There’s a difference between thinking you have what you need and actually having what you need. When it comes to IT, the two are often confused.

For example, during a discussion about effectively backing up systems and data, a CEO asked his IT guy if their company”s systems and data were backed up. The IT guy replied yes, and his boss sat back with a contented expression on his face.

I got concerned. Clearly, this CEO thought his company had the backup capability it needs. But does it?

Does this CEO know how long it’ll take for the company’s email or voice systems to be functional again after they’re brought down by an outage?

Actually, no. All he really knows is that his systems and data get backed up. But he can’t answer the crucial question about restore time because he never asked the right question.

That’s because this CEO asked a product question: Do we have a product that does back up? The question he really needs an answer for is a capability question: How long will it take for our systems to be operational again after an outage?

Talking product instead of capability is a common trap for CEOs during technology discussions. I call it the IT product trap. If all you’re hearing is product descriptions, you need to be talking to someone else.

Don’t get snared.

This month's issue of our newsletter is all about virtualization. And for good reason.

Taking advantage of virtualization technologies can improve your operational efficiency, saving you money and freeing up resources that can be put to work on other important technology projects. Take a look at the Did-You-Know article from our March 2011 Newsletter for why your business should be considering it. I think you’ll find the numbers are compelling.

Yet, while the improvements virtualization offer are real, simply running out and virtualizing as much as you can as fast as you can will leave you wondering just where all your benefits went.

Look before you leap

Before you jump into virtualizing every server in your data center, you need to know that as good as this technology is, there are some applications that will do well in this environment and others that will not.

A good first step is to make sure your IT team truly understands all the nuances of the technology. Many virtualization projects end badly because something as simple as I/O capacity (the ability to move data) is not considered — even though virtualization depends on efficient data movement.

And don’t be fooled by vendors pitching some kind of virtualization starter kit. To really reap the benefits, you need to see the big picture of virtualization in your IT environment. It’s essential to have a plan that moves you from a starter phase to a management phase. As always with complex technology, we suggest talking with a trusted expert before signing on for a do-it-yourself project.

A hospital administrator told me recently that he’d been informed by his IT team not to put in too many security defenses because this would attract hackers.

Rationale: The more you give hackers something to crack, the more they’ll want to have a go at you.

Unfortunately, hackers looking for a challenge are no longer the real threat. Cybercrime is a mega-business worth billions. These folks aren’t doing it for bragging rights. They want data they can sell, like social security numbers, customer databases, company credit cards, the health records of employees — information every business has on hand.

Better than nothing

To his credit, the hospital administrator actually had a security policy: Don’t do too much in the way of security.

Foolhardy, yes — but at least he’d thought about what his security policy should include. Which is more than can be said for too many CEOs and CFOS, especially at small/medium-sized companies.

I think the single most preventable misstep CEOs and CFOs make regarding security is not talking about what they want to protect.

I’m not referring to a conversation about how to protect the data — that’s for technical folks. I mean a higher-level conversation about what should be protected, who should have access.

If you’re not comfortable starting a security policy conversation, get help from a trusted partner. Do it now. In this new world of stealth malware, every company is a target.

If you’re like most CEOs, you don’t have time for your lawn, so you hire a lawn service to keep it healthy and appealing.

Chances are you don’t know anything about the equipment used on your property. And you don’t care because you’re not buying equipment — you’re buying a service, a capability, and, most importantly, an end result.

That’s precisely the approach we advise CEOs to use when considering information technology. Like taking care of the lawn, discussions about IT also should be about an end result.

So don’t let conversations about how IT can help your organization address a business challenge or exploit an opportunity drift into elaborate product and solution debates. Too often, you’ll end up confused, frustrated, and unclear about how to proceed.

To keep IT discussions from becoming too technical, you need to stay focused on capability.

For example, you know your customer service operation needs to handle a certain number of calls per minute and can’t be down more than, say, five minutes a day. So all you need to know about your IT operation is that it’ll support this level of service. You don’t need to know or care what products are used or why.

A trusted partner will usually understand your business goals and help you achieve them — not try to blind you with technology.

Some IT folks, desperate to rein in budgets, are looking at scrapping maintenance contracts and moving to time-and-materials. I’m no fan of such a move, because I know that once you’re out of the ‘system’ you’ll struggle to get help, the response will be delayed, and you’ll pay dearly for each fix.

But I also know the pressure IT shops are under these days, so I offer this advice:

Review all your components with an eye to how much risk and aggravation you can tolerate. Do you really want to risk your entire system staying down for some indeterminate time because you no longer have a maintenance contract for your routers, switches, and servers? Those are the kinds of contracts you’ll want to keep. There will be others where a fee-based approach is acceptable.

Look at the type of service you have for each component and see if you can roll back the level of service. Do you need to have everything covered 24x7? Can you live with next-day service instead of same-day for some things, such as desktops or printers?

Lastly, seek out advice from trusted sources who may have other options to help keep your systems running and you sleeping at night.

We’re all looking for ways to reduce costs. But how we do it is as important as getting it done.

On the home front, it’s easy to see why across-the-board cost cuts aren’t an option — the new car can be sacrificed, but paying your children’s tuitions remains a priority. Freezing all expenses at pre-crisis levels isn’t viable, either — budgets must be flexible enough to handle hikes in utility bills or insurance premiums.

The same holds true for IT budgets. Simply freezing or slashing budgets across the board can be done — but should it be done? For instance, if you cut your infrastructure staff without making provisions for dealing with their workload, you’ll find the business doesn’t have the support it needs to function cost-effectively.

Our advice is to prioritize. Make a list of what you’re behind on, should do, and would like to do. If you’re pressured to reduce headcount, re-allocate some of your budget for services that can replicate lost support.

And talk to your trusted technology partners about how they can help. You’ll be surprised at the options available for addressing both your capital and operating needs.

This issue of our newsletter is devoted to infrastructure. Although it comprises the very cable and wiring on which every network and application runs, it’s not unusual for organizations to do an initial infrastructure design and installation and then never think about it again. Even when laid in place 10-15 years ago, infrastructure gets noticed only when there’s a major problem or move.

But two reasons make it worth noticing: performance and unnecessary expense.

Performance and cost
Performance troubles begin when new bandwidth hungry applications are routinely layered onto existing infrastructure with no real analysis of the impact. These problems typically get blamed on the network or applications — and that’s where the unnecessary expense starts.

Because infrastructure is low on most folks’ radar, performance problems get ‘solved’ by upgrades to software or networking equipment...money spent everywhere but on the fundamental problem.

Performing an audit of your existing infrastructure every year or two to determine if what you have at the base level — your cables and wiring — are up to delivering what users expect is essential. If you don’t have the time or expertise in-house, ask a trusted partner. And if you’re building a new data center, be sure to let experts manage the infrastructure installation. Don’t leave it to an electrical contractor.