to the cloud, and the requirement to meet various compliance requirements really can’t be outsourced. Particularly in this area, businesses need to recognize that outsourcing certain functions doesn’t reduce or eliminate responsibility or liability. Just the converse, it could make things a bit more difficult if you don’t keep close tabs on how the provider implements and is involved with your solution. Even beyond that, what is the impact to the business operation when requirements are not met? Cost recovery from the provider may be one option, but how does that help the business remain operating in the meantime?
“Gramm-Leach-Bliley (GLB) Act Requires financial organizations to enter into contracts with third parties that they share their customer information with (including cloud vendors) to ensure that the third-party handles that information securely. Executives of those financial organizations can be held personally liable for failure to do so.
Sarbanes-Oxley Act (SOX) Defines specific security mandates and requirements for financial reporting to protect shareholders and the public from accounting errors and fraudulent practices. SOX dictates which records are to be stored and for how long and requires the data owner to know the location of the data in the cloud and to maintain control of it. Failure to comply can result in fines and/or imprisonment.”
This discussion Isn’t limited just to compliance with regulations (at least it shouldn’t be)
In this conversation we need to also address what a business should do in terms of protecting and preserving its information assets (data!) even beyond what the CSP offers. Keeping confidential and private information secure and protecting the data of the business (and clients or patients or other entities) is essential, even when the CSP fails in its obligations or abilities. This aspect of disaster recovery and continuity planning is not often considered by the CSP yet remains critical to the business customer. The sales pitch, however, never really delves into this area, because it represents an aspect of service coverage that the provider simply can’t provide.
Illustrating this particularly difficult aspect of outsourcing to the cloud is the hard lesson learned by customers of a QuickBooks hosting provider who experienced a severe outage due to a ransomware attack. The hosting service provider promised customers it backed up their data and it did, but the backup archives were also compromised. In order to restore service, customers were expected to have their own backups of the cloud-hosted data.
While there may have been items in the service agreement which address these issues, I can say – based on a great deal of experience in just this area – the service providers rarely make this point very clear to customers, and more frequently tell customers backing up their data is no longer something they need to really worry about. It’s like that really tiny type at the bottom of a contract that nobody notices until it is too late.
“..restoration proved more difficult in Texas. Lezama explained that for the Texas clients, the backups had been compromised as well, because their backup data had synchronized with corrupt files. But Cloudnine clients are obligated backup their own data as well, as a sort of third-level security measure..”
With compliance in the cloud, it’s their system, but your responsibility.
Outsourcing IT to a cloud service provider in no way eliminates or reduces the obligations of the business to manage certain aspects of information systems and data. What outsourcing can do is deliver a greater operational capacity and agility more affordably.
The responsibilities to establish information and systems management practices and processes remain firmly with the business, and actually represent a strategic component of the business that is unwise to outsource anyway. Resilience in a business and its ability to conform to regulatory and other requirements are the foundations of sustainability. Remember that cloud providers and services can be leveraged to improve certain cost and system performance metrics, but it remains solely with the business customer to find ways to reduce risk and create a greater assurance of continued operational capability.
Make Sense?
Make Sense?
Cooper Mann Consulting 