We want to address the fact that you may have a system that does an effective job at capturing information, but there may be a component that you don’t even realize you’re missing. It’s called the “why” factor.

In the enterprise space, ERP packages like SAP and Oracle take over the function of recording the sales order, supporting processes needed for delivery, invoicing and accounting. However, they may be missing components that clue companies into the “why”, relating to missing commitments or lack of performance that shows up in a KPI (key performance indicator).

RSA Corp  has addressed this void for clients by developing software analysis tools and applications that tie into ERP systems. In one case, it involved a job shop manufacturing facility that used RSA’s app to utilize the information coming out of the ERP to grade the prior day’s job performance. In another case, it was to develop an analysis tool to determine why commitments were being missed and shipments weren’t meeting their schedule. you can find more information on this case by reading the blog “Mary Had a Custom App, Custom App, Custom App!“. Regardless of what app or ERP you’re using to support your core business operations, if you’re not measuring it, you could be missing out on a major “what” – MONEY!

Is this how you track your inventory? THERE IS A BETTER WAY! Give Fido a break and spend a little time investigating the benefits you’d receive from improving your inventory accuracy.

If you need to track inventory, whether stored in multiple locations or as it moves through your manufacturing process, immediate knowledge of the location of each unique piece reduces your costs. Not knowing where your inventory is detracts measurably from your bottom line by contributing to increased labor expenses because of inefficiencies in locating items and/or the need to overstock items to account for this or for manufacturing delays.

The good news is, your problem has most probably been seen before…and therefore there’s a known solution. The challenge is in bringing that solution to you in a manner that works with your existing ERP or operational systems. For that, the most expedient approach may be to engage a partner who can not only “see” your problem and its solution but also knows how to tie that solution into your existing applications.

For a really unique approach to one customer’s problem, read this RSA Case Study to see how customized inventory tracking allows inventory to be visible at all points in time.

If you’ve survived the last five years with the recession and business stagnation, chances are you’ve already implemented, completed, or attempted several improvements to your business processes and have come to realize that continuous improvement is crucial to surviving in the current business environment.

You might now be at the point of knowing what you’d like your new process to look like but be struggling with how to implement it. Improvements based solely on changes to manual processes are much easier to implement than those that require changes to automated systems. Yet in many cases, the big wins come from automating repetitive clerical tasks or augmenting knowledge worker tasks with automated support processes.

In many instances, “extending” the capabilities of your ERP or other operational system establishes the base of significantly reducing the clerical labor and providing the leverage you’d like to gain. The question is how to deal with the technology of your ERP.

What you might not have considered is combining outside eyes with in-house expertise to develop the tools you need to move to the next level. In teaming key members of your staff, who understand your current work flow and your business rules, with a partner, who has the analysis and development expertise to augment the capabilities of your existing system, you can often have the best of both worlds; the reliable backbone services provided by your ERP as well as custom capabilities for those few instances where your processes are not fully supported by your existing system.

Many of these extensions are lightweight, but have impactful results and allow you to recoup your cost within weeks. Here are a few differences we’ve made for our clients by extending their systems: ERP/Application Extension Successes.

All businesses use a core set of technologies to support their business operations.  Larger businesses generally support several functional areas ranging from operational functions to accounting. Businesses rely on these technologies to increase their efficiency and improve their ability to scale and grow the business.  Many smaller and mid-size businesses rely on a core application, such as Quickbooks or Peachtree, to initially support their accounting, billing, and invoicing functions. However, the areas of the business which give rise to the need to create an invoice are often handled manually using spreadsheets and word documents.

So, what are the options when businesses reach the threshold and recognize that what is being used today won’t support the processes required for the business volume they hope to be achieving in the near future?  There isn’t a single clear cut answer for every organization, but there are several common considerations that should be examined in order to determine what is right for your company.

1. One very good option is to purchase off-the-shelf software built for your type of business.  When buying off the shelf, you should plan on implementing new processes that fit the software you are purchasing in order to obtain the maximum benefit.  Be aware that one size does not often fit all, so in more cases than not, you will need some level of customization to fill any gaps in the functionality you need to support your business operations.  It is important to go through a software selection process before making major investments in technology for your business. We recommend using a vendor who does not resell any off-the-shelf software. Instead, use a vendor who is familiar with the industry in which your business is engaged, who has an understanding of businesses processes and who is familiar with multiple types of software used to service your industry.  This allows your business to gain an unbiased opinion of multiple packages, the functionality within those packages, and how well they may suit your business.  It also allows for a gap analysis of each software and what customizations and integrations may be needed in order for it to be most effective for your company.
2. Another possible course is to augment your current software to provide better support for key processes.  Changing processes in any business is hard, so if you are pleased with your core software and there are few or no limitations to its supporting your future growth, it makes sense to investigate having software extensions designed and integrated with your core software to support your other key processes.  These areas can include mobile technology, integration of one or more of your current packages with a custom application designed to fill in the gaps, and web applications that further support your external employees and/or clients.
3. When it’s your processes that make your business unique and valuable to your clients, you don’t want to change your business processes to align with software. Or, if your business processes include multiple specialty industry segments, a custom application should be considered.  Custom applications capture unique processes across organizations, create a way for the company to work together to increase operational efficiencies on every level, and provide real-time visibility to clients via reporting tools.  If you are outgrowing your current system and are considering a custom application, make sure to use vendors who understand your industry, can analyze processes, and who have a track record of providing solid custom tailored software solutions.

Regardless of whether you decide to build or buy, make sure key stakeholders are involved in the entire process and engage a steering committee in your company to assist in making key decisions throughout the process.  Your level of commitment to providing information and working with vendors determines the success of your project.

Security in small and mid-size businesses is more than just preventing viruses and blocking spam. Protecting your assets is the key to the long-term success of your business and the foundation of a strong IT infrastructure. What are the basic building blocks of a secure infrastructure?

In 2009, cyber crime is expected to increase as criminals attempt to exploit weaknesses in systems and in the people that use them. An overwhelming volume of malware can hit organizations. Viruses may spread through e-mail, Web sites, USB sticks, social and business networking sites, etc.

If an organization does not have a solid security policy and plan in place, the safety of the desktops, servers and all network devices (and all your data on them) will be at the mercy of the end user. Relying on the end user is not advisable or worth the risk.

The Small Business Administration estimates that 90 percent of companies that fail to recover data after a major loss are out of business within two years. Also, 54% of all business will find themselves the victim of data loss or cyber crime over the next three years.

The basic building blocks for a secure IT environment

• Model the threats to your business and have a third party perform a security risk assessment
• Develop an information security policy and educate your users
• Design a secure network, implement packet filtering in the router, implement a firewall and use a DMZ network for servers requiring Internet access
• Know your network. Harden your systems by removing unnecessary applications and maintain an aggressive program of patching operating systems and applications
• Offsite data backups with restoration plan
• Keep your systems patched
• Minimize exposure

In the SMB space, where you do not have the benefit of a dedicated team or individual whose sole responsibility is to keep your environment locked down, another option is managed IT services. For small business, this is a low cost, high reward solution. Services are provided on a monthly subscription, a recurring operational expense and include things like security.

As a business you must maintain best practices when it comes to securing your data and your infrastructure, the longevity of your business could depend on it.

Insider theft is on the rise. Displaced workers are abusing their corporate data access to steal, exploit and damage information networks. In a survey of 800 worldwide CIOs, more than 40% agreed that displaced employees were the biggest threat to vital information. International companies are estimated to have lost more than $1 trillion in intellectual property last year. What steps are taking to ensure your most precious asset – your data – is protected?

“This is a wake-up call because the current economic crisis is poised to create a global meltdown in vital information. Increased pressures on firms to reduce spending and cut staffing have led to more porous defenses and increased opportunity for crime. Companies need to stop looking at security as a cost center but as a business enabler,” said Dave DeWalt, president and chief executive officer of McAfee.

Many cases of businesses theft and data loss go unreported due to embarrassment, public relations nightmares and the possibility of losing customers. This practice may soon be coming to a halt. States are beginning to regulate data breach reports. California is paving the way for regulations in data theft incidences by requiring businesses to report a breach within 24 hours. We expect other states to follow suit with reporting requirements.

In a recent study by CERT and the Army Research Office, multiple cases of insider theft were studied for patterns of behavior. These cases all included prosecution where public information was readily available. The study suggested that dissatisfaction played a major role in 39% of the cases with denied raises, benefits, applications for promotion, requests for relocation and the threat of layoff from within the organization.

Most businesses believe in protecting the perimeter of the network. Little focus has been given to the inside. Insider threats include not only misconfigurations of access controls, which allow access into applications or data that should be restricted, but also snooping employees, corporate espionage and disgruntled employee theft.

Although most companies don’t regard inside security as critical as external security, the approach to both types of threats should be the same.

1. Security Assessment – ensure your devices are configured correctly and your policies and procedure back up your security stance
2. Penetration Testing – check your systems just like and outside hacker would
3. Security Enforcement – knowing your vulnerabilities is half the battle, fixing them is the other half
4. Perimeter Monitoring – round-the-clock monitoring to ensure speedy response to an attack
5. Internal Monitoring – protect your business from attacks against trusted users

Since insider attacks are specifically targeted attacks, it’s risky business not to proactively protect your organization.

The type of security threats on our networks is escalating. While tools exist to detect security leaks, they have no chance against skilled professionals with a reason to take something from your network. Knowing where you stand in terms of network security is no longer an option, but a necessity. The numbers associated with network security will shock you.

Studies show more security threats come from outside an organization, but an increasing concern relating to several types of internal threats persists. CSO Magazine’s E-Crime Watch Survey found that overconfidence is pervasive amongst security professionals and organizations in thinking they have things handled. This kind of thinking is concerning given the recent rise in targeted, financially motivated attacks.

• May 2009 – Heartland Payment Systems reported a security breach that cost the company about $12.6 million, including legal costs and fines from MasterCard and Visa, which directly contributed to a $2.5 million loss for the affected quarter
• December 23, 2008 – RBS Worldpay, a subsidiary of Citizens Financial Group Inc., said a breach of its payment systems may have affected more than 1.5 million people
• March 2008 – Hannaford Brothers Co. disclosed that a breach of its payment systems, also aided by malicious software, compromised at least 4.2 million credit and debit card accounts

Social Engineering and Password Crackers

The E-Crime Watch Survey revealed that the use of social engineering techniques jumped to the number one method of committing e-crimes. This includes manipulation of a person or persons who can permit or facilitate access to a system or data.

Another change revealed that organizations with insiders using sophisticated technologies like password crackers or sniffers jumped from 17 percent to 31 percent. The evidence shows that while 57 percent of participants said they are increasingly concerned about the potential effects, a large number have trimmed IT spending by 5 percent and corporate security by 15 percent.

How You Can Protect Your Business

With the average cost of a security breach estimated at $6.6 million (ranging from $613,000 to $32 million), it pays to have a baseline of the environment, utilize IT security policies and stay up-to-date on trends. Focus on areas that pose the highest threat to your environment.

A recent article by CompTIA (Computing Technology Industry Association) says, “To address evolving threats, support mechanisms such as disaster recovery plans, dedicated security teams, security trainings and formal policies for responding to incidents have been adopted by many firms. These are supplemented by preventive technologies, such as firewalls and antivirus software used in combination. A growing number of U.S. firms are using other technologies, including intrusion detection systems, physical access control and multi-factor authentication.”

CompTIA’s survey of 1,000 IT professionals revealed their top security threats.  Which of these threats are relevant to your organization? What initiatives are you planning to address network security?