I recently participated in a presentation to Australian Computer Society, which inspired my business partner, Robert Buck and I to reflect back on providing IT services to small to medium sized business over the past 20 years.
In preparing for the presentation I was reminded of how 20 years ago there wasn’t really any concept of the ‘cloud’ and the vast majority of our customers adhered to a consistent IT infrastructure refresh cycle, where servers were replaced every three years.
Of course, with the advent of cloud technologies and virtualisation, this cycle of infrastructure replacement is no longer consistent and our solutions today are far more complex than they used to be, often involving a hybrid of on-premise and cloud technologies.
One of the other key points that I was reminded of was that 20 years ago server systems were (by today’s standards) really quite basic. When implementing a new server, there was really very little need to change any of the default settings and, once implemented, it certainly wasn’t necessary to change the configuration until the next server was implemented.
Of course the system had to be maintained and monitored, but the servers’ configuration was often left untouched for the three years of its operation.
Security was a concern for larger organisations but for most small to medium businesses, changes to industry best practices were rarely serious enough to justify the cost of making adjustments to a server that “isn’t giving us any problems”.
Taking this same mindset to IT today could lead to disaster.
A recent case in the US has highlighted this point. The IT staff of a large health organisation created a new server without changing the default configuration, leading to thousands of patient records being made public without anyone inside the organisation knowing. What’s even more alarming is that it took them a full 12 months before they noticed the poorly configured server, ultimately leading to the health industry regulator fining them over $2million.
At Diamond we have certainly adjusted our service delivery to better manage our customer’s IT systems in this new reality.
In fact, we’ve created a dedicated team that we’ve coined the ‘Technology Optimisation Team’. We’ve taken this approach because industry best practices, particularly around security, are changing now at a rapid pace and it’s important that IT providers keep up.
With the recent advent of ransomware, it’s more important than ever that IT providers do not leave their customer’s server environments exposed with potentially dangerous ‘default’ settings or outdated security strategies. The days of anti-virus and Windows security patches being the only requirements for a safe IT environment are well and truly over.
If you haven’t already, make sure you ask your IT provider what processes they’re putting in place to continuously enhance your IT systems and mitigate potential risks.
Have they spoken to you about unified threat management or gateway security? Have they mentioned web content filtering and sandboxing technologies? What about your organisation’s password policies?
If they’re not giving you guidance in these areas or if they give you the standard response of “we’re doing maintenance and monitoring”, it might be a signal that your IT provider is stuck in the 90’s and not thinking about today’s rapidly evolving IT challenges.
IT providers who understand these challenges know that to remain relevant and competitive, they need to be providing not just support, maintenance and monitoring, but a process of continuous improvement and alignment to industry best practices.