Keith Smith - My Blog

Keith Smith - My Blog

FTX is a great business case study

Tuesday, April 11, 2023 - Posted by Keith A. Smith, in Journal of thoughts

FTX is a "great" business case study and a "great" information security case study.

FTX was valued at $32B. It once managed $719B in crypto and had over 1 million users. Yet, they ignored the basics on virtually every security front.

Here are 6 takeaways from the 39-page control report FTX debtors released earlier this week:

1. Governance - FTX did not have any dedicated cyber personnel and no process for assessing cyber risk, implementing security controls, or responding to potential cyber incidents.

2.  Identity and Access Management - No use of least privilege, no enforcement of MFA on critical systems including Google Workspace and 1Password (even when SBF stressed the importance of MFA on Twitter), and no use of Single-Sign On.

3. Cloud Security - cloud infrastructure and accounts were shared across various corporate entities and no cloud security monitoring or threat detection was in place.

4. Device Security - Employees were able to use personal devices with no corporate security controls.

5. Application Security - There was no focus on continuous security testing. Certain passwords, API keys, and private keys were stored unencrypted.

6. Technical Security - Crypto assets were stored in wallets far more susceptible to takeover.

The culture of control failure extended beyond information security to management and finance and accounting.


View Comments 0 Comments
Share Post   

Goodbye to 2022

Saturday, December 31, 2022 - Posted by Keith A. Smith, in Journal of thoughts

It's the final day of 2022, and we're at the end of this marathon of a year.
It's been a challenging year emotionally, physically, creatively, and spiritually on all fronts. After reflecting out my window multiple times this month, I've learned that I want to achieve positivity, consistency, and autonomy in how I live my life.

Despite all the challenges this year and during the pandemic, I made it to this point, and I'm ready to make significant changes to make 2023 monumental. I'm looking forward to the upcoming changes and exciting opportunities ahead.

We only have one life to live, and our time here is finite, while death is forever. We must make the most out of the time we have here.

So, here's to a new set of goals, change for the better, opportunities, and life.

HAPPY NEW YEAR, EVERYONE!! Wishing you all the best for 2023!

View Comments 0 Comments
Share Post   

My latest IT infrastructure refresh

Sunday, May 15, 2022 - Posted by Keith A. Smith, in Network, Automation, Microsoft

Two years ago, I took on a new opportunity where the infrastructure environment was stuck in what felt like the tech era of the 2000s, specifically around 2005 and older. Things like network segmentation for security, modern operating systems, applications, hardware, scanning from copiers, ubiquitous Wi-Fi, and more did not exist at any of the sites. It took me just shy of a year to complete this infrastructure refresh. As I write this post,  I'm glad to share that this refresh is done for now. I wanted to share some of the before and after shots.
I'll start from the server room and work my way outwards. This comparison shows the lack of cooling in the server room. Notice in the old pic the piece of cardboard on the vent. My guess is that it was supposed to redirect the air to another part of the room. The old A/C was failing and leaking refrigerant, so I replaced it with Redundant A/C units.

The racks were old, making it difficult to rack new equipment. I scheduled a maintenance window on a weekend to remove all the equipment and racks.

Here is a comparison of everything racked before and after. I had the electricians install LED lighting in the room. I moved a lot of services to the cloud but still needed a private cloud for certain services being provided to staff.

Here is a shot of all the racks and new equipment. I introduced virtualization, 1, 10 & 25 gig network connections, temperature and environment monitoring, and enterprise-wide Wi-Fi, which was a first for this org.

I decommissioned the legacy 100meg networking and cleaned up the cable spaghetti with color-coded cabling. I later upgraded the phone system software since it was due.

IDF1 - New 12-strand optical cables were run to this area, and I upgraded the network switches and cleaned up the cable spaghetti with color-coded cabling. Lastly, I added a cellular extender to help with signal strength.

IDF2 - New 12-strand optical cables were also run to this area, and I upgraded the network switches and cleaned up the cable spaghetti with color-coded cabling.

Remote site1 - All equipment had been exposed in a vehicle mechanic shop for years. I'm not sure how the old equipment stayed running in those conditions, but everything was full of dust and grease. I ordered a new 12U APC cabinet, upgraded the network switches, and cleaned up the cable spaghetti with color-coded cabling.

Remote site 2 - This site was the easiest to upgrade. I installed new network switches, added some remote site servers here, and replaced the cable spaghetti with color-coded cabling. 

I created a standardized zero-touch windows 10 image with automated application deployment by department and deployed dozens of laptops, VPN, etc., with docking stations for staff to work from anywhere during the pandemic.


View Comments 0 Comments
Share Post   

My Windows 11 evaluation

Friday, April 1, 2022 - Posted by Keith A. Smith, in Microsoft

In short, the OS has potential, but isn’t quite ready for the business world.

From January to early March of 2022, from a system admin and technical project management perspective, I personally ran tests.

1.    Pros
a.    Resource usage has the same friendly demands as compared to Windows 10.
b.    The new OS does have some TPM (Trusted Platform Module) tech needs to be mindful.
c.    Can sideload Android APK files – handy for those System Admins that are supporting Android devices.
d.    Widget friendly for those that want the feature.
i.    Me personally, I have no desire to know the weather, news, and trendy topics on my business machine – feels like commercials that distract focus.
e.   More options to those working with multiple screens and snapping windows into multiple partitions.
f.    For those AI-users, there are additional controls with Google and Amazon AI’s. Cortana is still there, but must be installed.
g.   Edge browser works just as snappy and friendly as Chrome, but that’s to be expected since the new Edge operates on the Chromium engine.

2.    Cons
a.    Start Bar Grouping is Removed (Limit to showing only 18 apps).
i.    As a system admin that uses many applications, this forced more mouse clicks and keyboard touches to find my desired app. I’m not a fan of using a desktop shortcut for every app I use.
ii.    If one currently desires to have this feature back…there’s an app for that. Look up Start11 by Stardock. Yes, that’s right, MSFT decided to remove a native feature and now we need to pay for use.
b.    Task Bar Grouping Granular Options are Removed
i.    Example: Outlook and all active email items (email, meeting invites, etc.) are nested in the Outlook toolbar icon. I am a technical project manager that schedules multiple meetings and can have 10-plus Outlook items open at any given time. For me to see my active Outlook objects, I must click on the taskbar icon and then my ten Outlook objects will expand (Um…which one of the ten is the meeting invite I need?). This is a massive inefficiency gap.
ii.    Same as above, you’ll need Start11 by Stardock to restore previous native function to ungroup your taskbar icon.
c.    When upgrading to Windows 11 from Windows 10, there are only 10 days to revert. After that, it is a full reinstall.
d.    Windows Hello is Forced Heavily

i.    These features can be fully disabled via local and group policy, but it was overly frustrating to disable these features. The intuitiveness of the process is in question.
e.    Microsoft has many areas that must be disabled to limit/stop Microsoft from “knowing” you. Disabling identifying information takes time but appears to be straightforward.
f.    OneDrive Enterprise SharePoint Sync sites are grouped into “shared” OneDrive paths. OneDrive operated beautifully until the February 2022-2 cumulative update.

i.    If you are a heavy OneDrive user for individual use and SharePoint Online TeamSite use, you will likely spend part of your days and weeks hunting for and resyncing your data…even then, I wasn’t able to get OneDrive to play nice like it does in Windows 10.
g.    The MSFT Store requires use of a personal MSFT account to download certain apps. Work and School domain accounts do not function as acceptable access to the store for many apps…why, just because.

Windows 11 started out great in January 2022, but the February 2022-2 cumulative update caused MS Teams and Office365 to operate rather “buggy” (dropped calls, audio driver issues, Teams calls crashing, Office365 apps crashing, etc.). This was the final indicator that the new OS has a ways to go for the business world.

My take, the design for Windows 11 is focused on the average Windows user or those that desire to have multiple desktop icons on their screen (think mobile phone). If you are an organized user that requires multiple start menu groups to locate apps in the least number of clicks/touches, Windows 11 is not the OS you are looking for….move along.

The new OS has potential, but the MSFT product mangers seem to have forgotten those of us that have used Windows as a business OS for the last 25-ish years. Sure, the UX on the surface is utterly gorgeous and sleek, but form must still follow function.

How many businesses and agencies implemented Windows 8 despite the initial lack of the start button?


View Comments 0 Comments
Share Post   

Digital Transformation

Tuesday, June 9, 2020 - Posted by Keith A. Smith, in Journal of thoughts

Digital Transformation is not easy, however, being able to leverage technology to make your organization more efficient provides such a competitive advantage that it cannot be overlooked. In this post I share our best practice which we believe will make your digital transformation journey a lot smoother and provide guidance on how to approach your digital transformation.


What is Digital Transformation?

Put simply, Digital Transformation is applying digital technology to change and improve your organization's processes, tools and culture to better deliver against your strategy, or to react to external market factors.

So... what does this mean in reality? This means adopting and applying technology to improve the way that your company or organization works and operates. Some examples would be leveraging automation technologies to become more efficient, using technology to improve the experience of your customers or driving a much healthier culture by embedding collaboration technologies.


Where to start?

The most important thing is to understand what you are trying to achieve. Don't assume that you need to have the latest and greatest tech to stay current, as technology is a tool to help you achieve your goals.

Many people don't know but Apple doesn't tend to use social media, as Apple already has significant brand awareness. Given it would not solve a problem or help Apple be more effective, they don't invest in it as other organizations do. This principal applies to Digital Transformation, apply technology to deliver against strategy or solve a problem, don't apply technology for the sake of it!

If you take only one thing from this post please make it this... Always start with the goal, never the technology!


What are some examples of Digital Transformation?

Some of the most effective examples of Digital Transformation that we have seen and/or delivered have been across the following four areas:

Improving Business Process (leveraging Automation)

Improving Employee Satisfaction

Building a Collaborative Culture

Improving Customer Experience

We will be exploring these examples to provide some guidance for each in a series of future articles on our website and if this post is useful we may share them here too.

For this post we will explore the first example on the list as well as how to approach your transformation.


Improving Business Process (leveraging Automation)

One of the biggest benefits of Digital Transformation done well, is that it can dramatically improve the efficiency of your organizations. Many of the administrative tasks can be automated with the right technology, working to speed up your business processes.

As a simple example of process efficiency using Digital Transformation, organizations can leverage technology to full automate their quoting, sales and invoicing process. Think about Amazon, you see the pricing for the service or product that you wish to order on their website, you buy from their site and you are automatically invoiced. With many organizations, there are whole teams of people who manually develop quotes, engage customers and register sales by phone, type them up and then create invoices.

What if you are not like Amazon and your service is more complex? Let's take the example of an IT Service which manages the laptops for its users (within its end user computing service).

Please note, for brevity we have entirely removed any manager approval from this scenario. The reality is that the benefits and efficiencies are much greater than this.


Scenario 1: No Digital Transformation / Manual Processes

In an organization which had not yet started its Digital Transformation journey, the steps could be as follows:

1 - A user would email the Service Desk to request a new laptop.

2 - Service Desk Agent manually logs a ticket in the company ticketing system

3 - There is a good chance that they would not provide all of the information that the support team needed to get them a new laptop. Do they need a small form factor as they travel a lot? Do they already have a laptop bag and a mouse? These questions mean the Service Desk would need to email them back and then await a response before their request could be actioned properly.

4 - User responds and provides further details and clarity about the requirement

5 - Service Desk agent manually updates the request in the ticketing system and assigns this request to the team that builds and issues laptops. Please note: This can take hours, often days, from initial email before the users' request is with the person who will fulfill it for them.

6 - Laptop team build device to the base build standard but have to contact the user to ask which apps were on their old device and then install them.

7 - Laptop team send the laptop to the user - user request complete at this stage

8 - Laptop team do a manual stock check to make sure that there are enough laptops in stock to fulfill future requests

9 - If stock runs low, Laptop team manually raise a request with the asset management or procurement team to purchase more laptops for the company


Scenario 2: Partial Digital Transformation

However, imagine if the user instead was prompted to visit a Portal (like Amazon's) where they could fill in a form to request a new laptop. This form asked all the right questions about their requirement, such as where should it be delivered and the form factor needed (lightweight 13", 15", 17" etc.) and what apps are needed. This form could raise a request which was assigned instantly to the right support team member to fulfill the users' request.

The steps would be:

1 - User raises request on portal, completing 10 or so questions and providing all required information at point of request

2 - Request assigned to laptop team who build device base build standard

3 - Laptop team know which apps were on their old device from the initial request form and so install them.

4 - Laptop team send the laptop to the user - user request complete at this stage - this took until step 7 in our previous scenario

5 - Laptop team do a manual stock check to make sure that there are enough laptops in stock to fulfill future requests

6 - If stock runs low, Laptop team manually raise a request with the asset management or procurement team to purchase more laptops for the company


Scenario 3: Mature Digital Transformation

For our final example, we have an organization which has been through a full digital transformation. The organization has integrated a number of its systems and technologies so that it can automate cross functional processes. User has the same requirement however this time the user can requests 'a new laptop' using a voice command on their phone, but doesn't need to complete any information.

1 - User raises request using phone saying 'order a new laptop'. The system knows that it should send the device to the user's home address as they are a remote worker. The system automatically recommends a lightweight laptop because the user has an occupational health required registered in the company HR system.

2 - The system also knows that they ordered a bag 3 months ago and it would fit their new laptop so they don't need another and so is able to order the right equipment without asking the user.

3 - The request is assigned to the asset team (note not a laptop team) who simply ship a device which is already built directly to the user - it was pre-built and so never needs to leave the box. The team don't need to install any apps as the software will automatically deploy once the user logs into the device. - user request complete at this stage - this took 4 steps previously

4 - The system also knows that there are now less than 15 of that laptop model in stock and so it automatically triggers an order with the laptop manufacturer for 100 more devices which the IT team can get ready. The system would usually order 50 however it knows the company needs more for the upcoming cohort of graduates which starts every September. All of this was triggered automatically.

These scenarios are example of where Digital Transformation can add a lot of value. The same business processes are being applied, it is just many of the steps are able to be automated or expedited in the later scenarios, as technology has been leveraged effectively.


Lets explore the benefits...

The benefits become clear when we compare them side by side:

If we assume that each step takes half an hour, there is almost 0.5 day of effort saved between Scenario 1 and Scenario 3. Ignoring break fix, every user in your business will likely need a computer which will be refreshed every 3-4 years, which means that you could save an hour of IT effort per user per year, just by automating processes like these.

In a company with 10,000 staff, assuming an average cost of an IT person of $400 per day (so $50 per hour), that means almost $500,000 per year saved from this one process. There are often huge numbers of other processes like this which are great candidates for automation and could deliver significant benefit.

On top of this your customers will be much happier as you will deliver a much faster and much more consistent service to them.


So, how do you approach this?

There a few high level steps we recommend before touching technology. We continue with our example above to help bring it to life:

1 - The key thing to do first is to define what the goal is: We always recommend customers identify some key objectives and measurable success criteria against them. Example Objective: Reduce the cost of IT in the business, without reducing the quality of service. Measured by: £3m reduction in IT operating cost with no reduction in SLA performance against the baseline of May 2020.

2 - Identify and rank Opportunities: In this example we would recommend spending some time analyzing current performance and demand into the service. If 50% of all requests are for a password reset, you would get much more value automating that process than you would from automating the install of an application used by only 5 people in the company. Define a list of automation opportunities and do a very high level benefit analysis against them. e.g. 6,000 password resets per year, which take 20 minutes each = 2,000 hours of effort. At $50 per hour, this could save $100,000 per year. Finally, rank your list by benefit.

3 - Feasibility assessment: Before standing up a project or a team to automate the top items on the list, do a feasibility assessment. If there are processes which rely on legacy technology which could not be automated, then mark them as 'high complexity', whereas if you have some processes which rely on modern systems and could be automated then tag them as 'low complexity'.

4 - Prioritize Low Complexity / High Benefit Opportunities: As with any transformation, Digital Transformation requires changes to the ways that people work. once of the most important things to do early is to build credibility with the people impacted by the changes so that they support them rather than block them. The best way to do this is to gain credibility by delivering value quickly. This is best achieved by targeting the Low Complexity / High Benefit opportunities and so these should be prioritized to the top of your list.

5 - Build a plan and deliver the changes: We are clearly simplifying this step, however from this point, you can deliver these changes as you would any other IT change within your company. You can choose to treat them as standalone projects or manage them as a Digital Transformation Program. We would always advise managing them as a program and we have done this for our customers as it allows the benefit to be tracked and the ways of working to be embedded in a consistent way. They key thing though is achieving the goal from step 1 and gaining the associated benefits. As the CIO/IT Director/Manager within your business, you will have the best idea as to how to deliver effective change within your organization


Any tips for process automation as part of Digital Transformation?

As a matter of fact, we do. We have done this for a range of customers and so can share some lessons which will help when you drive automation as part of your Digital Transformation....

The first is around Automation, you can't automate a process that you don't understand, though many people try to. The first step in your plan for each opportunity should always be to document the process that is to be automated. This should include the inputs and outputs of each step as this forms the data which will be collected and processed by the systems which will be implemented.

The second is to automate in steps. For example, in our scenarios, step 2 would be a good interim step with partial automation, such as auto-assignment of requests to the right groups (which eliminates waste and speeds up the process). This is a much better approach than aiming for full automation right away as it both lets you deliver value quickly but also allows you to test and iterate to make sure that the process still works effectively. Rome wasn't built in a day and there is real value in building momentum behind a successful program.

The final and most important is a repeat of Step 2 above - spend some time identifying the opportunities for processes that you want to automate before you start implementing the technology. Firstly, this lets you do the business case assessment against the opportunities and target the most valuable first. Secondly though, as you then have a good idea of the processes that you want to automate, you can make some sensible architectural decisions which are holistic, rather than making decisions on a process by process basis. This can avoid significant technical debt later on.

View Comments 0 Comments
Share Post   

Page  123...18>