Kelvin Moy & Jerry Jones
In the latest episode of Atlanta’s Most Trusted Advisors on Business Radio X, Bonnie and her co-host, Ryan “Redhawk” McPherson focused on managing technology and the related risks in today’s changing landscape. Their guests were Jerry Jones, who has a long history of providing IT audits, audit automation and technology consulting services, and Kelvin Moy, an IT expert with Ad Information Technology. Both experts are deeply involved with Baseology, a software engineering firm with the self-described mission of helping companies find IT solutions to specific problems related to risk, business process, logical access, compliance, reporting and controls.
As the conversation began, Jerry advised business leaders to keep a clear perspective when approaching each decision: “First, you define the process – clearly defining what the business does and what the needs are. What can you do with the technology that’s readily available? What alternatives are out there? Creating the process first will help you evaluate the options and choose the best for your specific needs.”
Kelvin: “It’s important that those helping with your IT decisions truly understand your business and the hardships that you’re going through. When you use an outsourced tech company, they don’t necessarily spend the time required to figure that out for your company. But every company is different, the dynamic is different, even the culture is different inside.”
Next came the pressing question of cloud technology. Kelvin broached the issue, noting that, “I get this question a lot: ‘The cloud, should we go there?’ And I think that at a very high level the answer is yes. That is clearly where technology is going. But technology changes; it gets better. And so my answer often is, ‘Well, you need to go to the cloud when and where it makes sense.’ I think that’s a little caveat that sometimes solutions providers overlook.
Jerry: “A lot of times you can ease into some technologies. It’s the difference between being on the cutting edge and the bleeding edge. And a lot of companies will stay away from the bleeding edge because they know there’s just a lot of overhead involved and there’s a lot of unknown unknowns.”
The group went on to discuss the information business leaders need as they assess a potential IT provider. Bonnie asked the guests, “What are the questions a small business owner who is working with an outsourced IT company or even considering it needs to ask?”
Kelvin: “I like to use a coined word that Jerry has; it’s called the implementation journal. We use that in all of our projects, and it documents step by step everything that we did all the way down to the user. I mean, nitty gritty technical data where arguably anybody that’s technically competent can take up this document and redo or at least troubleshoot what it is that we did, so there’s no secret sauce. And I don’t think that any vendor or a small business should work with a company that tries to hold that information hostage. You want to make sure that you’re getting this documentation as part of the project. You should get that detailed information, the listing of vendors, user names, expirations, contracts and how it was done.”
Jerry: “I think a key part also is an SLA or a Service Level Agreement defines what they will provide and what they expect from you. Business owners should also discuss what happens when the implementation is complete? Are there liability issues? Is there proprietary information? How is data returned to the client at the end of life? Those are also key parts of the assessment process. Let’s say you wanted to pick another provider. You want to be left whole where everything that you have in your environment is documented and therefore, transferable.”
Bonnie asked about BYOD issues. “Do you see this as a trend that is growing, and what are some of the hiccups that can occur?”
Jerry: “You definitely need to consult with your attorney to establish a BYOD policy to answer questions like, ‘When I put something on a device, who owns it?’ and, ‘If an employee leaves, how do I get company data back?’”
Kelvin: “It’s definitely a trend that companies are looking at as a way to empower their users. They’re also looking at their bottom line and BYOD means less capital expenditures. I think the biggest hiccup with BYOD involves protecting your data. It’s important to discuss where the company’s responsibility ends and employee’s begins, and how much damage would a data leak cause your company? At some point, supporting myriad devices takes more time than the benefits of using BYOD model, so you need to be aware of that possibility and do what you can to avoid it.
Bonnie: “I would think, too, that there have to be rules, instructions and procedures in place so the employees know what they can and can’t do on each device.”
Kelvin: “A lot of businesses overlook the fact that they need formalized policies, structure and risk mitigation in place to protect their information. BYOD moves the responsibility for the hardware and access to the data to the individual. Contrary to what many thing, this increases the business’s responsibility in the terms of managing devices and also the risk of what happens if that data is leaked.
There’s lots more to learn from the entire show, which you can listen to or download on the Radio X website.