Any Company Strategy Discussion Document
Presented by: Surety IT
Contact Details: Tel 1300 4 787 389
Commercial in Confidence
Surety IT has been engaged by Any Company to review their current IT infrastructure and recommend a path forward that will provide the technology services and solutions they need.
ANY COMPANY is a knowledge based business and staff need to have access to information wherever they are. Staff need to be able to access information off-line as well as on-line as they work in remote areas with poor communications coverage.
During discussion with the CTO of ANY COMPANY the following issues/requirements were highlighted -
- Current Office 365 subscription and educational licencing eligibility
- Decommission existing server and design of new solution
- Sharepoint/shared folder and file access including off-line
- Anywhere office network including firewall, network switch, wireless and potential move
- User permissions
- IT hardware and software audit
- Hardware and software procurement
- Standardisation of hardware and software in the business
- User training
- IT strategy and roadmap
- Policy and process creation
- Cyber security including end point management and data protection
- Printing and scanning
- IT Support
The document will also make recommendations around any critical issues that have been identified from the engineer site visit that are impacting the efficiency and productivity of the business.
ANY COMPANY have advised that the strategy needs to be cost-effective and can be prioritised. Surety IT are recommending that a road map be developed in collaboration with ANY COMPANY so that critical issues are addressed firstly.
The document will focus on –
- Identifying current issues and risk as well as providing options around improving efficiency, productivity and reducing risk.
- Details on implementing recommendations.
- Potential for future proofing set-up to enable growth
- Rough Timing and costs to implement (including staged approach)
The next steps after the completion of this document are to collaborate with the business over an agreed way forward and then plan the implementation.
Investigation and analysis has been conducted on site and by interviewing the CTO, as well as analysing the current IT infrastructure.
The report is limited to the IT infrastructure function of the business.
3 Deliverables and Overall Objectives
An agreed IT strategy document together with priorities, timescales, resources and approximate budgetary figures.
The technology areas that were focused on as identified by the business are detailed in the Background section.
The overall objective is to provide the business with a consolidated solution that provides staff members with access to the information they need when they need it, both on-line and off-line.
Surety IT has the experience and capability as well as the partnerships to deliver both cost and productivity savings and provide required security for the business.
Surety IT can assist in resolving the challenges identified by the business, and ensure ANY COMPANY have solutions suited to their mobile, diverse business.
ANY COMPANY has its corporate office in Anywhere.
There is a local Microsoft SBS servers in use. The workforce is highly mobile with staff regularly working on client projects at client sites including mines.
They have other sites in AnyCity, AnyState and AnyPlace as well as staff in AnyCountry.
Critical software in use in the business includes –
- Exchange hosted email
- Office 365 installed office (E3 subscription)
- Shared folders and files on local SBS server
- Google Sheets
The major challenges are around sharing information between staff and locations are being to give staff access to critical information off-line.
4.1 IT Strategy and Roadmap
With regards to the IT strategy the highest priority is to provide reliable, consistent access to shared data both for office based and mobile staff. This needs to both on-line and off-line.
The other priority is to ensure that the knowledge that has been gathered is securely accessible by staff wherever and whenever they need it.
The remainder of the strategy is inter-linked to this central requirement of secure accessible data and mobility. The strategy needs to ensure that access to critical information is secure, that business knowledge is easy to access for staff but secured against unauthorised access or malicious threats.
Surety IT in collaboration with ANY COMPANY can refine an IT Strategy and Roadmap to suit the business’ requirement.
The draft IT Roadmap, encompassing the strategy is below –
Up-front cost (ex. gst)
Monthly Cost (ex. gst)
Data sharing and decommissioning of existing server
Kick-off within 1 month of sign-off
Delivery within 3 months
Surety IT to provide demo of AnyProduct to ANY COMPANY
Office 365 Educational Licencing
Kick-off within 1 day of sign-off
Delivery within 1 month depending on requirement
$0 - we are anticipating that this is an easy change with very little labour required.
Subscription - $x per user per month
Single Sign-on and Azure Active Directory
Kick-off within 1 month of sign-off. Delivery within 1 month depending on requirement
To be costed in conjunction with 5.3 once final solution is decided upon
Subscription - $x per user per month
Standards list creation
Within 3 months of sign-off
Network improvements Anywhere
Within 6 weeks of sign-off (hardware availability)
Costs will depend on whether PoE switch is purchased. Details are in section 5.4
Assistance with policy creation
Within 6 months of sign-off
*These costs will be determined when the final solution has been agreed upon.
5 Observations and Recommendations
5.1 Exchange Hosted Email and Office 365
Current Set-up –
The current email service is provided as part of the Office365 E3 subscription.
The hosted email works well but the business is a registered training organisation and is paying full price for the E3 subscription.
We would recommend that the business apply for educational licencing through the Microsoft educational program.
There are various subscriptions available with the most suitable being E5 which is a higher subscription than what ANY COMPANY have got at present and includes additional security features that ANY COMPANY would utilise but which would cost less than 50% of the current cost ANY COMPANY are paying monthly for Office365 subscriptions at present.
Surety IT are happy to assist in the process of the business applying for educational licencing. We have performed this before for businesses and have a direct relationship with Microsoft suppliers to enable this process to be straight forward.
To apply for educational licencing an eligibility form needs to be completed with all relevant business details and evidence that the business is an RTO.
Once this is completed, the form is sent to a Microsoft supplier who applies to Microsoft directly on behalf of the business for the educational licencing. The validation process takes up to 72 hours and needs to be re-validated if approved on an annual basis.
The educational licencing can be added to the existing services that the customer has is also not dependent in having an edu domain or applying the licencing to this domain.
The educational plans can be mixed so staff not requiring a full version of office installed can have the FREE licence whereas staff requiring an installed version of office can have the E5 version.
Project cost – If the subscription can be moved to educational without the need to design a project around migrating mailboxes etc. then the cost would be $0 to ANY COMPANY as this would be provided as part of the managed IT support service.
Timescale – Once the validation comes through the accounts can be upgraded and discount applied within 1 business day.
5.2 Decommission of existing server and design of new solution
Current Set-up –
The existing Microsoft SBS server provides the following functions –
- Shared folder and file access for Anywhere office and remote users
- Active Directory domain controller for Anywhere office
- DHCP for Anywhere office
- DNS for Anywhere office
- Shared printers for Anywhere office
Local backups which use NT backup are failing. Cloud backups seems to be working but are unverified as test restores do not seem to be performed.
There are numerous issues with the existing server and windows domain including -
- local backups failing
- remote access not working
- no security groups set up
- Passwords set to not expire and staff unable to change them
- Staff being set up as domain local administrators
- No folder or file permissions set up, so all staff have access to everything
The CTO would like to de-commission the server as the majority of business applications are cloud based and majority of staff are remote. The issues above would be resolved by replacing the server with appropriate cloud solutions with appropriate policies and permissions in place for staff.
The best practice way forward would be to re-design the folder and file structure in an appropriate cloud solution and provide access to folders based on staff requirements by security group. There would also be a password policy set up to improve security. This would be designed in conjunction with the Sharepoint and off-line file access which is detailed in the next section.
In terms of network roles – DHCP and DNS, the proposed hardware firewall, detailed later in the document would be used to provide these services.
Active directory services would be provided by cloud based Azure Active Directory if required and remote access would no longer be required directly to the office as all critical applications would be cloud based.
There is an educational licence available for Microsoft Mobility and Security Suite – E5 for $4.20 ex gst per user month. This is reduction from $19.90 ex gst per user per month, This would include –
- Azure Active Directory Premium P2
- Azure Information Protection
- Advanced Threat Analytics
- Cloud App Security
Further details can be found here - https://www.microsoft.com/en-au/cloud-platform/enterprise-mobility-security-pricing
Project Cost – To be costed in conjunction with section 5.3 below.
Timescales – Project kick-off 4 weeks after sign-off
5.3 Sharepoint/Shared folder and file access including off-line
Current Set-up –
The business currently uses a mix of solutions to try and provide all staff with the information they need both on-line and off-line.
The solutions include –
SBS server Anywhere
The current issues are that the business has had to adopt multiple solutions in terms of file sharing and file access.
They have tried to utilise Sharepoint and OneDrive but have been unable to get a consistent, reliable solution in terms of ease of use and off-line synchronisation.
We would recommend that a further investigation be conducted with the business to ensure whichever solution is decided upon is appropriate.
The key behind a successful solution for ANY COMPANY is not to focus on one particular solution and try to get it to work for the business but rather focus on the requirements and priorities and find solutions that address those.
We would envisage the final solution may be a hybrid solution that would encompass a mix of cloud based solutions that enable ANY COMPANY to have exactly what they need.
Amongst the requirements, the CTO would like a Sharepoint intranet site that is visible to all but locked down. Staff will be able to see what is available and if they don’t already have permission to see the information resource they can request permission as needed.
Microsoft have released a new sync client for off-line access and we would recommend that this is trialled by ANY COMPANY to see if this works consistently. Surety IT can assist with this process.
The ideal is to use one solution across the business that provides everything that the business requires but there are a number of items for the business to consider before deciding on a final solution, these are –
- The business is eligible for Microsoft Educational Licencing and Sharepoint Online is included in the subscription they would be paying.
- Some of the Sharepoint Online functionality may not be available if the solution is used in conjunction with Egnyte. These may include Searchability, Content types and document templates, workflow, alerts and the following of document, meta data tagging, archive and data tagging, Delve and the artificial intelligence layer of Office 365.
- Egnyte would be an additional expense for the business.
- There is no local file store option for Sharepoint/One Drive and the existing internet connection for the Brisbane office may lead to slow performance.
- There is no guarantee that the new Microsoft sync client will work successfully for ANY COMPANY.
- Egnyte would be able to provide a local file store for any offices that require it.
- Egnyte would provide a stable off-line sync capability.
We would recommend that the business consider the above and prioritise requirements. It may need to decide whether it is willing to trade some less important features and requirements for stability and off-line access.
In order to identify whether the new off-line client would be successful for ANY COMPANY, we would recommend that all existing versions are checked and upgraded then some tests performed to see if the client works successfully.
We would also recommend that office users access Sharepoint On-line directly across the internet and again see what performance is like and whether it would meet performance requirements moving forward.
If these tests/trials were unsuccessful then we would recommend that the business investigates an Egnyte solution, which can integrate with Sharepoint Online and provide features and benefits including off-line access and off-line synchronisation.
Egnyte has been demoed to ANY COMPANY and if the aspects of the solution that ANY COMPANY deem critical are not met by Sharepoint Online then pilot of Egnyte would be set up and ANY COMPANY staff in different locations would be asked test it. This will help identify an issues and challenges. If the pilot is successful and the solution accepted by the business then a project plan can be developed to design and roll out the solution to the business.
As part of the project, an initial stage would be for the business to review what data is currently on the SBS server and in Dropbox and decide on whether moving relevant data to the whatever solution is the best way forward. Moving only relevant, business related data will reduce cost and management as well as make it easier for staff to navigate and use.
With regards to Sharepoint we can support the solution and we have recommended a trusted Sharepoint partner who has engaged with ANY COMPANY to define exactly what they are looking for.
From this meeting the Sharepoint consultant has provided a design and project cost directly to ANY COMPANY.
As part of the overall project, training would be provided to staff in the form of on-site sessions, webinars and “How to” guides.
Below is a rough estimate as to what the project costs for a hybrid solution would be. Until the final solution is designed an accurate project cost cannot be provided.
Project cost – Are currently estimates as it depends on final solution decided upon
Demo of Egnyte - $0
OneDrive Client check and upgrade - $0 if on managed services contract
Pilot of Egnyte - $x
Egnyte project costs – $x
Sharepoint - Initial planning meeting completed
5.4 Anywhere office network including firewall, network switch, wireless and more
Current Set-up –
There is a 10/10 SHDSL connection into the Anywhere office soon to be upgraded to a 20/20 SHDSL connection.
There is a 16 port Netgear gigabit switch used to support the Anywhere office.
There is a Sonicwall SOHO firewall to provide secure internet access to the office.
Wireless is provided by a Sonicwall WAP device.
The current network infrastructure for the office does not provide the performance that staff need. There are frequent slow-downs as well as poor wireless coverage and not enough spare data ports on the switch to enable all wired network devices to be connected.
The Sonicwall SOHO firewall in our experience is contributing to the slow-down of the internet during the day, as this device is underspecced for the office.
When the engineer visited site the wireless coverage provided by the existing devices was extremely poor.
With regards to the existing internet connection, the 20/20 connection would be adequate for the existing office as there is a local server but the connection will become a performance bottleneck once the business moves to more cloud based applications and file sharing.
We would recommend the following –
Replace the existing 16 port gigabit switch with a 48 port gigabit switch which would provide the additional capacity required. It would also allow the business to move this switch to the new office and again provide with enough capacity. The alternative is to install a 48 port PoE switch which would allow the Polycom telephone handsets to be used in the office without a separate power supply.
Switch cost –
HP 48 port gigabit switch - $x
HP 48 port PoE gigabit switch - $x
Install cost - $x
With regards to the firewall, we would recommend that the existing Sonicwall be replaced with a business grade firewall. We would recommend that a Watchguard T30 be installed and the Total Security Suite be subscribed to.
This again could be moved to the new office and would easily support both staff growth in the office and internet connection speed increase.
Project cost -
Watchguard T30 with 3 years support and Total Security Suite - $x
Labour - $x
If the business is moving closer to the CBD then there is an opportunity to procure a faster communication connection. We would recommend that Surety IT are engaged early in the move process so that we can check to see what available communications options are available at prospective offices and ensure that ANY COMPANY obtain the best pricing.
The new 20/20 connection may be able to be moved and if so then this connection could be used a failover connection in the office.
An upgraded connection in the new office will mean that there is less infrastructure required to provide the office based users with a good experience.
With regards to the wireless, we would recommend that a Cisco Meraki be purchased to provide wireless access for the whole office. This can also be taken to the new office and installed. The key of providing good wireless access is to ensure that a wireless survey is performed before the installation of the device and that the device is then placed in the best location in the office, ensuring maximum wireless coverage.
Project cost -
Cisco Meraki MR33 with 3 year support - $x
(requires PoE switch (or PoE injector - $x))
Labour - $x including wireless survey
5.5 User permissions and passwords
Current Set-up –
All users are set up with a password that cannot be changed and is set to not expire.
There are no security groups set up and all users have access to everything on the data drives.
There is a serious risk to the business in terms of password management. All user passwords are extremely vulnerable and the risk of a data breach is extremely high.
This coupled with the fact that all users have access to all files on the data drive leaves the business in an extremely vulnerable position in terms of ransomware where all files will be accessible.
We would recommend that a password policy be implemented across the applications that is appropriate for the business and where appropriate the business consider implementing multi-factor authentication to provide an additional layer of protection.
We would further recommend that when the file sharing project is live, that all staff access is reviewed and they are only given access to the folders and files they need rather than everything or what they want.
This will have the added benefit of restricting the impact of a malicious software or ransomware infection in that it can only infect/encrypt files that the staff member has permission for.
Staff user accounts should also not have any administration permissions for network resources.
5.6 Standardisation of hardware and software in the business
We would recommend that the business look at the different user profiles that are in existence in the business and develop standards and procurement policies around that. The two most common in use in businesses are –
- Office based staff member
- Mobile staff member
From defining these roles, standards can be created in terms of hardware/mobile devices and software.
Surety IT is able to assist in defining these standards including recommending suitable hardware specifications and mobile devices as well as management of these devices. We will work in conjunction with the business to develop suitable standards that will aid in procurement and implementation. Surety IT can also procure the hardware and software on for ANY COMPANY and set it up for a fixed cost.
We are also partners with mobile communications businesses who can review current invoices and see whether ANY COMPANY is getting the most appropriate value.
As part of this overall process it would be necessary to perform a hardware and software audit to give an overall picture of what the business has currently. This can be conducted once the support management agents are installed on all user’s computers.
5.7 User training
We completely understand that ANY COMPANY is a training based business and that many of the staff members have a basic knowledge of computers and technology.
The solution(s) we provide in collaboration with the stakeholders of the business will need to be easy to use and not have a steep learning curve as we can appreciate that if it is too hard to use or learn then staff will simply not use it.
To that end, we are happy to work in collaboration with the business to ensure that adequate training is provided and we can support any solution that is implemented. We are happy to provide on-site training or group webinars as well as “how to” documents.
We would also encourage the business to investigate providing additional training to specified individuals who could then become ‘power’ users.
5.8 Policy and process creation
Surety IT can assist with policy and process creation for ANY COMPANY. We currently have a template library of policies that would be relevant to a business of ANY COMPANY’s size and industry and would be happy to provide access to ANY COMPANY should they become a customer.
5.9 Cyber security including end-point management and data protection
The existing end-point security software is provided by the existing IT provider.
There is no mobile security software in place for mobile devices.
The firewall has been discussed earlier in the document.
Once the contract finishes with the existing IT provider the end-point security software will be uninstalled.
Having unprotected mobile devices with company information on them is a risk to the business.
The key to a good cyber security strategy is to have a multi-faceted approach encompassing technology, appropriate policies, processes and procedures, and user awareness.
We have discussed earlier in the document about around the need for better user security, a replacement firewall and other measures that will improve the overall protection of not only the ANY COMPANY network but its critical information resources.
We would recommend that ANY COMPANY subscribe to a new end-point security solution that can be provided by Surety IT. There are a couple of options that can be discussed further with ANY COMPANY. Both are monthly subscriptions that are paid on a per device basis.
The business are not keen on Kaspersky and would rather look at Crowdstrike as an end point security option.
The cost of Crowdstrike per device per month is $x ex gst.
As part of the mobility and security suite we are recommending, we can also assist ANY COMPANY configuring an appropriate mobile device management solution. This would be scoped as a separate project.
Surety IT are also happy to assist ANY COMPANY in the development of an appropriate cyber security strategy. Depending on requirements this may be a chargeable project.
- Surety IT would strongly recommend that they manage the projects and implement any solutions required, to ensure that deliverables are met and are delivered on-time.
- Surety IT may need assistance from 3rd parties at specific times during the project but that will be communicated to ANY COMPANY as to the reasons why. For example, firewall configuration etc.
- User migration to Office365, if required, can occur during working hours.
- The CTO will be available to provide assistance during the project phases.
7 Next Steps
Upon discussion and approval of the IT strategy, Surety IT would like to meet with the CTO to discuss timings and responsibilities to ensure that all business expectations and requirements are met.
Surety IT would like to demo the Egnyte solution to the CTO to show its capabilities.
Surety IT will provide a project plan for each of the proposed projects and work in collaboration with the business to ensure that each project is delivered on time.