May 24

What is the hidden cost of IT

By Charles | Business

There are 2 types of hidden cost of IT which could actually be seen as taxes of a sort. The first is software licensing. Licensing is not a tax but it can seem like a hidden cost. There are licensing costs, maintenance costs and management costs. If you use software then you need to pay for it. Software allows you to save money on people hours. It allows you to scale parts of your business and it allows you to increase the speed at which you can transact with your customers. If you cannot afford to pay for the software you are using then you need to do things the old fashioned way with man hours otherwise suck it up pay for the software and realise the amount of time and money you have actually saved by doing so. There may be open source alternatives you can use without a licensing fee however do not expect all the costs to disappear. Support costs will certainly be there unless you can google all the answers yourself.

The second cost which is harder to see still is that if you use IT you need to protect it. Just as you put a security guard on the front door of your building checking ID’s you need to do the same whilst checking users actually have authorisation to use your systems. This obviously means that there will be some additional overhead just for the ability to use IT. It comes in several different products such as anti virus, anti malware, IDS, HIDS, FireWalls, URL filtering.

In most countries there are legal requirements to keep people’s’ data safe. You can not just collect data and leave it laying around the office. Decades ago we used to store data in filing cabinets but even those cabinets had keys to stop unauthorised access to the data. The modern day equivalent is software which does the exact same thing. It can be used to defend, monitor, alert and store an audit log of who has accessed what and when and from where. Unlike filing cabinets computer systems can be accessed from outside your business. I don’t even need to be in the same country to gain access to your files anymore.

When it comes to the hidden cost of IT. It does exist and it is something you have to pay for the privilege of using IT.

May 23

It’s 2016 and data is still being stolen

By Charles | Business

So it’s 2016 and data is still being stolen but is that the main issue? You may remember your grandparents saying years ago we used to leave the house doors unlocked and we never locked the car either. These days you can’t even leave a packet of crisps unattended so why do so many businesses leave something as valuable as their data unlocked?

[h2_heading]It’s 2016 and data is still being stolen[/h2_heading]

There are really 2 issues we need to address here. The first is that, believe it or not, your data is so valuable to bad actors they will do anything to steal it. Your data is not just a list of orders in your ecommerce system. It is trends that show what the market is purchasing. It shows what other users bought with those items and it can help predict what they will buy and when in the future. That is some very expensive market research and whilst bad actors most likely will not want it for that reason someone else might.

Another often overlooked piece of information that you are trusted with is your users usernames and passwords. Most of the time a username is an email address and as users are inherently lazy (sorry its the truth) they tend to reuse the same username AND password for every single service they have signed up to. This is not such a surprise as there are a multitude of different services users need to help them organise their personal and work lives. With so many it’s easier for them to just use the same combination on every site. Good for their memory bad for their security.

The second point that needs addressing in “it’s 2016 and data is still being stolen” is encryption. Having your data stolen is bad enough but not making it difficult for it to be sold on is almost a crime in itself. Nothing is 100% safe, nothing is 100% unhackable but encryption can at the very least stop data being sold on and at most make it so damn difficult to break (by taking so long to decrypt) that it is essentially useless. Have you ever bought a bike lock? Some offer £30,000 as compensation if thieves manage to break the chain. Now the company itself will know that the chain is not unbreakable but they realise that it will take so long to do or require very special equipment which you can not carry around easily in order to remove it. It is this preventative measure (the time needed to break in) that will force bad actors to find another easier target.

So whilst it’s 2016 and data is still being stolen, that is not the real issue. The issue is that this data is not encrypted and that is a massive problem for your company and your customers. It is your issue and it needs to be addressed by at least the IT department responsible for your business and most likely by the C level directors responsible for the company. Data loss may never be 100% preventable but it sure as hell does not need to be useable too.

So encrypt your backups and encrypt your data and for heavens sake do it now so I don’t have to write a 2017 article 🙂

May 20

Process and Tech which one leads?

By Charles | Business

When you are looking to use software to create efficiencies in your business you must remember that software is just the implementation.

[h2_heading]Process and Tech[/h2_heading]

In IT we have a acronym called GIGO. Garbage in, Garbage out. If the process is rubbish to begin with the software replacement will improve nothing and could actually make things worse. Making it worse! How can things get any worse? To start with you will have wasted resources in both time and money on something which was never going to work and no one wants to use, that would certainly be worse. Having now implemented a process that is not fit for purpose can create new bottlenecks as the inefficiencies have been removed leaving users more frustrated than before.

Moving all the pressure onto people to work around a failing process can cause stress. Causing stress is never good for productivity and morale will suffer leading to employees deciding to work somewhere else. If they start to work around the process it will leave you will no visibility of how the process implementation is functioning or why it is failing. No data from the process and you cannot work out what needs to be changed to fix it. There are countless stories of new software products being installed and users continuing to use the ‘old’ system. The users hate the new system as it does not work like the old system. Managers think that the new system is working well as everything is still moving forwards but they have no idea that the new system is not even being touched. So what can you do?

Before you start on the implementation you need to work through the current process and see if it actually works well or if it can be improved. If it is not already documented then write out the whole process flow. You can use Microsoft Visio for this or several other tools are available. Find out if the current process actually works by asking the people that use it. You need to know from both sides of the process so the users that start the request and the users that have to fulfil that request. Ask if both users can think of anything to improve this process. They might suggest having more visibility of how far along their request is. Just sending a request off via email or an electronic form can leave users feeling left in the dark. If it is a three stage process communicate what stage of the process users are on and who is currently responsible for completing that stage. The Process and Tech should not compete with each other, they should work together to give you the efficiency you need.

By now you should have a solid process mapped out in diagrams from start to finish. If these improvements can be tested on the current process they should be implemented first to test out the changes. It might be that the changes can only be shown in the digital process in which case do some dummy runs using only the process logic. Have the requirements been met and has the process been improved? Only when the process has been signed off by the users should you start to think about digitising the process. Implementing the process in software will be the easiest part of the project providing what you are implementing works. This should vastly cut down on the amount of wasted resources and improve the number of successfully delivered projects.

When it comes to the Process and Tech relationship, the business and the process always lead. The tech is there to automate, speed up and make the business more efficient but if either of the Process and Tech pair are not fit for purpose then both will fail together.

May 19

My start-up needs IT resource but what?

By Charles | Business

For such a simple question ‘my start-up needs IT resource but what do I need’ there is no simple answer as it will depend on several variables such as what type of business you have started.

The world really is full of start-ups selling the next best thing but not all of those start-ups are tech start-ups which can leave some out in the cold when it comes to IT. For those that are not, what should they be looking at to make sure that their business can survive those treacherous first few years? Is the ability to scale important? Should the business be able to scale from the very beginning or does that come later?

The above are all very good questions and IT can seem like a minefield. Google Docs or Office 365. On premise or in the cloud. All have their pros and cons, none are really explained to non IT business owners.

[h2_heading]My start-up needs IT resource but what do I need[/h2_heading]

Do not buy hardware, rent it.

You may have read it is better to rent liabilities than it is to buy them. This usually applies to cars but I think it is the exact same principle when it comes to IT resource.

When it comes to running a lean IT infrastructure there are a few things that we like. The first is monthly subscription costs for software. If you do not have much start-up capital then spending less if obviously better. There is no need to go out and purchase hardware for email and web servers when you can get exactly the same service with no massive up front costs. Worst comes to the worst then you can just cancel everything. Monthly subscriptions allow you to scale up and scale down in tough times. This is certainly a perk but do not worry about scaling until you have a proven product with feedback from your customers.

If you do buy on premise hardware and software you are going to have to pay someone to manage and maintain it. In IT we tend to specialise in one particular field as those fields are now so large and the software more complex than ever before. So you would need a database specialist to manage backend databases, a network engineer to manage switches and broadband connections, a unified communications engineer to look after VoIP, Instant Messaging and possibly email. This means you need a whole team of people for something which is not the profit generating core of your business. If you purchase a cloud based service it can be managed for you. This type of service is usually called Software as a Service or SaaS. For example Office 365 gives you exchange email accounts. No looking after Hub Transport servers, Mailbox Servers or Client Access Servers. Bliss.

If your start-up needs IT resource, at the very least you will need a website and the ability to send and receive emails. This means buying a domain, setting up web hosting and email accounts. This will allow you to be found and to communicate with the market. As a Microsoft partner we use Office 365. Setup can appear a bit difficult if you have not had to manage DNS (Domain Name Services) before but after the initial setup management is as simple as creating a user and assigning a license.

When you first start out you need to concentrate on your product and getting feedback early. You do not want to be troubleshooting and setting up servers and software that you are not in the least bit familiar with. If you are creating a mobile app then you will want to start with an MVP (Minimum Viable Product) from here you can get feedback and iterate through versions until you find out exactly what your customer wants.

So when it comes to ‘my start-up needs IT resource’ we suggest keep it simple and start with only the very necessary then build up. Use subscription services to keep costs down. Do not pay large upfront costs on IT. Only buy the services you absolutely need at that moment in time. Web hosting, email, Office applications. Money saved on upfront hardware costs will be better off spent on marketing.

May 16

Should I be encrypting my SQL backups?

By Charles | Security

Encrypting backups is a relatively new feature in SQL server, first introduced in SQL 2014 but with recent data leaks you might be left thinking should I be encrypting my SQL backups?

I am not saying that when hackers steal data all they do is copy your backup files. Most attacks will be aimed at production systems where the most up to date data is found. The fresher the data the higher the price. However there is a much higher chance that the permissions have been incorrectly set on a backup drive as that is not where you have focused your attention. An admin might have set it up for read only access for everyone (either by mistake or just for convenience) on the network share instead of just a few authorized people.

With so much pressure to hit deadlines and generally just get things to work. The focus on the main goals leads to less consideration of the rest of the environment. The problem is people can get distracted and are sometimes lazy. Not just those trying to protect data but even the people who are trying to steal it. Why would I spend days or weeks breaking into a safe if there is a less well guarded repository with almost identical prizes in? I can assure you if I can steal a backup file in few hours instead of data from a production system in a week I am going to go with the path of least resistance.

[h2_heading]So should I be encrypting my SQL backups?[/h2_heading]

Do your backups leave your datacentre?

Do your backups leave your business?

The answer to both of those questions should probably be yes. If you do not have any off site backups and your site suffers from a disaster then you have lost your production systems and your backups too.

You might be worried about overheads, the speed hit and the size the backups will be. I have tested this and the size increase is negligible with a speed difference depending on if you are using HDDs or SSDs but in the long term neither should be a problem. So I would suggest doing some of your own testing but you really should be encrypting SQL backups.

May 12

What is security through obscurity?

By Charles | Business

Security through obscurity can be your downfall. If you do not understand your security how do you know it will protect you? How can you think of ways to test your security if you do not know what you are attacking?

[h2_heading]What is security through obscurity?[/h2_heading]

To put it bluntly security through obscurity is evil. It is the false hope that your security is solid, impenetrable even. The phrase itself means no one inside the business understands what the security model is so they believe that no one else will be able to figure it out either which somehow should make it secure. Do you want to place that bet? Do you really want someone to brute force their way to find a chink in your armour?

It is not a principle that people actually implement however it is a description of how a security model looks. If you do not understand how your security is setup or why is has been set up in a particular way this can leave you vulnerable to attack. Finding ways around security is relatively trivial. There are many tools to do it for you but breaking security is a process and as such it just takes time. It requires that you first understand what is in place in order for you to create an attack to help you achieve your goal of gaining access or stealing data.

Security should be simple, there is divinity in simplicity. It should be understandable, if you do not know how it works then you will not know how it will not work. It should be in depth. You need one security strategy but you need multiple levels of security to protect your business and your data. These levels, the depth, at the very least make it take longer to bypass. If you are too hard a target you will dissuade the ones looking for an easy payday.

Half of the job of creating and protecting systems is trying to break them. It is much better that you break your system and create a fix prior to going live than letting someone else enter and leave with your data. This is why all of the large Tech companies offer ‘prizes’ for finding hacks to their systems. Even if they have 500 security researchers on staff they know that it cannot compete with 5 million potential experts taking a peak.

A few tips

  • Design your security model
  • Use multiple levels of defence
  • Regularly test your own defences
May 07

What is DBA as a Service?

By Charles | Business

There are many ways to get the required database skills your business needs. Some are cheaper, some offer better levels of service. It is really down to what your business requires and what your business determines as best value as to which option you should use to fill that skills gap. The options are fairly limited so you can hire a DBA fulltime, get a consultant or use DBA as a Service also known as Managed SQL Services.

Having database skills is a requirement for over 87% of businesses, even the small businesses. How can that be? Every application you use needs to store data somewhere. It could be a bespoke application for your industry, a case management system, CRM application or even a HR system. In most cases a SQL Server relational database is storing your data which needs to be looked after and certainly needs to be backed up. Could you run or grow your business without those types of application available to your employees? What would happen if the database was lost and you couldn’t restore from a backup?

Developers have relied on SQL Express more and more over the years. It gives a solid database engine which is reliable. For applications that have small system requirements such as databases being under 10Gb in size and not needing more than 1Gb of RAM it is free. It is the perfect partner to store an applications data as it is easy to integrate with and can be bundled with applications. Being a FREE gateway product has helped SQL Server spread and end up on most businesses infrastructure. Once databases grew too big then they would need to purchase at minimum the standard edition of SQL Server making an easy transition for the customer and an easy pay day for Microsoft. This lead to the need of specialists to look after these database back ends. As more small businesses are increasing their reliance on software products to increase their growth and service their customers. The importance of these applications has grown with the dependence on them making them mission critical.

[h2_heading]DBA as a Service[/h2_heading]

DBA or Database Administrator as a service is exactly what it sounds like. You outsource your database management requirements to a company that agrees to provide you with their database skills for a fixed cost based on the SLA’s required. The support will most likely include remote management and typical DBA processes such as re-build and re-organise indexes, updates statistics, database integrity checks, backup management. Processes that should already be in place but are often missed out when a business has not had the requirement to manage databases before. The first signs of these processes being missing are slow applications or the missing ability to restore a database to a previous state when disaster strikes.

Monitoring of performance and the resolution of any performance issues is a great bonus to have. Instead of blaming ‘the database’ and just restarting the server an experienced DBA will be able to find and resolve performance issues. By tuning a database you can increase its performance. No database ever stays the same. Like a child they grow and change overtime. So a system installed five years ago will most likely not be used in the exact same way it was intended. Especially if the application has been updated over time adding new features. When it comes to performance a DBA can find and resolve the issue or inform other teams about what the root cause is rather than just ‘the database is slow’.

Having knowledgeable DBAs designing a backup strategy and monitoring your database backups is probably all the justification you need to use DBA as a Service. Most of a DBAs job is around backups and restores so making sure they are working is paramount. The other option of course would be to hire a DBA full time but do you really have approx. 40 hours of work per week for that one person to do? Can you justify paying one person over £35k to look after backups and wait for the next disaster? If not a fulltime person then a contractor could fill the gap as a temporary measure but once they have gone will you take over the database responsibility? If not then DBA as a Service is likely the most cost effective option for your business. Not only will you not have to worry about covering the full time salary or the training requirements but by using DBA as a Service you will have a full team of experienced professionals ready to show their worth. They will be available when you need them and you will not be paying for them to sit around for the next disaster. For a more in depth look at should I hire a DBA click here for what to consider.

In the end using DBA as a Service is a bit like having a warranty. You buy it and sometimes forget about it but when the inevitable happens they are there to drag you out of the fire and keep your business running with minimum downtime.

These days your business is your data, without backups you don’t have either and that requires someone to manage them. You wouldn’t buy a car without getting a warranty no matter how old it is. So why would you leave your entire business open to the possibility of a catastrophic event?

May 06

Should I migrate to SQL 2014 or wait for 2016?

By Charles | Architecture

You may have seen either my blog post about SQL 2016 found here or one of many of the other posts by SQL professionals leaving you with the question. Should I migrate to SQL 2014 or wait for 2016? Microsoft gives access to several release candidates of SQL server prior to the general release to the public. Software vendors rarely announce support for the latest version as soon as the general release is available. Either they have not completed all their testing or they might be waiting for any initial teething issues to be fixed by Microsoft first.

That leaves a gap between the general release and vendors announcing that they will support the latest version of their applications on the latest SQL platform. This then leaves businesses that want to move to the latest version with a dilemma. Do I move to SQL 2016 anyway and hope I do not have any support issues or do I wait for it to be formally announced.

This is hard enough to decide for just one application but what if your environment is shared and you have dozens of different applications using your SQL servers. You now need to decide if you only move the applications with announced support and split your environment into two. Those supported on SQL 2016 and those that are not or wait for all of your applications to announce they are supported. Splitting the environment can literally double your licensing costs overnight which can be very expensive.

[h2_heading]Should I migrate to SQL 2014 or wait for 2016[/h2_heading]

SQL does allow you to put a database into compatibility mode which makes it feel like it is running on a previous SQL Server. You can usually go back about two versions prior to the server version. This may or may not allow your application to work you will need to test it on each database as it will be application specific.

If you are currently on any version of SQL Server prior to SQL 2014 then it might be worth ignoring SQL 2016 for the near future. By getting everything that is currently on a previous version of SQL server onto SQL 2014 you can make sure that all of your databases are on a supported platform. Supported by both the vendors and by Microsoft. This will also give you a good idea about your applications and if they will work on SQL 2016. If any of your application vendors do not support SQL 2012 or SQL 2014 then it is very unlikely that they will support SQL 2016.

By consolidating any SQL versions in your business onto a supported SQL platform you might be able to save on licensing costs which can be substantial especially if your business is suffering from a rapid growth cycle creating server sprawl. This will at least give you a good starting position to move to SQL 2016 later on.

I personally do not like running applications on SQL versions, OS versions or even hardware that is not supported by the vendor. I like the security of knowing if I phone up about an issue they will not tell me that is an unsupported configuration. Two words which can strike fear into the heart of any administrator. If you hear those words they are basically saying you are on your own.

The reason that you might want to jump to SQL 2016 could be the need to use one of the new features such as the support for R or the new mobile reports. You might just want to get access to the faster query processing or latest version of AlwaysOn. If you need these features then you will of course need to check that your application will run on SQL 2016 and do thorough testing.

So should I migrate to SQL 2014 or wait for 2016?

If you absolutely need one of the new or latest versions of features then you need those features and will need to go to SQL 2016.

If you do not need the new features and are worried about using an unsupported application on SQL 2016 they do not go to SQL 2016.

If you want to go to SQL 2016 but can wait for your application vendors to announce support then wait a bit longer. Once they announce support you can test and then move in your own time.

What do you think the answer is for the question ‘should I migrate to SQL 2014 or wait for 2016?’ for your business?

May 05

The future is cloudy when it comes to IT

By Charles | Business

In IT the future is cloudy but these are not the black clouds of doom and gloom that you might expect me too talk about. They are more white and wispy with a few small patches of grey. Changes in the IT industry have often been quite big but this latest change is bigger than anything that has come before it. Forget 8 bit to 16 bit, forget 16 to 32 bit and certainly forget 32 to 64 bit because you no longer really need to know anything about the underlying physical infrastructure.

[h2_heading]When it comes to IT the future is cloudy[/h2_heading]

The future is software as a service. The future is apps running on a platform that you do not have to maintain also known as PaaS or Platform as a Service. The future is the cloud and with the billions being invested by Amazon, Google and Microsoft there is no longer anyway to go back.

The future is the cloud and you need to seriously consider your choices as the cloud is about to pass the point of no return. Those that have been using cloud services like AWS, Azure and Office 365 have had first mover advantage for approx. 5 years. They may have had teething problems to start with but I can assure you these platforms are very robust. The little bit of grey I mentioned as always are lawyers and the law, trying to catch up with technology that moves faster than the legal system can keep pace with. Where is your data held? What rights do foreign governments have over your data if it is held by a company registered in their jurisdiction?

When it comes to how you implement your IT infrastructure the future is cloudy and you need to make sure that your team have the expertise in this new wave of IT. You will most likely start by using a hybrid approach which means you join your internal systems to those in the public cloud. When you realise that you can further reduce your costs on electricity, air conditioning for on premise systems and maintenance you may feel that it is time to move entirely to the cloud. Want to move to the cloud? Start here for a primer. The future is indeed bright and the future is certainly cloudy.

May 03

SQL Server 2016 commeth on June 1st

By Charles | Architecture

Its been a long wait, well almost exactly the same 2 year wait that the last version took to release but with all the latest and greatest features available in SQL 2016 it has been a very exciting wait indeed.

[h2_heading]SQL Server 2016 commeth on June 1st[/h2_heading]

It might seem a bit weird for a DBA to be championing BI (Business Intelligence) features however they are just to exciting to ignore so lets start with those. You may have heard of DataZen a company Microsoft bought in April 2015. They create platform independent BI dashboards and using their dashboard server everything would be rendered in html 5. It was and is a fantastic product and Microsoft have only gone and integrated it with SQL 2016 as mobile reports giving businesses two ways to view and consume reports the other being the standard paginated reports.

So what other features appear as SQL Server 2016 commeth? Built in support for R but what is R? R is a programming language used for statistical reporting bit of a mouthful and not something I have much experience with however noise about R has been getting louder and louder over the last few years especially with the growth of Big Data and SQL 2016 is certainly a platform that is all about data.

I feel the need for speed. SQL 2016 comes with serious speed increases. If I told you that you could gain up to a 34x increase in query performance on your current hardware would you be interested? If your reports or applications are currently running slowly this could be a reason for you to at least test out your current apps to see if you can get a very decent performance increase. Personally I prefer to dig into the code if there are any issues with application performance however up to 34x improvement for a migration to the latest version could save you time digging through code although you will still need to take some time to do thorough testing prior to migration.

I love encryption so should you and now Microsoft have finally given us encryption to get excited about. The aptly named Always Encrypted technology protects your data at rest and in transit with zero database performance impact. I think someone has been peeking at my Christmas list.

So now we know the date it might be time to put some serious thought into should I upgrade to SQL 2016? I will write another post on exactly this topic very shortly.