It is also important to have adequate ventilation and fans to circulate the air through the servers so that the temperature inside the computer chassis remains cool as well.

Additionally, it is useful to put monitors in the server room so that if the air conditioning fails at night or over a weekend, alerts will be automatically generated to notify appropriate personnel who can come in to fix the problem before the servers are damaged.

While you are at it, lock your server rooms to prevent intrusion, monitor for floods if that is an issue in your building, and use appropriate power filtering to prevent electrical surges and spikes from damaging your servers.

Please post your comments on this blog.

A strategy that keeps gaining ground is the concept of “white listing” applications. In plain English, this means your computers have a list of programs that are on the “approved” list to run, such as Word, Firefox, Acrobat, Excel, etc.

Then, any other program cannot run. Period. That means virus 1, virus 2, virus 999, etc. is not allowed to run. This solves the whole problem of needing anti-virus. In theory, even if a virus does come into your network through e-mail, web site drive by download, or Ernie in shipping carrying in an infected memory stick, it doesn’t matter. The virus cannot run anyway!

The challenge lies in your IT department being able to keep an organized white list of “approved” programs. When an update to a program arrives, the new update has to be listed too or it will not run.

Many providers are offering solutions including Bit9 Parity and Lumension Application Control and there are constant advancements in making administration even easier.

Yes, some day anti-virus may be old news and never used again.

The primary reason we perform vulnerability assessments as parts of security assessments is to generate an inventory of all the computers currently alive on the network and a list of vulnerabilities those computers have.

The challenge is that the human brain loves a “list of what’s wrong.”  Most of the IT professionals at organizations go immediately to work solving the identified problems thereby “killing alligators.”

We always implore executives and IT professionals alike to focus on “draining the swamp” in addition to, and sometimes instead of, “killing alligators.”

In our ongoing effort to help IT professionals and organizations focus on strategic, as well as tactical, plans to take IT to the next level, I sometimes feel like a dentist who hands out new toothbrushes as well as a gift certificate to the local candy store in the same visit.

Vulnerability assessments are wonderful—just remember to focus on the one or two strategic changes that can fix one hundred or more tactical issues.

Without getting into the technical details, robust virtualization technology exists today that allows your operating systems and applications to be easily portable from one computer to the next, and even delivered to a machine quickly through the Internet.

This means that if a disaster strikes your main office—even a power failure that exceeds the capabilities of your standby power generator—your servers can basically migrate themselves to servers operating in one of your other offices or a safe data center of your choosing.  Keeping this in plain English: your users will still be able to get their work done as if nothing happened.

In the past, this kind of protection was very expensive, and now the prices are spiraling down. Some of the technologies you put in to save money on servers today, like server virtualization, come with this DRP advantage as a “side benefit” if you use it.  As you add technology to support remote users or simplify the IT management in your organization, like Terminal Services or Citrix Xen, also add the possibility for robust DRP.

As you upgrade your systems—be sure to get advice from a qualified professional about getting your Disaster Recovery Plan in order!

I’m always ok with it when a CEO, President, or owner is not an IT professional. In fact, it is often easier for an IT professional to do their job if the leader of their organization is not always getting in their way!

IT changes so fast, even faster than clothes go out of style. Perhaps executives need to check in with their peers, or even better, IT professionals to be sure their “IT fashion” is not out of date. Sure, LinkedIn is alive and well today, but will they be the CompuServe of tomorrow? Twitter and Face Book are all the rage, but some fear MySpace is on the way out. Google has plans to make all of them obsolete with Google Buzz.

Many of the executives I work with are NOT experts in IT—and I think that is just fine. That’s why they have good IT professionals they trust on staff and/or outsourced.

When I use a tool that easy, it is so refreshing.

So much better than the usual, “What do you want? Enter. Are you sure? Are you sure you are sure?” etc. Additionally, think of recent changes Microsoft implemented in their interfaces. On the downside, many people are less than impressed with the new Microsoft Office ribbon menu system. On the upside, Windows 7’s interface has many features I find much more appealing than XP’s interface.

Many people rave at the engineering Apple puts into their products and almost everyone can see why. Xerox shipped the first mouse but Macintosh made it famous. The iPhone definitely made a permanent mark in personal IT history.

One of the next biggest advancement opportunities is voice recognition—and that’s better than you think already. I wonder what the next widely adopted user friendly interface change will be? If you want to, post your ideas and comments in this blog.

There is great advice on using multiple monitors, going paperless, having safe backups, and leveraging laptop computers.

CPA’s, CFO’s, and Controllers are involved in your business—and it just seems right to pass this resource along to you.

The entire article can be found at www.cpatrendlines.com and www.cpa2biz.com.

The theory is that, if the “online banking only” computer is only used for online banking and nothing else, the computer is less likely to be infected with viruses, key loggers, and other malicious software.

Having two computers comes at a huge cost to convenience for the people in your office that need to perform online banking. That means they need to have two computers at their desk. They could use a KVM switch to use their same keyboard, monitor, and mouse to switch back and forth between the computers.

Your IT professional might be willing to set up a virtual machine on the regular machine to use for online banking, but IT will still need to keep that virtual machine current with patches and protected with anti-virus. The end-user may become confused using the virtual machine and reject the idea completely.

Controls would probably need to be put in place to limit access to banking web sites to the single machine so no employees ever “cheat” and use their own workstation to access online banking.

On a positive note, an inexpensive computer would be more than enough to handle the online banking, and there are tools like Microsoft’s Microsoft Steady State and Deep Freeze (http://www.faronics.com/html/deepfreeze.asp) that can help lock the machine down to a single purpose and help protect from infections.

Do you dedicate a single computer for your online banking tasks? What is your response to the ABA’s advice? Please add your comments to the blog.

Some smaller organizations have another company host their e-mail using hosted Exchange. Some companies outsource their CRM with companies like www.salesforce.com or crm.dynamics.com.

Many companies, large and small, use outsource payroll providers such as www.ADP.com , www.paychex.com , and payroll.intuit.com

Other examples of cloud computing include patient management and billing for healthcare organizations, document imaging, insurance company systems, accounting systems, and even ERP’s.

To some degree, even home users utilize cloud computing with services like Google Apps www.google.com/apps and Microsoft Office Live www.officelive.com.  Sites like www.snapfish.com can even be considered “cloud computing” because your images are being housed out on the Internet.  Facebook and LinkedIn are “in the cloud” too.

Some companies go to the extreme and put everything in the cloud including their servers, with no local servers of their own, using services such as www.vcit.ca.  In these cases, the company normally pays a monthly subscription fee per user and the hosting company maintains all of their Microsoft operating system and Office licenses for the company.  The outsourced company provides anti-virus, anti-spam, backup services, disaster recovery, e-mail hosting, and technical support for a flat monthly fee per user. This can be really nice—especially for smaller companies.  These services are usually based on Microsoft Terminal Server or Citrix Xen although the customer never needs to realize how the applications are delivered.

A few companies are toying with providing “in the cloud” anti-virus solutions and it will be interesting to see how those work out.

Many people use online backup to store their data in the cloud.

Drawbacks of using “in the cloud” services include:

• If your Internet connection fails, you cannot use the services.
• If you have a slow Internet connection, your services may be slow as well.
• If the “cloud” company goes out of business, you may lose access to your data forever.
• Security concerns—will the other company keep your data secure?

Advantages of using “in the cloud” services include:

• You do not need to install patches to the application—your cloud provider does that for you.
• If there is a disaster at your office, your workers can “work from home” or work on the road almost as easily as if they were “at the office.” This saves you a lot of time.
• You sometimes need less on-site support and/or may not need to hire more IT professionals in your organization.
• Providers in the cloud often have highly trained and highly qualified professionals taking care of the network—professionals who would otherwise be very expensive for you to utilize their expertise.
• Backups are naturally off-site and are often more secure than your own backup solution.
• Adding new offices, new users, and new applications is generally simplified.
• If users are on the road and their personal laptop malfunctions, it is often less dangerous for the user to access via a “hotel business center computer” than if they used the hotel computer to connect directly to your internal network.
• You may not need a server room and, if office space is cramped, that can allow you to have more room for your office personnel.

Also, it is important to mention that some companies elect to use Citrix Xen or Microsoft Terminal Services in their own corporate boundaries to create their own corporate version of a “cloud” and then enjoy some of the “best of both worlds.”

Dual monitors can pay for themselves quickly with increased worker productivity.  If a worker’s productivity is increased even only 9%, and you calculate 9% of their yearly pay, you can see what a bargain the dual monitors are as long as the employee is busy.

Another way of looking at this is that if you have a $50K/year employee who is overloaded and frequently flips between windows on their screen during the day to get work done, your choices to improve their work production at least 9% include:

• Hire a new part time employee for $4.5K/year, plus HR costs, plus find a place for them to sit and work, buy them a computer and monitor, and spend time and money training them.
• Or, get the first employee a second monitor for $300.

The prices are much lower than ever before. You can find high resolution 25.5-Inch widescreen LCD monitors for less than $300 each.  Most modern workstations support dual monitors—even many laptops.

Would you consider working on a desk that was 19″ or smaller diagonally? These days, the computer screen is your “desk.” Most desks are huge compared to the size of a single computer monitor.

Users who try two monitors and see how productive they can be never go back.