VCIO – The Way to Better IT

David Howard

Article by: David Howard

The Problem of CIOs in Small-Medium Organizations

Organizations are designed with responsibilities and personnel capable to carry them out.  These are then placed in a hierarchical structure we see reflected in an “org chart”.  One of the boxes on this chart an organization sees a need for is a CIO or CTO, to reflect the need for somebody to be responsible for the information technology function and have the capabilities to carry it out.

But small organizations rarely start off with a CIO; instead they start off with a junior help desk person or perhaps a network administrator.  The cost of starting off with a highly skilled CIO is too high and having them do helpdesk work or fixing printers is not an effective use of budget.  But having the low-end skills of a help desk person doesn’t provide the organization with the ability to align the business and technology. IT personnel new in their career or more junior by default focus more on the technology and gadgets than they do on the business needs and technology that would solve their problems.  They request a lot of budget, but bring little new ideas to production that will help the business. By having the junior person on staff the organization is not only faced with a lack of necessary skills, they also now must manage a skill they have little understanding about.  This creates ineffective decisions and misspent funds.

You might consider at this point “Why not hire a CIO?”  For organizations of less than 500 users a CIO would be a luxury. They are a fairly expensiDavid Howard VCIOve proposition, and with the revenues of the organization they would not have enough funds to invest to take advantage of their skill set. They would have great ideas about implementing new sales force automation, e-commerce systems, inventory management and other exciting prospects for the business, but then face a budget that does not allow them to implement them.

What is the solution then? How can an organization have these essential skills and yet spend the right amount for their size?

Solution: A VCIO

A “Virtual CIO”, or as we will refer to it, a VCIO, is a fractional or part-time resource that can work with the business leaders of the organization and oversee IT operations.  They may work between 16 and 40 hours per month depending on the investment level and project status.  Sometimes they may be close to full time, but generally it will be much less than that.  They will be present for key meetings about the business strategy or perhaps the weekly operational meeting to review business status, and will do work on their own to review options, speak with IT staff, or end users about key issues.  You as an organization will pay for only what you need.

VCIOSome capabilities and services of the CIO can offer you are:

  • IT Strategy: develop an overall plan for information technology based on the discussions with business leaders and understanding of the industry and market conditions.
  • Understand the business: the key issue here is that the VCIO will be a part of your management team, and will listen from a technology perspective to the problems the business has. Every person on the management team comes from a different focus, a sales manager will talk about how to increase sales, or a production manager will be focused on how production works with the rest of the organization. The VCIO will listen from a technology perspective so that when they hear problems they will contemplate and suggest options that employ technology in ways that others on the team have not considered.
  • Design the technology platform, policy and process, and personnel for the current and future needs of the business. These are the three key aspects of IT: the technology put in place such as which ERP system or servers to use, the process IT uses to support and manage systems and users, and the personnel and their roles within the IT department. The VCIO can align these to provide a fully effective IT function that meets the needs of the business.
  • Business Process Mapping – people with an IT skill set are often very keen on the business process and flow of data through the organization. A skilled VCIO can help you map the business process and identify bottlenecks and points where efficiencies can be gained either by implementing technology or changing a business process.
  • IT Roadmap aligned to the business: they can develop a roadmap of technology changes and suggested projects with business analysis included to show you how the future can look with technology options.
  • Benchmarking IT capabilities against industry-standards: most markets are competitive, and technology is an enabler to increase the velocity of the business. To the extent a business uses IT well compared to others, they will have a greater velocity of revenue generation, product creation and production, and cash management. These key aspects of the business must exceed the competition or you will look up from the bottom of the market. A VCIO can help you benchmark and improve this.

Having a VCIO will provide your business with a single point of contact for IT needs that aligns to the business, a partner invested in your long-term needs, and a technology leader to sit with the CEO, CFO, and other business champions and make sure the technology is an enabler for the business.

Keystone’s VCIO Offering

Keystone offers a VCIO service for its clients that may be of great help to you. If you are looking to have a better understanding of what technology can do for your business, and invest your funds to maximize ROI, then we can provide a resource to you that will produce in the areas we’ve listed above to propel your business forward.

Contact us today to discuss how we can help you for a manageable cost and maximum results.

Meet the New Team Members at Keystone

David Howard

Article by: David Howard

Keystone has seen a lot of growth lately – with new clients, capabilities, and services!  We are fortunate to have added some awesome new people to help our growing client base. These new team members are part of the user support desk, so our clients have a great chance to hear or see them in action.

We want to welcome the following new teammates!

Beth Humbel

Beth HumbelBeth is our new dispatcher, so when you call or email in, she is usually the first person to look at your needs, and she does it as soon as possible – within a few minutes!  Beth enjoys working with customers and finding products or solutions which work best for their needs. To her, it is rewarding to have someone she has worked with be happy with the service they have received. She loves doing that at Keystone, because as a technology company, things are always changing and that keeps her interest. She said the energy level everybody brings at Keystone is great, and she enjoys the collaboration each team member brings to the table to solve complex issues. There is never a day where she does not learn something new, and have something to share with her friends and family.

In her role as dispatcher, Beth enjoys talking with our customers and being a part of a team which helps provide solutions. Beth is a strategic person and likes the challenges this position gives her.
When Beth is not taking care of clients at Keystone, she enjoys golfing, painting and riding bikes. And when not doing those, you can find her having dinner with my friends and family.

Jason Schmidt

Jason SchmidtJason was always the “tech guy” at past jobs, so he focused his career in it.  Part of his journey in this includes getting a Bachelor’s degree in technology from Kent State University.

Jason love technology because it meets his constant goal of learning.  He tries to keep up on the new and exciting things that seem to come out weekly in the world of technology.  To him, doing system setups is a lot like figuring out a puzzle.  In his short time at Keystone, Jason said he enjoys the people, and feels like they are now a second family (and you are a part of the family Jason!)

When he is not building new systems, and helping users, he said he spends his time “doing what my kids want to do”.


Cory Lazenko

Cory LazenkoCory is almost an old timer in this group of new employees.  He joined us in August, 2016 as a level 1 Support Team engineer, and has been doing a great job ever since!

Cory has his associates degree in Computer Science and has plans to get Microsoft Certification within the next year.

He loves technology for so many reasons! The simple fact that the right group of people can get together and literally change the world from their desk, is a very enticing thought. Enough to keep him hungry for whatever he can feed his brain with. He said he does what he does because “the world is built on computers and not everyone is as lucky as I am to have a background in them, and those people need help in the right direction or the world as a whole is doomed unless people like us stand up to help.”  He said he loves working at Keystone, the atmosphere and the people make it fun to come in and hard to leave.

When not at Keystone, Cory loves to spend time with his five-year-old daughter, and his new wife, Jessica (Congratulations!).  And when he finds more time, he likes to play his guitar and write music.


Zach Richardson

Zach RichardsonZach joined in October, 2016 as level 1 Support Team engineer.  His IT career includes Network Administration and Security; he has certifications in Cisco CCNA 200-120, and CompTIA Network Plus.  This lines up with his main interests of Networking, Security, and Virtualization.  Prior to joining Keystone, Zach was at Walsh University as a security specialist. He said he “loves working with technology and helping people, and that technology never ends with information and helping people always make me happy!”

Zach has a second job operating the audio-visual equipment Quicken Loans Arena, including the Cavs games.

In Zach’s short time at Keystone, he has been enjoying the people and the environment. And because he prioritizes school and learning, he wants to continue to grow here!


Nathan Satola

Nathan SatolaNathan also joined us in October as a level 1 Support Team Engineer.  He was previously a remote support technician for Diebold, and was a field technician for TWC prior to that. He has a Network Systems Administration degree.  He likes the field, because it allows him work with different software, and build hardware.

Nathan also said he likes being in a help desk position because he enjoys helping people accomplish their goals with his skill set they may not have the ability or knowledge to help themselves.

He appreciates Keystone, because “the team is always eager to help and really know their stuff.”

In his spare time, Nathan likes to cook, and attend cub scouts’ meetings with his son.

Buying a Laptop

David Howard

Article by: David Howard

Buying a LaptopBuying a laptop is a task you will probably do often in your life. You may need one for work and must operate within some corporate requirements for manufacturer or budgets, or purchase one for personal use or as a gift for a family member. It is important to have a good approach to selecting and buying a laptop to get the most value out of it. We cover some important aspects of this here.

First, it’s not so much the cost of the laptop, mostly these have become commodity items and they all look the same while sitting on the shelf. It’s the experience you have after you open it up and use it. The difference of a few hundred dollars will soon be forgotten if it is a great performer.

Where to Start when Buying a Laptop

The first thing you should consider is this is a device you will spend a lot of time using.  And sometimes we forget this is a “PC”, which means “personal computer”.  This means you are the primary and usually sole user of the laptop, and it needs to work for you personally, and your lifestyle and the things you need to do with it. Because of this we’re going to begin with what to consider before you even go to the store or the online site.

Considerations when Buying a Laptop

First consider what is important to you within your lifestyle and needs. Here are things to think about.

  • Portability – should the laptop be light and easy to carry because you move around a lot throughout the day?
  • Battery life – will you be working for long time periods where it is not convenient to plug-in? If so focus on battery life, and understand that the manufacturer may specify the life of the battery in hours which is not realistic for your use. They may say it is a ten-hour battery life and you will find you only get seven.
  • Power – here we are primarily thinking of the processing power of the CPU, and the memory. If you will use it for some high-end processing, such as video editing, CAD, database manipulation, then you may need a more powerful device. This may sacrifice portability or battery life aspects. Of all the items you may consider spending more, this is the one. A more powerful device may last you longer because it will keep up with future upgrades of the software.
  • Disk space – this is somewhat inherent to power, but can be separated. You may not need a lot of processing power, but need a lot of disk space for images, or just a high volume of data. This may require you to use a traditional hard drive as opposed to a solid-state storage device, such as an SSD. An SSD is basically a disk using memory instead of spinning platters. It is much faster, quieter, and often better for battery life. But because of the expense is often smaller than a traditional drive.
  • Screen capabilities – you may like a higher resolution screen which looks better, but may affect the battery life. One of the biggest impacts to battery life is the number of pixels on the screen and brightness, so that if you have a bright, high resolution screen your battery life may suffer.
  • Touchscreen or Digitizer – for Windows-based systems, and some Google Chromebooks, a touchscreen is an option. Windows 10 is optimized for use with a touchscreen. It may seem odd to request this given the fact the screen is right there in front of you and you have a trackpad or mouse, but the ability to interact directly with information by touching it often helps us understand it better. A digitizer allows the use of a pen, one which will not cause stray marks from your palm because it rejects touch when the pen is in use. Higher end Windows laptops, especially those from Microsoft often include a pen built-in.
  • Size of the keyboard or screen – this will affect portability, but you may like a larger screen, or a numeric keypad. Once you’ve added these features you are usually at a 15 or 17-inch laptop which will have reduced portability, and higher weight.
  • Manufacturer support – this is more important than most people estimate. By this we primarily mean software driver support. One of the biggest issues you will have with a laptop is how well the hardware works with the software, primarily the operating system. If the power drivers are not well tuned, you may have various issues with the machine when it goes to sleep or tries to wake up. Or the trackpad may not offer smooth and effective performance, or the fan runs constantly. We suggest that you consider solid brand names and those that support their hardware with updated and effective software drivers. I have found this the greatest impact to my use of a laptop.
  • Peripherals – many peripherals work over USB, or wirelessly. The most important aspect we are looking at here is first are the ports necessary on the laptop you are considering? Does it have a full-size HDMI connection if that is important to you? Second, does the laptop support a docking station? If you need to go to your desk and quickly lock in and have access to a full screen monitor, keyboard, etc. then you will want to have the ability for a docking station to be easily connected.
  • Cost – this is the last consideration. A well-chosen laptop will probably last you for about 3 to 4 years. Even if you paid $2000 instead of $500, we are only talking about $20 a month’s difference for something you may use well over 100 hours a month. Unless necessary, make this the lowest priority on your list.


How to Use the Considerations when Buying a Laptop

So how do you put all those considerations above into practical use?  First, rank them per your specific needs.  You may have to trade certain things for others. Ideally, we could have a tiny device the size of a cell phone that when pulled from the pocket, will unfold into this powerful high performance machine with the glorious screen, but that’s just not possible. This means if you would like a large screen you will sacrifice portability. If you want to have a high-resolution screen and a powerful CPU running at top speed all the time, you will likely sacrifice battery life.

For my personal purposes, I prefer excellent manufacturer support, battery life, and portability. Most of what I do these days is working in Microsoft office applications and having a few browser tabs open. If I were still doing high-end programming and database work I would like a more powerful device. This has led me to select brand-name devices that way at or under 3 pounds and which have at least 10 hours of battery life.  But you may have a different outcome based on your considerations.

I often have multiple laptops I use because I have varying needs.

  • An Apple MacBook Air – I love the hardware, size, and battery life. I could go almost a day and ½ on the battery by keeping the screen at a low brightness. It packs away, sleeps, and wakes up quickly as needed. I use this primarily for the office applications, and photo management and editing.
  • A Microsoft Surface Book – I just added this a few weeks ago. I was using a Hewlett-Packard Spectre X360, but it seemed to have various issues including drivers. That’s not normal for HP but it caused me to look again. The Surface Book has some issues with drivers, but after about four weeks of regular and sometimes intense use, it has done well. I like that it weighs about 3½ pounds, has a pen, and the screen can detach to work like a tablet.
  • An Asus ChromeBook Flip – a small, 10 inch laptop that flips over to be a tablet. This runs the Google Chrome OS so effectively it’s nothing more than a web browser. But Google recently included this device to run android applications on it also. I’ve been using it like this for about two months with mixed results. It is nice because it is small and light and the touchscreen is great for just sitting on the couch and browsing (though I still prefer the iPad for this).

Buying a Laptop - Apple MacBook Air Buying a Laptop - Microsoft SurfaceBook Buying a laptop - Asus Flip Chomebook









What should you do next?

If it’s time for you to buy a laptop, perhaps one over the holidays as a gift, consider the aspects listed above and rate them based on what is important to you. Then head to the store and focus on those devices that will best meet your needs.  Don’t let the Best Buy Geek talk you into something that you don’t need. Focus on what’s important to you.

If you are a corporate client of Keystone ask us for assistance in finding the right model for you. It’s part of the service our help desk provides, and it is invaluable to get something you will enjoy!

Disaster Recovery Planning

David Howard

Article by: David Howard

Disaster Recovery Plan

DRP switch button

Waiting for a disaster to occur that affects your information technology systems is not the time to start planning your response.  Your disaster recovery planning needs to be done well in advance, including documenting and communicating it to all the stakeholders.

But what should go into the Disaster Recovery Plan?

Keystone prepares disaster recovery solutions for its clients that are intended to provide a comprehensive plan, ready to be used when needed.  We include the following key elements:

  1. A set of definitions – this is important because the document is usually maintained by the IT department, and some terms, such as “Active Data Systems”, or “Reduced Performance”, should be defined in a way that a business leader will understand. This will allow them to assess the cost and capabilities of their disaster recovery process.
  2. A network diagram – this is important for IT personnel to see what systems are in play, along with their locations and characteristics. By including details like the location, the team can quickly assess and respond to a local issue such as fire or flooding in a location.
  3. A list of locations – in conjunction with the network diagram, this shows the specific location (address, room #, etc.) of key assets.
  4. A flowchart of the process to be enacted when a disaster occurs – this should include common tasks like communication, equipment provisioning, and system restores.
  5. Communication and Operations Plan – This is key, it describes each system (where system is an application the organization uses regardless of server), and what the plan will be for various time periods. This is normally viewed across multiple time lines of unavailability, such as 0-4 hours, 4-24 hours, etc. For example, if the shipping system is unavailable for 0-4 hours, the plan may be to hold shipments in staging area, but after 4 hours to use some manual process to ship. The business personnel who “own” the system should also be identified and communicated with as these periods are experienced.
  6. Key Personnel – A list of all key personnel with contact info; useful when initiating and communicating in a disaster. It should also include the systems they would be responsible for where applicable.
  7. Backup and Restore Plans – A list of all systems and when they are backed up, how and where they are backed up, and approximately how long they take to complete. This also helps when troubleshooting system performance issues. It should also include the restore plan.
  8. Reporting and Review – A description of how backup systems report results, and who reviews them for errors and resolution. Backups are of no value unless that can be restored when needed.
  9. Key Vendor Contacts – Often disasters are either caused by vendors, or resolved by them. For example, your internet access may be lost, so having the contact information is essential.

Keystone’s Disaster Recover plans are created to help you understand the risks, and restore business operations in a minimum period of time. They often run 15-20 pages in length and are valuable to clients for the following reasons:

  • They are essential when a disaster occurs. As we said earlier, it is far too late to start planning for disaster when in the middle of one. This is the key reason you need one!
  • They can assess the risk of losing access. This is important because mitigating risk has a cost, and the best way to manage that cost is to view it as an investment against loss of access.  Keystone’s plans allow you to do this.
  • They can reduce your costs of insurance. Business insurance providers often look for a comprehensive plan, and provide lower costs when they see one.

Contact Keystone today to see how we can improve your disaster recovery capabilities.  We offer this as part of our comprehensive managed services, where we take care of all of your IT needs, and also offer it as a managed disaster recovery solution in conjunction with your current IT team.


Have You Outgrown Your IT?

David Howard

Article by: David Howard

You may be outgrowing your information technology capabilities, but how can you know, why is it happening, and what is the best response?

Outgrow your IT

How do you know you are outgrowing your IT?

There are several symptoms you can identify, and if you are taking the time to read this, there is a good chance you already have these. Some of them include:

  1. You have unplanned outages, or even worse have lost data.  If you see more down time, or have lost hours of data input, you have likely outgrown your IT. They are in fire fighting mode and losing the battle.
  2. Your defined objectives are not being met – you will often see this in the projects and strategic needs.  For example, your sales team needs better tracking and access to customer data, so a strategic plan includes identifying and deploying a CRM system, but months later it seems like little real progress has been made.
  3. Users have persistent complaints about responsiveness of help in using the systems – tickets are submitted, but are not handled quickly, causing issues to remain for a long time, impacting productivity and satisfaction.
  4. The IT function does not present any valuable ideas to grow the business, and behaves “reactively.”  There is a lot of “fire fighting”, which is disruptive to initiatives, and allows little time for creative thought and new value.
  5. Your team does not have answers.  Not only is it dealing with the issues above, but when asked how to solve it, there is no plan other than “give us more money”.

Why do you outgrow your IT?

Businesses are organic organizations changing as new people, operational methods, and technologies change (who does it, how they do it, what they do it with).  If any of these does not keep up, the balance is lost and the failing component will affect the others. Information Technology encapsulates all of three: technology personnel use operational methods and the technology tools they select to serve the needs of the business. Every other function, from design, production, service lines, sales, and back office operations also encapsulates these three components, so any department may face this.  And any department that does not keep up with the others slows all of them down.

So if the people of information technology (employed or not) are not sufficient for the needs, or the methods used are not aligned with the business, or the tools are insufficient or obsolete, you will need to resolve the issue.

Information technology is an interesting component of an organization.  Unlike some other components, it has to deal with changes in all aspects at a rapid pace, along with threats from the outside.  This means  it must change more quickly than most business components in order to meet the needs of the organization.  While production in manufacturing may use the same machine for over a decade, or accounting rules remain relatively static, and sales remains a relationship game – information technology is changing a rapid pace.  It is hard to realize it, but Facebook in ten years has grown to 1.7 billion active users, computing power has grown by about 100 times since 1995, and the the iPad Pro in 2015 is about twice as fast as a high end PC from 2010, yet many businesses try to keep running the same technology for the same purposes for a decade or more, not accounting for the changing world around them.  The personnel also can become static, stuck in a view that “X won’t work because we already tried that”, so guess what, you as an organization will never have X!   And the methodology is trapped by a lack of new thought and tools.  While this atrophy is happening, threats by third parties and competitive forces cause continued downward spiral of information technology capabilities.  This results in very expensive propositions eventually being forced on the organization, the ultimate reactive problem.

What is the best response to outgrowing your IT?

There are several moving parts, so which ones needs tweaking?  Probably all of them; as shown above they are interrelated and all must be considered.  A suggested approach:

  • Personnel – evaluate the team build, including internal and external resources for skill set, interests, and engagement with the organization. Some roles are more suited to being external as they do not provide a clear competitive advantage like network management, help desk, telecommunications support (is getting a user’s Outlook setup for email really a competitive advantage?).  Others do provide a clear advantage when integrated tightly, such as software development and support, ERP system management, data reporting, and IT leadership.
  • Operational Methodology – The means by which the IT function performs its services and integrates with the rest of the organization is the operational methodology it employs.  If the IT department feels that all requests must be done via a long form completed in triplicate, it will be a burden to the business. The methodology should be evaluated from the way requests are made, the project or service planning and tracking methods, and the way system upgrades and development efforts are accomplished. As new platforms come to market, like mobile devices, new methods must be used to support them. If you are still doing thing the same way you did them five years ago, you may already be behind the curve.
  • Technology – The tools are changing quickly, and suffer from reduced capabilities and greater risk when not maintained, upgraded, and replaced on a schedule that makes sense for the business and its strategy and budget. A technology plan that identifies what technologies are obsolete and need to be removed, what will be maintained or enhanced, and what new pieces will be brought in should be created.

Keystone offers assessments of the current systems, the operational methods, and the personnel to help you determine the severity of the issue, and create a response plan to bring your IT up to the level needed.  We grade your IT capability on a 1 – 5 scale, where 1 is a reactive, fire fighting team with a lot of disruptions, and 5 is a mature IT capability that is bringing new ideas and capabilities to the business, instead of dragging the enterprise down. In fact bringing Keystone on move you to a 3 almost immediately, and creates a direction where 5 can be achieved. We also do team assessments to identify the skills and best use of these resources, and we evaluate your technology to identify the risks and areas of weakness.  You will receive a comprehensive assessment that gives you a clear direction.  Call us today to discuss your concerns, and answer the question “Have I outgrown my IT?”

Information Security in Manufacturing

David Howard

Article by: David Howard

Information Security in Manufacturing


Information Security in Manufacturing is a key objective to maintain the health of your business.  The threat of loss of intellectual property or operational information is high because the systems you use normally are accessible from the outside, and the data they hold is valuable to others. After all you create and sell something of value, right?

A recent article in Crain’s Cleveland Magazine highlighted this for Northeastern Ohio manufacturing companies.  It is worth the read, but we expand upon these and provide more direction here.

Let’s consider the threats, what you may need to secure, and some best practices to accomplish this for manufacturing firms.


Threats in Information Security in Manufacturing

The threats are many and growing.  Some to consider are:

  • Loss of intellectual property – The product data you maintain, including designs, recipes, and bills of material. Someone in your industry, particularly from foreign countries with a repeated pattern of copying, find it helpful to simply clone your products and sell them for less.
  • Personal Identity Theft – Your employee information is a valuable resource, especially if it has social security numbers, addresses, etc. It is all too common to see people lose control of their identity in financial systems or online store fronts like Amazon or
  • Loss of Financial Information – Your cost structures, vendor lists, customer lists, and sales data can create a picture for someone who wants to invade your space in the market.
  • Malicious attacks on your business – Your systems are vulnerable to damage once accessed, either by deletion, encryption for a ransom (CryptoLocker), or even forcing your machines to run ineffectively or to the point of damage (Stuxnet).
  • Someone who wants to leverage the information inside the business – Threats are not just external, an employee may want to access information to help themselves, such as knowing the payroll of the company so they can negotiate a raise.
  • External applications or systems that are insecure – Many functions are moving to the cloud, so you also need to understand what systems are being used and their information security practices. Many companies use CRM systems like, or Google Docs, or an online utility to convert a document into a PDF.  All of the data you send or store in these are managed by other, or someone may even impersonate them and hijack your data.

All of these are threats, and knowing them helps you identify the assets to secure.

Assets that may need Secured for Information Security in Manufacturing

Having reviewed the list of threats, you may already think about what should be secured; here are ideas to help.

  • ERP/MRP/Accounting Systems – These systems hold so much of your business – start here.
  • Human Resources Data – Employee personal information, salaries, reviews, etc.
  • Product Designs, including CAD files, cost estimates, marketing plans, and other product information.
  • Strategic Documents – Those that describe the business plans and organizational changes.
  • Personal Computers and Devices – Users often store data or the credentials needed to access the data (e.g. “saved passwords”), so an insecure PC is a path into data stored in other systems.
  • Servers – It almost goes without saying, but all servers should be physically and logically secured.
  • Connected Devices – It is not just the servers or PCs, any device on your network is an entry point. Consider printers, scanners, embedded production controllers, wireless access points, security cameras, and handheld barcode scanners. All of these have been granted access to valuable data, and accessing them accesses the data.
  • Shared folders – where common documents like marketing brochures, project plans, and other departmental or enterprise data is stored.
  • Cloud Systems that store or process your data – As we stated above, every partner you work with to store or process data should be vetted. It is all too common to read about a breach in systems of these organizations.
  • USB Drives – We often see users or even IT support personnel using USB drives to store data, when left insecure they are an easy target to pick up and view the information they hold.

Best Practices for Information Security in Manufacturing

Finally, we can wrap up with some best practices you should implement to secure the overall environment.

  • Identify Information Assets – This is covered above, and it must be maintained and checked regularly as your systems will change. Annual verification is a must.
  • Contract for Annual Security Penetration tests –Skilled third parties work the process as a hacker would. This provides a punch list of items to secure.
  • Manage your firewall – the firewall is the primary point of entry into your systems, and requires no physical access. We recommend SonicWALLs, because they are simpler to manage, and with less complexity comes greater understanding of the way data is being processed through them.
  • Review all accounts and their access – When we start with a new client, it is shocking to see how many abandoned accounts exist. These are user accounts where the employee has left the organization, or changed roles.  When these changes happen, secure the account and review for deletion.  If left behind, they provide a way into your systems.
  • Have regular patching and upgrades – Organizations sometimes think they can save money by delaying upgrading or patching systems, but they become more and more vulnerable to new threats not accounted for in the installed version, rendering them insecure. This includes software, and network components like firewalls and wireless access points.  Microsoft and others release these patches to plug these holes, so keep them up to date!
  • Provide Employee Training – Employees are a weak link in the process – often using insecure passwords, clicking things that install malicious software, or sharing credentials with others. Users should be regularly trained, and policies should be in place to require secure practices.
  • Implement Secure Password policies – Require a minimum length, special characters, and change requirements. Do not over do this or else users write them down on sticky notes because they cannot remember them.
  • Check physical security – I am shocked at how often I should not have access to a network, but can easily plug into a cabled network port and have full physical access. This also includes securing servers behind a locked door with limited access.
  • Turn on security audit capabilities – These logs will provide a way to understand the threats and breaches of your systems.
  • Have excellent backups – If data is accessed and destroyed, you will need good backups to resume operations, and potentially determine the history of access so you can see if data was stolen.


Information Security in manufacturing is an important objective, providing long term reliability for your business.  Keystone Technology Consultants takes this seriously and knows it is a cat and mouse game with new threats coming all the time.  We run a Client Data Safety team that meets monthly to review all threats to our clients, and proactively plans the best way to thwart them.  Call us today to discuss your systems and how they can be secured.

Skype for Business – Can it help my Organization?

David Howard

Article by: David Howard

iPhone Skype for Business
Microsoft’s Skype for Business is a powerful collaboration tool, and provides many benefits for small to medium sized business (or even large organizations).  In this presentation, we show you what Skype for Business is, why you should consider it, and display the most useful features.  Our goal is to provide you with some information that may be helpful when you want to improve the capabilities, effectiveness, and collaboration of your organization.

In this presentation, you will learn that Skype for Business:

  • Allows you to instant message inside and outside the organizational walls
  • Is a hosted VOIP phone system
  • Can replace your voice conference lines, Webex, and GoToMeeting accounts
  • Provides chat, voice, or video communications
  • Works on multiple devices like PCs, tablets, smartphones, and desk phones
  • Can be the basis your conference room system
  • Allows screen or document sharing, even co-editing documents
  • Can handle up to 250 attendees
  • Integrates with Microsoft Outlook, so you can solve the email mess most of face, by supplementing with more effective communication options more while still having the power of email.

Keystone has helped numerous organizations plan and deploy Skype for Business. In one case we saw greater collaboration, and the removal of a $60,000 video conferencing system!  We recommend you review this and call, or just call and let’s consider together if Skype for Business can help you.



You can also watch this as an Office Mix Video, with enhanced capabilities.


Office 365 Capabilities for Small Business

David Howard

Article by: David Howard

Microsoft Office 365 provides many important capabilities to small businesses. Keystone has successfully implemented this for most of our clients and now has thousands of users who have email, online file storage, Skype for business and other capabilities as a result. There are many questions that arise when businesses are considering this option and we wanted to share with you some things that you should know when evaluating this.

We have prepared an online PowerPoint presented as a video (using Office Mix) which you can watch or download; this will provide you with the most complete information about office 365 and its capabilities for small business. You can watch it above or by following this link: Office 365 Capabilities for Small Business

We will recap a few of the top items here.

Recap of Office 365 Capabilities for Small Business

  • Office 365 addresses many important business issues. Among these are the necessity to access data from anywhere at any time using almost any device, the ability to collaborate among team members on the same document, the ability to manage costs, and improve security and reliability. There are many more but these are key for most businesses today.
  • Office 365 is an ecosystem that includes various client tools like Microsoft office and web applications in browsers, and server-based systems such as Exchange email and SharePoint. These can be mixed and matched across your environment to effectively provide seamless access in a way the user can most benefit by it.
  • The same document can be edited across multiple platforms, in fact our PowerPoint video was created on an Apple Macintosh, edited on an iPad, and finalized and mixed on a Windows PC.
  • Users can work together real time so that they see each other’s changes as they are communicating about them even though they are in separate locations.
  • There are multiple subscription levels and we explain each of these to help you understand how you can mix and match them for the most cost-effective investment.
  • A discussion of the off-line capabilities which allows you to take your files with you and then synchronize at a later point.
  • A list of reasons you may want to use office 365, and a list of why you may not.

Office 365 is a large, and sometimes complex set of tools. We believe this information will help you understand it better, but are always ready and willing to meet with you and discuss these items as they are specifically relevant to you.

Contact Gene Whaley at to see if you can benefit from Office 365.

Bimodal IT – Maintain the Now and Plan for the Future

David Howard

Article by: David Howard

Bimodal IT is a new methodology being adopted by some organizations so that they can have a division of focus and effort between taking care of the current or legacy technology, while also looking to the future and what is needed to sustain the organization as business and technology cycles continue to ripple.

Every organization follows a methodology, whether it is formalized or not. This is true not only of the organization as a whole, but also the key components or departments. For example, your accounting department follows a methodology according to Generally Accepted Accounting Principles (GAAP), your production and quality departments may follow methodologies directed by ISO standards for documentation, as well as Lean or Six Sigma for means to manage and measure production. The information technology department is no different though it often lags behind other departments in terms of formality in methodology. To the extent that a methodology is identified, trained, communicated, and followed it can assist the IT department in working with the business to align the technology to the needs of the organization.

One of the recent trends in Information technology management methodologies is Bimodal IT.

What is Bimodal IT?

Bimodal IT is an approach to information technology where two areas are in focus, with expected results established for each.

The first area is the traditional IT function which remains highly valuable: the normal “keep the current systems reliable, secure and performing” so that the business can reliably deliver on its plans and promises. The emphasis here is on safety, accuracy, reliability, and scalability.

The second area is innovative (or fast mode), and emphasizes speed and agility.

A great CIO will struggle to compete with small, disruptive startups that threaten the business. The startups do not have the overhead an existing IT operation must maintain, and are not limited by the lack of focus on something new.  They are able to be fast and agile. But a good CIO can simply shift some resources to be focused on innovation.

Gartner research has studied this trend, where Peter Sondergaard, senior vice president and global head of research, said “CIOs can’t transform their old IT organization into a digital startup, but they can turn it into a bimodal IT organization. Forty-five percent of CIOs state they currently have a fast mode of operation, and we predict that 75% of IT organizations will be bimodal in some way by 2017.

In other words, bimodal IT is simply a shift in some resources, with goals of speed and agility to develop options and solutions for current and future problems.

What Problems does Bimodal IT Address?

In our view, there are several problems this methodology is addressing.

  • Keeping IT Current so the organization does not fall behind – a key business case for the danger of neglecting upgrades and innovation in IT is the New York subway system (discussed here). The subway system was designed and built in the 1930s to provide for safety and largely avoid collisions between trains.  The article’s author, Bob Lewis points out the details and the estimate to replace it was set at 20 billion dollars.   Certainly the obsolete technology’s issues had been known for a long time, and discussions held to plan its replacement in an orderly fashion for the budget and operational cycles had been thoroughly designed and vetted right?  No, in fact the discussions followed the same path they do in most organizations facing a potentially expensive replacement of a legacy system (the following italicized text is from Mr. Lewis article): Does any of this sound familiar — a legacy system that would be good enough except its architecture is obsolete, the platforms it runs on aren’t around anymore, and:
    • “Lift-and-shift” replacement provide no new features, and so no business-driven value to justify the expense?
    • Nobody can describe important new features that would justify anything more than a lift-and-shift replacement?
    • Investing in any kind of replacement system would drain needed capital away from other efforts that are also important for the organization’s ongoing survival and success?
  • Increasing Value – In general, the most persistent complaint from business leadership about IT is that it is unreliable. Once that is solved, the second most persistent complaint is that it is not adding value to the business. The IT department spends their budget and focus to “keep the lights” on, but never comes to the table with investment opportunities with clear ROI that will help the business. The fact is that a lot of IT shops spend 85% of their budget on maintaining what is, rather than thinking about what could be.  This holds back 70% of IT leaders from focusing on innovative projects that will increase business value.  Bimodal IT allocates a certain percentage of the IT function to the future needs, and should be associated with an accountability to develop innovative options for the business.
  • Attracting great talent – Great talent in technology likes to work on interesting projects, so having some projects that are more than just point upgrades will attract and retain people with better skills and ability to deliver innovation. They will add value in multiple ways in all areas of IT.

Is Bimodal IT a Fad, or Will It Help Me?

Maybe it is a fad term.  While the phrase Bimodal IT may go the way of “zero defects”, “Total Quality Management”, and other names for lost methodologies, the concept of planning for orderly replacement of obsolescent technologies and developing new options by having a focus on new solutions to the changing technology landscape and business challenges is a good thing, no matter what it is called.

We focus on the actual goals, not the terms. And there are other methodology options that people are quite passionate about, such as Dev Ops or Agile.  These are great also, the main thought we are bringing is that we believe some of your efforts should be focused on the future, where technology can make an impact negatively if not dealt with (New York subway), or make a positive impact on a growing organization (disruptive technologies that provide a competitive advantage, e.g. “news blogs vs traditional newspapers”).

In order to maintain the now, and plan for the future, you will need a strategy to generate new options (innovations) which can be implemented (accountability).  This will help you avoid the negative and benefit from the positive.

Keystone’s Bimodal IT

We spend a lot of time looking at the current systems via monitoring tools, reports, and visual review.  We also look at the future on a regular basis, in fact we just returned from the Consumer Electronics Show (CES) in Las Vegas, where we witnessed numerous trends in robotics, product development, monitoring with connected devices, and so much more.

We also published two articles on Technology Frontiers you may enjoy, part 1 and part 2 which described various new technology trends that you should know about.

One of the features we have at Keystone is a technology museum.  You may wonder what does a museum have to do with Bimodal IT?  It does for two primary reasons.

Keystone Technology MuseumThe museum has items that come and go to keep it fresh, but starts in the 1800s with old journals of a store’s transactions and accounts (“the books”), which were filled out with a pen dipped in ink.  This was “technology” at the time. It then moves to typewriters that replaced the pen, and PCs that replaced the typewriter.  These were shifts that had to be planned for or the risk of being out of business was real. These past shifts give us insight into how to plan for future shifts.

IBM PC 1800s technologyWe always reserve the last section of the museum for future technology; something that represents what is coming that can make a difference, or must be planned for, or often both. We see things here that are part of the Internet of Things (IOT), 3D printing for product development and someday delivery, voice command technology, and so much more.

It is all a continuum of technology we help clients understand and implement. The past into the future.  Maintain the now, and plan for the future.

You may want to know how to implement this approach, feel free to contact us today to start that discussion!

Technology Frontiers – IoT and Voice Recognition

David Howard

Article by: David Howard

We previously wrote about some of the technology frontiers we are exploring, and described three that are exciting:

  • 3D Printing
  • Clustered Computing
  • Latest Applications, Operating Systems, and Devices

But much like exploring a new area untouched before, we have two more that are both exciting and showing real promise for the future of technology and how it affects our lives.  These are the Internet of Things (IoT) and Voice Recognition, especially when paired with artificial intelligence and machine learning.   We describe both of these in this article.

Internet of Things (IoT)

The Internet was originally an environment where we hooked our computers to the internet provider and started using email or the world wide web (WWW). Humans were clicking links, watching a video, and sending an email. We initiated the majority of traffic by our explicit and direct actions, predominately in a web browser.

But the use of the Internet as a super-highway for information has changed: now devices and things are generating most of the traffic that is zipping through our data lines. In fact, Cisco did a study that estimated that “Data created by IoT devices will hit 507.5 ZB per year by 2019, up from 134.5 ZB in 2014.” (source: ZdNet Article: In case you are wondering, a “ZB” is a Zetabyte, or 1 billion terabytes – and that is a lot!

So what is the Internet of Things (hereafter abbreviated “IoT”)?  It is the accumulation of the devices that are connected to the internet and generating (and sending) or receiving data.  It is sometime analogous to Machine to Machine communication (M2M, no humans involved).  Some examples:

  • Your cell phones’ GPS coordinates while you are using maps
  • A Nest thermostat in your home that you can connect to and raise the temperature, and which “learns” your life’s patterns to automatically start managing the system based on your history.
  • A location based tracking beacon to show you where your keys were left behind.
  • Public trash cans that use real-time data collection and alerts to let municipal services know when a bin needs to be emptied.
  • Wireless sensors embedded within concrete foundations to ensure the integrity of a structure; these sensors provide load and event monitoring both during and after construction.
  • Activity sensors placed on an elderly loved one that monitor daily routines and give peace of mind for their safety by alerting you to any serious disruptions detected in their normal schedule.
  • And so many more…

In every case it is some device that is communicating data, not a person directly doing so.

Based on the utility as well as the total data being collected, we can quickly see where this can explode.  Instead of you personally collecting and transmitting data, a device will do this for you. It is in effect what everybody dreams about when you think that your refrigerator will send a list to the local grocery store for items to replenish (and by the way Amazon now offers a “Dash button” that is designed to order some common household items at the push of a button).

Voice Recognition

We are using Voice Recognition more and more every day, in applications like Apple Siri or Google Now, or when we call into an automated messaging attendant at an insurance company and say our date of birth or policy # to a computer, or use voice to text capabilities. You have likely used one of these recently, but never really thought about it. It has become commonplace, but is expanding to be an option of choice for interacting with data.

Like most people, I interact with a lot of email; usually between 100-200 legitimate emails per day that are critical.  Although I am sitting at a PC, I tend to grab my iPhone and use the microphone key to answer emails using my voice.  A quick press and I am orally stating my response, or sending a new email.  I also use Dragon products on both Windows and Macintosh OSX to generate larger documents.  In fact, this article is about 95% voice generated on a Windows laptop with Dragon Naturally Speaking.  I use it to dictate the text, select text and apply formatting like bold or italics, and other advanced capabilities.  I confess that I do not type very well (if only I would have joined the mostly female typing class in my high school!), so the ability to use my voice is a tremendous advantage. It is not only a convenience; it is a huge productivity boost; I have generated documents of thousands of words in an afternoon.

And while I love the ability to simply state my words and see them appear in an email or Word document, when I see them combined with artificial intelligence such as Siri or Microsoft Cortana, it provides a truly personal digital assistant – one that knows what I am looking for. Here are some examples.

  • On my iPhone, I long press the home button and Siri pops up, and I say “When do the Cleveland Browns play?”, and Siri responds orally and on screen with the opponent and date/time of the next game.

Voice recognition in Cortana

  • On my Windows 10 PC I ask the same question and Cortana (the Microsoft voice persona) answers the same basic info, but on screen she also shows the probability of victory for the Pittsburgh Steelers at a 70.2% chance today :(. And by the way, Cortana has been 140-84 through 16 NFL weeks.
  • On my Windows PC, I can ask “what documents did I work on today?” with my voice, and see a list of everything.
  • On my iPad, I can ask “What is my schedule tomorrow?” and see and hear a list of my appointments.
  • On almost any device, I can ask, “what is the temperature over the next 3 days?” and get a nice forecast for the next three days (it is getting colder…brrr…).
  • On my iPhone, I long press the home button, and say “Remind me to let the dogs in in 10 minutes” and a reminder is created that dutifully goes off 10 minutes later.
  • On my Android tablet I say “Ok Google”. Then “email to John Smith”, “subject Client X need”, “Message We need to call them back today” and it sends an email with that info to John on my team.

In other words, I can ask questions that are personal to me (what is my schedule?) or from my world (“what is the temperature over the next three days?”) and get a context specific reply. Or I can give instructions to do something I need (“remind me in 10 minutes to let the dogs in”).  It seems like I am asking a human who knows what I want, and they give me a reply that is appropriate for the context in which I asked.

These functions are easy to use, and I highly recommend that you try them out.  If you want a place to start, try one of the following:

  • On your Windows 10 PC, click the Cortana microphone and says “Help Me Cortana”, she will show a list of suggested capabilities to get you started.
  • Try the same thing on your iPhone, hold down the home button until it responds, and says “Help me Siri” to get a list of suggested actions (you can also configure it to respond to “Hey Siri).
  • On an Android device, try saying “Ok Google”, then say “help”

What you can see is that your devices can interact with you on your terms.  It is not perfect, sometimes we see the famous and usually funny (and sometimes embarrassing) auto-correct responses when we use our voice, but overall it is really working quite well.

Summary of Technology Frontiers

There are waves of technology shifts that represent new frontiers for users and business organizations, and each represents some questions: What is this?  How can it help me?  What are the risks? We are looking at these so you know we have an eye on what may make a difference for you!

This week, some of us from Keystone will be at the Consumer Electronics Show (CES) in Las Vegas, which is the largest expo of technology directed at consumers and organizations that serve them.  We are excited to continue to dig in and see what is coming down the road that will affect all of our lives!