The IT Checklist
Why write a blog post about an IT checklist? Firstly, this will give you an overview of what we consider to be best practice to have peace of mind about your IT and secondly, it will serve as a framework against which to measure your current IT infrastructure.
I mentioned in my previous blog post (about IT challenges facing SMEs) that small businesses often focus on a few specific areas where they perceive the biggest benefit to be, while ignoring other important aspects. To avoid this and assist SMEs in developing a comprehensive IT strategy, I have broken down IT into what I consider to be the important building blocks. While the relative importance of each building block will differ for different businesses, we all need all of them to some extent. Ignoring any particular building block will leave your business vulnerable to risk, or will cost more money to fix over time as gaps become apparent. The best approach is to consider each building block and devise a long-term goal to move towards.
When I bounced my ideas for building blocks off my trusted advisor – a successful business owner – he didn’t really like the name of this building block because it sounded a bit technical, but in the end I decided to keep it, for better or worse… Think of processing as the processing power you require to make your business work. This includes simple things like laptops or workstations, but also some more complicated choices like on-premises or cloud servers, mobile phones, etc. Most businesses pay adequate attention to this building block, as it is seen as something close to the business that can make a tangible difference. However, spending too much money on the fastest processor while neglecting other building blocks (like your network connections or storage), might mean that you can’t get the full benefit of the fast processor.
Some key considerations in selecting the most appropriate processing building blocks for your business include the following:
- Workstations – laptops or desktops? / PC or Mac?
- Standardisation of workstations – what brand and model workstation are we going to roll out?
- Lifespan of workstations – how regularly are we going to replace workstations?
- Servers – needed in addition to workstations? / cloud or on-premises?
- Standardisation of servers – what brand and model server are we going to roll out?
- Datacentre infrastructure to support on-premises servers.
- Should servers be leased or purchased?
- Lifespan of on-premises servers – how regularly are we going to replace servers?
- Hybrid cloud – how do we balance between on-premises and cloud computing?
- BYOD (bring your own device) – are we allowing/requiring employees to bring their own devices?
- MDM (mobile device management) – are we managing mobile devices on our network?
All businesses need storage for one of their most important assets, their data. Storage is not often neglected, but usually addressed in a hap-hazard way as the need arises. This can lead to wasted expenditure and can be very expensive to fix. Not planning your storage requirements in advance could lead to shortages or the wrong decisions, like buying more consumer grade equipment to expand quickly, only to discover later that the hard drives are incompatible with your new server, or moving to cloud services without considering the best deployment strategy that ends up costing a fortune.
Some key considerations in selecting the most appropriate storage building blocks for your business include the following:
- Volume – how much data do we need to store?
- Availability – does all data have to be highly available? / can some data be archived?
- Encryption – do all data drives need to be encrypted?
- Speed – at what speed do we need to access the data?
- Access – how do we control access to data?
- Central or distributed – do we keep data on a central file server or on workstations?
- Cloud vs on-premises – do we use cloud storage, on-premises storage or a hybrid model?
The software building block includes all applications we use in running the business, including databases. Software as a service (SaaS) has had a major impact on how we consume software, levelling the playing field between large corporates and SMEs by eliminating the need for complicated on-premises deployments. In many cases SaaS comes with less control over your data, so it is very important to keep this in mind and make sure you use trusted vendors.
Some key considerations in selecting the most appropriate software building blocks for your business include the following:
- General LOB (line of business) software – what office applications, accounting package, CRM or marketing software, etc. do we need?
- Specialised LOB software – video editing software if you are video editing firm or audit software if you are accounting firm, etc.
- Virtualisation software for servers – VMWare vs Hyper-V?
- Internet security – what anti-virus, anti-malware and ransomware protection do we need?
- File sharing software – what business grade file sharing service? / on-premises or cloud based?
- Backup software – how do we back up endpoints (workstations) and servers?
- Operating system – what operating system should we deploy?
- Should we purchase software or sign up for SaaS?
A network is like the vascular system of the IT infrastructure, connecting systems with each other and users to systems. This includes the devices that manage and control the network and provide us with a connectivity backbone (mixing my medical metaphors!), like routers, switches and wireless access points. Broadband business connectivity has become a requirement for doing business and the reliability of these broadband networks will become more important as our dependence on cloud-based computing and other services increase.
Network considerations include:
- Speed – how fast should our LAN and WAN connections be?
- Redundancy – does the network need high availability?
- WiFi – do we need wireless access to the network and what speed is required?
- Remote access VPN – do users need remote access the network?
- Site-to-site VPN – do we need to connect to other offices, datacentres or to cloud infrastructure (i.e. Amazon Web Services or Microsoft Azure)?
- WAN lead time – how long will you have to wait for that fibre connection?
Network peripherals – what printers, scanners and other devices do we need?
Security is one of the building blocks we all agree is important, however in reality this is often neglected. In particular, small businesses might address one aspect of security (like installing anti-virus software on workstations) but leave the door wide open to other forms of attack (like ransomware). Modern businesses are network connected entities and the number of devices and applications that touch our data has increased tremendously in recent years, which in turn increases the malicious attack surface. This building block is one that will require increased focus from all businesses going forward and I will cover this in more detail in the next few blog posts.
Security considerations include:
- Compliance with law and other regulation – does your business need to comply with any industry regulation?
- Data encryption – does your data need to be encrypted? How do you send or receive sensitive data?
- Secure file sharing – how do you share files between employees, contract workers and clients?
- Password management – do you have software in place that manages password strength and age? Do you manage passwords to SaaS applications?
- SSO (single sign on) – do you have SSO in place for devices, applications and network access?
- Network security – do you have a firewall (UTM appliance)? Do you have strict network access control in place?
- Endpoint Security – do you have anti-virus / malware and ransomware protection?
Backups & Disaster Recovery
Many businesses have backups in place, but very few actually have a BDR (business disaster recovery) plan or document. It is worthwhile having a BDR plan – it doesn’t have to be long or complicated – but it will be invaluable when disaster strikes. Having a BDR plan will give you a benchmark against which to test how well you will cope with a disaster. Remember, your backups are only as good as your latest recovery test and the same goes for your BDR plan.
Backups & BDR considerations:
- RTO (recovery time objective) – how quickly do you need to recover?
- RPO (recovery point objective) – how much data can you stand to lose?
- Onsite / offsite – will the backups be onsite only or onsite and offsite?
- Data encryption – does data need to be encrypted at the destination?
- High availability failover – do you need some systems to fail over to redundant hardware?
- BDR knowledge – are your employees familiar with the BDR plan?
All businesses use a number of communication channels which include telephone systems, email, video conferencing and instant messaging. Although these services are mainstream these days, I think that businesses might miss a few tricks in implementing these efficiently and to save on costs. VoIP and hosted exchange are two examples of services that most businesses should be utilising, since they are flexible and cost effective.
Key considerations in selecting communication systems:
- Hosted exchange – should we use a hosted email service provider?
- What is an appropriate mailbox size for employees?
- Archiving – should we archive emails from staff leaving employment?
- Hosted switchboard vs on-premises – should we host our own PBX or opt for a cloud service?
- Video conferencing – should we use a cloud provider or on-premises?
- Should we use corporate instant messaging?
Monitoring & Maintenance
Monitoring and maintenance is arguably the most neglected building block and in my opinion where many SMEs get it wrong. Preventing problems is better than trying to fix them and in the long run much more cost effective, which is the reason why most corporates have this in place. I also emphasise the importance of process/system documentation in this building block, which is vital for any business.
- Monitoring of IT systems – do we monitor all systems including servers, workstations, network equipment, etc. to detect issues and perform preventative maintenance?
- Documentation of IT systems and processes – is everything documented to reduce keyman risk?
- Business continuity plan – what happens when disaster strike?
- Regular evaluation of IT systems – do we have a process in place to discuss problems and expansion needs on an ongoing basis?
- Patch management – will software, hardware drivers and firmware be updated automatically?