Helping clients manage their technology for over 30 years.

Essential SLA Elements #3 and #4: Monitoring, enforcement, and change mechanisms

A good service-level agreement looks simple — but that’s because it’s been conscientiously negotiated to meet the buyer’s needs. Of the five essential SLA elements that every managed and cloud services customer should focus on, I’ve described two — specifying service functionality and describing the infrastructure and standards to be maintained by the provider.

Essential SLA Elements #3 concerns SLA changes. Your SLA should include a mechanism by which you can regularly tune it in response to changing business conditions or new technologies. You’ll benefit from building in a formal review of your SLA (at least annually) in order to use experience and new information to revise it.

Continue reading

Essential SLA Element #2: The devil’s in the details

I’ve already blogged about the importance of negotiating a service-level agreement that specifies the functionality of the managed and cloud services you engage.

Now I’m going to focus on Essential SLA Element #2: Including details about the system, network, and security infrastructure and standards to be maintained for your services by the provider.

Continue reading

Why a SAS 70 Type II audit matters

Since the arrival in 2002 of the Sarbanes-Oxley Act (SOX) as well as other more stringent financial accountability standards, the role of SAS 70 Type II audit and certification has grown. My company takes SAS 70 Type II audits very seriously.

That’s because both SOX and SAS 70 Type II use the same model of controls — so a SAS 70 Type II certification is the best way third parties (like our customers) can be assured of acceptable, SOX-compliant service organization controls.

Developed by the American Institute of Certified Public Accountants (AICPA), SAS 70 Type II audits mean an independent third-party has verified that a service organization’s policies and procedures were correctly designed and operating effectively enough to achieve the specified control objectives.

Continue reading

2 tricks that can deliver the right service provider treats

It’s a 21st-century truth that even small businesses need complex information technology infrastructures to thrive. Which is why so many enterprises, both large and small, depend on the expertise of independent providers of managed and cloud services.

But using managed and cloud services can be risky, too. How reliable is the service? Where’s your data? And what about security?

Continue reading

On the menu: Networking, dinner, and the scoop about cloud computing

Cloud Computing has been defined by the National Institute of Standards and Technology (NIST) as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

No wonder the Sacramento chapter of Financial Executives International (FEI), the leading organization for senior-level financial executives, wants to hear about it.

Continue reading

Dangerously vulnerable: 3 quick (and scary) anecdotes

How secure are the data, applications, systems, and networks your business depends on? If you’re like too many of the executives I talk to, you may believe all is well — but only because you haven’t asked the right questions.

One executive told me recently, “We’re cool; we haven’t had to touch our firewalls in three years.”

Continue reading

Don’t let your firewall get burned by employees’ mobile devices

As more and more of your employees use mobile devices, these machines may start out behind your firewall — but they don’t stay there. They move around, to other networks with different firewall rules. Or no firewall at all.

When that mobile device returns to its trusted place behind your firewall, it may carry a cyber-infection that can attack your network from the inside.

The great firewall challenge lies in balancing the tradeoffs between degree of protection, usability, and cost. That balancing act starts with understanding what your firewall actually does.

Continue reading

6 security questions to ask about your data and who gets access to it

It’s easy to tumble backwards into information security, to let yourself get sidetracked into arcane, hard-to-follow discussions about the innards of technologies and products when in fact you need to be thinking through higher-level strategy and policy.

If, for instance, you don’t actually know yet whether your business would benefit from using encryption, listening to the sales pitches of competing encryption product vendors is a waste of time.

Continue reading

How cloud computing and VoIP make IT disruption avoidance easier — and less costly

Nobody stays in business long if their business-critical data and apps are lost. So pardon me if I sound like my replay button got stuck, but I’ll say it again: make sure your critical data and apps are replicated to a secure remote environment that’s always accessible from anywhere.

You’re at least halfway there if you’re using a cloud-based backup replication service — but, of course, you need to make sure you’re dealing with a provider with a secure, scalable, fail-safe environment and plenty of flexibility when it comes to service options.

Continue reading

Step 2 to mastering business IT disruptions — continued: The 3-part path to implementing cost-effective disruption recovery solutions

Before you can implement the best disruption recovery solutions, you have to know what they are. This entails a three-part process that requires business continuity/disaster recovery expertise:

  1. Figure out the minimum applications and data necessary to sustain your business and the timeframe(s) within which your necessary apps and data must be restored. How long, for example, can you function without email? How long can you make it without voice communications?
    Continue reading