2019 and Beyond
It's hard to believe it's 2019, and another year in the 21st century came and went. 2018 was like a blur, especially in the world of technology. The pace at which innovation and change is happening continues to accelerate, which creates opportunities and challenges. I feel like as I grow older, I begin to realize the duality of opportunities, they are both opportunities and challenges - and the same goes for challenges, they are both challenges and opportunities. In his book Great by Choice, Jim Collins discusses this in some context around the concept of good and bad luck, which we could consider to be opportunities and challenges. His final conclusion is that it isn't about who has the most good or bad luck, it is who has the highest return on luck, or ROL. Basically, when faced with good luck or bad luck (which we are all faced with opportunities and challenges) the companies, or individuals, who are able to capitalize on those events will ultimately become great - or win, and those who fail to capitalize on them will be mediocre or lose. In 2018 at The IT Company, we had our share of good and bad luck events, some we capitalized on and some we didn't. In the course of this I continued to learn the valuable lesson that good things and bad things are going to happen, I can't always control them, but what I can control is how we respond to them and what we do about them when they come.
This blog post is lengthy, but worth reading as a business owner, business leader or anyone charged with overseeing IT in a small business. It will help you get a feel for what to expect in the world of technology and how it affects your business and a little bit about how we are aligning our organization for the next wave in our industry. I've been in this business now for 25 years, since 1994. In many ways it started well before that- when I was playing with my Atari and Odyssey game systems as a child, writing basic programs in Junior High in Florida, and helping my neighbor trick out his Jeep CJ7 with technology back in 1986. A lot has changed, but now I'm a veteran with some perspective.
So, this blog post is generally written for the business owner or business leader, for understanding a little more and getting a sense of what you should be doing and thinking about related to IT in 2019. I'm breaking this blog post down into the following categories:
- Cyber Security, and the next wave of challenges and opportunities.
- The Cloud, and where the overall industry is headed in the next years.
- Our business, and the trajectory we are on in 2019 and beyond.
Cyber Security - Challenges and Opportunities:
2018 proved to be another wild year in Cyber Security, but that is now to be expected. Like the mafia gangsters of late 19th and early 20th century, Cyber Criminals are becoming more highly organized both as criminal syndicates (many of which are legitimate business operations in 3rd world countries) and as nation states such as China, North Korea, etc. Most, if not all, Nation States engage in Cyber Warfare - including the United States - so there's that. Regardless, it is big business with a wide-ranging footprint that is moving and complex. I went to the Retr3at conference in Asheville, NC, this year at Montreat College and one of the sessions I attended included former high ranking generals and other officials and members of cyber teams within our government, and even they admitted that the rules of engagement are complex and nothing like traditional warfare. The greatest war and military institutions, and our governments, are all struggling to understand how to fight this battle on the various fronts, how to engage the community at large and how to integrate all the various stakeholders in an effort to combat a dark and stealthy enemy, who in many cases go to work every day with the sole intent to commit cybercrimes on businesses, consumers and governments. It's complicated, challenging and full of opportunities!
Big Highlights:
- For the first time cyber criminals ended up on the FBI's most wanted list
- Our phones are taking over our lives and specific malware and viruses are being written for them and inserted into app stores
- 3rd Party app stores are hosting 99.9% of the mobile malware. This means places other than Apple App Store and Google Play Store
- Identity theft impacts more than 60M Americans, up from roughly 15M in 2017
- The US is the #1 target for "targeted" attacks at 38% of all. These are typically state sponsored by the way (other governments)
- The whole "Internet of Things" which is basically things like TV's, smart speakers, cameras, etc. is exploding to the tune of almost 7B devices by 2023 and creating serious security problems, aka- challenges and opportunities
- The average cost of a data breach is actually rising, not decreasing – avg. cost worldwide in US dollars is 3.86M while the average cost to US Companies only is $7.91M
- Oh yeah, the time it takes on average to discover a breach is now 196 days AFTER it's happened. It's better than it was in 2016, when it was 201 days but still - wow. Read this blog post that we wrote here at The IT Company on who is watching your network
- 92.4% of all malware is STILL being delivered via email, the whole email phishing thing is still real, which is why Security Awareness Training is more vital than ever - here at The IT Company we wrote a blog about it
- Our government has $15B budgeted for Cyber Security, which is probably not even close to enough but still 4% higher than 2018. Of course, there is a caveat that "Due to the sensitive nature of some activities, this amount does not represent the entire cyber budget." Ominous!
- AI and Machine Learning is driving crazy innovation in fighting cybercrime, but also driving crazy innovation in cybercrime as the criminals are taking advantage of AI to create smart attacks, that also are learning to create smarter attacks. The data is being used against us!
- Being able to take control of and manage our own individual privacy is becoming the new normal as Europe leads the charge with GDPR
So, what do we do about it, what are the opportunities, where do we capitalize on the good and bad luck?
From the perspective of Cyber Security and Cyber Crime this is a tough one, but the greatest opportunities, in my opinion, lie in these categories:
1. Education: it seems that most everything in human life is dependent on quality education. This is not specific to school per se but being well educated in your area or areas of expertise creates effectiveness, efficiency, higher performance, etc. We are all looking for ways to improve ourselves, and our team members, in order to extract the highest value - and that is true with cyber security. We need to continue to engage deeper and broader in educating folks in the areas of cyber security. If we create a well educated and sufficiently paranoid set of consumers, and therefore employees we will "raise the bar" on the low hanging fruit, where the criminals focus on the weakest points - the uneducated end user - and dramatically decrease the rate of incident of breaches that occur. So, I have broken this down into three categories of focus:
- Our Homes and Families: as soon as reasonable, we should start teaching our children about security as they begin to interact with technology. This goes for security and privacy, ensuring they aren't sharing passwords, etc. BUT also, being cautious about sharing private information. Also, protect your homes by using a little higher quality WIFI systems such as Orbi by Netgear AND securing WIFI with difficult passwords, use password managers with your family like LastPass and restrict access to sites, especially those known bad sites by using technology like Circle (by Disney), which is also integrated directly with Orbi now.
- Our Educational System: We should be deeply embedding cyber security and privacy education into the direct programming of schools starting at elementary school. There are ways in which schools are attempting to do special sessions, but this isn't enough, and should be woven into the fabric of all teaching so that this idea is top of mind, all the way through college, technical schools, etc.
- Our Businesses: The best way to improve cyber security immediately is by increasing the awareness, the paranoia and the education factor of our staff. I say paranoia in a joking manner but having a sufficiently paranoid and highly educated workforce is critical to creating human firewalls. Remember, over 90% of malware still comes via email and people still fall for it. Here at The IT Company we wrote an entire blog post on Security Awareness Training, and how critical it is to reducing the low hanging fruit in cybercrime. Let's at least make the criminals work harder by not falling for the easy stuff. Statistics from direct data from the leader in security education awareness, KnowBe4, tell us that education reduces incident rates by up to 75% over a 4-week period.
2. Community: we are all fighting a common enemy, in each sector and category. From consumers to businesses, to local, state and the federal government and all law enforcement agencies. We need an increasingly better system for building community and collaborating, sharing issues, outing known criminals and those individuals who are lurking in the dark shadows. This is a tough and tall task to accomplish full of challenges, but with a lot of opportunity. Let's opensource communication and collaboration and use the community and social tools we have to be better educated and work together. It hearkens back to the days of the neighborhood watch, but the neighborhood is now our global world. We can figure this out, we owe it to ourselves… our neighbors, the world and our kids.
3. Technology: One of the biggest challenges we face is the criminal use of technology and the increase in the use of AI and Machine Learning by criminals, a challenge that will never go away. It is very similar to physical security, if someone wants in, they will do it - you can't stop crazy and determined people - BUT the minimum best safeguards will thwart the average criminal. The same rings true in cyber security. Criminals are smart, and lazy - or maybe efficient. For the most part the average criminal wants to find the fastest and easiest way to exploit your data, personal, business, etc. The exception here may be nation states after nation states - that's a different ballgame, although likely attempting to exploit the low hanging fruit here. Again, similar to a home or business - jimmy the locks, try the windows - criminals will look for the weakest points first and exploit them, which will almost always be your people. Therefore, using technology to both educate your employees continually AND doing AT LEAST the minimum is to protect and defend yourself and your business is the first step. What is the minimum? Check out this blog post series we wrote discussing the CIS controls and how to protect and defend yourself. The other part of this opportunity is in the hands of those building the software.
The Cloud - where's it headed next?
The cloud continues to be all the buzz in our industry and largely in the global economy, and to that we are reaching the saturation and maturity point where most folks are no longer leery or scared of this still very nebulous cloud idea. It seems most of us are using some type of cloud service, from our email to things like DropBox or Google Drive for our personal storage, to banking and other financial services, the cloud has made it so easy and speedy for use, access and efficiency. The rise of cheaper and faster internet service AND the corresponding rise in the power and performance of mobile devices, primarily phones, has largely driven this more than anything else. In most primary and secondary markets, and now in the "tertiary" markets, 100MB to 1GB internet speeds are readily available at affordable prices, and 4G wireless is fully saturated in most of the United States. The promise of the next generation of wireless, labeled 5G for fifth generation, promises to bring the same type of speeds (and many times faster) than we get at home and work to our mobile devices. This will continue to create dramatic shifts in services and technology that can be delivered. Because of this confluence of cheaper and more accessible bandwidth and the rise of mobile devices, the "cloud" has been able to foster unbelievable innovation for businesses, both old and new, and mostly leveled the field for entering new markets. In many cases it is almost impossible to tell the difference in a Fortune 100 company and a startup because the access to technology, power and innovation that the cloud has provided. Here are some of my thoughts and predictions for 2019 and beyond.
- The cloud is a commodity: In my opinion (and most others) the cloud has largely become a commodity, so much to the point where in the traditional cloud services for servers, storage, and computing resources we are simply at a race to the bottom as Amazon and Microsoft, and to some extent Google, duke it out in the public arena to dominate this market. I would guess you will see these three continue to dominate the 80-90% market space, while small niche and boutique players continue to play their part for specific applications, needs, etc. The days of local companies investing in data centers are dead, or those who are attempting to do so are going to be long term dead man walking, except where they have a very specific niche or goal they are accomplishing. Most people in the small and medium business space no longer give a rip if their data is local or spread out across multiple regions with AWS and Microsoft. There are exceptions, but we are talking about the majority. There are some unique areas where local data centers make sense, such as where companies like Amazon, Netflix, and others are building near presence caching systems that allow subsets of their data to live "closer" to the consumer for higher performance access to HD video libraries, etc. and also in situations where having your data quasi local to take care of less expansive ethernet fiber solutions makes sense, such as in Architecture, Engineering and in Radiology or other categories working with massive image files, but even that is changing rapidly. Regardless, access to high performance compute and storage and reasonable pricing, coupled with the increased improvement in cloud voice systems and the rapid growth and transition of software vendors moving to hosted, or Software as a Service models, continues to improve and negate the need for traditional local data center and co-location services. I owned a data center for several years and got out of the business for two major reasons - 1) There is no way to adequately compete with the likes of Amazon and Microsoft investing billions into the cloud and building data centers throughout the world, and 2) It is very difficult to be good at both data center services and Managed IT services. When your focus is split your focus is split and you will never be great at both, instead you'll either be OK at both, or you'll be really good at one while the other suffers.
- "As a Service" Economy: As I pontificated about above, the growth of the cloud has created an entire new economy - it's a new industrial revolution in many ways. We are seeing a new type of service economy develop underpinned by technology and specifically the ability to develop high performance software for a fraction of the cost because of cloud computing. As that grows most companies are trying to create "as a service" business models allowing for pay as you go services and products, therefore lowering the barriers to get access to services and technology that only massive companies could afford in the past. This will continue to grow and proliferate. Certainly, there is a bubble to burst eventually, as most things run in cycles then level out to create a new normal. For now, the "as a service" model will continue to pick up steam and provide valuable services and products to all of us in ways we could have never imagined for prices we can't believe.
- Software as a Service everywhere: Because of everything above, all major software vendors are tuning and changing their applications to be delivered via the cloud and as a service. Half of our customers are physicians’ practices, and we are watching as the traditional vendors who delivered their electronic records systems transition to cloud hosted, and eventually to Software as a Service. Local community banks have purchased their "core processing" systems this way for years, with the likes of FIS and Fiserv delivering these apps from their hosted data centers. In my opinion we are going to see a dramatic shift in the way all of us purchase software applications over the next 36 - 60 months as these vendors are pushed by customers and the pressures of competition by newer nimble players who are starting with SaaS models. We've already watched as Intuit has taken QuickBooks from a traditional desktop app to a powerhouse SaaS solution for accounting, and improved the performance, access and ease of use of their applications. This is going to systematically happen across industries, especially the solutions that are serving the small business market and to some extent the mid-market. Watch as Microsoft will, and largely already has, shift everyone to their Office365 suite, virtually eliminating onsite file servers and the traditional domain controllers in favor of their cloud based Azure Active Directory, SharePoint, OneDrive and Teams. While they continue to make Windows servers, I predict they will be extinct by 2023 and it will be a complete SaaS cloud play. Their flagship ERP solution, AX which used to be called Great Plains Dynamics, is already converting to their Office365 AX model and Microsoft is pushing big incentives towards customers to migrate. All of this makes sense as it’s easier to access, more secure (although consequently a bigger target), faster and easier to manage for everyone. The SaaS model continues to change the dynamics of how businesses operate, and the ability to be nimbler and more efficient and effective.
- The Role of Cyber Security "in the application":As I said above, these SaaS applications "should" improve security as seemingly these applications stored in massive fortified data centers from Amazon and Microsoft are more secure, right? Well, maybe - it really depends. This goes all the way back to my comments regarding these massive cloud companies becoming massive cybercrime targets. At the same time, Amazon and Microsoft are both investing heavily in their own security systems that are integrated, but are typically add-on's to the core services. The interesting thing is that because they are big targets, they are also collecting massive amounts of data on the attack vectors and threats, which they are building and using AI and Machine Language and big data analytics armed with armies of data scientists analyzing all of the data being collected! All this means that even though they are big targets, there are some advantages to being a target, and that is learning how to combat the enemy and better protect the client, which is all of us in this situation. One of the BIGGEST issues that is often times overlooked is the security of the actual "SaaS" applications, and frankly any application. The risk and challenge we face today is because of all of the compendium of things I've said above, there are often times an effort to go fast and be nimble, which often (and usually) translates into an increase in risk because of a decrease in discipline and risk management. This is hard to ferret out when evaluating a software platform, but critical and important to ask the right questions - with a few good questions you can quickly get a feel for how serious the vendor is, and has been, around risk and security. I would predict it will get worse before better as the market demands applications for a lower price with easier access while overlooking the need for a higher degree of security. That being said, with the challenges will come the opportunities, again driven by consumers and businesses, who understand the critical nature of security and demanding the vendors get it right. Give it time, it will level out but in the mean time do your due diligence and make the decisions that are best for your business.
I've been involved with cloud technologies since before it was cool, pushing the first hosted application delivery of medical practice management and EHR systems locally in Knoxville way back in 2003 and 2004. It was painful, but it began to shift the tide for customers and ushered in a new way for businesses to access systems and take advantage of the value of centralized hosted systems with great physical and cyber security without investing hundreds of thousands of dollars in capital. A full fifteen years later the key elements of bandwidth and performance of devices has finally caught up with the vision driving new opportunities and innovation. The companies that can take advantage of the race to the bottom, the "as a service" economy structure by demanding that the SaaS application vendors are building their applications with a security mindset to ensure the protection of data will race ahead of their competitors and peers.
There are a slew of folks making tech predictions, so here are some other interesting articles:
Inc Magazines 31 Tech Predictions
Forbes Magazine's 60 Cybersecurity Predictions
Information Week's 10 Tech Predictions
Symantec's 2019 Cybersecurity Predictions
What's next for The IT Company?
So, with all of this context, what's next for The IT Company and the overall Managed IT Services space? It's a question we debate often, and for years (and continuing) folks have been predicting the demise of our industry. There is no doubt that the tidal wave of Software as a Service driven by ubiquitous internet and inexpensive and highly available cloud computing is making it easier and easier for businesses, especially very small businesses, to operate without the same needs they once had for technology services from companies like ours. At the same time, we continue to see companies make major mistakes in evaluating and implementing technology, and then maximizing the investments they have made and are looking to make. Just like anything else, implementing a solution (especially a good solution) on top of bad process, poor culture, or a bad business model will only serve to do two things; A) Magnify the problems you have but are ignoring and B) Doom the implementation and all the good intentions, promises and value of the solution. On top of this there are still major issues around security, privacy and overall efficiency and effectiveness of a business around technology. We continue to see that small business owners and leaders want someone they can trust and partner with who are committed to providing great service and a great experience, and have the operational maturity to deliver consistently. We are more confident than ever that businesses, especially those smaller businesses (sub 100 employees/users) will continue to rely on companies like The IT Company to navigate the waters of IT and help them maximize the value of their investments and go further, faster.
For us, we continue to focus on the evolution of our business within our industry in delivering solutions to customers BUT more importantly to build strong relationships with a select group of new customers annually (we only accept 10 to 12 new customers every year) who believe in working with an IT business that has (and continues to) invest in their operational maturity, committed to delivering on safety, reliability and availability, and is focused on delighting customers and truly becoming an integrated part of their team - so they can focus on their business, not on IT, BUT ensure IT is performing, is protecting and is delivering value to their business, and to their delivery of their products and/or services.
We are making some changes, but those changes are focused on the inside of our business, delivering consistently to our customers, and to continuing to identify high-caliber businesses who want to work with mature organizations to improve our businesses. For our customers we will be reaching out directly to you to make you aware of the tweaks and changes in our business that will affect you.
There are two major changes we are making that will directly, and positively impact our customers:
1. Improving our customer relationship organization by reforming our client account and technical account management roles. Look for an email from us explaining this structure and how it will help you and your business.
2. Going all in with Amazon and Microsoft Azure public cloud platforms. The sun has set on the days of owning and operating your own private cloud infrastructure for companies like ours. We have done it since 2005 and are well versed in the good and the bad, the challenges and the opportunities. While it's fun, sexy and exciting to say you have your own cloud it is also expensive, time consuming and risky to continue to operate a private cloud for public consumption when Microsoft and Amazon continue to invest billions every year in theirs. We've found we can actually deliver a better experience, higher degree of performance and assurance with greater disaster recovery options for the same or less - who wouldn't take that deal. So, keep watch as we talk to our existing customers about cloud transitions and work with new customers to turn up services on these platforms.
In closing, if you are a friend, partner or customer I just want to personally thank you. The greatest joy of what I do is building relationships in the community, making a positive impact in the communities we live in and hopefully making a positive impact on the people we work with - inside and outside of our organization.
We all wish you the best 2019 has to bring.