Friday, May 7, 2010

How IT can give your company competitive advantage

QUESTION
As an IT manager, advise your company on some of the top security issues and prepare a document to advise them on the benefits which can be achieved with the introduction of IT to create competitive advantage. Pick a case study area and base everything on it. Indicate the company and state what they do.

COMPANY PROFILE

PJEF Company Limited is a magazine printing and publishing company headquartered in Accra, with branches in Kumasi, Sunyani and Tamale. It has an online presence on the internet through their website where their publications can be perused and bought. This aspect is handled by the publishing and IT departments. It has a centralised authority structure. Though quite relatively modern, PJEF Co. Ltd uses off-the-shelf software, and an open internet system to network the different branches. Some very important documents are still kept on paper while the company puts no clear restriction on data access, especially within the proof reading department which happens to have developed a sort of departmental database which is at times utilised by the other departments. The Management board recently has tasked the IT department to identify some of the issues which adversely affect the efficient operation of the company. As the manager of the tasked department, the following are my findings

SECURITY RISKS AT PJEF CO. LTD.

As per the mandate of the Management Board, in my capacity as the IT manager of this company, I have carried out the authorised assessment of the operational IT risks of this company and the following form some of my major findings.
a. The use of only off-the-shelf software: As a printing and publishing company, PJEF cannot continue to rely on only off-the-shelf software to run its operations. So doing exposes the company to a lot of disadvantages such as making it easier for thieves to steal and pirate printing material. Again the absence of customised software such design software which is specifically written to suit the needs and operations of this company makes it very tedious for the design, typesetting and desktop publishing department to create a style which sets PJEF apart from other publishing houses.
b. Use of Open internet connectivity: Being a fast growing and quickly spreading company, PJEF cannot continue to use the open insecure internet as the means of networking its branches. The tendency for data loss/theft and corruption, not to mention the possibility of malicious attacks on PJEF corporate systems are real threats to the very operation of the company. Also, as a commercial entity which prides itself in quality work, it becomes a matter of competitive disadvantage while it does not speak well of the company to have in place no mechanism to protect the hard work of its valued clients, namely the signed authors.
c. On-site back-up: As a matter of great operational risk is the issue of on-site back-up. Currently, the IT department has no means of directly and simultaneously backing up all company data files off-site. The current system where data is backed up on site and later manually transferred to an off site location has a number of disadvantages such as the possibility of loss of limited but critical data and the possibility that due to human error may cause data not to be backed up at all, as indeed happened in the near fatal incident involving the PJEF and the author of a textbook. The current method of backing up leaves the company open to viral attack and data corruption since data transfer is manually handled.
d. Documentation of Important material on paper: The practice whereby the company still keeps important material on paper without making electronic copies could be very costly should there be a fire outbreak or even pest attack. While the practice of keeping such documents in a combination safe is quite laudable for keeping burglars at bay, it is quite insufficient to keep fire and other hazards out.
e. Poor database management: The Company has no database which makes it quite cumbersome when managing data inflow and access. The departmental database instituted by one of the departments is full of redundant data. The absence of an up-to-date database impedes managerial decision making, gives no clear picture of company performance and virtually creates a barrier between related departments.
f. Easy Access to Company Data: Going round with respect to finding out some of the security risks facing the company, I stumbled upon one very important issue, namely the easy nature in which data is accessed in this company. There appears to be no access restriction on some data, making such data easily accessible to almost everyone and thus vulnerable to theft, change or deletion. The practice whereby people can easily insert their personal external storage devices into the company computer system without having them scanned for viruses and then issued with clearances to use such secondary storage media could cause complete system failure should a very dangerous virus find its way into the company system.
The above are by no means the end of the list but they form the core of the security threats which the company faces. I will now go on to recommend ways in which the company can solve the problems enumerated above and thus increase its competitive advantage by introducing IT.
RECOMMENDATIONS
• The company should consider diversifying its operations by incorporating custom built and customised software into its computer systems. As a printing and publishing company which publishes both for the physical and online market, it gives the company some competitive edge when it does everything possible to produce products which are different from what everyone else in the business is producing. Since customised software is practically written to suit the preferred taste and operations of the one who orders it, unlike commercialised ones, it gives the company a very important tool to produce products which cannot be made anywhere else apart from PJEF.
• Though the company publishes on its internet website, it should consider using the many social network sites such as facebook, twitter, hi5, tagged, badoo, perfspot, myspace, etc. to increase awareness of its products and thus increase its customer base. When people on these sites are able to appreciate the good work which this company produces, the stage is set for us to take care of big printing orders which would arrive from almost every corner of the world. To add, the IT department should be resourced to help the relevant departments create a formidable online presence through serious online advertising campaigns.
But this should not draw away from the fact that the company needs to develop a better internal network purposely for coordination between the different branches. If this is done, data flow and sharing will be faster, safer and more reliable.
• As a matter of urgency, it is my recommendation that the company proceeds to make provisions for automated off-site back up of its data. This will forestall the loss, possible delays or corruption of company data. This will make the company appear more reliable to potential clients who would rest assured that their work will be finished on time any catastrophe notwithstanding.
• The company needs to immediately begin the process of converting into electronic format all important company documents. With current technology, documents which come in electronic formats are easier to store protect and transfer than their hardcopy counterparts. Watermarks can also be embedded within such documents as a seal of authenticity while they can be copy protected, write protected or even set to track changes made to it at what time. These attributes of the electronic file help the company to better protect its documents from corporate rivals.
• There needs to be an up-to-date database put in place with its requisite data access protocol. With the introduction of a regularly updated database, different departments within the company can have access to relevant data and hence increase efficiency and productivity, cutting down the time used to search for some particular data. Sensitive data will also be protected from unauthorised access leading to a generally confident working environment.
• Finally, the company should make it a policy not to allow personal secondary devices to be used on company computers except they have been scanned for any malicious software and after they have been used on the company computer if any company documents have been copied. In this quest, the system administrator should be vigilant in his work and flag any potential unauthorised system access and usage.

No comments: