mobile access – Page 2 – Cooper Mann Consulting

February 11, 2014

Migrating Business Data to the Cloud

When businesses elect to have their desktop applications hosted in the cloud with a hosting service provider, they are also electing to have their data hosted with the provider. This point is not always obvious to non-technical users and those unfamiliar with the hosted application concept. Many business owners have adopted an online or hosted application solution and then realized after-the-fact that their data was no longer present on their computer. At least, no current data was present, and it was quite a surprise the day they wanted some information but could not get it because they were not connected to the Internet at the time. An important thing to remember, and the essential factor in measuring risk associated with use of cloud services and hosted solutions, is that adopting online applications in almost any form means that the data associated with (and possibly even data remotely associated with) the application will also migrate to the cloud.

Migrating on-premises servers – and the applications and data residing on them – to the cloud makes sense for many businesses. Particularly as network and internet threats increase in number and as system vulnerabilities are more frequently introduced with remote and mobile access technologies, cloud solutions can significantly assist a business in mitigating the risks of being connected. Yet business owners and IT managers must be diligent in terms of understanding the measures their service providers take to protect and preserve as confidential the customer’s business data. And it becomes more than essential that any and all tools or services implemented be part of a strictly controlled information management and data protection plan.

Where applications are simply interfaces and logic; the value for a business is in the data used by the applications – data containing information about the company, how and with whom it does business, and how it makes money. It is critical that the business consider how and where users need access to applications and data, so that any cloud deployment does not wind up hindering productivity rather than facilitating it to a greater level. It is when the user becomes disenfranchised, unable to perform their work due to lack of access to information or tools, that “shadow IT” deployments appear, and data sharing solutions are introduced outside of the governance of management or IT.

The vast number of offerings for hosting applications and managing business data in the cloud makes finding and implementing the right business solutions a complicated and often frustrating process. Even large providers that specialize in delivering from a menu of business cloud solutions often forget that their target customers may not be particularly tech-savvy, and will fail to recognize the nuances in service delivery or protection that could make big differences to the business down the line – like in the case of a system failure or outage.

Among the keys to a successful cloud solution deployment, particularly when critical and frequently used applications and data are to be migrated off-premises, is a thorough understanding of how users currently work with the tools provided, ensuring that processes and utilization can be fully adapted to the new IT model.

As long as users are able to retain their productivity and efficiency, and when improvements in workflows and information access become additional benefits, the security and protection of the business data is more likely, as users will feel less compelled to find alternative and less secure means for making the business data available from the cloud. You may want to migrate your business data to the cloud, but you don’t want your data to migrate further than you can reach.

Joanie Mann Bunny Feet Make Sense?

January 6, 2014

Security and Users: Change is the Only Constant

Managing user accounts and access to business IT assets is challenging, particularly as cloud and social computing models introduce new wrinkles in security and identity management. Information has become “mobile” along with the users accessing it, yet management of user behavior is even more complicated that trying to manage a digital resource.

If you look at the history of security breaches, you’ll find that many of them started with a user making a mistake – like losing a laptop or clicking on a phishing email, downloading bad software, or forgetting to report an employee termination to the IT dept – something which inadvertently created a vulnerability that could be exploited. It’s tough to stop breaches because there are so many possible ways for them to happen.

If most security breaches start with a user mistake, then IT departments have their hands full because users aren’t static, unchanging objects to monitor and manage. Users change, sometimes a lot. It is this constant change which undermines the ability for some IT departments to meet the demand to adequately secure company information systems and data. Now is the time to take control of user security and identity management, creating automation and controls to protect business assets in a constantly evolving environment.

It is not simply employee turnover that challenges security management. Certainly, IT departments have been dealing with user account creation and termination for a long time. And sure, users have sometimes been promoted and demoted, resulting in the requirement for IT to increase or perhaps decrease access to information and applications. These are normal and expected activities for a business IT department. Unfortunately, IT often doesn’t hear about the user’s change in status. An account isn’t disabled, access isn’t restricted, and the system is left vulnerable.

Just to pile on, think about what happens when a user is more than just a single system user. It may be manageable when where a single identity and set of credentials governs their access to applications and information. But the proliferation of web-based services and SaaS solutions has made it commonplace for users to have multiple applications and services available to them, each with their own approaches to identity management.

For even a small business IT department, the security of all of these access points and applications must be managed and monitored – no small task when the department may not even be aware that the solution is in use. It is not unusual for file sharing, data sync, or other applications to be implemented in businesses without the knowledge or participation of the IT department. Actually, many services attract users due to their simplicity and ease of use, leveraging the fact that they can be deployed without the “assistance” of IT.

Users are becoming increasingly mobile, accessing information and applications from public and private locations while using any number of possible mobile devices. Vulnerabilities which may exist in public networks and the increased potential for device loss or theft are high on the list of concerns of IT departments managing remote and mobile user access. Mobility is driving many changes in how information technology and access to systems is provided to users, and it is changing user demands for what they should be able to easily accomplish while being mobile.

Businesses need to recognize that their continued existence may rely on keeping their information systems and assets safe and secure. Disaster recovery and business continuity applies not only to loss of physical systems, but also to losses of various forms due to data breach. The disaster recovery and continuity plan (you have one, right?) should not only address situations after they happen; planning by definition is proactive. It is not enough to have a plan to recover from loss or failure; the business must actively engage in activities which will prevent loss and reduce vulnerability.

Part of this plan necessarily centers on managing users and user identities, ensuring that the company knows about all access or user accounts involved and employs strict processes and guidelines for making sure they are constantly up to date and have the authority to do what they’re trying to do. In short, the plan must also be a plan for change, providing change management processes to guide the business as the evolution of information technology and the dynamics of user interaction continue to change.

jmbunnyfeet Make Sense?

September 23, 2013

Licensing the Cloud: Software Distribution and Use in a Remote Access World

Whether we like it or not, and whether we agree or not – software developers have a right to decide how and where their licensed products are run. There have always been arguments in this area, where software license purchasers take the position that they should be able to do what they want with their licenses, and where commercial software developers believe they have the rights to dictate authorized usage. Truly, when it comes down to the legalities of it all, the software companies will win because they have the legal footing to fall back on – the EULA containing use rights and terms which licensed users have agreed to.

The problem has been ongoing, with software developers constantly and consistently seeking methods to reduce unauthorized software distribution and unsupported use, and users spending amazing amounts of time and resources finding ways to break the rule. Copy protection, “phone home” license validation models and all sorts of approaches have been developed to prevent software theft and unauthorized distribution. But it happens anyway – a lot – and the cloud is turning into a great facilitator. Surprisingly, it’s an “in your face” approach, too, where the previous iteration of web-enabled software theft (unauthorized digital downloads and license cracking) was fairly quiet and tried to be secretive to stay out of the gun sights of the developer. Today’s “flavor” is right out there, being marketed to any and all who care to view the ads.

With businesses more frequently turning to “cloud” server providers to run business applications, it is no wonder that the IaaS and PaaS companies would want to make their services easier and more valuable to acquire than the next guy’s. Aside from a groovy control panel and great networking and VM pricing, the added value from these providers is in the applications they are able to service. More frequently, hosting service providers are marketing their solutions in the context of the applications customers run on the service (which makes sense, because the application’s what really matters). Leveraging the brand value and recognition of popular commercial software products makes sense, as it improves overall visibility and increases the potential of the “right” kind of prospect engaging and becoming a customer.

The problem arises when these service providers sell hosting services for, or which support, applications they are not authorized or licensed to deliver, and this is where the argument comes full circle. The hosting provider wants to host applications customers use, customers have licenses for those applications, but not a right to have them hosted. The host deploys the application anyway, because that’s what the customer wants. “What’s the risk?” they ask… “the customer has the software license”.

The risk is, unfortunately, greater for the service provider than for the customer. Even if the customer has a license for the software product, that license may not actually be eligible to run on a hosted server. “Businesses lease computer equipment all the time, and they can run the software on those systems” is the next argument generally offered by the service provider. But, in the eyes of the software developer, there may be a big difference between leased equipment run in-house versus subscribed platform services deployed via a commercial hosting provider. Even Microsoft recognizes the benefit and value of providing “mobility” of application licensing, and has specific licensing models to allow commercial hosts to deploy customer-owned licenses. While many service providers understand and recognize the requirements to ensure that customer applications are properly licensed for hosted delivery, there are a great many who think the rules simply do not apply to them. These folks are introducing a great deal of risk into their hosting businesses, even if they are not willing to recognize it.

When a customer runs their software in an unauthorized manner, they risk losing the rights and benefits associated with their software license. When a commercial hosting company runs software on their servers that they have no right to install and run… they are potentially guilty of unauthorized software distribution and copyright theft.

Actions against facilitators of unauthorized content distribution – you can equate “software” with “content” – have received much press in past months, yet much of the discussion centers on music and video content (as in the Megaupload story). Actions involving commercial software products tend to be somewhat less visible, probably due to reluctance by commercial developers to have what could be perceived as negative press flowing through social media venues. It’s popular to protect music and videos, but hosting providers aren’t seeing the wisdom of preserving the integrity of a commercial software product license. Instead, they’re relying on the customer to indemnify them (the customer has a license, remember?). But the customer can’t protect the host; the host must protect the host – it’s the prudent business approach.

Infrastructure providers, platform providers and businesses operating as application hosting companies should pay close attention to the content living on their servers. Taking a position that the customer has the right to do whatever they want with the system is not a viable position; the precedent has been set that the hosting provider is responsible for the content on their systems. In the case of hosts offering service for small business applications like Microsoft Office and Intuit QuickBooks, for example, it is essential that a service model which conforms to and supports proper license usage be in place, and that any required authorizations are, too.

Software is just another form of content, and the cloud makes distribution of and access to content a lot easier, even when it shouldn’t be.

Make sense?

September 3, 2013September 3, 2013

The Cloud for Your Firm: 3 Initial Considerations for Cloud Enabling Accounting and Bookkeeping Firms Working With Small Businesses

The Cloud for Your Firm

3 Initial Considerations for Cloud Enabling Accounting and Bookkeeping Firms Working With Small Businesses

The potential benefits of a real-time, lean collaborative working model are too great to argue with. Accounting professionals, bookkeepers and their small business clients are all hearing about the value of working together in the cloud, and how cloud technologies and solutions can reduce cost and improve efficiency. There is a great deal of truth in these statements, just as there was a truth in the value of implementing computers, networks and other technologies in business. What is not clear is exactly what businesses need “in the cloud”, and how they should approach this shift from local IT to outsourced managed service. Initially, there are 3 issues which warrant consideration, if not deep discussion, prior to making any significant move to relocate internal IT and shift business applications to the cloud: internal use systems, client interaction, and operational support for both.

With all the discussion about cloud computing and remote access, it would seem that all the applications and solutions businesses need are now available online and paid for in low monthly subscription fees. Anyone working with small businesses, however, comes to understand that the vast majority of these businesses are still using more traditional modes of information management and computing. For the most part, these businesses are using PCs and local networks, possibly with a little hosted email thrown in. Almost certainly they have a website and maybe even a fairly sophisticated e-commerce system that allows them to sell products online. But when it comes to general office functions, and particularly back-office functions like bookkeeping and accounting, the software and the data generally reside on the office PC and server.

Accounting and bookkeeping professionals who work with small businesses are often in the same position as their business clients when it comes to information technology. Since so much of the work involved requires the same programs and data formats as those used by the client, service providers find that they spend as much in management of software licensing and systems to support working with client data as they do on systems intended for internal use only – sometimes more. Many of these service providers are also small businesses, and it becomes challenging to find a way to handle internal IT needs while at the same time trying to address those of the client. Where e-commerce solutions are readily available to handle operational aspects of product based businesses, the best tool set for a professional accounting firm or bookkeeping business working with small business clients may not be so easily defined.

The solution for many providers has been revealed through cloud computing and hosted application models. With Cloud Servers, Remote Desktops, and Virtual Desktop Infrastructure now widely available as affordable alternatives to capital-intensive implementations of locally installed products, businesses are finding new abilities to manage applications and data, provide mobility and enhance collaboration. The additional benefit is in how accounting service providers may engage with their clients in more efficient and effective ways, without the burdens of replicating data or trying to share access to a single machine or application resource.

There are a number of elements to consider before taking the file server to the parking lot and running it over with a truck. Moving to the cloud is not a one-step process, and it is important to do a little research and collect some important information before making the final decision on how to proceed.

Internal Use Systems

Among the first of the questions to ask when considering a change in IT management approaches is “which software do we need”? Implementing an outsourced IT arrangement, which is really what “cloud” is about”, does not necessarily mean throwing away all the existing software and starting with new. The software in use within the firm may be exactly what it needs right now and adding full IT management, fault tolerance, and remote or mobile access could be the main scope of the requirement. Moving from locally installed solutions to hosted solutions provides quite a number of benefits while removing many of the direct costs and frustrations of IT management and administration. The greatest benefit of this type of approach is the ability to preserve the “body of knowledge” existing in the business, knowledge invested in the people and processes already developed.

On the other hand, there may be new tools or services only available as “cloud” service, and it makes sense to explore how they may benefit the business more than the in-use applications. The important element is to remember that the solution must address real business problems, and whether it runs in the cloud or not isn’t the first or most important thing to ask. For example, a discussion about whether QuickBooks Online might be a better choice than QuickBooks Pro, Premier or Enterprise should be focused on the functionality provided by the applications and not which servers they are running on. With application hosting for QuickBooks now being an available option, there is a managed IT and remote access capability for both solutions, rendering the fact that QBO is a SaaS solution almost irrelevant in terms of being a differentiator.

Client Interaction

An important aspect of adopting new technologies or working models is the consideration of how the firm and the client businesses will work together, and whether or not there is (or could be) a standardized approach that might work for most clients. Certainly, it makes sense to standardize as much as possible. Treating every issue or engagement as a singular event – a one-off – is the least efficient way to do business. The key to profitability is in the firm’s ability to produce high quality work consistently and in a timely fashion. This requires that the business be well-structured in terms of the standard processes and methods which will be used to work with client information. When the firm and the client can work seamlessly together as and when required, and when each is responsible for their own systems and data, it is a best-case scenario. The questions relating to client interactions focus on how the firm works with clients and which tools or solutions are required to improve that situation.

It is likely that the firm will need to be able to address working relationships with various client and engagement types – where clients do some of the work, where the bookkeeper does the work, or where the participants work collaboratively together in the same systems. While it may seem that the best way to create a dependency on your services with the client is to keep them out of the systems, empowering the client is really the key to a close and long-standing engagement. This means that the client needs to have their own solutions and approach to cloud-enabled IT, and the accounting or bookkeeping service provider should be able to access and work within that environment.

It is rare that a small business can effectively operate without computers and software to manage information and support operations, so it makes sense that the business should have its own accounting and financial systems, too. For the accounting service provider, it is essential that a level of understanding be gained around the use of today’s available remote and mobile access technologies, as it is with these solutions and tools that participation in client systems will be enabled. When the client accounting solution sits on their office PC, there are limited options for working together in any real collaborative form. Connecting to their PC via remote control is a widely recognized means of gaining access to client systems, but if the bookkeeper is on the system when there is a problem of some sort, all eyes go directly to that remote user as the likely cause of the problem.

The considerations relating to remote access to client systems focus not just on enabling a collaborative working environment, but also on mitigating risk and improving client perception. The risk issue comes in when the accounting service provider is exposed to systems and information not relevant to their task, and the perception issue becomes material when the accounting professional becomes the software or IT service provider. It makes sense for the accounting professional to make recommendations or suggestions about software and IT service which might benefit the business, but not to necessarily be the reseller or direct provider of the product or service. The moment the accounting professional attempts to sell the client a software product or IT service, the relationship is changed and the client is more likely to view their accounting pro as another vendor rather than a trusted advisor. It’s also not necessarily a great move to start a new client engagement by telling the client they have to switch accounting products to allow the accountant to work closer. Rather, professionals need to help their clients position those products for more efficient use, which may include enabling remote or mobile access granted via deployment in the cloud.

Operational Support

When businesses outsource their IT management and administration, there is often an initial belief that all responsibilities in these areas will be handled by the IT service provider. What is often overlooked is the reality that the firm still needs to have people attending to IT related tasks, just doing different levels of work with the technology. It is important to recognize that someone in the firm will end up dealing with various IT and process support issues, and it still makes sense to have personnel dedicated to these tasks (*Note: here’s where I suggest that the cloud changes the focus of internal IT personnel, but it doesn’t eliminate the need for them). The service provider and solution evaluation and selection process, as well as the actual deployment and administration of services, will take valuable time away from actually performing client accounting or bookkeeping work, and there should be people attending to these issues while the business continues operating.

Where an internal IT department or contract technicians may once have supported internal systems, an operational role within the business is still required to manage outsourced IT activities, including and particularly those where clients are involved with the firm systems. Delivering new benefits with a minimum of business disruption is the goal, and can be achieved through proper planning and coordination with team members and clients alike.

Closing Thoughts

“The Cloud” is just another way to run software and implement computing resources. It still takes servers and software, it uses processors and storage and networking, just like more “traditional” computing models. The difference is in how these resources are purchased and provisioned, and the impact is a change in how businesses of all types can benefit from technologies which enable collaboration, lean process, and mobility. The Cloud for Your Firm addresses your internal business requirements, lends itself to client collaboration, and has internal operational support to ensure the firm is fully leveraging the available benefits to improve business performance and profitability.

Make sense?