Tuesday, September 13, 2016

Happy 1st Birthday, Windows 10!

My latest article is now live at ministrytech.com.

It’s hard to believe that we’ve been in the Windows 10 era for a year now. It seems like just yesterday we were anxiously awaiting the final release, after two years of testing and development. (Of course, technology years are like dog years with things moving so fast.)

Microsoft’s goal for Windows 10 was to have 1 billion devices running this version within the first three years. They have admitted recently that after this first year they probably aren’t going to hit that goal, mostly due to the failing Windows 10 phone market. If you don’t know what this means, ask how many of your friends have a Windows phone and you’ll soon understand.

Even after a year, though, the question remains as to whether or not you should upgrade. Microsoft allowed users to upgrade for free through the first year. Since the free upgrade has expired, is there any real rush to upgrade, especially now that you have to pay for the upgrade and the fact that Windows 7 is supported through 2020?

If you did not take advantage of the free upgrade, then you probably aren’t going to pay to upgrade your existing device. You might wait and get Windows 10 when you purchase a new device. There will undoubtedly be a plethora of new Windows 10-based devices available as we inch closer to the holiday shopping season.

The release of Windows 10 Anniversary Edition is momentous for several reasons. First, Microsoft kept its promise in terms of the new Windows paradigm shift. No longer is Windows a product that you upgrade once every few years to a new version. Now Windows is in a perpetual state of evolution, constantly changing with feature updates and changes included with security patches. Many doubted whether Microsoft could upgrade Windows several times per year, and so far they have proven they can.

The Anniversary Edition release also shows us that once a device is running Windows we won’t have to upgrade the operating system every few years. Every organization dedicates significant IT resources to operating system upgrades. Once your device is running Windows 10 it will upgrade itself—there won’t be the need for organizations to dedicate time and money to imaging machines when the next version of Windows comes out. As an IT person who has done countless Windows migrations and upgrades, this is what I’m most excited about.

Windows 10 Anniversary Edition also contains a ton of features additions and security improvements. Here are just a few of the highlights …
  • One of the coolest features of Windows 10 running on a Surface is the Windows Hello authentication process. This allows you to unlock your PC just by looking at your device. The Windows Hello camera logs you in based on your face. I love this feature, and in the Anniversary Edition you can now use Windows Hello to login to websites and apps. Instead of remembering your password you just have to remember to keep your head on your shoulders. This may be problematic for those who say they would forget their head if it wasn’t attached.

  • There have also been a ton of other under-the-hood security improvements, including an updated Windows Defender and an enterprise version called Windows Defender Advanced Threat Protection. It remains to be seen if these built-in security features will have any impact on the third-party security/malware/anti-virus markets.

  • For touch screen users Windows Ink has also been built into the update. Windows Ink allows you to write on your screen and convert handwriting to text. It also provides for greater interaction using a pen or stylus with Microsoft Office and other apps that have the Ink functionality built into them.

  • The new browser in Windows 10, Microsoft Edge, is also starting to gain some maturity. Edge was released with Windows 10 but it too is undergoing an evolutionary process. With the Anniversary Edition, Microsoft Edge now supports extensions and many more web standards, including HTML5. It has also had significant under-the-hood improvements. Translation— you can start using Edge on many of the sites that didn’t work on it before. Only time will tell whether or not this will convince you to switch to Edge as your browser of choice.

  • My favorite improvement is the ability to pin apps to virtual desktops. Windows 10 first brought virtual desktops to Windows users (better late than never). Virtual desktops allow you to have different applications running on different desktops so you don’t have to open everything in a single place. One desktop could be running Word, Excel, and Outlook, while another desktop could be running all of your open browser windows. You could then have all of your games running on a third desktop, then when the boss walks by . . .

  • With Windows 10 Anniversary Edition you can now send a single app to all your desktops, so if you want to be able to view your email across all your virtual desktops you can now open it once and have it appear on all desktops as opposed to having to open your email individually on every desktop.

  • Other improvements include more functionality for Cortana, better gaming integration with Xbox, additional desktop themes, more control over the action center and notifications, and better management tools for education and classroom environments. 
Windows 10 is here to stay. While there may be a learning curve for some users, it is hopefully a learning curve you will only have to experience once.

Thursday, August 11, 2016

Should Churches and Ministries Embrace the Cloud?

My latest article is now live at ministrytech.com.

To embrace the cloud, or not to embrace the cloud, that is the question. Pardon the Shakespearean paraphrase, but there are a lot of questions swirling around churches and ministries as they consider using cloud services for everything from email and file services to Active Directory. There is also a disconnect between what the IT team says is best for the ministry and what church leadership thinks in terms of utilizing cloud-based services.

Cloud-based services offer many benefits over hosting your own services, but you’ll want to make sure you are using a reputable vender. It is important to look at the SLA, or Service Level Agreement, to ensure that your provider will keep their services running so your ministry effectiveness isn’t impacted. When you host your own email and/or file servers you have much more control over downtime because you probably have physical access to the server and the people running those servers. When you host in the cloud you may not have direct access to the servers so you are dependent on your provider to resolve any issues that create downtime.

Using a reputable host like Microsoft or Google will ensure reliability, but there are other companies that provide cloud based services for just about everything, and you want to make sure a provider’s reliability won’t negatively impact your ministry.

One of the biggest benefits of using cloud-based services is that they take a huge support load off the IT team. No longer are they responsible for maintaining and patching servers. If the servers are on your site then you may also have cooling, power or data issues to consider as well. What happens when the cooling units fail? Do you have sufficient battery backup or a generator for power outages? What happens when your Internet connectivity goes down? Moving to the cloud avoids all these issues as cloud-based services are hosted in large, commercial data centers where power, air conditioning, and data reliability are taken care of for you.

Cloud services can also play a huge role in your disaster recovery and backup strategies. Remember that disaster recovery and backups are not the same thing. Backups are for recovering data, while disaster recovery refers to how much time is necessary to get your services (like email, files, ChMS, etc.) back into operation after a disaster. By placing these services in the cloud you can enhance these strategies. If a natural disaster wipes out your on-site datacenter what would you do? In the church world think of what happens if a significant tornado or hurricane or earthquake (hopefully not all three at once!) hits your area on a Saturday night. Do you have a way to notify your congregation about your plans for Sunday morning? How fast can you get your email and ChMS back up and running?

By placing services like your email and ChMS in the cloud, the responsibility of keeping things running falls to your provider. A cloud-based provider will more than likely have your data spread out across servers and datacenters in multiple geographic locations. The same is true for your backups: they are no longer located on your site and you no longer have to relocate backup tapes to ensure your backups are spread out geographically. Most cloud vendors can also provide more backup space then many churches or ministries would be able to afford on their own. This means when the natural disaster hits your area, your services continue to operate. How many churches or ministries are able to provide geographic and hardware redundancy on their own? And if they are able, is it good stewardship of those funds?

By now you may be thinking to yourself that the cloud sounds too good to be true. “You mean I can place my data, my email, my files, my ChMS, my whatever in the cloud and not have to worry about natural disasters, power outages, cooling equipment failures and maintenance, internet outages, security patches, backups and disaster recovery all while saving the IT team a lot of time, effort, and money? Sign me up!” Hold on, not so fast.

Whether to move your ministry to the cloud may not be so obvious. While there are obvious benefits, there are also a few challenges. Many in the IT profession believe it is their job to protect the data and ensure it is kept safe. This is why I do not believe this is an IT decision, but rather a church leadership decision. The IT team should make recommendations based on their knowledge and experience, but the data belongs to the church, and the church leadership should decide how to keep that data safe, including how and where it is stored. For some that may mean moving to the cloud, for others, they may feel more comfortable keeping their data on-site and managing it locally.

There is also the challenge of the IT team. IT folks don’t like to give up control, and moving data and services to the cloud means they will be giving up some control. I strongly believe the benefits to embracing the cloud far outweigh any negatives, including any control IT might lose. For some IT professionals, especially those who have come out of the corporate world, this can be particularly difficult, but it’s one of the many ways ministry IT varies from corporate IT.

As an IT staff member in a ministry I view my primary objective to be constantly working myself out of a job. My goal is to equip and empower those I support for greater ministry effectiveness. I have no desire to attempt self-preservation by keeping data or services tightly locked up in my control to ensure the long-term security of my job. That level of selfishness only benefits the IT person, not the ministry. Most ministries run lean, so there is always plenty for the IT team to do. The more I empower others and work myself out of some jobs, the more I can focus my time on other areas that may require a specific technology skillset.

Every ministry has to decide where to spend their money. I would much rather use technology— including embracing the cloud—to save money so they can hire additional ministry staff as opposed to hiring additional technology staff to manage technology that could be moved to the cloud. Again, these are leadership decisions, but this is often where the IT team and church leadership may not see eye-to-eye.

So, should your church or ministry embrace the cloud? I think so—provided the IT team and church leadership have worked together to understand the issues and implement the cloud in a way that empowers the ministry for greater effectiveness.

Wednesday, July 6, 2016

How Tech & Accounting Can Live Happily Ever After

My latest article is now live at ministrytech.com.

Preparing an Information Technology (I.T.) budget can often be a dreaded task. Tech people seem to always want to spend more money and accounting people want to make sure funds are spent wisely. Both parties are striving to be good stewards of God’s resources, but there’s a critical disconnect between the dollar signs associated with a request and an understanding why the technology is needed.

When the accounting department sees a request or PO for toilet paper they don’t often ask many questions. Everyone knows what toilet paper is for and why it is needed. However, when Accounting sees a PO for a virtual server host they tend to ask a lot of questions. (Granted, one virtual server host costs as much as a year’s worth of toilet paper for most ministries.) This challenge is further compounded when normal ministry politics are involved.

Budgeting for IT, Audio Visual, or any other aspect of technology in ministry doesn’t have to be a bottleneck. Both technology and accounting folks need to work at making sure technology purchases like virtual server hosts are as easy to accomplish as purchasing toilet paper. But it takes teamwork. Technology is complicated. So is accounting.

Accountants learn as much about technology in school as tech folks learn about accounting. Tech folks often think accounting is just math and the accounting folks might think that technology is just browsing the Internet. It’s vital that the communication lines remain open. Technology folks should have nothing to hide. Here are a few guidelines to smooth the process of IT budgeting:

Spell It Out: 
While it’s easy for us to spout acronyms, we shouldn’t. Our requests for funding or explanations of how we are going to accomplish a project should be easy to understand. It is far better to invest the time to communicate than to attempt to snow someone in an effort to save time. Investing the time in communicating builds trust.

Trust One Another: 
Trust is vital to all aspects of ministry. Without trust, giving decreases; without giving there won’t be any money to buy toilet paper or virtual hosts. Trust is sometimes compromised unintentionally as good people try to work towards a common goal. To maintain trust you must not try to hide anything. No question should be ignored and no request for additional data should be put off—whether reasonable or not. Building trust leads to cooperation.

Play Nice Together: 
Cooperation is the sweet spot when the accounting team and the technology team are working together at maximum efficiency. As projects and requests come up both teams are able to quickly process information and produce results without unnecessary drama and without any additional drain on resources. And maybe, just maybe, through this cooperation the tech folks will learn a little about accounting and the accounting folks will learn what a virtual server host is (and why it’s needed). Accounting is able to be accountable while Tech is able to be productive.

Productivity is the ultimate goal—being productive to maximize effectiveness for the Kingdom. The technology team is a trusted resource that communicates effectively and the accounting team is valued for ensuring proper tracking of all funds and stewardship.

These foundations are critical to managing technology projects and budgeting. Technology expenditures should be planned, and not surprises. Equipment wears out: planning hardware replacement cycles is the duty of every technology manager. When you buy a server you know it won’t last forever, just like toilet paper. These plans can be done numerous ways and it’s important for the technology team to work with the accounting team and church leadership to determine the best way to save for and handle these ongoing expenses.

Special Needs: 
There is also the matter of special projects and new construction. It is easy to let the tech costs reach towards the heavens on new construction, but tech budget requests should be prepared and presented knowing that if there isn’t enough money to build the building then there won’t be any need for the technology. Trust can be built when the tech folks show they understand the fiscal realities of a project and don’t attempt to sneak in things just because it is a new building and a much larger overall budget.

The technology staff should also be looking ahead. At any moment the tech team should be able to enumerate their top three projects, whether those projects are for software, infrastructure, hardware, or employees doesn’t matter. They should also communicate as items age and need to be replaced. Not that every request will get approved, but at least if something important does fail you have communicated in advance—and not in crisis mode.

This is also why a member of the tech team should have a seat at the leadership table. Not because technology is the driving force but so that when ideas and projects and budgets are discussed the tech team is available to provide input and answer questions. Technology should be positioned as a valued resource that improves effectiveness, not a necessary evil. Too many times the people behind the technology cause the technology to be improperly positioned.

There is a great deal of comfort and security that comes when the technology and accounting teams work together as part of the King’s community. Surprises are limited. There is security in knowing what you can and can’t afford. Ministry impact increases. Besides, who wants to be part of a community without toilet paper?

Thursday, June 23, 2016

Keeping Your Family Safe this Summer

My latest article is now live at ministrytech.com.

Who doesn’t love summer time?  The sunshine and warmer temperatures, the family vacations, the lack of school homework, and of course, an evening on the porch sipping a refreshing iced beverage.  You’d think we would find ourselves outdoors more enjoying creation.  Often times though the opposite is true and we end up spending more time looking at our screens during the summer than we do the rest of the year.

Summer time can also be a cruel welcome to reality.  As kids we look forward to summer time because school is out and we get to play.  As adults we realize that summer time is no different from any other time of the year – we still have to work and life goes on as normal.  That makes it easy to use screens to keep our kids entertained during those long summer days.

Fortunately, the good folks at Microsoft have built some pretty cool tools into the Windows operating system to make it easy for families to manage their screen time.  While other software vendors also have family safety built into their products, Microsoft does it in a unique way that allows for native, remote control over your family’s computers without having to install or manage any additional software.

Windows Family Safety is a fantastic tool built right into all versions of Windows.  Windows 10 has the most features available but Family Safety is still available all the way back to Windows 7.  Using Windows Family Safety, you can set filters and block lists, control access time windows and set curfews, track device location, and even get a detailed report emailed to you about all activity taking place with the computer.

Not only is Windows Family Safety a powerful tool, it is also easy to use and Microsoft has done a great job providing helpful documentation.  All it takes is a few clicks and you will soon be monitoring all of the Windows devices in your family.

One feature that sets Windows Family Safety apart from other filtering or block services that are built into some operating systems is that you can remote control the settings.  Once setup on the computer, the parent can change settings remotely without having to touch the kid’s device.  This allows mom and dad to control the device from anywhere.  It also allows the child to request additional privileges and mom and dad to approve the request via email.

The content rating and restriction tools are most effective.  If you already have content filtering setup on your home network, Windows Family Safety works right along with it.  Then when the child takes their device to a friend’s house or other location where the internet might not be filtered Windows Family Safety keeps doing its thing so you know wherever the device is the content is filtered and your time limits and curfews will still be enforced.

You can also set it up to send you a weekly activity report of each child’s activity.  The report shows you which devices the child used, what they searched for on the internet, how long they used each app, the total amount of time they spent on the device, and any content that they attempted to access and was blocked.  This is a tremendous accountability tool – especially when you see what they are searching for online.

If the device is lost or stolen, you can also use Windows Family Safety to track the last known location of the device and disable it to protect your child’s personal information.

The goal here is not to be oppressive but to use this tool to help teach them to live a godly life, both online and offline.  As the child grows and matures you can use Windows Family Safety to provide additional online privileges – Windows Family Safety works from the youngest of kids to the oldest of adults.  It can even be used for adult accountability.

All you need to get started is a Microsoft account, which you probably already have if you are a Windows user.  Teaching responsibility with technology and providing accountability is made easier with Windows Family Safety.  Visit https://account.microsoft.com/family/about to learn more and get started and see if Windows Family Safety can help your family.

Thursday, May 12, 2016

Protecting the Soft Underbelly of the Church

My latest article is now live at ministrytech.com.

Last month we talked about the cyber challenges churches face.  This month we will look at some simple ways the church can protect itself from those bad actors using wise policies and procedures.  This assumes you have a firewall and a proper network design.  How do we provide maximum Kingdom impact while also being good stewards of the data God has entrusted to us?

First, let’s look at your Church Management System or ChMS.  Do you rely solely on the ChMS vendor to keep your data secure?  Do you test the security of your ChMS or do you just take the vendors word for it?

Do you have security audits with your financial audits?  I assume you have financial audits.  Even then the security questions in a financial audit can be useless.  A church IT friend of mine answered the security audit question, “How do you keep your data secure?” with, “12 flying monkeys.”  He never heard back from the auditor regarding that answer.  He should have.  Use a security company for a dedicated security audit or ask your ChMS vendor for a copy of the security audit they have done on their product.

Remember the Anthem hack of early 2015?  The hackers were after data that is similar in nature to the data we store in our ChMS software: names, addresses, phone numbers, and SSNs.

Second, what is your password policy like?  Is it written down?  How do you enforce it?  Does it make sense?  Research has shown that longer, more complicated passphrases are more secure than shorter, complicated passwords that users have to change frequently.  Forcing users to change their passwords, whether to their computer, ChMS, or any other system on a regular basis leads to the passwords being written down on the bottom side of the keyboard – where some of those bad actors know to look.

I suggest using long passphrases.  15 characters or more, with a capital, lowercase, number, and special character all required.  Using a phrase from your favorite song or Bible verse works.  “InthebeginningGod1!” as an example – but don’t use anything obvious or inscribed on a plaque hanging on your wall.  A passphrase like this will never need to be changed unless it is compromised.

Your password policy should also include the ability to enforce preventing users from sharing their passwords, even with volunteers.  It is far better to invest the time and issue a volunteer a login then to share staff access.  The same is true for your ChMS.  Does your password policy also apply to other sites and services that require your users to login?

If you find that a user has shared or compromised their password I suggest setting it to something like, “Isharedmypasswordsonowittakesme5minutestoentermypassword?!” and forcing them to use that for a week.

Third, do you have any data access policies?  Who gets access to your data?  What level of access?  Does everyone see everything or do users only see what they need to see?  What criteria do you use to determine who sees what?  Do you allow people to snoop around your database?  Who can view giving data?  How do you determine who sees what?

Volunteers are great and we use them all the time but do they need ChMS access at home?  While doing visitor data entry should they see SSNs and giving information?  It may take a little more work to set users up so they only see what is necessary but it is better – especially when you consider the amount of turnover volunteers have.

Fourth, physical access should also be addressed, that’s physical access to the hardware storing the data.  How do you protect your server room or is it just a closet everyone can get into?  I’m convinced I could walk into most churches, steal a server, and walk it out to my car and drive off with it if I just pretend that I own it.

Finally, our people or personnel policies also have to be reviewed.  Having the right people in the right positions is often times half the battle.  What happens when folks are dismissed or fired and access must be removed?  While we would like to say that doesn’t happen in the church world we all know it happens far too frequently.  Are you hiring people you can trust with your data?

People are the biggest security risk any organization has.  They fall prey to phishing scams and because they want to help they click on things they shouldn’t trying to help people they shouldn’t trust.  This leads to data loss.  Do you provide training for your users to teach them how to avoid such threats?

It is vital that security and cyber threat protection decisions not be made by tech people – they are leadership decisions and hopefully the tech folks have a representative at the leadership table.  I’ve written about this before and the importance of IT being in submission to the church leadership.  Contrary to popular belief tech people aren’t wired to say no.  But we are trained to keep things safe.  Leadership needs to get input and make wise, informed decisions about how to keep data safe, how much money to invest, and policies and procedures.

Again, the nature of our business makes this a challenge.  We use volunteers.  But decisions made in the light of day with the involvement of the necessary parties is a huge step towards avoiding disaster.