In 2002, IT managers will have to do more with less. Preview feature hed: Back to the basics dek: in 2002, IT managers will have to do more with less. dek: a successful security process should consist of seven layers. dek: 2002 will be the year to renegotiate service contracts. edited by James Mathewson
Every year, COMPUTERUSER polls its top analysts to give our readers–IT professionals for small- to medium-sized enterprises (SMEs)–sound advice on projects coming down the pike in the coming year. Last year, we focused on emerging technologies, such as ASPs and unified messaging, that failed to emerge in 2001 for most SMEs as their budgets shrank with the economy.
Rather than focusing on emerging tech, this year we will look at what I consider to be core issues for a vast majority of SMEs, including the following:
With Windows XP and Mac OS X in full release, there has not been a more compelling time to upgrade clients enterprise-wide since 1995. Should you upgrade now, or wait until next year? With the heightened awareness of our fragility following the attacks of Sept. 11, coupled with the onslaught of worms following the attacks, security has taken center stage for many SMEs. What should SMEs do to improve the security of their Web and e-mail systems? Customer Relationship Management (CRM) is not a new thing, but most SMEs are still trying to figure out how best to retain the clients they worked so hard to get. How should SMEs handle CRM in the coming year? Cost-cutting means figuring out how to improve relationships with vendors, often called supply-chain management. How should SMEs approach the supply side of their businesses in the coming year?
COMPUTERUSER’s senior analysts have a combined 60 years of experience in covering IT. Though their names are familiar to regular readers, let me introduce them here.
Editor at Large Nelson King is a 20-year analyst of the computer industry. His award-winning work for several IT publications places him in the top tier of all analysts in the industry. He currently writes Pursuits monthly and at least one cover story per year for COMPUTERUSER.
Contributing Editor Maggie Biggs has more than 15 years of IT experience. She currently writes Linux Advisor monthly and several other features during the year for COMPUTERUSER. She is in the midst of launching her own small business and hopes to attract many customers in 2002.
Contributing Editor Lincoln Spector also has more than 15 years of experience covering the industry. Though known for his humor column, Gigglebytes, he also has won numerous awards for his serious analysis for other top-tier technology publications.
With only five years of covering the industry under his belt, Contributing Editor Sean Dugan is the relative newcomer of the group. Still, his award-winning work for InfoWorld has rocketed him to the top of the profession.
Now, on to the topics of discussion.
Should SMEs upgrade client operating systems in 2002?
Hype aside (and don’t we all do that automatically now?), there are good reasons to move off early versions of Microsoft Windows (95, 98), not the least of which is being left without support. On the other hand, there’s no compelling reason to go for the newest, such as Windows XP. Windows 2000 and XP really are better than 95/98, but improvement doesn’t imply leaping without looking at your own situation. Apple users are in much the same boat concerning upgrades to OS X.
Small- and medium-sized businesses should ask themselves some other questions before answering this one. Do your existing desktop OSes allow your team to conduct business successfully and securely? If so, there is no compelling reason to upgrade your machines to a different client OS.
Are you trying to reduce desktop licensing costs? If so, you might consider upgrading to a Linux desktop, which is seven times less expensive than current commercial offerings (see Linux Advisor, Sept. 2001).
Taking the longer-term view, business leaders need to recognize that we are nearing the end of the traditional desktop PC. If possible, extend your existing desktop OS investment as you start examining post-PC devices during 2002.
If you’re investing in new client hardware, you really don’t have much of a choice. New systems will come with the latest OS, and there’s little you can do about it.
But should you upgrade existing systems? Not unless system crashes are taking a major toll on your bottom line (Windows XP is much more robust that Windows 98 or ME). Remember Spector’s Law: We need ever-faster hardware to keep up with ever-slower software.
Always ask why you’re upgrading. Is there a specific OS feature you need now? Vendors are making aggressive deals to move inventory, so consider an OS upgrade if you’re already looking at buying new PCs. Buy the new PCs with Windows XP already installed and save yourself a lot of upgrade headaches. If you’re not taking that plunge, then hold off at least until mid-year. By mid-year, all the kinks and bugs should be worked out. While XP has some whiz-bang features, it also doesn’t come cheap and without it’s own set of headaches.
How should SMEs approach Internet security issues in 2002?
Make a checklist of basics: firewall, virus scan, authentication (where appropriate), encryption (where appropriate). Cover them all, and then stick to a maintenance and upgrade schedule. In short, don’t panic, don’t go overboard; just do it (if you haven’t), and be sure you’re thorough if you have done it.
Businesses of all sizes need to regard security as a process rather than an end goal. Companies that use a layered approach to their security process will be less likely to sustain unauthorized internal or external accesses, or attacks.
The seven layers needed to form a successful security process are:
A regularly updated security policy Server and client-based security tools Scheduled security auditing Router-based security measures Firewalls Intrusion detection Incident response strategy
Ongoing attention to your security (as a process) is critical to sustaining a successful business.
Many companies will wonder if they should replace Microsoft Internet Information Server. The program seems to have one security flaw after another, and keeping it safe (if that is possible) involves regularly installing a patch on top of the last patch. If IIS were a sweater, no one would remember the original color.
Of course, IIS’s problems may be more the result of its popularity than of particularly poor design. If everyone jumps ship and a competitor becomes the market leader, it won’t be long before that needs regular patching.
Start with the basics–plug your holes. SANS and the FBI have a brand-new list of 20 top security holes. How does your network look relative to this list? This also hints about your overall preparedness. Lots of open holes means you need to think more about security before the next Nimda virus hits. If nothing else, identify one tech person you can designate as security officer (it doesn’t have to be a full-time job). Have him or her take responsibility for virus maintenance and receiving security alerts. Write up a contingency plan and buy your security officer a pager and cell phone.
How should SMEs approach customer relationship issues in 2002?
Small- to medium-sized businesses ought to stomp the big guys on this one. While giant corporations chase after CRM and wallow in a sea of complex database issues and flaky customized software from in-over-their-heads vendors, businesses that don’t have such a massive volume of customers should be able to deal with them on a much more realistic and even one-on-one basis. That’s the key: Treat every customer as an individual as much as possible. This applies to the Internet, of course, but phone, mail, and other traditional means of approaching customers should not be forgotten.
Customers are becoming savvier all the time. They don’t want cute slogans or a lot of promises. They want to be able to access your products and services in the easiest manner possible.
The key to successful CRM is twofold. First, make your company highly accessible. Some customers prefer snail mail while other like faxing, and many more favor accessing your Web site for sales and support. Provide access to your company in as many ways as you can given the current economic conditions.
The second part of successful CRM has to do with internal information integration. No matter how customers interact with your sales and support organization, you need to make sure that all information about a customer is closely linked and easily accessible for your entire staff. Having complete and accurate customer interaction information will allow you to provide the highest levels of customer service.
As I write this, I’m having horrible problems with a garage-door installation company that didn’t return phone calls, failed to tell me how to prepare for installation, and smashed my car. I won’t use them again.
With the recession deepening, customers are likely to be in short supply. Treating them well is your highest priority. A lot of Internet companies imploded because they cared more about pleasing stockholders than customers. But without customers, the stockholders won’t stick around either.
Keep your customers happy and solidify your relationship. Customer loyalty is precious in tight times. Consider how IT spending can provide better service to existing customers. This might mean an automated call center or a do-it-yourself trouble-shooting database. A CRM package, as a Web-based service, is very affordable for organizations of nearly any size.
How should SMEs approach supply-side issues in 2002?
Despite the bad economic news–in fact, because of it–now is a very good time to explore the Internet for supply-side efficiency and value. Of course, unlike things a company can do for itself, those things require cooperation with one or more other companies–not always the easiest or most secure thing to do. These problems are not new; however, the Internet’s speed and customers’ unfamiliarity tend to intimidate newcomers to supply-side services. Don’t be intimidated. Instead seek out the various online exchanges related to your company, talk with companies already doing Internet trade, and run a pilot project or two. See how much money and time you can save.
The watchwords for supply-side issues continue to be roughly the same in 2002. Businesses need to focus on automation and integration to speed up the supply chain. For early adopters, that may mean starting a pilot Web-services project to see how the technology can help you tightly link processes with your suppliers.
Those who prefer to take a more traditional approach to supply-chain issues will want to examine things like trading exchanges (public or private), data integration, and application-level business process integration using traditional integration tools.
E-procurement won’t become a real force this year unless more suppliers jump on the bandwagon. And why should they? For them, it’s just an invitation to a price war. Of course, perhaps they might gain interest.
It’s a classic chicken-and-egg scenario. Suppliers won’t jump unless they’re forced into it. And buyers won’t go there until the suppliers commit.
One word: renegotiate. Now is the time to look at service contracts, licensing arrangements, and long-term agreements. Look partly to cut a new deal and reduce expenses, but also consider the financial health of your suppliers. Will they be here a year from now, and what will you do if they aren’t? Consider the example of Web-hosting provider Exodus Communications, which is filing Chapter 11–that’s not what you want to hear if they’re hosting your Web site.
If you were an SME IT manager and you only had budget for one new project in 2002, what would you do to improve your business? Why?
For obvious reasons, security is going to be the hot issue for 2002. Normally, I’m not a fan of trend-hopping, but this is different. Security is complicated, expensive, and forever changing–and vital, especially when it comes to consumer confidence. Ordinarily, the small- or medium-sized business is at a disadvantage in pursuing security because of the cost and lack of expertise. This year, expertise will become much more readily available, and the huge number of new and revised security products will (hopefully) reduce some of the costs. So this is a good year to form some kind of security and privacy task force to monitor and take advantage of developments. This may or may not hit the bottom line, but there is such a thing as peace of mind.
Given the current market conditions, IT budgets need to be focused around initiatives that will help the company gain customers. Specifically, technology spending should be bent on increasing product or service usability and quality, as well as accessibility to company resources for support.
Customers are hesitant to spend these days. Smart businesses will invest in technology that provides customers a compelling reason to purchase.
Look for what needs automating. Check with Customer Service to find out what people are complaining about. For instance, if customers complain that no one returns their calls, set up a system to track calls and returns.
If customer complaints don’t point the way, find out what employees need. Ask people where the bottlenecks are, and see if you get a consensus.
Avoid high-risk projects–who can afford over-budget projects? Look to maximize company resources with little risk. Wireless LANs, high-speed networks, and SANs can wait for another day. Look into service-based CRM packages if you have a large number of customers. Analytics help you understand that when a customer buys Widget X and Widget Y, he’s 75 percent more likely to buy Widget Z.This can mean more dollars for your company. If your customer base doesn’t justify CRM, think disaster preparation. Do you have a data-backup plan? A plan for a major security problem? It isn’t glamorous, just a life-saver.