jazzcat
11-08-2005, 06:33 PM
Greetings Everyone,
I've been lurking in this forum for a few weeks now, and there are a couple of points that I think should be addressed. These points are somewhat related to the article link I found today about SME's being hit hard with phishing and spyware. As someone relatively new to the scene, I'd like to know what everyone things about Value and Security. These two points are related because the solution to one is the solution to both.
As I glanced over the forums on QuickBooks, PeachTree, and the various flavors of accounting offered by Microsoft, I had to wonder: why are these the only alternatives being considered? It seems that in many small and medium businesses, IT procurement works like any other kind of procurement, and alternatives that could save substantial amounts of money are often overlooked. One enterprising fellow in this forum broke this trend by describing how easy it was to use SQL-Ledger, which is a completely free alternative to QuickBooks or PeachTree. There's a lot of value here - he saved thousands (tens of thousands?) of dollars by using a free package. There are a few other packages with similar benefits; as I pointed out in a previous post, the free Quasar Accounting package also provides a great deal of value for a very small price - zero. In this day and age, you can get all the software you need - from accounting, to ERP, to groupware, to CRM - for the price of a download and some time to install the application.
Switching gears, let's take a look at a related topic: computer security. In the link I referenced above, Sharon Gaudin talks about how SME's often don't have the resources they need to battle the problems that come about on their PC's. But what she doesn't mention is that the problem of IT malware can be solved in the same way that you solve the problem of high-priced software: by using due dilligence and investigating the software packages you need to use on a daily basis.
As an example, let's look at applications - either hosted locally or delivered over the web - that require Internet Explorer. I have many friends in this situation - they want to use an application from a vendor, but they're forced to use IE. Unfortunately, IE is well-known for posing many security risks. The Department of Homeland Security even recommended against using IE in 2003, and Microsoft has not had any incentive to correct these issues even though two years have passed. The smart vendor would write her application to be compatible with any browser and sell this choice to her customers. She could then sell her application with lines like, "We don't force you to use an insecure browser!" If enough SME's pressure their vendors to write applications in such a way that they are not put at unneccessary risk, then a lot of these IT problems wouldn't occur as more spyware infects IE than Mozilla FireFox or Opera. The SME owner practicing due dilligence would know this and would save money (that would otherwise be spent on support or downtime) as a result.
Now, let's look at best practices. I'm going to pick on Gary Harrison a bit for something he said in a thread talking about products like his company's Interprise ERP package. In a thread talking about Order Management Software, Gary said, "You can then run both your company and your website off one data file for complete – real-time integration." Now, I need to ask: why would anyone want to do that? While integration is a big time and money saver, putting your ERP system on the same server as your website is asking for trouble. If someone cracked your website, they could access all of your company's financial and planning data. Worse, they could access your customer data; and with new laws being proposed making vendors responsible for consumer data loss (and forcing them to pay for credit protection for those whose data was lost), the convenience of integration could become very expensive very quickly. Even the Fortune 500 who use ultra-secure Unix servers separate their order entry and ERP systems because of this very problem. Again, due dilligence would save the day.
But why should these things be problems at all? Remember, administration costs are lower if things don't break. For the most part, the Linux OS is more reliable than Windows; not only do you save money by not having to buy Windows Small Business Server, you save money because you don't have to buy antivirus software - or pay someone to remove a virus that has invaded your system, or pay extortion fees to someone who has cracked your system. Yet not many vendors have the foresight to write software that works well on any platform. There are a few - SugarCRM is a good example of a product that runs equally as well on Windows or Linux - but they are few and far between. So many of the product vendors fall into the trap of "It's easier to write for just Windows" (which is false) or "Faster to market on Windows" (false) or "costs too much to support multi platforms" (again, false). In this case, the vendors aren't doing their due dilligence to find development environments that produce solid software on solid platforms - they're just taking the easy out and as a result, small businesses who don't have the resources to fight these IT issues need to spend substantial amounts of money to solve them.
By using best practices, it would be possible for a consultant to sell you a complete ERP system, including hardware, OS, accounting, groupware, CRM, and web presence, for around $5,000. Such a system would scale to tens (or perhaps hundreds) of users, with no need for additional licensing fees. The consultant could guarantee that you'd have no viruses or spyware. And yet, both consultants (who try to protect their virus-breakfix revenue streams) and small business managers don't perform their due dilligence and as a result, spend thousands (or tens of thousands) of dollars they could otherwise reinvest in their businesses.
Why?
I've been lurking in this forum for a few weeks now, and there are a couple of points that I think should be addressed. These points are somewhat related to the article link I found today about SME's being hit hard with phishing and spyware. As someone relatively new to the scene, I'd like to know what everyone things about Value and Security. These two points are related because the solution to one is the solution to both.
As I glanced over the forums on QuickBooks, PeachTree, and the various flavors of accounting offered by Microsoft, I had to wonder: why are these the only alternatives being considered? It seems that in many small and medium businesses, IT procurement works like any other kind of procurement, and alternatives that could save substantial amounts of money are often overlooked. One enterprising fellow in this forum broke this trend by describing how easy it was to use SQL-Ledger, which is a completely free alternative to QuickBooks or PeachTree. There's a lot of value here - he saved thousands (tens of thousands?) of dollars by using a free package. There are a few other packages with similar benefits; as I pointed out in a previous post, the free Quasar Accounting package also provides a great deal of value for a very small price - zero. In this day and age, you can get all the software you need - from accounting, to ERP, to groupware, to CRM - for the price of a download and some time to install the application.
Switching gears, let's take a look at a related topic: computer security. In the link I referenced above, Sharon Gaudin talks about how SME's often don't have the resources they need to battle the problems that come about on their PC's. But what she doesn't mention is that the problem of IT malware can be solved in the same way that you solve the problem of high-priced software: by using due dilligence and investigating the software packages you need to use on a daily basis.
As an example, let's look at applications - either hosted locally or delivered over the web - that require Internet Explorer. I have many friends in this situation - they want to use an application from a vendor, but they're forced to use IE. Unfortunately, IE is well-known for posing many security risks. The Department of Homeland Security even recommended against using IE in 2003, and Microsoft has not had any incentive to correct these issues even though two years have passed. The smart vendor would write her application to be compatible with any browser and sell this choice to her customers. She could then sell her application with lines like, "We don't force you to use an insecure browser!" If enough SME's pressure their vendors to write applications in such a way that they are not put at unneccessary risk, then a lot of these IT problems wouldn't occur as more spyware infects IE than Mozilla FireFox or Opera. The SME owner practicing due dilligence would know this and would save money (that would otherwise be spent on support or downtime) as a result.
Now, let's look at best practices. I'm going to pick on Gary Harrison a bit for something he said in a thread talking about products like his company's Interprise ERP package. In a thread talking about Order Management Software, Gary said, "You can then run both your company and your website off one data file for complete – real-time integration." Now, I need to ask: why would anyone want to do that? While integration is a big time and money saver, putting your ERP system on the same server as your website is asking for trouble. If someone cracked your website, they could access all of your company's financial and planning data. Worse, they could access your customer data; and with new laws being proposed making vendors responsible for consumer data loss (and forcing them to pay for credit protection for those whose data was lost), the convenience of integration could become very expensive very quickly. Even the Fortune 500 who use ultra-secure Unix servers separate their order entry and ERP systems because of this very problem. Again, due dilligence would save the day.
But why should these things be problems at all? Remember, administration costs are lower if things don't break. For the most part, the Linux OS is more reliable than Windows; not only do you save money by not having to buy Windows Small Business Server, you save money because you don't have to buy antivirus software - or pay someone to remove a virus that has invaded your system, or pay extortion fees to someone who has cracked your system. Yet not many vendors have the foresight to write software that works well on any platform. There are a few - SugarCRM is a good example of a product that runs equally as well on Windows or Linux - but they are few and far between. So many of the product vendors fall into the trap of "It's easier to write for just Windows" (which is false) or "Faster to market on Windows" (false) or "costs too much to support multi platforms" (again, false). In this case, the vendors aren't doing their due dilligence to find development environments that produce solid software on solid platforms - they're just taking the easy out and as a result, small businesses who don't have the resources to fight these IT issues need to spend substantial amounts of money to solve them.
By using best practices, it would be possible for a consultant to sell you a complete ERP system, including hardware, OS, accounting, groupware, CRM, and web presence, for around $5,000. Such a system would scale to tens (or perhaps hundreds) of users, with no need for additional licensing fees. The consultant could guarantee that you'd have no viruses or spyware. And yet, both consultants (who try to protect their virus-breakfix revenue streams) and small business managers don't perform their due dilligence and as a result, spend thousands (or tens of thousands) of dollars they could otherwise reinvest in their businesses.
Why?