Securing the Unsecured

There are a lot of ways by which Information Systems can be compromised. Aside from the usual viruses that are known to plague computers, there are various more sinister threats sometimes bordering along the lines of action spy movies.

Yet apart from the sophisticated threats that have been discussed in class, for me, the biggest threat might be that of ignorance. It is a threat that I have constantly encountered where I work and which I am grateful for that our operations are fairly limited in their dependency on information systems that errors due to ignorance are easy to trace and repair.

When one is working with people who have lived in a time when technology developed at a leisurely pace, one will see that their level of adaptation to technology is also in a leisurely pace. Hence, when one introduces new systems, they take their time in adapting to them that soon enough a new system has arrived and they haven’t even warmed up to the old one. This then leads to several compromise in the data treated that more often than not results to poor results or below-par performance.

But a bigger threat than ignorance is outright refusal to embrace change. There are people also, who, when faced with systems too far out from their imagination, simply refuses to acknowledge the system thus ignoring it completely to the detriment of the company. It is these people that prevents progress with any kind of IS from being achieved since they flat out refuse to work with the system, stubbornly clinging to the manual processes they have grown accustomed to.

Such challenges faced above are threats in my line of work especially when one tries to convert everyone to adapt to using sophisticated information systems. One might say that those who cannot adapt must be forced to leave but such is not an easy thing to do in real life. Thankfully though, the company is still at that stage when ignorance and stubbornness can still be tolerated.

Perhaps the real actual threat to information in our company will be the fact that the servers we use for information transfer are actually web servers. Our email client is web based and we pass around sensitive company information via this channel. I have raised the alarmingly threat this may pose if the unsecured web server is hacked or if the person in possession of the sensitive files leaves and takes the files with him, but then the hint of the threat has been scoffed at. Like the ignorance and stubbornness prevalent, there is a general lack of acceptance that anything passed around via web servers is unsecured. Generally, the consensus is that, no employee in their right frame of mind would willingly sell out the company by exposing its deep dark secrets. The trust in each and every employee – from the lowest of rank to the topmost manager is absolute when it comes to the data they handle.

Although there have been proposals to migrate from a web-based server to an internal one, the costs connected are what impedes management from making the transition.

Why did I share the above sordid tale? Simply because the reality in our business is I believe true for any other business of our size and scale. The tale presented above can well be the tale of any other company plus or minus some details. Although there is a general consensus of the threats surrounding the data we hold dear to us, the move to secure those data remains elusive and not within the immediate priority. Hence, we remain stuck to our wits end, trying to secure data in a relatively unsecured environment.

 

Advertisements

IS Acquisitions: A Suitable Compromise

Given a choice, businesses would rather have their own tailor-made information systems than those they can simply buy from software manufacturers. Tailor-made systems are built to understand how their particular business works and how their processes are in place. Even though businesses follows the same business formats, no two business are exactly alike and no needs are exactly the same. Having a system that is made to fit into one’s existing operational procedures rather than buying a system and adapting existing operational procedures to that is a dream for a lot of companies.

Sadly, the reality is that, because of the high costs involved in employing programmers and systems analysts to actually create information systems for one’s existing operational processes, a majority of small to mid-range business owners are forced to buy from software companies certain systems and merely add or drop some of the existing functionality in a bid to customize it for their operational needs.

Of course these poses a lot of problems for the company. For one, technical support can prove to be a tricky business. Of course, the company can hire IT personnel to learn the various technical aspects of the system but when there are major problems with the system, the company is still forced to go to the official technical support team and pay yet another staggering amount to have the current system fixed. Another issue is the obsolescence of the system. Because of the rapidly changing landscape of technology these days, systems move forward at a very fast pace that one might find the system bought from some years back already becoming obsolete. This means that technical support for it may no longer be available and major upgrades are already needed. This leads to the company spending more.

This is opposed to the idea that if the company simply developed their own systems in the first place, it would be in a better position to troubleshoot it when things go wrong and to upgrade it when things have moved on.

Another difficulty I’ve seen with merely acquiring systems is when one is forced to consider other providers. Like in the case of our company, we decided to try another point of sales system just to see if the existing one we have can be improved any further. Sadly, the result was that we now have 2 very different POS system with no hope of becoming integrated. Hence, our IT staffs have to become acquainted with two different systems. Likewise, we need to maintain the 2 different system.

Yet to a mid-size company like ours, acquiring these systems, although not entirely ideal and perfect, remains to be a better alternative than having one tailor-made for us. The one-time cost it took to buy them and the subsequent costs for maintaining them remains to be significantly lower than if we hired a systems analysts and programmers to create and maintain a fully functioning information system. Although that would have been ideal, it would have been crippling in terms of costs.

Hence, acquisition of off the shelf systems have proved to be a beneficial compromise. Perhaps in the future, when the company has expanded and grown, things would change. But for now, we are forced to remain satisfied with the compromise taken.

 

IT Investments: Important But Not Urgent

Businesses invest in a lot of things: infrastructure, product inventory, marketing, people, and so on. Before a businessman can significantly make money, he has to invest first in many things to get his business up and running as well as competitive. In the current technological age, information structure or IT is one of those key investments. Gone were the days when merely having papers and calculators were enough to get a business running. Today, every business, even the small ones, have computers and uses various softwares to help in their daily operational needs.

For small and mid-size range companies, investing in some decent information system is important but not nearly as urgent. The scenario is different from the big multi-national companies where information systems are deeply embedded in their operational procedures that they cannot do without it. For companies which are just starting up and whose operations are not nearly as big, simple softwares to help in their bookkeeping practices or inventory procedures are enough for them to get by.

Although it is ideal and wonderful to have all if not majority of a company’s business processes supported by tailor-made information systems, the cost of investing in such is too big a risk to make. For most start-up companies, the priority is to get the ground running, so to speak. The priority is to have the products sell first, to gain notoriety in the targeted market and to earn back their initial investment. Only then, when the business is up and running, when massive expansion plans have entered the picture, can the company actually consider investing in sophisticated information systems.

Of course there are some exception companies, I suppose, whose initial investment in information systems was what gave them the competitive edge to actually succeed and make it through in the industry they’ve chosen but this is more the exception than the rule.

The same can be said in our company. Even though it has existed for quite a while, the nature of business it is engaged in, requires not the sophisticated information systems, but rather just the simpler ones aided with skillfully made excel systems. Although there are some information systems in place, the cost the company incurred to acquire them has been fairly high. Not to mention that most of them are off-the-shelf products and not entirely tailor-made for us.

There have been proposals to develop an internal information system which would tie-up with the entire operational process thereby increasing efficiency and eliminating some of the hurdles being encountered currently, yet the costs are too staggering for the company to shoulder at this point. Hence, the company makes do with what little programs the IT section can churn up and with what ever excel system the skilled bookkeepers can come up with.

To say the least, this type of compromise has worked for quite a while. It has sustained the company thus far and it generates the results and reports needed to make the right decisions. It might be a painstaking process which everyone agrees will be easier had there been a more sophisticated system, yet that remains to be a dream yet to be fulfilled when the advantages will far outweigh the costs.

 

 

Knowledge Power in Social Media

They say knowledge is power. And for a businessman looking for a way to grow his business, any amount of knowledge that would make him ahead of the competition is valuable. Hence, in the age of technology and vast amounts of data, a system that could turn senseless albeit huge amounts of data into sensible and coherent knowledge is worthwhile. These information systems are referred to as knowledge management systems a.k.a. KMS.

The easiest and most accessible knowledge in any organization is their explicit knowledge which as defined in class is the knowledge that is stored, codified and documented. However, there is another type of knowledge that is just as important but not as easily accessible or interpreted. That is tacit knowledge which refers to personal knowledge as embedded in individual factors involving various intangible forces. To me, this type of knowledge is more powerful than the former since the bearer of this type of knowledge can easily take it with him to the detriment of the company if it hasn’t been documented or sorted yet. Hence, it is up to the company to ensure that the knowledge their employees have are constantly documented and stored in safe places.

In Marketing, we are concerned with both types of knowledge. Monthly, we deal with explicit knowledge. I would like to think of these as the recorded customer responses to our products and promotions as interpreted from sales figures, product movements, response rates, etc. Yet, we also deal with tacit knowledge, which is usually, to us more important. We want to always be in the know of the customers actual response to our products and promos. We want to know how they actually feel about what we just did or if they actually understood what we tried to communicate. And yet, this tacit knowledge that is important to us, is by far the hardest to get. Of course, we have the basic customer surveys, yet there are times when these surveys can be influenced and are not really direct representations of how our customers feel about our business.

Thankfully, we have now moved on to the social network age where people are more open to share about their feelings and perceptions via social media. This has been largely beneficial to brands because now they can already be privy to how customers actually perceive their products via what they post or discuss in social media.

Yet with this wealth comes a large challenge, how does one actually sift through all the data and separate the noise and useless clatter from the ones that can actually be useful?

To date, there has sprung a lot of online applications that allows brands to filter through the millions and millions of social network data to filter the chatter that is relevant to them. Some applications have even gone as far off as to identify the mood of the customers when they discuss the particular product or brand.

To say the least, these type of applications, which are information systems themselves, are a brand’s best friend and savior. In a time when a company is unsure of how the market actually perceives them, then they can easily turn to the wealth of knowledge in social media, filter through the huge amount of clutter, and determine the most useful and relevant information that could be their saving grace.

 

Enterprise Information Systems: The Reality for Most Organizations

Enterprise information systems are the dream of any organization aiming for increased productivity and efficiency in the workplace. Sadly, for most organizations, this remains an idealistic dream.

Enterprise information systems are basically an integrated system of all the basic transaction process systems that are in place. They are integrated because of a central database. Instead of the individual TPS gathering data from various data sources, they can simply get it from one source. Enterprise systems are ideal since having different databases pose a challenge when it comes to the point that a company has to integrate the various TPS it has.

Most companies, however, uses legacy systems (or old systems) wherein they have different TPS that gather data from different databases. This happens because start up companies would rather buy TPS from various sources depending on their needs and on what they can afford. As they grow, their systems increase and they see the need for an enterprise system. However, at this point, they’ve already purchased different systems whose databases, most often than not are not entirely compatible with each other. As such, integrating the databases becomes a big challenge and the creation of an enterprise system seemingly impossible.

One would suggest that the solution then would be to acquire systems whose databases are compatible – if not similar – with each other so that an enterprise system in the long run would be possible. Yet again, looking at the reality of the industry right now, this is only possible if the development of systems is from within. If the company has their own information technologist or systems administrator to develop and execute such systems development, then well and good. However, most companies haven’t yet seen the importance of having their in-house IT team who would develop in-house systems for them. Most are still content with purchasing off-the-shelves systems. The result? Different TPS that have different databases.

So why not purchase TPS with similar databases? This logic does not readily occur to most organizations since different brands have different specialty databases. For example, when one thinks of an inventory system they might consider SAP but when one thinks of a customer service system they might consider Oracle. Being different systems, they would have different databases. At first, it would seem a sound investment to buy the systems they need from the companies specializing in them but in the long run, it would prove a costly mistake when the need to integrate presents itself.

So what is the solution? Either have in-house IT develop the organization’s systems or buy systems from just one brand. In both solutions, however, a careful business plan should be in place – a business plan that involves IT development be it in-house or off-the-shelf.

I wish this knowledge has been present in our organization when we thought of using information systems for our business. Now I am afraid we are enslaved by the restrictions brought about by the legacy systems we’ve acquired in the past that to have an enterprise system in our midst would mean starting from the ground up. Also, I don’t see how anything can change in the near future since most in the organization remain ignorant of the vast importance of information systems that are fully integrated and compatible with each other. For most, simply having a basic working TPS is enough. In fact, not even all business processes are supported by TPS.

Sadly, this same scenario is the reality for most organizations now. And it continues to be the reality even for start-up companies. The development of information systems simply is not in the forefront of a businessman’s mind and neither is it in the priority of a business’s goals. Most are just content with having IS in the TPS level, not bothering, and usually not even knowing, that there are higher IS available. After all, for them, information systems are merely support tools and not the main ingredient they would need to attain their business goals. Too late do they realize that information systems, in this day and age, are actually the most important and valuable tool their business could have.

 

Business Intellgence System: Our Company’s Less Costly Alternative

I know what I am about to discuss here goes beyond what is taught in the classroom. It goes beyond the theory presented and beyond the expectation set. But then the more I dwelled on what was taught, on what the implications would be to our organization, the more I am convinced that for now at least, we have found a cost-effective solution to our BI (business intelligence) needs. After all, nothing beats the human mind.

Let me expound.

Business intelligence systems are said to be systems that gather data and input from other information system types and in effect helps an organization analyze business processes and make necessary adjustments, make strategic decisions, improve ROI, provide leverage in negotiations, etc. Basically, it allows organizations to put to good use any and all data that it harvests.

Yet for this to happen, an organization must first have in place the information systems that gather and produce those data that business intelligence will use. For any organization, having transaction process systems or information systems that deal with their day to day operations is a must. It is something that defines their efficiency and improved ROI. However, to evolve to higher level IS is something constantly up for debate since not all organizations are keen to invest in something they do not quite understand the importance or use.

Same is true for our organization. In a business whose primary focus is not really in automating everything by investing in high-end information systems, we have to do with what we have. Having established in place TPS such as inventory systems, accounting systems and sales systems, the next thing we needed to do was integrate the data received from such systems into something top management can find useful. For this, we use the trusty office tool – the spreadsheet.

With a spreadsheet and formulas in place, interpreting the data generated by TPS becomes a piece of cake. Forecasts can be made based on sales data and inventory levels. Business processes and strategies are evaluated based on ROI, product movements, sales trends, transaction count and average check analyses, etc. Performance of all units in the organization is evaluated effectively. Of course, all these systems has something more powerful than a computer chip behind it – the Human Brain.

Each manger in various levels in the company are trained to analyze their data in such a way that they are able to make predictions or generate a better structured data for higher up analysis. Even unstructured data such as conversations, qualitative customer feedback, social media inputs, etc. are carefully analyzed by managers to see its impact in the overall big picture.

Although it is nice to have business intelligence systems in place, realistically, because of the cost they entail and the availability of better alternatives at hand, the integration of such kind of high end systems to most organizations, especially mid-size to small local ones, is something that we have yet to witness.

At the end of the day, the human brain still beats any powerful computer chip.

 

Distance Learning and Distance Working

The Internet has opened the possibilities for so many things never thought possible before. One of them is that of doing things such as shopping, studying and even working from the comforts of one’s home. At first it was just buying things online. Then came courses offered online. And now, even workplaces are flexible in allowing their employees to work from home via the Internet. Some companies even just have virtual presence where they recruit online and operate their business online.

Telecommuting is slowly becoming the norm for most companies who sees its benefits vs the traditional mode of conducting business. Of course, this is applicable to those whose work description mainly involves processes done via a computer. Telecommuting is simply a work arrangement wherein employees no longer have to report to a central office physically because instead they report to work via the Internet whether they are in the comforts of their own houses or that of a local cafe.

For organizations, this is highly beneficial. It means less overhead costs on their part since they no longer need to maintain a big office and pay for rent, utilities and maintenance personnel. Further, this encourages perfect attendance among employees because the excuses for absences due to family matters such as lack of anyone attending to the house or the kids are reduced.

Yet with the upsides come the downsides of the arrangement. Certain work relationships are not established since employees no longer interface with each other in a way that would build personal relationships. Although this reduces the office drama and politics, it still underscores a basic human need of being socially active and forging actual social relationships. Telecommuting also impacts the boss-employee relationship since employees would feel more detached from their bosses because they don’t get to see them daily and experience their constant pressure brought about by their presence alone. The downsides though are mostly just on the psychological which can always be easily remedied.

Another major innovation brought about by the internet is that of distance learning. Now it is possible even for someone in the Philippines, even without the sufficient funds, to learn something from respected teachers in great universities abroad. It is even possible to earn full degrees from most universities by simply availing of their online classes. Distance learning has made education possible for anyone by breaking barriers typically connected to distance and cost.

Distance learning is highly useful for working individuals in pursuit of higher or additional education. It is also useful for people who want to learn something new that might not be totally related to the degree they’ve originally earned. As such, most courses are completed on the student’s own time.

Yet again, there are downsides to this type of arrangement. Similar to telecommuting, the psychological and social dynamics of a typical live classroom setting is foregone in an online space especially one where students are merely required to complete the courses on their own.

Although the practice of telecommuting and distance learning is a widely accepted practice, it will be a long time before most businesses and schools in the Philippines gravitate to such an arrangement. Although there is a huge number of Filipinos who find employment via such means and there are a number of local universities offering open courses, it would still be a long time before traditional businesses and schools give up their traditional means in exchange for the more modern and seemingly practical and cost-effective ones. After all, the Philippines still remain a largely social country where the social aspects of education and work is very important.