Cooper Mann Consulting

Home » Posts tagged 'business problems'

Tag Archives: business problems

The Cloud and the Business Desktop

The Cloud and the Business Desktop (with QuickBooks)

Cloud computing is here – no longer is it considered to be temporary or just a fad.  Even though there are many businesses in the country without access to high quality high-speed Internet connectivity, the levels of investment and revenue surrounding cloud and mobile computing solutions and technologies has proven that mobility and managed service matter to those who are connected. What’s interesting is that the popularity of the cloud and the emergence of cloud-based applications and services haven’t really put much of a dent in the need for the desktop, which remains as the business workhorse and – connected or not – represents the foundation for business productivity and getting work done.

Paperless_468x80

Some years ago, business applications began to emerge in SaaS (software-as-a-service) format, meaning a customer could simply subscribe to an application on the web rather than purchasing and installing software.  This option clearly resounded with many business customers and ushered in an era of online application services oriented specifically toward mobile users. Yet the desktop remains as the place where online solutions meet productivity (export any online data to an Excel spreadsheet recently?) and where accounting and finance connect with the rest of the operation.

Believing too much of the marketing-speak around cloud computing, many business users believe that they can only remotely access business software solutions if they are “cloud” and subscription model applications, and that the desktop products they know and have invested in cannot be available to them in a fully managed online model.  In fact, a large number of the business owners I speak with that actually use hosted desktop services somehow believe that the software they are using is something special and different from that which would be installed to their PCs. The fact is that the software is not different, regardless of what they may think. More often than not, the hosted applications are EXACTLY what the customer had previously installed (or would have installed) to their own computers had they not been working with a hosting provider.  Whether they are hosted or not… the desktop products generally function with all the features and capability designed into them because they are hosted on platforms they were designed to run on (like Microsoft Windows, for example).

Customers of the QuickBooks hosting companies often refer to their systems as “QuickBooks cloud, but not the online one”, not really understanding that it is simply the full desktop application that is being hosted for them.

Regardless of how many online application services emerge, and even if (IF) web-based versions of our favorite word processing and spreadsheet software become as useful as the installed kind, there will still be a need for the desktop if for no other reason than to make it easier to use and work with a variety of solutions at the same time.  Perhaps this is why remote desktop computing and hosted application services are becoming increasingly popular approaches to cloud and managed computing services.  The user benefits from having the feature-rich applications they need and a single place to access them and make them work together (the desktop value proposition), yet is able to have remote and mobile access, comprehensive system management and maintenance, data protection, helpdesk support and affordable monthly payments (the cloud value proposition).  In many ways, application hosting models represent the best of both worlds for the business.

JJoanie Mann Bunny Feet

Make Sense?

Consider how beneficial it would be to businesses who want the advantage of remote desktop and mobile access to applications to be able to run their QuickBooks (feature-rich desktop QuickBooks) and/or other business applications in an anytime, anywhere sort of environment. Businesses can obtain hosting services for QuickBooks Pro, Premier, and Enterprise – allowing organizations to have their QuickBooks financial applications managed, protected, secured, and made available to users all the time and from any location. Some hosting services may also support integrations and extensions for QuickBooks – for both desktop and Web-based applications and services. When the host can provide authorized subscription licensing for Microsoft Office, a business can have a complete, outsourced IT solution and pay only monthly service fees to get it. No installation or system management to worry about: the QuickBooks financials, the productivity, the operational systems and plugged-in applications can all be hosted in the cloud.

Payment Card Roll Call: “Not Present” fraud likely to increase as EMV takes hold

Payment Card Roll Call: “Not Present” fraud likely to increase as EMV takes hold

rollingballNo retailer wants to become the next Target (pun intended).  Payment card fraud costs businesses and consumers billions of dollars every year.  What’s even more frightening, many of the breaches in the news are the result of innocent participants inadvertently granting access to the bad guys.  The Target breach in 2013 exposed the data of 110 million payment cards.  Hackers got into the network using perfectly good credentials of the HVAC company.  Sometimes password security just isn’t enough, which might bring in to question the security of all those SaaS subscriptions and online shopping sites folks use these days.

EMV chip technology, the standard around the world which has just recently become a standard in the United States, has done a lot to stem the tide of credit card fraud in other countries.  As it was implemented in various countries, guess where it pushed the fraudsters?  Where the anti-fraud technology wasn’t, of course! The United States was among the laggards in requiring EMV chip technology for payment cards, opening the door for bad guys and turning the US into a veritable haven for credit card fraud, “accounting for nearly 50% of global fraud losses, according to the Nilson Report[1]”.

EMV chip (or chip and pin) technology will go a long way to prevent credit card fraud for businesses accepting payment cards… in-person and counterfeit card fraud, anyway. Online retail, on the other hand, not so much.  A chip on the card doesn’t really help when the transaction is completed with the card not present (CNP).  Some industry analysts suggest that CNP fraud losses will exceed $6 billion within the next few years, making e-commerce and online payment security a high stakes game for even the smallest of retailers.  As it gets more difficult to hack the payment system when the card is presented, bad guys will fall back in even greater numbers to the card-not-present model to find their victims.

Online retailers and service providers must take additional steps to secure their systems and protect customers and business partners, and face the challenge with the understanding that effort must be ongoing as new threats emerge. Tokenization is a prime method of layering the system with security, making the merchant system somewhat less of a worthy target by not storing the card data in the system.  Even if the system becomes compromised, the bad guys wouldn’t find customer payment card information.  There are numerous other steps a business can take to secure the CNP sales, including applying behavioral analytics which might identify rogue activities, or using 3D Secure to authenticate a cardholder’s identity at the time of purchase.   The point is that CNP fraud is likely to spike as EMV technology takes a firm hold in the US.

Card fraud is already escalating rapidly for ecommerce retailers and other card not present channels – it didn’t take EMV to start on that roll but it will surely give it a push.  Paperless payment systems, SaaS subscription services and online application service usage are increasing dramatically and there’s no chip to get in the way of these transactions.  Sellers of any and every service utilizing online payments need to now pay particular attention to system and information security.  The risk has always been there, and EMV chips and other shifts in pay card technology simply give it a push.

jmbunnyfeetMake Sense?

J

 

[1] Chipping away at Credit Card Fraud with EMV; Information Week Tech Digest powered by Dark Reading, Nov 2015; NilsonReport http://www.nilsonreport.com/publication_newsletter_archive_issue.php?issue=1071

EMV and Retail – Your Trusted Advisor Should Be Advising You about This

EMV and Retail – Your Trusted Advisor Should Be Advising You about This

EMVChipCardThere is ‘big change a comin’ for retailers, merchants and any business that accepts credit cards for payments, and there are a great many businesses that are completely unprepared for it.  The change, what is being referred to as the “Payment Networks’ Liability Shift”, goes in to effect in October 2015 and places the burden of liability for fraud squarely on the shoulders of the merchants and card issuers who are not compliant with certain payment system security standards.  Accounting professionals and Trusted Advisors – here’s one of those things you should be helping your clients with.  Help them get informed, trained, and prepared.  Help them to understand the risk and decide on a course of action.  This is part of what makes a trusted advisor: they got your back.

The way things generally work in the US today, a fraudulent charge on a credit card is likely to end up being covered by the credit card company (the issuer). Starting in October, retailers are supposed to be able to accept payment cards with EMV chips (named for the founders of the standard: Europay, MasterCard and Visa), and must process those cards using the compliant technology that takes advantage of what the chip processing and security offers.  If these conditions aren’t met – like having a POS or payment terminal not capable of reading the EMV chip – the merchant is on the hook for the fraudulent transaction.  Given the volume of credit card and payments fraud in the country you’d think that most merchants would already be ready for this, but replacing all the POS and terminal equipment could be pretty costly.  It may take a bit of analysis to understand the real risk and compare that to the cost of compliance.  Certainly it makes sense to always be in compliance, but there are always factors which influence how quickly (or how completely) compliance may be met.

The liability shift is part of the influence being leveraged to get businesses to adopt newer and more secure models of electronic payment acceptance and processing.  It is simply the case that the magnetic strip on a credit card isn’t good enough any longer.  The new EMV Chip reading payment terminals require that the card be inserted and processed by the terminal rather than simply swiping the magstrip across a reader.  Over 40 years of using the magstrip approach has helped to earn the United States a top spot on the leaderboard for credit card and financial fraud, and we seem to be lagging behind in adoption and implementation of the EMV technology even though it has been shown to seriously curtail fraud even as payment card usage increases.  The EMV chip process, which encrypts information about the card so that even the local POS system doesn’t get access to it, is far more secure and is being widely adopted and used in Europe, Canada, Latin America and the Asia/Pacific regions.  Now the clock is ticking for US businesses to get ready to either update their systems or accept the liability for not doing so.

The shift in how payment cards are made and processed is simply one of many changes which will continue to occur as technology and human ingenuity continue to be applied in both good and not-so-good ways.  Recognizing that the pace of change is increasing, businesses must find ways to remain informed and prepare for those changes which will impact the business operation and sustainability.  This is among the essential roles the trusted advisor plays, and the current imperative simply underscores the growing need for such advisors by business large and small.

jmbunnyfeetMake Sense?

J

Confusing Value Propositions: Cloud Platforms and Hosted Applications

it-balancing-actConfusing Value Propositions: Cloud Platforms and  Hosted Applications

When a service provider is in the business of selling computing resources – like bandwidth, processors and memory, and disk storage – it makes a lot of sense to also leverage the value of software products and systems which drive consumption of computing resources.  In short, they market and sell software that runs on the platform in order to get folks to buy the platform, no different from selling desktop and server software in order to sell the hardware to run it.  It’s just that these days the hardware and networking components are often referred to as the “platform” or maybe “the cloud”.

Let’s face it… cloud computing platforms are just no fun if there’s nothing to run on them, and a hard drive has little value when there isn’t anything stored on it.  Once there is something there – an application, data… something – then the part has actual value in terms of driving revenue.  This is the difficulty and the basis for confusing value propositions when it comes to offering and delivering services in the form of a hosting platform.  Once again: platforms are just no fun if there’s nothing to run on them.  Is the value is really about the applications, not the platform? Or is the value in the platform, because it’s necessary for running the applications?

The truth is that both are essential parts of the entire “solution”, and the value of how the solution is packaged and offered is purely up to the purchaser to determine in terms of applicability to the business.  When it comes to hosted application offerings for businesses, there isn’t a single one-size-fits-all approach that will work.  Sometimes people want to purchase from different vendors and put their own solutions together, and sometimes folks want turnkey delivery of whatever they need.  Even channel partners and value-added resellers are finding that, with diminishing margins and aggressive competition prevalent in the market, removing the time-consuming aspects of solution delivery becomes paramount to achieving some level of profitability on the work.

What this means is that providers are looking for ways to increase the overall value and usability of their solutions, and when it comes to platform services there are only two directions to look: automation to support self-service, and application software delivery to drive consumption and usage on the hosting platform.

So now we’re back to the applications again.  There’s no way to avoid them, but there’s no great way for platform companies to engage with them, either.  Working with business application software is sometimes complicated, often annoying, and can be exceptionally time-consuming and resource intensive. And there are few licensing models which make it really easy for hosts and ISVs (Independent Software Vendors) to work together.  Then, of course, there is the desire for exclusivity on one side or the other.

Software companies don’t generally want to select a single platform provider for their software for a very simple reason: they don’t want to limit their potential user base.  Now that Windows platform is available just about anywhere – on local computers, on mobile devices, from platform and infrastructure hosting providers – how does the ISV make a decision on a single delivery channel or model or provider?

Some lean towards working with hosting providers to create branded, point-deliveries of the application.  Too often, however, this approach removes the ability for customers to benefit from other applications or integrations, eliminating some of the value of the solution and certainly curtailing benefits for integrating partners of the ISV.

Host it themselves?  The last thing most software developers want is to be responsible for hosting and maintaining some other guys’ software products; they have enough to worry about with their own offerings.  If the solution is standalone, maybe this approach works.  But there are few solutions made for the desktop which don’t have some strange integration point with MS Office apps, Adobe reader, Internet browsers or other things prevalent on the user desktop.

There isn’t any proven or easy path for software developers, IT suppliers or small business customers looking to create mobility and managed subscription service around desktop and server applications, and there is likely never going to be a single story line that all will follow.  This is among the reasons for the popularity of the “hybrid” cloud approach and growing importance of managed application hosting and ISV-authorized delivery models.  Yet even key providers in those areas have a tough time really communicating what they do in a way that is meaningful to the buyer.  Are they selling a platform, applications, or both? Folks in the industry know the jargon and how to use it, and are often skilled at adjusting their language in order to obfuscate or confuse certain sticky issues regarding software licensing in the cloud and other similar aspects of hosting.  It’s no wonder that many customers remain confused as to what, exactly, they’re being asked to buy, and where the lines of flexibility and responsibility are drawn.

The applications justify the platform, and there are possibly multiple platform approaches to delivering the app. It is a confusing situation for business buyers of IT as well as for their resellers and suppliers, and the increasing number of options for how businesses approach purchasing and using information technology makes it unlikely that the process will become as simple as some suggest.

jmbunnyfeetMake Sense?

J

Following the Rules: Users and Licensing for Hosted QuickBooks

Following the Rules: Users and Licensing for Hosted QuickBooks

I have said many times before that the licensing for QuickBooks desktop editions appears to be a bit complicated, and a lot of that may have to do with the fact that so many people use QuickBooks in so many different ways.  With a solution like QuickBooks (or Microsoft Office or other really popular and widely used software products) there is a tendency for folks to want the flexibility of accessing their software regardless of what computer they are using.  Also, especially in businesses, there is the habit of installing software on a computer and then allowing anyone sitting at the computer to use the software.  In some cases these approaches are okay with the software vendors, but in most cases they’re not.  Yet too often, the small business owner doesn’t find out what the actual rules of using the product are until they try to deploy the software with a hosting service provider (because nobody ever actually reads the EULA, do they?).  If the provider has any credibility at all, they will enforce the licensing rules of the software, but that doesn’t always sit well with the customer.

picture-hostedQBThis situation rears its ugly head quite frequently in the QuickBooks hosting world.  Perhaps it is because there are a lot of possible working models involving QuickBooks users, or maybe it’s simply a matter of people not seeing the value of paying for what they want to accomplish.  Either way, service providers find themselves being challenged every day in trying to explain to a customer why they need to have more than one license for QuickBooks and more than one service account if they want more than one person to access the hosted solution.

Different people at different times: The Concurrent User approach

One of the arguments people make for not having licenses for all of their users is that they don’t actually need everyone in the system at the same time.  The belief is that there should be licenses enough only for the number of concurrent, or simultaneous, users that will access the system, yet each individual human being/user should have a login to the system with the software available (for convenience, of course).  A QuickBooks 3-user license, they believe, should be able to be used by any number of business users as long as no more than 3 of them are in QuickBooks at any given time.

While the customer may be making a reasonable argument, it all falls down when you consider the license agreement for QuickBooks.  Each user of the product is supposed to have a specific license.  A business with a 3-user license (or 3 single-user licenses) for QuickBooks has the rights to allow 3 people (unique human beings) to use the software, not any combination of people as long as they number no more than 3 at a time.   There is to be no sharing of licenses, and there is no “concurrent” licensing model: each person/user/human being is supposed to have their own license for the product no matter how often they access it.

Look but don’t touch: The Read-Only User approach

Another of the arguments people make for not licensing all of their users is that there is somehow a belief that if you don’t actually enter information, then you aren’t really using the software.  This often comes up in situations where an accounting professional works with their client, or when business owners want to occasionally see what’s going on in the company.  The approach centers on the concept of what a “user” is and suggests that users are the people entering or changing the data, and people only viewing that information aren’t really “users” at all.  When the bookkeeper opens QuickBooks and enters an invoice, the bookkeeper is recognized to be a user.  But when the business owner opens QuickBooks to view the financial statement or see the bank account balance, isn’t the business owner also a user?  Yup, they sure are. Any person that actually opens the program on the computer is a user, regardless of what they do when the program is open.  Just looking around at the data still requires that the program be open, and opening the program requires a license.

Two Fer: But the other hosting company lets me…

Just because you can do something doesn’t mean that you should.  So, just because a different hosting provider might let you get away with things that aren’t right (but perhaps are convenient or cost saving in the short-term) doesn’t mean you should expect a different host to allow the same thing.  If your current host says things like “as long as you don’t tell us…”, you should be concerned.  This often comes up in a hosting scenario where there is an outside accounting or outsourced back-office professional working with a hosted client business.  The outsourcer will want to access the client books, so they will want to have a login and access to QuickBooks software on the host system.

The trouble starts when the outsource professional doesn’t want to have to pay for their own service or licensing, yet they want to be able to login to the system and run QB just like the client does.  Falling sometimes under that attempt to leverage a concurrent user approach (see above), these outsourcers just aren’t realizing that the benefits of accessing their client information and working in real-time with that data is often valuable enough to support the cost of a hosted account and license.  Instead, they want their access to be free of charge and not be bound by silly rules of licensing, often because their client won’t want to pay for the accountant service in addition to their own.

This is when the “if you don’t tell us” stuff comes in – where the service provider may suggest to the accountant or outsourcer that they can simply login as the client and nobody would be the wiser.  I’ll fess up and say I have even entertained this idea with clients a few times but always shy away from discussing it in-depth.  While it is basically true that the service provider doesn’t generally know which exact human being is sitting at the other end of that remote desktop connection, that doesn’t mean that it is okay to leverage it into an abuse of services or licensing.

Two or more people sharing a single login just isn’t good ju ju, and it’s usually against a whole bunch of licensing rules and rights of use.  The funny thing is that many customers who initially leverage their service in this manner end up finding it was a really bad idea.  I saw a scenario a few years ago where a business allowed their outside auditors to share the logins of regular employees in the finance department.  When an employee tried to login to their remote desktop, they opened the session the auditor had open – exposing the employee to a lot of data that was not theirs to see but which the auditor user in QB had access to.  The company called it a security breach and it was on their part – and it was allowed to happen because they shared their remote desktops with the auditors rather than giving the auditors their own accounts with their own security profiles.  What seemed like a good, cheap approach on one day rapidly turned into a big issue the next, and the service provider had no power to prevent it from happening.

The moral of this story is simply that following the rules is the right thing to do and most reputable hosting service providers will try, even if they don’t end up doing it really well.  There are always going to be those who figure that the risks don’t measure up to the potential rewards, so they will do what they choose to do.  I’m always left wondering about those guys; if they have no problems breaking these rules, I wonder what other rules (or confidences) they are willing to break.  Hmmm.

Make sense?

J

 

%d bloggers like this: