By Tommy Rainey
Executive Publisher, Disaster Resource GUIDE
[The following article is taken from the recent special edition of the Disaster Resource GUIDE:
IT Incident Response and Communication. This 18-page edition is available in its entirety at the following link: IT Incident Response and Communication.]
Which IT alerting solution is right for you?
When dealing with critical IT outages time is of the essence and rapid communication plays a major role in minimizing the impact of outages, such as loss of revenue and damaged reputation of your service. Having the right IT alerting solution in place can dramatically help organizations address critical IT outages.
If you’re in the market for a critical IT communications solution, there are a number of questions you should consider for an informed buying decision. To determine which questions are most relevant, first you need to think about how your organization will use the solution and understand which features drive the ROI requirements of the solution.
Most organizations want to be able to communicate with the right technical teams to get IT outages solved as quickly as possible. But do you need to reach key executives and perhaps even customers? Do you have a need for global communication? Does critical IT communications play an isolated role in the organization or should it tie into the organization’s broader critical communications platform? If you have a communications platform under contract at your company, is expanding that solution to include critical IT alerting a logical choice?
Understanding the right questions you should ask when considering a vendor can help uncover which one is the right fit for your organization now and in the future.
1. Am I overbuying?
Every organization deals with IT outages. But when looking at the Return on Investment (ROI) of a solution, it is important to note that critical IT incidents are the most costly to the company’s reputation and bottom line. Hence, the key value of an IT alerting solution lies in its ability to address Priority 1 (P1) and Severity 1 (Sev1) incidents for the right price. When purchasing a solution for critical IT communications, you should search for one that helps you reduce Mean Time To Repair for the critical outages.
In addition to being able to address P1/Sev1 incidents, it may be possible to address lower priority (P2-P5) incidents. However, it is critical to recognize the diminishing value of lower priority incidents and therefore the possibility that additional features to address those incidents might be overpriced or unnecessary. While it might seem attractive to have bells and whistles which would allow you to address a low priority issue such as one of the office printers being down, it is important to not overvalue those features and complexities. This situation can lead to overbuying whereby the largest part of the cost of the solution lies in functionality that is not critical in terms of ROI. The functionality that allows you to reduce MTTR during P1/Sev1 incidents is what saves you money, but paying for the functionality and complexities to handle the much smaller incidents can cancel out those savings and delay time to value because it takes time and effort to implement the processes for addressing P2-P5 incidents. For this reason, you’ll want to be sure that you’re only paying for functionality that you actually use and that saves your company money.
2. Am I paying too much?
With any type of purchase, price is generally an important deciding factor. If you’re being charged too much for a product, typically you won’t make the purchase. When it comes to a critical IT communications solution, find yourself a vendor that meets the key criteria for an IT alerting solution and does so at a competitive price. One metric to consider is the cost per user per month. Prices for IT alerting solutions can range from $10 to $70, per month, per user. If you are consider¬ing a solution on the higher end of this scale, is the additional cost worth those additional features? Your best case scenario is finding a vendor that allows you to address the most important critical IT incidents – P1 and Sev1 – at a price that won’t eliminate any savings you expect to realize from being able to address these incidents much quicker. If the cost outweighs the savings realized by implementing IT alerting, it doesn’t make much sense to purchase the solution.
Regarding price, it could be valuable to consider the constituents in a major IT outage, and assess the types and the value of communications with each constituent. Personnel involved in the delivery of critical IT resources would be primary, followed by those using the applications, and then ‘customers’ of the system, both internal to the company and external users. Each level of stakeholders requires different types of communication and the pricing should not be based on the highest (most expensive) level.
Finally, are there real-world and quantifiable examples from the vendor’s customer base where the system has reduced the time required, for example, to get key team members into a conference call?
3. Is the solution reliable?
If a vendor you’re considering has an IT alerting product that is supported on premise, you should eliminate them from your list of options. On-premise solutions are no longer acceptable, as an incident such as a power outage could disrupt or shut off your service. If you’re unable to use the IT alerting solution you purchased to help save your company money, it could actually end up costing you, not only on the financial side but also in reputation. For this reason, it is important to find a solution that is supported in the cloud, because what good is a critical IT communications solution if it doesn’t work during crunch time when you need to send out messages about a critical outage? To ensure uptime, your system has to guarantee a few things. First, the provider needs to have multiple data centers in case one should fail. Second, they need to have data centers that are geo-dispersed. This helps ensure that you’re able to send communications even if a localized event happens that brings down one data center.
When asking a provider if the system they provide is reliable, it is also important to understand how that connects with scalability. Numerous factors can affect performance and a system’s overall resiliency – including scalability. If a system is pushed to its limits because of extremely high usage and then fails, it is not resilient. A vendor has to be able to harness the cloud for additional data centers – located in different areas, unaffected by an event – for additional capacity and as a failover if one or all of the providers’ systems should be down.
Another question you should ask of a vendor is their basis for claims of reliability. Has an independent, third-party organization measured and reported on the system’s reliability, or are the claims of reliability solely based on internal records or hearsay?
4. Was the vendor’s solution designed from the ground up as a SaaS product?
If choosing a SaaS-based IT alerting solution, has the vendor always offered the SaaS solution, or is the SaaS solution a relatively recent offering to complement or migrate from an on-premise solution? As many vendors follow the industry and begin to migrate their hosted solutions to SaaS, it is important to take into account the potential downfalls that come with learning the ins-and-outs of offering a SaaS-based solution. The IT marketplace has many examples of companies who have attempted to play catch-up by migrating an offering from a hosted solution to a SaaS platform. One example of this is Siebel Systems, which after years of selling a successful hosted solution, began to migrate their CRM solution to the cloud. Salesforce.com, on the other hand, was created from the beginning as a SaaS offering and based on that strength, far surpassed Siebel in the CRM marketplace. Be sure you recognize the importance and value of a notification solution that was designed from the ground up as a SaaS offering.
5. Is the solution easy to use?
A critical IT communications solution must be easy to use. But ease of use is difficult to fully quantify because “easy” is often a personal opinion based on an individuals’ capacity to assimilate technology. Every vendor will claim its system is the easiest to use, which can add confusion to your buying decision.
So, if all the systems are easy to use, should “ease of use” even be a primary factor in the final purchasing decision? Yes – given the critical nature of a notification system, ease of use is important. In fact, high levels of stress can reduce a person’s cognitive capabilities during a critical incidents; a system that was easy to use yesterday may prove to be overly complex when it’s really needed.
You should use a set of standard criteria to measure ease of use to help strip away some of the subjectivity. During critical IT incidents, you need simple, intuitive interfaces. When considering any critical IT communications solution, determine whether the average person will be able to use the system with little to no training, or if the system will require some type of specialist. Many of the systems on the market today are flashy, but are also primarily focused towards a highly technical user. While this type of system can be very impressive during a vendor-led product demonstration, the user can quickly get lost within the menus when an actual critical IT incident occurs.
Below are a few questions you should ask each vendor:
- How many clicks does it take to send a message?
- How many pages must be visited to send a message?
- How many clicks does it take to launch a pre-existing message?
- How much training is required to get users up and running?
Your IT alerting solution should also easily integrate with other processes to simply how you send out notifications. For example, you may want a vendor that offers APIs that allow for email broadcast initiation, and synchronization with HR systems to keep an automatically updated contact list.
6. Does the solution have global reach?
If your organization uses or relies on technical support teams in international locations or has internal and external stakeholders outside of the US, it is important that your critical IT communications solution has global reach. Today, international voice calling is very simple and inexpensive. This simplicity might cause you to mistakenly believe critical communications are similarly easy to accomplish. However, there are many international communications challenges resulting from infrastructure differences, the need for local call routing, carrier acquisitions and mergers, different regulations in Europe, content filters used to protect cultural practices in China, limits on delivery volumes to comply with SPAM initiatives in the US, India and Australia, and other carrier connectivity issues all over the globe. For example, Caller ID and SMS functionality is almost taken for granted within the US. However, implementing Caller ID and SMS internationally involves different standards across multiple countries and telcos. Does a vendor have the necessary arrangements to facilitate global inbound calling, and if so, from what countries? To meet all of these challenges, when evaluating a vendor, you’ll want to be sure that they have processes in place to help you increase the success of international notifications and comply with local contact data protection regulations. If a vendor doesn’t have this functional¬ity, you may struggle to send global notifications about critical IT incidents to customers, executives or any other stakeholders who need to be informed.
7. Does the IT alerting product offer multi-modal communication?
Multi-modal messaging – SMS, cellphone, email, landline, push notification, etc. – is key to delivery success, as no single delivery path is ever 100 percent reliable worldwide. The more communication paths that are available, the more likely your customers and stakeholders will receive important information and updates. Targeting individuals guarantees the team responsible for fixing the problem can be alerted first, key stakeholders are not caught by surprise and customers are informed.
A significant benefit of a robust notification solution is the possibility of eliminating (and saving the cost of) existing ‘point’ solutions, such as pagers. The cost of pagers could be $20/ month per pager, and many hospitals or IT departments could have hundreds of pagers in use at great expense. If your notification solution is multi-modal and can communicate across various platforms, there could be significant savings in your organization by eliminating ‘point’ solutions entirely.
8. Does the IT alerting product allow for customer outreach?
Scalability is important for any solution. Not only should your vendor allow you to communicate internally, it should also offer the ability to communicate with customers. During IT incidents, you need to be able to keep customers in the loop. If your critical IT communications solution doesn’t have the capability for customer outreach, your organization’s reputation and bottom line could take a major hit.
The best way to manage customer complaints is to be proactive and remain visible during critical incidents. Misinformation can spread like wild fire on social media and escalate a situation, so maintaining a presence by communicating with customers can quell rumors, improve trust and retain customer loyalty. An added benefit is a reduction is service calls, since customers already know the company is addressing the issues. In order to keep your customers happy and protect your organization’s reputation and bottom line, it is crucial that your vendor allows for customer outreach. Even though this may not be an immediate need, the capability to scale up to customer outreach without having to use a different solution is not to be overlooked. This type of scalability – and beyond – should be a requirement of any vendor you choose for critical IT communications.
Simply being able to communicate with customers is great, but you also want the capability to send notifications about information people care about. This means you should find a vendor that allows you to set up subscription-based customer notifications, which allows customers to be alerted about issues that actually impact them as opposed to every, single issue. For example, a personal banking customer may care about data breaches but not an issue with the commercial online banking portal.
9. Does the vendor offer personal 24x7x365 support, and free best practices and other training?
Calling a customer support line and getting and automated response can be frustrating. For this reason, you’ll want to find a vendor who can offer you 24x7x365 personal phone support. Whenever you call in with an issue, you should get an actual human answering the phone who can solve your problem – not a robot.
After your vendor sells you a solution, they shouldn’t disappear. In order to be as successful as possible with your system, you need to buy from a vendor that offers excellent training programs so you can successfully deploy and use your solution. It is important that you find a vendor who offers free online training programs that are always available, as well as additional customized on-site training if necessary.
Whether you need assistance implementing your system, want to learn best practices or simply need help logging into the system, your vendor should be ready and willing to help.
10. Does the vendor solve more than one business problem?
Most organizations have more than one need for a critical communication system. Those that use critical communications for IT outages typically also need critical communications for needs around business continuity, life-safety, emergency preparedness or some other use case. The issue with some vendors is that they aren’t able to handle the different communication needs each organization requires. One vendor may offer critical IT communications, and not offer BC/DR communications or vice versa. For this reason, it is of great benefit to you to find a vendor that offer solutions for all of your communication needs, which means you’ll only need one contact database, as opposed to multiple if you use different systems for each use case.
When searching for a critical IT communications vendor, move away from point solutions and find someone who is able to offer enterprise critical communications. Find a solution that allows you to communicate with technical teams to fix IT issues as well as one that offers the functionality to reach employees if there is severe weather that could endanger them on the way to work. And consider the increasing regulatory compliance issues such as HIPPA regulations and other privacy regulations; can your vendor meet those requirements with their existing solution?
Choose the Right Solution for Your Organization
Selecting a solution for critical IT communications is a major decision that will impact your organization for years to come. It is important that you understand the key questions to consider when evaluating vendors to make sure you choose a system that meets all of your communication needs. By completing this process, you should be able to find a vendor that allows you to respond to critical IT outages in a variety of ways to reduce MTTK and thereby MTTR, which, in turn, can help deliver a significant and quantifiable return on investment.
About the Author
Tommy Rainey is Executive Publisher of the Disaster Resource GUIDE. For over twenty years he has worked with organizations worldwide to promote business continuity and resilience. He can be reached at firstname.lastname@example.org.
The above article is taken from the recent special edition of the Disaster Resource GUIDE:
IT Incident Response and Communication. This 18-page edition is available in its entirety at the following link: IT Incident Response and Communication.