“Availability” is in 2012 what we used to call “up time” in the 1900’s.  Ideally, you’d like it to be 100%, but it can be affected by a myriad of issues, and those issues are different, depending on whether you’re using cloud or on-premises ERP.  We’ve talked about cloud ERP availability in a previous blog (CLOUD SOFTWARE VS. ON-PREMESIS: SYSTEM AVAILABILITY), so this installment will deal with on-premises availability only.

Your on-premises system’s availability can be governed by these factors:

  • Power issues
  • Hackers
  • Internet availability
  • Hardware issues
  • Software bugs
  • System maintenance requirements (hardware and software)
  • Availability of connected services
  • Availability of a reliable backup

It’s remarkable how many factors must be in exactly the right state for your system to be up and running, but it’s only productive to dwell on the issues that you can control.  For example, you can’t really control whether or not there are hackers out there trying to break into your system.  There are.  You can only control how solid your firewalls and system security are.

If you want to maximize your ERP system’s availability, here are some strong suggestions:

  • Place all your servers on battery backups, and set them up for an orderly shutdown in the event of a power loss.  Test them once a month.  If your area is known to have power fluctuations or spikes, be sure that your battery backups also act as line conditioners.
  • Mandate the use of strong passwords throughout your system.  Consider these guidelines:

o    They should be at least 12 characters long.  The longer, the better.

o    They should contain at least one of each of these: Upper case letter, lower case letter, number, special character.

o    They should use at least 5 unique characters.

o    Encourage the use of a password manager, such as KeePass.

  • Disallow weak passwords.  Here are some guidelines (from Wikipedia):

o    Don’t use default passwords, as supplied by the system vendor and meant to be changed at installation time. Examples: password, admin, guest, etc.

o    Don’t use words right out of the dictionary, including words in non-English dictionaries.  Examples: retriever, wizard, goddess, etc.

o    Don’t use words with numbers appended.  Examples: password1deer2000john1234, etc.

o    Don’t use words with simple obfuscation.  Examples: p@ssw0rdl33th4x0rg0ldf1sh, etc.

o    Don’t use doubled words. Examples: crabcrabstopstoptreetreepasspass, etc.

o    Don’t use common sequences from a keyboard row.  Examples: qwerty, 123456, asdfgh, fred, etc.

o    Don’t use numeric sequences based on well-known numbers.  Examples: 911, 314159, 27182, etc.

o    Don’t use identifiers.  Examples: jsmith123, 1/1/1970, 555–1234, your username, etc.

o    Don’t use anything personally related to you.  Examples: your license plate number, your Social Security number, current or past telephone number, student ID, address, birthday, sports team, relative’s or pet’s names/nicknames/birthdays/initials, etc.  Much of this information can be obtained from your Facebook entry.

  • Setup roles-based passwords, and change them at least quarterly.
  • Keep all software, on the server, and on your users’ workstations, updated with the latest versions, particularly your anti-virus software.  Updates are often released to address security issues and weaknesses in your application software.  This is critically important to do on your servers and on your Internet site.
  • Be sure that all users understand your security policies, and obey them.  Your security is only as good as your weakest user.
  • Thoroughly screen all new hires.  Perform a background check and call their references.  This must be written into your employee handbook as a condition for employment.
  • Keep your network administrator and your security personnel updated with all staff changes, so that former employees are not given access to your data.
  • Design internal controls and user security before your ERP implementation begins.
  • Consider having your system security audited by an outside consultant.  Ask them to try to break in to your system and your website.
  • Schedule software and hardware maintenance during off-hours, and be sure that the schedule is known to all staff.
  • Confirm that you have a reliable system backup.  Test it.  Store one backup per week at an offsite location.

About the Author
Doug Deane is President of DSD Business Systems, an international provider of on-demand (cloud) and on-premises ERP and CRM software, specializing in wholesale distribution, manufacturing, warehouse management, inventory, business intelligence and eCommerce software.  DSD offers NetSuite Cloud ERP, NetSuite CRM, NetSuite eCommerce, Sage 100 ERP (formerly MAS 90), Sage 300 ERP (formerly Accpac), Sage 500 ERP (formerly MAS 500), Sage FAS, Sage HRMS (formerly Abra), Sage CRM, Sage SalesLogix, Sage Add-Ons (Extended Solutions), and Custom Programming.  DSD has been a multi-time Sage President’s Circle award winner, a two-time Sage Gold Development Partner of the Year recipient, has been recognized by the San Diego Better Business Bureau (BBB) as a Torch Award Finalist (2009) and Torch Award Winner (2010) for Marketplace Ethics, and has been recognized by the Council of Better Business Bureaus as a 2012 International BBB Torch Award Finalist for Marketplace Excellence.

Accounting Cloud DSD Business Systems ERP ERP San Diego Extended Solutions Sage 100 ERP Software Programming
CloudCloud ServicesCloud SoftwarecrmCustom EnhancementsCustom ProgrammingDSD Business SystemsERPExtended SolutionsNetsuiteSage 100 ERPSage MAS 200Sage MAS 90