Tag: internet

Posted on

Preparing for Disasters of the Legal Kind

Preparing for Disasters of the Legal Kind

As businesses begin to realize the benefits of cloud computing and business data mobility, they may be overlooking one of the most important issues any enterprise can face: information management in the event of litigation.  While the IT department probably has a disaster recovery plan for handling various computer system failures, is there also a plan for managing system data and electronic information in the event of a “legal disaster”?  In the spotlight is e-discovery, which is the requirement of the business to respond to legal requests for electronically stored information, and the issues CIOs and business owners should be paying attention to as computing solutions and technology models continue to change at a rapid pace.

The popularity of BYOD (Bring Your Own Device), data sync solutions, and online collaboration tools has created an environment where business data may exist in various states (meaning as in conditions or status, not as in State, like California) and on a variety of devices and systems, some of which may not be in the direct control of internal IT.  Regardless of where or how the information was delivered to these devices and systems, CIOs and business owners should recognize that the information on those devices is included in discovery requests, and should be prepared with a plan for dealing with the response.

This “e-discovery plan” is the most important thing, and it means not only working through the various aspects of managing the information, but also providing consideration to keeping the plan updated.  As technology changes, and as user behavior changes along with it, businesses must adjust their IT management approaches in kind.  Consider that a user couldn’t store business data on their phone until the phone was able to handle that function.   Now that smartphones are the norm and tablet computers are gaining in popularity, business data is roaming on personal and business devices.  These advancements may introduce productivity and process gains which provide an advantage to businesses, but they also introduce potential risk and certain complexity when it comes to e-discovery.

Litigation is always expensive, but sanctions for slow response or other costs can be avoided if the plan helps the business respond in a timely manner.  For this reason, the plan should include an identification of all sources for information (every location where business information and data is stored), as well as the steps to be taken to preserve this data in the current state.  If the business has systems which regularly purge information (like accounting systems which purge prior period details, email systems which automatically purge old emails, or backup systems which delete old backup files as new ones are made), all of these activities must be halted.  If the company doesn’t have access to control the various devices and systems to prevent these activities (or doesn’t know that they are happening), significant risk is introduced.  In the case of a legal “hold”, all data and metadata and the audit controls and files must be preserved.

The final steps in the plan are the steps to be taken after the litigation is over.  This is often times a forgotten part of the plan, which is the final destruction of the information gathered for discovery.  Not that the original data must be destroyed (consider ALL dependencies), but the “database” of collected information related to the litigation probably should be.  With this data pooled in a single place, it becomes a potentially valuable target for a data breach.  At minimum, the collected information could too-easily be pulled into an entirely new legal case.

IT managers, CIOs and business owners must be realistic about the information their enterprises generate and store, including being realistic about the risk potential that duplicated and mobile data represents.  It is not that the enterprise should be afraid of allowing mobility and providing remote access solutions, but it is essential that the enterprise control the use of these solutions and how they use or interact with business data.   Without a strictly enforced policy of usage and control for all devices, services and solutions “touching” business data, any legal disaster planning falls short.

Joanie Mann Bunny FeetMake Sense?

J

Read More:

Posted on

e-Discovery in the Cloud: Benefits versus Risks

e-Discovery in the Cloud: Benefits versus Risks

After many years of working with business professionals in “enabling” their organizations to make better use of technology, I must say that it is a bit frustrating trying to get folks to understand that this new and wonderful cloud computing model (or Internet-based computing, SaaS, or whatever-you-want-to-call-it computing) is still just technology.  It uses computers and disk drives, it runs software, it takes electricity, and it was developed by human beings.  It can break.   It’s not magical and perfect and you can’t get the good stuff for free.  Swim at your own risk.  So, assess the risks, and measure the benefits against the risks and costs.  For many, the benefits outweigh the risks, as cloud computing approaches can deliver advanced capabilities at cost levels not previously available to most businesses.

No industry is immune to the security and access considerations surrounding a cloud computing model.  Particular those lawyers involved in e-discovery (all of them) have recognizing the potential benefits – and tradeoffs – of the model.  This reality was clearly revealed at the ILTA (International Legal Technology Association) 2010 event in Las Vegas.  While the discussions at the conference were oriented specifically towards the legal profession, the IT-related discussions are totally relevant to every business.  Accounting and finance professionals should pay close attention to this type of conversation, as it relates very directly to accounting’s approach to information technology and the application of IT in the business or professional practice.

In a recap of the event entitled ILTA 2010 in Las Vegas: Strategic Unity, Defensibility, and the Cloud, author Chris Dale discussed that professionals in both public and corporate service must work with the IT departments towards a common goal.  “IT is no longer just a service department providing an infrastructure, applications, training, and troubleshooting.”  While these elements still remain as critical aspects of IT, the role has grown to also incorporate considerations for collaboration (collaborative information management), mobility, and social media.

Recounting one session attended, called Defensible Ediscovery Processes, the author related the variety of definitions provided to the general term” defensible”, which were pretty amusing.  These definitions ranged from protected against attack, to less lousy practices or practices which suck the least” (my personal favorite), and finally, what you can get away with without being found guilty of spoliation.  From these definitions then came qualifiers, such as “reasonableness” and “faith”.

Why would defensible processes be important, and how does this relate to IT or cloud computing?  An example of the element of “faith” came up in this context: ” how can [lawyers] have faith that the technology is delivering the right answers?”  A panelist gave the sample of “an email retrieved from (or possibly not retrieved from [love those lawyers]) a system, with 26.5 pages missing.  How can you be sure that the systems which you are using will not do that to you?”  These are valid questions in any IT environment, and are no less important when considering a cloud-based technology model.   The trade-offs are related to perfection in functionality and performance of the solution versus cost, and should be measured in proportion to one another.

The tradeoffs may come in a variety of areas, with collaboration and connectivity being the primary drivers (collaboration) and barriers (connectivity) to the model.  Businesses are more than ready to adopt cloud computing strategies based on the belief in improved collaboration, access to information, and improved IT management,  but tend to overlook the offsets in the areas of bandwidth availability (and consistency), application functionality (or lack thereof), and level of support available from the provider.  In support of this argument,  Jerry Justice (IT Director for SS&G – Certified Public Accountants and Advisers) posted in a LinkedIn discussion on the topic that “by design the Internet is ‘reasonably’ connected, but not the same as a well-connected [local] network.  the upside is it gives you the ability to connect from great distances, the tradeoff is that you experience variable connectivity.”

The underlying issues are that there is a paradigm shift to working on the Internet (from working in the office) and then another shift when you add in cloud-based environments (versus local apps).  It is possible to be very productive, but .. you have to adapt your approaches“.

The idea “that perfect must be qualified by cost and proportionality” was also discussed in an ILTA session on cloud computing which included panelists from Autonomy iManage, Mayer Brown, and Ernst & Young.  “Cloud computing remains a contentious area, with no obvious agreement even as to what the term means, let alone as to its implications” wrote Mr Dale in his recap of the event.  While the panelists held differing views, the representative from Mayer Brown held a position similar to Mr Dale, in that it is important to “dissect the objections one at a time, accepting that there is room for more than one view, and testing arguments against the alternatives.  Arguments based on pure cost are pretty compelling, and if one method of achieving an objective is very much cheaper than the others, then the burden shifts to those who argue for the more expensive route.”

Discussions went on to describe differences between public cloud providers and others, who segregate customer data in “private and identifiable silos”.  “The key word here is identifiable“, writes the author, “which connotes a geographical certainty as well as anything else.  I sometimes wonder if the imagery associated with cloud computing (invariably a jagged line disappearing into some cumulus) does not leave some people with the idea that their precious data is indeed floating in some inchoate container up in the air.”

If you neglect to provide in your contract that your data remains in a specified jurisdiction, and if you fail to conduct proper due diligence checks on the provider, then you deserve all you get.  Like any risk assessment, it involves weighing cost against other factors; most of these other factors are definable and quantifiable“.

I couldn’t have said it better myself.

Joanie Mann Bunny FeetJ

original post March 24, 2011
Posted on

A Holistic Approach to Cloud IT

holistic: a. Emphasizing the importance of the whole and the interdependence of its parts.

The Internet and cloud computing solutions can help businesses create an environment which allows team members and clients to work together more efficiently; where information can be generated once and used in a variety of ways by different users.  With this new capability to share documents and files in real-time, many businesses are finding that they are generating more electronic information today than ever before – and they’re having a hard time keeping these information assets organized.  With paper documents being digitized to allow for electronic distribution, OCR, and intelligent connecting to transaction data – lots of stored data is being produced and stored in a variety of places.

There are many technology models available, so there are a lot of options for businesses today – options which address the fundamental requirements to convert, store, secure, and distribute the various data types within the enterprise.  When a business elects to use a variety of cloud solutions or providers to address a number of business problems, how does that enterprise wrap its arms around the content which represents, in all actuality, the sum of business intelligence in the enterprise?  Keeping tabs on the business data is critical, but tracking all the data when it is stored with a variety of providers may be very difficult.

Example: If your business uses an online CRM such as Salesforce.com, runs QuickBooks on your local PC, and uses Gmail for email service… exactly where does your business data live?  With Salesforce?  On your local PC?  At Google?  In all 3 places?

Containment of distributed data isn’t the only issue facing businesses today.  Longevity and long-term access to data is a concern, as well.  Solutions and providers that exist today may not exist tomorrow.  If you have data invested in a solution with a short life span (and you probably won’t know this is the case until it’s too late), you may orphan your data and not be able to access it later.   And, if you can get your data from the provider, is it in a useful form or did you lose functionality when you lost the solution?

Example:  Intuit once introduced a paperclip (attached documents service) in QuickBooks, and offered the attached document feature at no charge.  The “free” service from Intuit encouraged a lot of users to migrate from other QuickBooks-connected document management solutions. Then… Intuit announced that the attached documents service would no longer be free.  Users with the service could still get to their documents via a web portal, but not from within QuickBooks, and certainly not as attachments to transactions or other records. Then the attached documents feature was once-again changed, allowing only storage to local PCs rather than on Intuit’s servers. Then, it went away entirely. 

Another issue facing businesses operating in the cloud is one of vendor lock-in (or lock-out), and being able to address the total business requirement.  Point solutions and vendor-specific solutions may address certain business problems, but generally aren’t able to handle all of the needs of a given business.  If your online solution doesn’t address the needs of the entire business, you risk increasing production costs and reducing productivity through duplication of data entry and other activities.

Example: An accounting firm with an insurance division uses Thomson Reuters Virtual Office service, which delivers certain accounting applications along with Microsoft Office on a remote desktop type of connection.  Unfortunately for the firm, the users operating in the insurance division use applications that aren’t supported or available via the Virtual Office solution.  So, certain users have completely disconnected services – a remote desktop serving up their Office apps, and a separate browser-based solution – neither of which integrate or work together.  The complexity and confusion caused by this situation has done little more than increase the burden of duplicate data entry, recreation of documents, and constant download-save-upload activities.

In each of these cases, a “holistic” approach to cloud IT services might have produced better results than by looking at each application or functional “solution” individually.

As an example, consider that a business with in-office and mobile employees needs to use accounting, office productivity, contact management, documents storage, and several browser-based solutions in order to provide the functionality and operational support necessary.    While many of these solutions are individually available online, the business opts to work with a single outsourced IT provider to create their own “private cloud” environment.

The solution includes remote/virtual desktops, hosted accounting applications, hosted Office applications, hosted browser (to allow browser and Internet-based apps to integrate with Office and other apps on the remote desktop), hosted CRM, and hosted document management… all applications that the business selects and might even have been using for years are included.

All  applications are delivered on the remote desktop environment, providing users with the ability to open documents instantly, save and share files seamlessly, and participate in a central company-wide document store.

All applications are licensed to the business, so they have the flexibility of returning to local IT operations simply by implementing their own software in their own network and taking the data off the host.

Because all of the business data resides on this single hosting platform, the business is able to not only keep control of all information assets, but is also able to back up and protect (preserve) that data in its entirety.

Now doesn’t that make sense?

J

Learn more…

 

Posted on

What’s Motivating Small Businesses to Move to the Cloud?

When information technology professionals tell their small business clients about cloud computing, it often sounds even more complicated, risky and expensive than in-house networks and business Internet access once did.  Business owners are faced with discussions about hosted or SaaS or hybrid and ask what will I do when the Internet goes out? and how secure is it? and will it work with my iPad?… and often get one of two responses from their local IT guy:

  1. The cloud is just a way for software companies to make more money.  I can keep your IT running better in your office and save you a lot.
  2. If you move to the cloud you have to do a lot to make sure it is secure, and you won’t be able to run all your applications (but we’ll back up your data to the cloud so it’s safe).

Now, you can’t really blame the local IT guy for being a little bit wary of some cloud solution offerings because these local IT guys really are (in many cases) trying to operate with the best interest of their client in mind.  It’s just unfortunate that sometimes a lack of information causes them to revert to their comfort zone, which is selling servers and performing on-site installation and break-fix work.   What information are these folks lacking?  An understanding of the various options and capabilities available with hosting services and cloud solutions, and how the IT provider can continue to be the advocate and IT manager for their clients even as those clients move their primary information technology to the cloud.

For many years business owners have relied upon their trusted local IT professional to help them find solutions to various business problems.  Answering questions and helping procure and implement computers and networked systems, software applications, backup solutions and more, the IT professional serving a small business customer base has necessarily become the one-stop-shop for everything related to computers.  Smaller IT service companies often rely upon regular sales of server equipment and network installations to pay their bills.  It’s no wonder that these companies have a hard time accepting hosted solution models, as they see their revenue potentials dwindling as fewer servers and networks are sold to small businesses.

The interesting trend being viewed these days is that more business owners are looking beyond their IT professional to find solutions to the problems they deem as high priority for business technology: mobility and remote access.  It is not necessarily that the self-service technology model makes more sense for small businesses (businesses can still benefit tremendously by getting training and implementation support from their local IT guy), but simple and affordable cloud solutions have addressed many of the small business IT challenges that were previously big revenue streams for local IT service providers.  Savvy business owners will find solutions that work for them, and will look beyond their immediate advisors if those advisors aren’t providing the right answers.

When a small business owner talks about mobility and is looking for answers to the remote access question, they are not thinking about GoToMyPC or other remote control technologies and simply connecting to an office PC.  Small business owners today are talking about central access to information at any time from any place and with whatever computing device they happen to have available at the time.  For a small business owner, the benefit of the cloud is a largely emotional benefit – being able to stay in touch with the business at all times.  The real benefits may be improved security, simplified management of information resources and pay-as-you-go pricing for business applications, but these are often value statements which fall on deaf ears just as the cost/benefits of upgrading the server every 2 years did.

It is tempting to focus on logic and reason, discussing the tangible benefits of any business information technology model or approach rather than how it makes us “feel”.  Productivity metrics, best practices in security, total cost of ownership… these are all the right areas to pay attention to when selecting any technology solution for a business.  But really, when it comes to selecting technology for small businesses, the business owner is in the driver’s seat, and that owner wants one thing: to see what’s going on all the time.

Make Sense?

Joanie Mann Bunny FeetJ

read more about The Psychology of Small Business IT Adoption

Posted on

Helping a Small Business Customer Choose Your Solution

In a previous article entitled The Psychology of Small Business IT Adoption, I discussed Icek Ajzen’s Theory of Planned Behavior and how a number of researchers applied it to the process of small business IT adoption.  The concept, which ended up proving to be true, was that IT adoption by small businesses is a function of a number of fairly well-defined elements, and is not so much defined by specific types of businesses or the business leaders.  The elements which lead to the act of business IT adoption (as well as adoption of other services, I’ll bet) can be identified and addressed by the potential provider of the product or solution ahead of time, making the possibility of actual adoption much greater.

Knowing how your prospective customer will approach the decision-making process is important, and getting a little insight ahead of time never hurts.  Particularly when a lot of customers don’t actually reveal their thinking, it can be tough to know where to begin.  You’ve been there before – you’re making your pitch and asking questions, but are getting nothing in return.  Sometimes it’s “deer in headlights”, and they are simply overwhelmed.  Other times they’re thinking about things you’re not telling them… but they’re not letting you know you’re not telling them.  Dead air, and then a lost opportunity.

Boiling it all down to a fairly simple explanation, businesses adopt IT because there is a conscious plan to do so, and that plan is supported by a belief that the solution will do good things for the business, the solution is a recognized (if not expected) approach, and the business believes it has adequate resources and capability to effectively handle it.  It’s all about:

  • Intent,
  • the attitude towards adoption,
  • belief of expected outcomes and their value,
  • expectations and the motivation to comply with them, and
  • evaluating barriers and the adequacy of resources to overcome them.

Intent

The first and most important element is intent, a conscious plan to get or do whatever it is.  If the customer has no plan to get the item and sees no need for it, then the barrier is pretty high.  However, if the need can be created, and the customer can be driven to believe they need to get the item, then there is intent.  Now they’re looking for you and not vice versa.  Consider that the Snuggie wasn’t “something” until folks were told that blankets simply weren’t good enough any more for lounging around (they don’t have sleeves!).  Once people believed there was a problem, they pursued finding the solution.

The attitude towards adoption

Next, what’s their attitude towards getting the item?  Sometimes people go looking for things they don’t think they can actually get, and often they know they need something but don’t think the solution is even out there, so they have a jaded viewpoint from the start.  A prospect with a positive attitude and who wants to actually find a solution is far better to work with than one who has already determined that you can’t help them.  Sometimes all it takes is a good listener to help create a positive attitude and make someone willing to tell you how you can help them.

Belief of expected outcomes and their value

Now, what does the customer think they will get from the deal?  Will the solution actually solve problems or create new ones, and are the perceived problems to be solved big enough to really worry about in the first place?  Small businesses tend to be very cash conscious, wanting as much value as possible for any expenditure.   Further, most small businesses don’t let go of their cash easily and certainly not for frivolous purposes, so a successful sale is often supported by the customer’s belief that they will get a real solution and benefit – something of value which will be realized, and that is important enough to deal with sooner rather than later.

Expectations and the motivation to comply with them

It is interesting how many small businesses go shopping for products or solutions that they don’t actually intend to purchase or adopt.  Sometimes they just want to be able to say “we’re looking in to it”, even if they aren’t and don’t plan to, and sometimes they have a business requirement that they don’t want to have to meet due to cost or complexity or whatever.  Let’s say a business has customers complaining about unresponsive or bad support, and how they should have a ticketing system to help track issues better.  Maybe the customers have the right idea: maybe the business should have a ticketing system (the business provides support and ticketing systems are considered a support service industry norm).  This is the expectation.  Let’s also say the business uses a CRM solution to handle support, and they believe it handles things just as well as a separate “ticketing” solution.  Just because there is an expectation (customers want ticketing system), it doesn’t mean the business is motivated to comply (CRM does just fine).  Expectations come in many forms and from many sources – customers, vendors, employees, contractors, the government and regulatory… on and on.  Expectation and motivation to comply are both high when it comes to legal and regulatory issues, as these things can be tied directly to money and cash and risk.  In other areas, it may not be as easy to identify or address.  The best way to look at this issue is to try to understand what the business is doing now, whether the approach works or may be materially improved in servicing their business and model, and whether or not the business recognizes an immediate need to make the change.

Evaluating barriers and the adequacy of resources to overcome them

The final and perhaps most important factor in SMB adoption of IT is the simple belief that it can be done.  Done at all, I mean, not just done “affordably”.  My dad taught me that it’s not a bargain if you can’t afford it.  Now, this doesn’t mean that there aren’t times when a business needs to bite the bullet and extend itself to become better.  But any small business in this position is a tough sell, simply due to real resources and capability.  No matter how much a business may know it needs something, if it really can’t do it, or believes it can’t – it won’t.

Make sense?

J

Posted on

The Psychology of Small Business IT Adoption

Convincing small business owners to adopt and apply technology in their businesses is often a difficult thing to do.  While most business owners readily accept the need to have computer software to help them produce information and an email account to communicate with others, even such fundamental business solutions as a business website or computerized accounting system can be a hard sale.

Solution providers in every category are looking for ways to communicate the value of their products and services to businesses, and many do not consider that communicating value to a small business owner is not the same as communicating value to a larger and more established enterprise.  There is research available which discusses why small businesses adopt IT, and how the importance (weight) of various factors change as the business grows.  With small businesses fueling the economy and numbering far larger than their enterprise counterparts, it makes sense to understand just why small businesses buy.  It’s also interesting to note that this research revealed that the different characteristics of firms and individual executives “did not have a unique effect on adoption decisions”.   If the decision wasn’t impacted by characteristics of either the firm or individual executives, what does impact the decision?

An academic study by Icek Ajzen (Organizational behavior and human decision processesUniversity of Massachusetts at Amherst) discusses a theory called the Theory of Planned Behavior, and this theory was posed as a basis for predicting who would pursue a particular course of action or activity.  The idea is that “intentions to perform behaviours of different kinds can be predicted with high accuracy”, and that the prediction is based on attitudes, subjective norms, and perceived control.  Okay, but what does that really mean?

Intentions represent the strength of a person’s conscious plan to do something.  So, when someone intends to do something, like adopt an IT product or service, it means that there is a strong positive plan in that person’s mind to accomplish the activity.  However, having a plan in mind – no matter how strong or positive – is impacted by several elements: attitudes, subjective norms, and perceived control.

Attitude represents the belief that the activity will lead to a consequence that means something.  If you have a plan to adopt an IT solution, but then develop a negative attitude towards the likely outcome (consequence) of using the solution, adoption isn’t likely to occur.  On the other hand, if the belief is that the results or consequences of adopting and applying the solution will be useful, and deliver benefits in the areas intended, then the chances of deciding to make the purchase increase dramatically.

Another factor which weighs on the intent to do something is the pressure related to “subjective norms”, or what might be considered to be social factors.  These factors exist in the firm, in the customer base, with partners, and within the market.  As an example, it is an expectation that a business will have email addresses, computers, and other technology to support the business.  This is simply a normal expectation of businesses today.  It is also a requirement that businesses protect customer information, a requirement and normal practice from both a privacy and regulatory perspective.  It is this expectation and the pressure to be “normal” (a motivation to comply) that also weighs on the decision to act and adopt.

The final factor is perceived control, which comes down to the person’s perception of how easy or difficult it will be to do what they’ve got in mind.  Looking at various potential obstacles, and judging whether or not the business has the resources and capability to overcome them effectively, results in either a positive or negative impact on the intent.

All of these things are placed in linear order, and a straight line can easily be drawn as you move through the process.  It’s all about:

  • Intent,
    • the attitude towards adoption,
      • belief of expected outcomes and their value,
        • expectations and the motivation to comply with them, and
          • evaluating barriers and the adequacy of resources to overcome them.

Boiling it all down to a fairly simple explanation, businesses adopt IT because there is a conscious plan to do so, and that plan is supported by a belief that the solution will do good things for the business, the solution is a recognized (if not expected) approach, and the business believes it has adequate resources and capability to effectively handle it.

Make sense?

J