Helping clients manage their technology for over 30 years.

Building Better Wireless By Mapping Your Goals

Compass "direction" concept

Wireless chatter really is everywhere: I recently saw an ad from a major pain relief company touting the benefits of its latest product, a “wireless” pain patch

But wireless implementations can be plenty painful, and there’s no magic patch to ease the strain.

When clients ask us the best way to ensure that a wireless service performs as desired, we advise them to begin by asking — in non-technical terms — what they’re trying to accomplish. Continue reading

Cloud Computing best practice: Evaluate Cloud provider security with these 7 questions

Person writing on glass the words good, better, best. The word best is circled.

Unless you’re an expert in security issues, doing proper Cloud provider due diligence can be daunting. Yet it’s essential, given the importance of your business’s data and applications.

So I offer seven questions for you to ask of every Cloud provider you’re considering. Pay attention to the answers you get and don’t hesitate to demand drilldown details. Remember: You’re contemplating putting at least some of the data and apps your business relies on into this provider’s Cloud environment.
Continue reading

Essential SLA Elements #3 and #4: Monitoring, enforcement, and change mechanisms

A good service-level agreement looks simple — but that’s because it’s been conscientiously negotiated to meet the buyer’s needs. Of the five essential SLA elements that every managed and cloud services customer should focus on, I’ve described two — specifying service functionality and describing the infrastructure and standards to be maintained by the provider.

Essential SLA Elements #3 concerns SLA changes. Your SLA should include a mechanism by which you can regularly tune it in response to changing business conditions or new technologies. You’ll benefit from building in a formal review of your SLA (at least annually) in order to use experience and new information to revise it.

Continue reading

Essential SLA Element #1: Why specifying each service to be provided is critical

I see five essential elements that you absolutely need to pay attention to in your managed and cloud services SLAs. I’ll review each of them in my blog, starting with: Specifying each service to be provided.

This may seem obvious, and, in fact, it is. Yet too many service-level agreements are surprising vague about what exactly you’re buying.

Continue reading

Your SLA: Forgotten secret to getting the most from your cloud provider

To get the most out of your managed or cloud service, you need to invest the time in negotiating a good service-level agreement.

The SLA is a key part of the contract between you and your provider, since it describes the levels of service being provided and the metrics used to ensure your provider delivers full value. And the right SLA with the right service provider can mitigate cloud risks and help your business flourish.

Continue reading

Why a SAS 70 Type II audit matters

Since the arrival in 2002 of the Sarbanes-Oxley Act (SOX) as well as other more stringent financial accountability standards, the role of SAS 70 Type II audit and certification has grown. My company takes SAS 70 Type II audits very seriously.

That’s because both SOX and SAS 70 Type II use the same model of controls — so a SAS 70 Type II certification is the best way third parties (like our customers) can be assured of acceptable, SOX-compliant service organization controls.

Developed by the American Institute of Certified Public Accountants (AICPA), SAS 70 Type II audits mean an independent third-party has verified that a service organization’s policies and procedures were correctly designed and operating effectively enough to achieve the specified control objectives.

Continue reading

Infrastructure security and coping with cloud and social media: 9 key questions to ask

Our chief technical officer, Mike Dillon, estimates that the number of infected sites is growing by 20% to 25% a year. “If your company is shifting more toward cloud services and hasn’t addressed security, you will be attacked,” he says.

So here are the (non-technical) questions you need to ask and get answered to protect your business:
Continue reading

6 security questions to ask about your data and who gets access to it

It’s easy to tumble backwards into information security, to let yourself get sidetracked into arcane, hard-to-follow discussions about the innards of technologies and products when in fact you need to be thinking through higher-level strategy and policy.

If, for instance, you don’t actually know yet whether your business would benefit from using encryption, listening to the sales pitches of competing encryption product vendors is a waste of time.

Continue reading

Security that works starts with the right business decisions

Effective information security is gravity-fed: It starts at the top and works its way down, always beginning with a strategy explicitly designed to protect business value. That strategy then gets implemented via an over-arching security policy or plan.

Developing information security strategy and policy centers on making the right business decisions. Once you do that, what seems the most daunting part of information security — choosing the appropriate technologies — becomes much more transparent.

Continue reading

What happens when disaster strikes the DR guys?

Traffic sign indicating disaster

It was a stormy Wednesday morning commute with intense wind and driving rain, when a driver lost control of her car, struck a utility pole and ultimately caused eight to fall all along the road in front of the Quest building. The power went out, and live wires and downed transformers blocked traffic. Everyone in the office was trapped.

This wasn’t a “major” event — not the kind of incident we typically think of when we talk disaster. Yet even something this mundane could have put our company completely out of operation for at least several days.

We executed our own disaster recovery plan

As a Disaster Recovery and Business Continuity services provider for scores of clients, Quest was better positioned than most companies to handle just such a disruption.

Initially, battery and generator backup provided phone and Internet capabilities. By utilizing resources at several other locations, Quest was able to continue functioning until they got the all-clear to evacuate, and fortunately no one was injured — that’s when we began executing on Quest’s own Disaster Recovery procedures.

By three o’clock the same afternoon we were fully operational at remote locations, with some of our staff at our Business Resumption Center and others working from home. Customer service calls, billing, email, phones — everything we needed to keep functioning was operational.

No operational disruptions

For the Quest team, the event was an unqualified success—not a drill, but the real deal providing employees with a window to what the company does for clients. As for Quest customers, they didn’t experience any difference in service.

There’s nothing Quest could do before that we can’t do now. That’s precisely why we have Disaster Recovery capability.

If you never drill, it’s just theory

“Part of the success of the plan’s execution,” says Quest CTO, Mike Dillon, “came from disaster recovery drills, which Quest does quarterly.”

“Drills make a huge difference — we already knew what we needed for our critical systems to function,” explains Mike. “If you never drill, it’s just theory. Every drill we do teaches us something, makes us smarter about our own operations, and smarter about the operations of our clients.”

Quest’s disaster recovery experience is a big advantage for clients. Most companies, even those with a plan, don’t take disaster recovery drills seriously. Even for those that do, the disaster will still be a first-time event. Our business is helping companies, including our own, recover from disasters. Our clients have that experience to lean on.

Be prepared for the mundane and the catastrophic

Every event, real or drill, is a learning experience. It’s a sentiment shared by Quest COO Kathy Campbell. “One of our ah-ha moments came when we had to address some issues that occurred at the corporate office during our absence —no power to the employee refrigerators and freezers, and no one in the office to feed the fish. Continuing our business operations at a remote site turned out to be the easy part.” And it allowed the city, county, and power company to do their clean up for as long as necessary

Reflecting on lessons learned, I put a priority on keeping all staff up to date about what’s happening. The need-to-know rule applies to everyone in your organization. My primary take-away? Even little disasters can have a huge impact. You need to be as prepared for a mundane disruption as you are for a catastrophic one.

Downed telephone poles in front of the Quest office