Survival Strategies for Small IT Shops

Technology Staff Editor
Posted by

IT staff at very small businesses face many of the same challenges as their counterparts at larger companies: Downtime translates directly into lost dollars. But small shops must run the show with fewer financial and human resources. "Technology is more mission-critical now," says Matt Allen, IT manager at the Washington, D.C., office of Freeman, a trade show producer. He and one assistant manage a 130-person office. "Five or six years ago if the PC wasn't working, employees could do paperwork. Today they rely on so many applications that if something goes down, you jeopardize business." The Needs of the Many At very small IT shops the ratio of users to IT staff often resembles long-shot horseracing odds that only a desperate gambler would put money on: 50 to 1, 60 to 1 and worse. And when you consider the same IT staff also is responsible for a host of other systems, the odds get uglier.
"I stopped carrying a paper planner because it was an exercise in futility," Allen says. In addition to helpdesk and hardware maintenance, Allen's two-person crew manages the company's physical security system of door badges and surveillance cameras, the VoIP (voice over IP) phone system and the Nextel cell phone accounts. The group also handles miscellaneous requests for all things technology-related. "I refer to myself as the electronic janitor," Allen says, citing the time an employee once asked him to change the letterhead on outbound faxes. "Why does IT have to program the fax machine? Read the manual!" he says with a laugh. Richard Allan Kelley also feels outnumbered. He's the sole IT administrator at a 50-person company that manufactures cable trays to support electrical cables and infrastructure wiring. We asked if he has enough time to get everything done: "Honestly, no." Kelley reports that he's working long hours, but not enough to justify hiring another IT person. Joseph Sugayan shares a similar story. As IT manager at Private Eyes, a pre-employment screening services provider in Walnut Creek, Calif., Sugayan found himself spending nights and weekends keeping the company's 60 PCs healthy. Though there are three other technologists on staff, the PC network is solely Sugayan's responsibility.

Getting a Grip The top concern for IT pros at small businesses is supporting users and the hardware that keeps them productive. According to a recent reader survey by Network Computing and InformationWeek, the technical skills most in demand by small businesses are helpdesk and user support, even more so than IT security, database administration and e-mail management. That statistic is borne out anecdotally; for instance, Kelley estimates that 60 percent of his day is spent on helpdesk issues, compared with 20 percent on server administration. It's a Catch-22: IT pros who don't have a system to manage their support duties will quickly go under, but they may not have the budget to purchase software to help prioritize their time. Kelley makes the best use of the tools currently available. He flags user help requests in his Outlook mail program, so he knows which are pending and which have been addressed. Before Allen turned to a ticketing system to help him manage help requests and monitor inventory, user support was catch-as-catch-can; users would e-mail or call Allen or his assistant, or just grab one of them in the hallway. The result was a tangle of support requests in e-mail, voicemail, on paper notes, or in Allen's and his assistant's heads. Besides being difficult to track and report on, this method meant Allen and his assistant didn't know if one or the other of them was working on a problem. By installing Asset Navigator from Alloy Software, Allen now has a single repository for requests and can get more work done every day while better managing his resources. He can assign tickets to ensure that work isn't duplicated, prioritize jobs so crucial tasks don't get buried under a flurry of requests and monitor the progress of tickets. The system allows users to check the status of their tickets through a Web interface, a feature Allen says is useful to show that their requests have been received and are being addressed. Allen also found other benefits to the system, such as an inventory application that identifies all the hardware components of the PCs. When he wanted to upgrade all computers with processors slower than one GHz, he simply ran a report rather than having to touch each PC. He uses the Alloy ticket system when he reaches out for tech support as well. "I can take the output from a ticket and copy and paste it when I'm using online tech support from Dell and IBM," Allen says. Because the support techs get all the relevant information they need right away, Allen reports that he gets faster service. Finally, the ticketing system provides a record of the work he does, which is useful for several reasons. For instance, by running historical reports he can spot trends for similar kinds of requests. These reports might indicate a need for equipment or software upgrades, or more user training. This record also can be presented to executives when it comes time to address the budget. "The fact you are putting them in a system rather than just e-mails and voicemails floating around, you have valid data to justify your business case," he says. "You can say you are swamped, but you can also run a report that shows how many requests you did in the last 30 days." And at $1,500 for 110 seats, the ticketing system itself was easy on Allen's budget.

Machine Man PC and server administration also can eat up IT time. Both Allen and Kelley take advantage of Microsoft's free Software Update Services (SUS) to help them stay on top of patches and hot fixes. An SUS server on the business network automatically downloads patches from Microsoft for Windows Server 2000/2003 and XP. Administrators can then deploy those patches as necessary. However, Microsoft will no longer support SUS starting in December. Microsoft is encouraging SUS users to migrate to Windows Server Update Service (WSUS), also free, or Systems Management Server (SMS), a licensed product that provides configuration and change management as well as patching and software updates. Both Allen and Kelley use McAfee's ePolicy Orchestrator (EPO) to keep client antivirus and anti-spyware software up to date. Private Eyes' Sugayan went a different route to get a handle on PC maintenance--a managed PC support service from Everdream Corp. For a monthly fee, Everdream ensures that all of Private Eyes' PCs are running the latest Windows updates and patches, and the service provider pre-tests patches for basic compatibility. It also makes sure client Norton antivirus software has the latest definitions. "It eliminates the legwork of maintaining the PCs," says Sugayan, who estimates that he saves about 20 hours per week through the automated service--which translates to fewer nights and weekends in the office. The service also means that Sugayan doesn't have to pull employees away from their work just to bring their computers up to spec manually, a process that could take half an hour per user. With the managed service, Private Eyes' users don't have to be on the corporate network to get updates. Many employees work both at the office and at home, and the company has several employees who work full time at remote offices. As long as the employee is connected to the Internet, an agent on the machine ensures the latest software is deployed. The Everdream service will become even more valuable in the coming months, because Private Eyes plans to greatly increase its staff size, from 60 to 100 employees. Instant Coffee Talk In very small businesses, user training also falls into the lap of IT. It's easy for the IT manager to get overwhelmed with questions about how to use office technology. "I get frustrated when I get asked the same questions over and over again," Allen says. As an antidote, Allen hosts weekly 30-minute training meetings to which employees are encouraged to bring their lunches. "I'm a big fan of short, informal sessions," he says. "I'm not asking them to go off-site, and I'm not taking a lot of their time." Allen has two goals for the lunches: To boost user productivity by helping employees take full advantage of an application, and to encourage users to share what they learn with other employees. He encourages this knowledge-sharing by offering a $5 Starbucks gift card to the first person who teaches a feature to a co-worker. This training creates a subset of employees who sometimes act as first-responders if a colleague has a question, which means Allen doesn't have to spend a lot of time on simple issues. Kelley also relies on users to share their knowledge with co-workers. "I show one person how to do it, and they show the others," he says. However, Allen says IT managers must be careful to draw a line for these ad hoc assistants: "These folks shouldn't be spending all their time troubleshooting instead of doing their jobs." Allen created a set of brochures, available to new and existing employees, that provide instructions for such tasks as setting up voicemail and using common applications. It saves him the time of walking employees through the basics. Allen also makes use of Microsoft's E-Learning Library, computer-based training on a variety of Microsoft products, including Windows, Office and Exchange. The site offers multiple tiers of instruction, suitable for general users or even experienced IT professionals. Employees with questions about a particular feature or who need training on a new Microsoft application can use the site.

IT Instructions On the flip side, IT professionals also need to sharpen their skills and stay on top of technology developments. A lack of resources means that small IT shops need to make the most of low-cost options. Kelley attends trade shows, particularly when he's investigating a new technology. He's considering server virtualization to consolidate his infrastructure and simplify maintenance. "Virtualization would be quicker if I needed to reboot--just shut down one instance of an application rather than take down an entire server," he says. As a first step to investigate virtualization, he visited Interop and the Server Blade Summit to speak with vendors and get research material. Kelley also keeps himself up to speed through lunches sponsored by a local branch of the Network Professional Association. The NPA is a national organization that promotes professionalism among IT workers. Kelley's branch offers monthly Lunch-and-Learns, in which members can hear about new technologies and receive training. The monthly get-togethers also provide an opportunity to network with peers and share ideas and solutions to common problems. A network of peers also is an important resource for Allen and Sugayan, who rely on colleagues to point them toward trusted solutions and offer advice. When Allen needs more formal information, he turns to Info-Tech, a technology research and advisory firm that focuses on small- and medium-size businesses. For a $500 annual subscription, Allen gets access to reports on essential and emerging technologies, vendor analyses and templates to help him create operational and usage-related IT policies; these also provide data to present to management.

Security Concerns These days it's impossible to run a business without considering security, and small companies are no exception. However, while large enterprises may be experimenting with cutting-edge security technology, such as Network Behavior Anomaly Detection, or deploying Security Event Management solutions to make sense of reams of security data, many small businesses are wrestling with a more prosaic issue: passwords. "The password issue is the bane of my existence," Allen says. Aside from the usual problems of password management, such as users forgetting passwords and locking themselves out of their systems, he has also had difficulty in getting his users to comply with IT security policies regarding passwords. "My biggest challenge isn't getting IT security in place, it's getting managers and users to take it more seriously," he says. A common complaint is that users feel they have too many passwords to remember. Provisioning new passwords also takes time, which means users end up sharing passwords with new employees in order to give them access to applications while the new hires wait for IT to give them their own credentials. However, his users are getting used to the stricter security requirements within the organization and are taking the rules more seriously. "It's happening slowly, through attrition of new hires and education," he says. Single Sign On (SSO) is one potential answer to this problem, but there are drawbacks. "It's expensive to get all that SSO stuff working," Allen says. "And in some sensitive applications, it's advantageous to have separate passwords--there's a certain level of security there." Kelley echoes Allen's frustrations. "I'd like to enforce the use of stronger passwords, but people just don't want the complexity, and having to remember so many letters and numbers and having to change it every 90 days," says Kelley, who sometimes allows users to keep passwords for as long as 120 days. "My boss says IT is here to serve," he says. "I'm supposed to help users be productive, and a complicated password system is regarded as a hindrance." One suggestion to IT managers who struggle with passwords is to teach users the acronym method. Users create a short, memorable phrase--for example, "Neo is the chosen one!"--and take the first letter of each word to form the password. They can also change written numbers to numerals. The result, NITC1!, is a reasonably strong password that's easy to remember. Sugayan has had the opposite experience with passwords. Because Private Eyes deals with sensitive data such as Social Security numbers, medical records and other background information, executives make very clear to everyone that security is a top priority. To that end, the company has taken the password issue out of its users' hands. Private Eyes assigns its users a new password every 30 days. "We don't have pushback," Sugayan says. "Employees understand we are working with highly confidential information." But passwords aren't the only security issues that small businesses face. For instance, Kelley is preparing to deploy IPSec (IP security) VPNs to several users to allow them to telecommute. He may turn to a consultant to help him implement the VPNs. He also would like to install an IDS or IPS, but he hasn't had the opportunity to plan a deployment. That raises another issue: Most small businesses can't afford to have a security expert in-house, but they face the same threats, such as data loss, virus outbreaks and intrusions aiming to hijack computing resources, as larger companies. Security outsourcing is a viable option for small businesses. Top-tier managed security service providers (MSSPs) such as Symantec and Counterpane Internet Security offer services for small businesses. For instance, Counterpane's Enterprise Protection Suite SME Edition will monitor one firewall and IDS device, which includes event collection and correlation and IDS tuning. Small shops should also consider local or regional managed service providers, which may offer more competitive pricing and a higher level of service. Your VAR (value-added reseller) may be able to direct you to an MSSP player in your area. "A lot of IT shops don't realize there are services priced attractively for small businesses, so they don't look at a managed service because they think it's just aimed at the enterprise," says Harry Segal, president and founder of Networks Unlimited in Hudson, Mass. Segal says many small businesses struggle with viruses, spyware and spam, as well as improper use of the Web. Networks Unlimited's filtering offerings are the company's most popular service. Another option is a unified threat management (UTM) system. Vendors including Fortinet, Astaro, Symantec and Internet Security Systems offer products that bundle firewall, IDS/IPS, antivirus, anti-spam and other services into a single appliance. UTMs were designed with small shops and small budgets in mind: A few thousand dollars can get you started with a firewall, VPN and IDS/IPS package. But beware of performance issues--as you activate features, you'll slow down packet processing. An overburdened UTM can quickly become a choke point.

Final Analysis It's tempting to think that a bigger budget or larger staff is the solution to all the problems that very small IT shops face. While more resources would be useful, the most effective solution starts with an organized response to top IT demands. For example, tech support issues will drown even the most conscientious administrators unless they create a system to track help requests from start to finish. Your organization system can be tools-based or rely on a simple set of policies. IT pros at very small businesses may not have money to throw at problems, but that doesn't make them helpless. As demonstrated here, a little ingenuity and some good advice from peers goes a long way. Andrew Conry-Murray is Network Computing's business editor. Write to him at

IT professionals at very small businesses don't have the luxury of big budgets to help them train users, solve problems and keep themselves abreast of the latest technologies and products. But that doesn't mean they have an impossible job. The following recommendations come from IT pros who have learned to make the most of their available resources. Richard Allan Kelley is the systems administrator for a 50-person manufacturing company.
Smart Shopper: Kelley comparison shops for equipment and software at the following sites:
» » »
Easy Reader: Kelley recommends these books, all by William R. Stanek, for troubleshooting tips and other info that make his job easier.
Microsoft Windows 2000 Administrator's Pocket Consultant Microsoft Exchange 2000 Server Administrator's Pocket Consultant Microsoft SQL Server 2000 Administrator's Pocket Consultant
The Other Kind of Networking: Kelley is a member of the Network Professional Association (, a national organization that promotes the IT profession. Kelley attends local Lunch-and-Learn sessions to gather information on new technologies and to meet with industry peers. NPA also offers articles, white papers and newsletters on technology and career advice for network professionals.
Matt Allen is IT manager for the Washington, D.C., office of Freeman, a trade show producer. Allen and another IT staffer serve 130 users.
Share The Wealth: Allen conducts 30-minute tutorials each week for his end users to help them make the most of applications and technology services. He also encourages users to share what they've learned by offering a $5 Starbucks gift card to the first user who teaches a new feature to a colleague. Start Here: Because IT staffers at small shops have to be generalists, the Web is a key resource for starting basic research on the myriad subjects they have to understand. To that end, Allen relies on some old favorites, including Google, SlashDot and TechRepublic. He also has high praise for the computer channel of How Stuff Works, which he uses to get up to speed on topics like spam and spyware. "The site always has a printable version [of the article] which I can capture to a PDF and keep for future reference and/or print," Allen says. And the end of each article usually has five or 10 additional links to related articles and other links to current news sources and sites related to your topical search." Allen relies on two other Web sites for a different kind of research: and debunk e-mail and Internet frauds. He checks these sites regularly to protect his users from scams, and to keep a lid on users who might be tempted to forward hoax mails:
» » » » » »
Dig Deeper: A top technology information resource for Allen is Info-Tech (, a research group targeted at small and medium-size businesses. A $500 annual subscription buys you access to reports that include research, policy templates and tools for a variety of technology sectors, such as end user support, security, e-mail and messaging. All Work and No Play: IT pros can't be expected to work all the time, even in shops where they have to do it all. When Allen has downtime he reaches for a good book. His all-time favorite is Accidental Empires: How the Boys of Silicon Valley Make Their Millions, Battle Foreign Competition, and Still Can't Get a Date, by Robert X. Cringely. Says Allen, "This is an easy, fantastic read that enlightens the back-room deals and history of PC computing in the early years, and has an entertainment factor to boot."

Executive Summary Helpdesk technician, security manager, Web site administrator, new technology research department, hardware support a small company, all these roles and more may fall to a single IT professional. But when the requests for new monitors and network logons pile up, the server goes down, a major worm strikes and someone asks for help loading paper into the copy machine, it's enough to make even a hardboiled veteran feel like the last person standing in the Alamo. The answer doesn't have to be a case of Red Bull and a sleeping bag tucked discreetly underneath your workbench. In this installment of Affordable IT, Network Computing business editor Andrew Conry-Murray takes a close look at how IT shops with one to three people manage day-to-day operations, keep users trained, address security issues and keep end users and bosses happy--and themselves from going crazy. While a small company may not be able to adopt every best practice followed by larger enterprises, a few smart tips can make a big difference. You can find all our Affordable IT articles here.


Become a member to take advantage of more features, like commenting and voting.

  • You Might Also Be Interested In

Jobs to Watch