Welcome To The Knowledge Instigator Series
February 2023 featuring Interlaced.io
Thanks for being part of the first of the Knowledge Instigator Series.
In this series, we plan on providing educational resources to help startup companies along their journey.
Knowledge Instigator Series: It’s Never Too Early to Build a Scalable IT Program
Startups today have the ability to grow, scale and change more quickly than at any time in history. In a fast-growing company, there is so much to think about. For many companies, building a scalable IT Program seems like a luxury they neither have the time, the mental energy, nor the money to afford.
However, startups are more dependent than ever on their IT program to maintain open lines of communication, broker access to information, and even build and reinforce their culture. While the prospect of building an IT foundation can seem daunting, starting with a solid IT strategy from the start can help power your business’s growth. Here are some considerations, and some easy things you can do, to ensure your IT program is ready to support your growing team at each phase.
BYOD IT program: 1-10 Employees
During this phase, most teams are scrappily doing what they need to do to survive. Process and strategy often give way to experimentation and constantly shifting priorities. In most cases, the team is able to collaborate on the same video call. There may only be the need for one formal team meeting per week.
As for the IT program, there are some common trends during this phase. Many, if not all of the devices are likely personally owned or what is also known as BYOD, which means “bring your own device”.
Additionally, the business is reliant heavily on outside contractors, advisors, and/or freelancers. In many cases one or multiple people act as IT administrators, holding all of the keys to company systems.
The combination of unmanaged BYOD devices, single or multiple key holders, and broad and unmonitored access to the system by contractors, pose some long-term security challenges.
Here are some easy ways and tips to build a more robust IT program as you are starting out:
- First, create a record of who has access to what systems, folders, and groups. This will make it easier to cut access when someone leaves the company or when a contractor rolls off of a project.
- Second, consider adding a second administrator for key systems. This will make ensure that the company is not stuck if a key individual is suddenly unavailable.
- Third, using a simple password manager like 1Password, OneLogin or Keeper is a great way to secure access to your most sensitive passwords.
- Lastly, consider asking your employees and contractors to enable data encryption on their personal computers using FileVault on their Macs and BitLocker on their PCs.
Time for IT Basics: 11-30 Employees
For teams in this stage, most decisions happen by committee or by consensus. Roles are becoming more defined and employees know who to go to for help. Even without clear structure and accountability, things get done. The importance of structure, process, and communication begins to emerge.
During this phase, the need for an IT foundation becomes evident. One important consideration for the IT program is to transition from BYOD to company owned devices, and to deploy mobile device management (“MDM”) tools as a best practice. This ensures that company devices can be locked and wiped if lost or stolen, protecting company data, in addition to enforcing policies and critical security updates.
Additionally, businesses in this phase should consider deploying a business-grade antivirus tool, backing up their devices to a cloud infrastructure, and taking steps to improve email security. Finally, during this phase, it is important to begin working with an IT professional as the scope and amount of work becomes too much to handle as a second job.
The Emergence of Shadow IT: 31-50 Employees
During this phase, the team can likely no longer communicate effectively on a single video call. As the need for a management layer emerges process, policy, and organization become ever more important.
For the IT program, the complexity and number of applications and tools can begin to increase dramatically. Shadow IT is when individuals or departments make decisions to use hardware or software without the knowledge of consultation of an IT or security group. This could be anything from servers and laptops to cloud services and SaaS platforms. If not carefully managed, license counts and associated expenses can soar. Alignment on common tools as a standard can begin to break down.
With more businesses requiring more stringent security requirements of their vendors and partners, teams at this phase should also look at incorporating security standards like CIS. This way, your team is already prepared to start winning business with tighter security requirements, based on your security posture.
During this phase, it is important to implement tools, processes & procedures for SaaS licenses, and access level management across all technology touch points. In addition, you should standardize processes on how computers, peripherals, and applications are procured.
Business Drivers for IT Security & Compliance: 51-80 Employees
Around 50 employees, teams, and subcultures begin to develop. It becomes harder to standardize and enforce policies. The need for deep functional expertise and specialization begins to become a reality.
During this phase, if not before, organizations begin to get pressure from their clients, regulators, and investors for IT security and compliance. Quite often, this can be in the form of an IT Questionnaire. For many, the first time they are formally asked about their IT security can be quite daunting.
Proactively working with IT and security professionals can help expedite your response, giving your partners confidence in your business operation. Additionally, working with a modern IT MSP (Managed Service Provider) or MSSP (Managed Security Service Provider) can help to proactively build a foundation of IT security, making it easier to align with common security frameworks like SOC 2, NIST, CMMC, CIS and HIPAA.
Separation of IT Duties: 81-200 Employees
During this phase redundancy, efficiency and process are critical. Companies tend to grow quickly after raising capital and need to be able to onboard, equip and train their employees rapidly.
For the IT program, it is common that the workload and breadth of work are too much for any individual or small team to keep up with. Each week, multiple new employees start, computers need to be replaced, new policies and tools need to get deployed and systems need to be migrated and consolidated as teams, departments and companies are created, acquired or merged.
During this phase, it becomes important to separate day-to-day employee IT support from strategic IT planning and security. Many businesses hire an IT Director to stakehold initiatives internally. Commonly, many companies supplement their internal IT resources with a skilled MSP for certain support and programmatic expertise.
A Strategic IT Roadmap
There is no shortage of ways to spend money or time while building your IT program. Additionally, the vast selection of IT tools can be overwhelming. Working with a competent IT consultant, in-house IT professional, or MSP at all stages of your business’s growth can save headaches, and rework and can help ensure your employees have the access, tools, and protection that they need to do what they do best each and every day.
About Interlaced.io: We’re a holistic IT Managed Service Provider that delivers enterprise-quality IT for small and medium-sized businesses across the globe. Partnering with innovative and creative organizations across a wide range of verticals allows us to address more industries and share our vision to improve and advance our clients’ missions. We provide employee onboarding, device management, SaaS management, help desk support, security and compliance readiness, and more.
To learn how Interlaced can help build a scalable IT program for your fast-growing organization, please reach out at email@example.com or (855) 885-7336.