Editor's Note: Welcome to SmartAdvice, a weekly column by The Advisory Council (TAC), an advisory service firm. The feature answers two questions of core interest to you, ranging from leadership advice to enterprise strategies to how to deal with vendors. Submit questions directly to [email protected]
Question A: What technical and security issues should we consider when setting up a telecommuting program?
Our advice: With the increasingly global economy, businesses are dependent on their staff and customers being able to access potentially sensitive business data from anywhere in the world. As a corollary, once they've enabled remote access, many companies have found that telecommuting can improve staff productivity and response time, while reducing fixed costs in office space requirements. Implementing a viable and secure remote-access policy requires the use of appropriate security systems and tools, proper levels of IT support, plus a knowledgeable workforce, or your company could be vulnerable to serious security problems. Fortunately, with careful planning, businesses can implement a secure remote-access policy successfully.
The foremost technical challenge in implementing a remote-access and telecommuting policy is securing access to sensitive company data. Until recently, the most common solution was an IPsec (Internet Protocol Security) or Point-to-Point Tunneling Protocol VPN, where the remote computer becomes a virtual node on the internal network. Although great in theory, in reality the technology requires often clumsy client software loaded on potentially improperly secured computers. In addition, because an IPsec VPN encrypts every network packet, it often degrades network performance on lower-speed home or remote Internet connections. If a large percentage of your workforce already has company-owned laptops, and proper training in basic computer security, this technology can be successfully implemented.
No matter how advanced the technology, remote-access policies are dependent on proper staff training and expectations. Remote users require more IT support because they're away from the informal coworker support network. This can be mitigated by better application training and certification; however, treat remote access as a privilege, not a requirement, and you'll achieve higher levels of productivity and a more-satisfied workforce. If employees understand that maintaining current antivirus software and secure firewall settings is in everybody's best interest, then administrative overhead can be minimized.
Telecommuting and remote access can be a viable option for your business, if you're careful to implement a proper staff-training program, have a solid understanding of staff access by application and user type, and are willing to devote the resources required to maintain proper security policies.
-- Beth Cohen
Question B: How should we approach selection of a data-center-relocation service provider?
Our advice: Relocation of a data center is a complex project which requires months of planning. The interdependencies among tasks, the need for continuous operations, and coordination among multiple service providers are some of the major considerations. Selecting a relocation partner requires an evaluation of experience and ability to execute. Minor problems are bound to come up during such a move; the vendor with the necessary expertise would have backup equipment and technical expertise at hand to resolve any problems.
Data and applications are among the most valuable assets in an organization. Relocation of these assets exposes them to multiple risks of loss. Any one of these risks can introduce a failure, requiring analysis and preparation.
Most data-center relocations activities fall into two main categories:
Typically, relocation involves some level of both activities. Data centers rarely have homogeneous equipment, operating systems, or services. The primary service provider will have to subcontract to several different vendors. The primary choice should be determined by the prior experience of the vendor with the primary equipment and applications in the data center. Selection of a relocation service provider also depends on the level of service continuity that's required.
Migration of data and applications to new equipment is typically less risky, since it offers an opportunity to field test the new equipment and applications, and offers a natural environment for fall-back in case of a major problem. This kind of relocation requires expertise in redundancy, applications, and data mapping.
Migration of hardware requires a depth of support available from the vendor so that in case of major failures a quick replacement, technical assistance, and re-constitution of a system or application are available.
The primary migration vendor should have strengths in many facets, including:
Data-center relocation is an activity that has to be done right in a very short time frame. The complexity and risks of such a migration require detailed planning and management. To accomplish a successful migration, it's essential to select an experienced relocation service provider.
-- Humayun Beg
Beth Cohen, TAC Thought Leader, has more than 20 years of experience building strong IT-delivery organizations from user and vendor perspectives. Having worked as a technologist for BBN, the company that literally invented the Internet, she not only knows where technology is today but where it's heading in the future.
Humayun Beg, TAC Thought Leader, has more than 20 years of experience in business IT management, technology deployment, and risk management. He has significant experience in all aspects of systems management, software development, and project management, and has held key positions in directing major IT initiatives and projects.