Ways To Survive The Small Shop Blues

Technology Staff Editor
Posted by

Tech staffs at very small businesses face many of the same challenges as their counterparts at larger companies: Downtime translates directly into lost dollars. But small shops must run the show with fewer financial and human resources. "Technology is more mission-critical now," says Matt Allen, IT manager at the Washington, D.C., office of Freeman, a trade show producer. He and one assistant manage a 130-person office. "Five or six years ago, if the PC wasn't working, employees could do paperwork. Today they rely on so many applications that if something goes down, you jeopardize business."
Help-request system was just the ticket for AllenPhoto by David Deal
At small IT shops, the ratio of users to IT staff often resembles long-shot horse-racing odds that only a desperate gambler would put money on: 50-to-1, 60-to-1, and worse. And when you consider the same IT group also is responsible for a host of other systems, the odds get uglier. "I stopped carrying a paper planner because it was an exercise in futility," Allen says. In addition to help desk and hardware maintenance, the two-person crew manages the company's physical security system of door badges and surveillance cameras, the voice-over-IP phone system, the Nextel cell phone accounts, and miscellaneous requests for all things tech-related. Richard Allan Kelley also feels outnumbered. He's the sole IT administrator at a 50-person company that makes cable trays to support electrical cables and infrastructure wiring. Does he have enough time to get everything done? "Honestly, no." Kelley reports that he's working long hours, but not enough to justify hiring another IT person. Joseph Sugayan shares a similar story. As IT manager at Private Eyes, a pre-employment screening services provider, Sugayan found himself spending nights and weekends keeping the company's 60 PCs healthy. Though there are three other technologists on staff, the PC network is Sugayan's responsibility. Avoid The Support Trap The top concern for IT pros at small businesses is supporting users and the hardware that keeps them productive. The technical skills most in demand by small businesses are help desk and user support, even more so than IT security, database administration, and e-mail management, according to a recent survey by InformationWeek and sister publication Network Computing. That statistic is borne out anecdotally; for instance, Kelley estimates that 60% of his day is spent on help desk issues and 20% on server administration. It's a Catch-22: IT pros who don't have a system to manage support duties will quickly go under, but they may not have the budget to purchase software to help prioritize their time. Kelley makes the best use of the tools available. He flags user help requests in his Outlook mail program, so he knows which are pending and which have been addressed. Before Allen turned to a ticketing system to help him manage help requests and monitor inventory, user support was catch-as-catch-can; users would e-mail or call him or his assistant, or just grab one of them in the hallway. By installing Asset Navigator from Alloy Software, Allen now has a repository for requests and can get more work done while better managing his resources. He can assign tickets to ensure that work isn't duplicated, prioritize jobs so crucial tasks don't get buried under a flurry of requests, and monitor the progress of tickets. He uses the Alloy ticket system when he reaches out for tech support as well. "I can take the output from a ticket and copy and paste it when I'm using online tech support from Dell and IBM," Allen says. Because the support techs get all the relevant information they need right away, Allen gets faster service. And at $1,500 for 110 seats, the ticketing system itself was easy on Allen's budget. PC and server administration also can eat up IT time. Both Allen and Kelley take advantage of Microsoft's free Software Update Services to help them stay on top of patches and hot fixes. An SUS server automatically downloads patches from Microsoft for Windows Server 2000/2003 and XP. Administrators can then deploy those patches as necessary. Both Allen and Kelley use McAfee's ePolicy Orchestrator to keep client antivirus and anti-spyware software up to date. Private Eyes' Sugayan went a different route to get a handle on PC maintenance--a managed PC support service from Everdream. For a monthly fee, it ensures that all PCs are running the latest Windows updates and patches, and the service provider pretests patches for basic compatibility. It also makes sure client Norton antivirus software has the latest definitions. "It eliminates the legwork of maintaining the PCs," says Sugayan, who estimates that he saves about 20 hours per week through the automated service--which translates to fewer nights and weekends in the office.

Password Issues It's impossible to run a business without considering security, and small companies are no exception. However, while large businesses may be experimenting with cutting-edge security, such as detection of network behavior anomalies, and deploying security event management systems to make sense of reams of security data, many small businesses are wrestling with a more prosaic issue: passwords. "The password issue is the bane of my existence," Allen says. Aside from the usual problems of password management, such as users forgetting them and locking themselves out of their systems, he also has had difficulty getting his users to comply with IT security policies regarding passwords. "My biggest challenge isn't getting IT security in place, it's getting managers and users to take it more seriously," he says. A common complaint from users is that they have too many passwords to remember. Provisioning new ones also takes time, which means users end up sharing passwords with new employees to give them access to applications while they wait for IT to give them their own credentials. Allen's users are getting used to the stricter security requirements within the organization and are taking the rules more seriously. "It's happening slowly, through attrition, new hires, and education," he says. Single sign-on is one answer to this problem, but there are drawbacks. "It's expensive to get all that SSO stuff working," Allen says. "And in some sensitive applications, it's advantageous to have separate passwords--there's a certain level of security there." One suggestion to IT managers who struggle with passwords is to teach users the acronym method. Users create a short, memorable phrase--for example, "Neo is the chosen one!"--and take the first letter of each word to form the password. They also can change written numbers to numerals. The result, NITC1!, is a reasonably strong password that's easy to remember. Sugayan has had the opposite experience with passwords. Because Private Eyes deals with sensitive data such as Social Security numbers and medical records, executives make clear to everyone that security is a top priority. To that end, the company has taken the password issue out of its users' hands. Private Eyes assigns its users a new password every 30 days. "We don't have push-back," Sugayan says. "Employees understand we are working with highly confidential information." Security Handoff But passwords aren't the only security issue that small businesses face. Kelley is preparing to deploy IPsec VPNs to several users to let them telecommute. He may turn to a consultant for help. He also would like to install an intrusion-detection or intrusion-prevention system, but he hasn't had the opportunity to plan a deployment. Security outsourcing is an option for small businesses. Top-tier managed security service providers such as Symantec and Counterpane Internet Security offer services for small businesses. For instance, Counterpane's Enterprise Protection Suite SME Edition will monitor one firewall and intrusion-detection device. Small shops also should consider local or regional managed service providers, which may offer more competitive pricing and a higher level of service. Your value-added reseller may be able to direct you to a vendor in your area. Another option is a unified threat management system. Vendors including Astaro, Fortinet, Internet Security Systems, and Symantec offer products that bundle firewall, antivirus, anti-spam, and other services into a single appliance. These systems were designed with small shops and budgets in mind: A few thousand dollars can get you started with a firewall, VPN, and intrusion-detection package. But beware of performance issues--as you activate features, you'll slow down packet processing. An overburdened system for unified threat management can quickly become a choke point. IT pros at very small businesses may not have money to throw at problems, but that doesn't make them helpless. As demonstrated here, a little ingenuity and some good advice from peers goes a long way.
Continue to the sidebar: Ways To Ease The Load


Become a member to take advantage of more features, like commenting and voting.

Jobs to Watch