Welcome to the Apogee IT Services 2017 State of the Company Letter (also available in PDF form). This is the 14th annual State of the Company Letter (SOTCL). For those new to the Apogee family, the SOTCL was initially conceived by PC Network Services founder Peter Briden in an airport back in 2004 while watching the President’s annual State of the Union message. Peter had an idea, started writing, and an annual tradition was born.
This is my third SOTCL, and it is the first for many new clients including those who joined the Apogee family in January through our acquisition of DSM Computing Solutions. The purpose of the SOTCL isn’t really just to talk about our company; it is to review updates in the industry as well as relevant things to expect from Apogee in the coming year. It is also a chance to review the past year, including a (sometimes humbling) review of our predictions from last year’s message.
Creation of this year’s message was an interesting experience because of the diversity of our audience. It includes some clients from our Pittsburgh operation who have received all 13 previous SOTCLs, clients from Boston who learned of this tradition for the first time just last year, and clients in Toronto who joined the Apogee family less than two months ago. I hope everyone who reads this year’s message is able to find some value in it.
Before we begin, we first want to give a huge Thank You to the people who give us our purpose:
- To our clients for giving us the opportunity to perform every day while doing what we love
- To our employees for their dedication and commitment to our clients and our company
- To the many friends, suppliers, peers and partners and others whose wisdom, cooperation and support are an important part of our world
We also want to thank everyone who provided feedback – both the kudos and the suggestions on how we can do better – over the past year. Your feedback is critical to helping us be a better service provider, a better partner, and a better company.
CEO, Apogee IT Services
State of the IT Industry
To say that the IT industry is dynamic is to restate the obvious. Yet over the past few years, there are certain topics that have continued to be common themes:
Security, Security, Security
In last year’s SOTCL we predicted that Ransomware attacks would become increasingly common, severe, and sophisticated. We anticipated that hackers would adopt ever more sophisticated social engineering techniques to gain entry to more and more organizations. We also predicted that attacks would proliferate to the SMB space, rendering no organization “too small” to be a target. Unfortunately, we were correct on all fronts.
Ransomware is now a huge industry – billions of dollars annually – with most of that revenue going overseas. Ransomware attacks have become hackers’ objective of choice, and the variety of Ransomware has exploded, making prevention all the more difficult. Part of this proliferation of variants results from tool-kits that can enable even novice hackers to launch (and profit from) Ransomware attacks. With these tools, hackers with modest technical expertise can develop their own new variants.
In the face of this growing threat, maintaining a sound, multi-layer security posture continues to be the best defense from a security technology perspective, and Apogee provides such a solid posture to all of our clients. That said, no organization's security can be completely bulletproof.
End User Role in Security
As social engineering attacks continue to get more common and more sophisticated, a savvy end user community is every organization’s last, best line of defense. Since we rolled out our Internet Security Awareness Training (iSAT) several years ago, thousands of Apogee end users have learned their role in protecting their company, as well as how to identify and avoid attacks. We continue to make iSAT (based upon the KnowBe4 platform) available to all Apogee clients. Any client who would like to go through iSAT training (including those who have been through it before) can just let us know and we will work with you to set it up.
The Authentication Bar Goes Up
User authentication (e.g., username and password) is a critical component of any security infrastructure. A hacker who knows a single username and password can gain the keys to the kingdom if the right controls are not in place.
There are two aspects to defending against this risk. The first is the password itself. For years, we have been urging our clients to implement an effective password policy. This means requiring a strong password (8+ characters; mix of upper case, lower case, numbers and special characters) and requiring users to change their password periodically. In today’s world, every organization should require these measures. We have reached a point where a reasonable password policy is “table stakes” for maintaining a responsible security posture.
Likewise, we will soon approach a time where Two-Factor Authentication (2FA) is going to be as much a necessity in security as having a responsible password policy. In our strategic discussions, expect us to begin talking about options and timing for implementing 2FA. We plan to invest time in 2017 to establishing new 2FA tools and standards for our client base.
While password protection and (especially) 2FA can mitigate risk significantly, we always say that a determined hacker can always find a way in. So a second component to effective authentication is limiting what systems and functions users can access, so if a user is compromised the hacker is limited in the damage he/she can do. Many security breaches – including Ransomware attacks – have been avoided or limited by effective user access controls.
Apogee recommends to clients specific standards for user access and these best practices are part of maintaining a responsible security policy. To be sure, the measures we recommend can be inconvenient from an end user perspective. But as we always say, good security is – by definition – not convenient. It is, however, an important fiduciary responsibility for every organization.
One of the easiest predictions we made last year was that Windows 10 (Win10) adoption would accelerate in 2016. When Win10 was introduced in mid-2015, we recommended a “Wait & See” approach to Win10, and we maintained that position in last year’s SOTCL. By early 2016 it was clear that Win10 is a solid OS, and over the course of 2016 an increasing number of application providers updated their apps to run on Win10. Today, many – but not all – of the applications Apogee clients use are Win10-compatible. We now recommend that clients adopt Win10 for new workstations – as long as we are sure all applications are Win10-compatible (Apogee can help determine which of your apps can run in Win10).
Keep in mind that Win10 introduces an interface that is different from Win7 so some degree of proactive interface re-orientation or training can improve user acceptance. Some clients have asked if they should proactively upgrade Win7 or Win 8 systems to Win10, and our answer is generally “no”. Win7 and Win8 will be viable for a few more years so the cost, time, and complexity of a proactive upgrade is not worth the minimal added benefit of Win10. The most elegant and cost-effective Win10 adoption strategy is to transition over the next few years as older Win7/8 machines are refreshed. In late 2018 or 2019, we will likely change our tune and recommend that you start phasing out any remaining Win7, because Microsoft will stop patching Win7 in 2020.
Cloud continues to be a frequent topic. Some of the hype has faded, but it’s a nebulous term and one that is still confusing for many. In fact, there really is no single “cloud”, but rather several different approaches that leverage the cloud paradigm. These include:
- Public Cloud – A public cloud is a broadly available facility for computing or storage like Amazon Web Services (AWS) or Microsoft Azure. The term “public” in this context means that the facility is open to virtually anyone, and the client has a very limited relationship (and leverage when emergency support is required) with the cloud provider. Support also tends to be limited.
- Private Cloud – A private cloud is similar to public cloud in design, but very different in accessibility. Where a public cloud is open to everyone and is very transaction-focused (as opposed to relationship-focused), a private cloud is available only to organizations that are well-known to the service provider, and private cloud users typically enjoy a much closer relationship to their service provider than public cloud users do. From the client perspective, that ensures a higher level of accountability and better guidance from the service provider on optimizing the benefits of the cloud. Apogee is considered a Private Cloud provider, by virtue of our Toronto and Pittsburgh cloud environments.
- Utility Cloud – Many premise-based infrastructure components rely upon the cloud for information and updates. Premise-based firewalls, for instance, get their updates across the internet. Some security tools like mail filtering and web filtering work better (from both an architectural and security perspective) if they exist outside your environment (i.e., in the cloud). This flavor of cloud is referred to as Utility Cloud, because these tools and functions are utilities that are used to manage infrastructure.
- Software as a Services (SaaS) – With SaaS, software runs on infrastructure managed by the app provider or a third party, and users access the app via an Internet browser. SaaS applications change the traditional software procurement paradigm by shifting from a capital purchase strategy (hardware infrastructure, software, and IT management) to an operational expense strategy. With the SaaS model, organizations buy a short-term application outcome for a recurring fixed fee (costs can vary dramatically, from a few dollars per user per month – or even free — to hundreds of dollars per user per month) as opposed to an ownership model with high up-front costs and management expenses. Specific scenarios dictate where the break-even total cost of ownership (TCO) inflection point is. There are many pros and cons to be considered when considering implementing a SaaS application, and an objective vetting process is strongly recommended.
- Hybrid Cloud – Much of the cloud hype over the last few years has focused on whether organizations should throw all of their computing into the cloud. In reality, most organizations still leverage a combination of premises-based and cloud-based resources. In a hybrid model, some portion of IT infrastructure or utilities are in the cloud, while part of the infrastructure is on-premise. In this model, cloud resources can include everything from security tools and security updates to storage for off-site backup or Desktop as a Service (running applications in the cloud for consumption on a secure, local network infrastructure). Hybrid cloud is the most prevalent model in business today. Virtually every Apogee client today is in a hybrid cloud model, though the amount of infrastructure in the cloud can vary significantly.
The most important thing to know about the cloud is there is no one-size-fits-all answer when it comes to cloud computing, and the cloud has introduced a new dynamic in how organizations make technology decisions. Apogee works with each client to understand how and where the cloud fits and doesn’t fit into their IT strategy. It is something we often discuss during strategic advisory discussions with clients. In the meantime, whenever you have questions please let us know.
ISP Bandwidth: Getting More for Less
In last year’s SOTCL we said that bandwidth available from ISPs is increasing while costs are dropping. Sure enough, during 2016 we saw many clients go to higher bandwidth at prices below what they were paying for the lower bandwidth! We recommend that you explore your options, if you haven’t already. Apogee can help; let us know if you would like us to assist you.
One small caution – in some cases higher bandwidth has meant replacement of clients’ firewalls, and that comes at a (usually modest) cost. Between the reduced cost of bandwidth and the higher productivity of your users, any increased spend for a firewall is usually easily recovered.
State of The Company: Apogee IT Services
To be sure, 2016 was a busy year for Apogee. We added staff and clients alike. In late 2015, Apogee hit a major milestone – addition of our 50th employee (when I joined Apogee in 2014, we had 22). This is more than a matter of pride; it is also a known inflection point for growing businesses – a point at which an organization needs to pivot for scale, and when development of a strong management team is critical.
With this in mind, aligning and developing our leadership team was a critical focus for Apogee as we entered 2016. In February of 2016 we adopted a business methodology called the Entrepreneurial Operating System (EOS). EOS doesn’t present new, ground-breaking thoughts on how to build a company. Rather, it takes proven ideas from people like Jim Collins and Patrick Lencioni and combines them into a powerful execution framework. I won’t go into any more detail on EOS here, but please reach out to me if you’d like to learn more.
Our journey began with aligning our executive leadership team: Dave Minker (President/CTO and Boston Operations), Clint Laviano (Support and Pittsburgh Operations), Jim Luffy (Finance and Administration) and myself. Over the course of the year, we re-validated our vision and our focus including creation of a new “Why” (as in “Why do we exist”?):
We Enable Talented Technologists to Create World Class IT for Those Who Need It
We also updated Apogee’s Core Values:
- We Are Advocates for Our Clients
- We Are Committed to Our Company, our Team and Each Other
- We Persevere in the Face of Challenge
- We Are Relentlessly Consistent
- We Always Strive to Do Better
We announced these to our team in July 2016, and have continued to focus on them since. Our Core Values have become a rallying cry for our goal of having 100% of our employees “Right Person/Right Seat”.
Our work together also facilitated some organizational changes. Among these, we added two new members to our Executive Team. Nick Merola joined Apogee to lead our Sales & Marketing team in August. Tony Novelli joined in October to oversee all Operations, allowing Clint Laviano to focus solely on Pittsburgh Branch Operations.
While these efforts were a major focus for us in 2016, there were other notable developments as well:
Apogee Becomes a Technology Services Leader in Toronto
At the beginning of January, we announced the acquisition of DSM Computing Solutions of Toronto, Ontario. This culminated an effort that began mid-year, and brought to our family a deeply talented and dedicated team that aligns very well with Apogee culturally, operationally and technically. The Toronto acquisition also brings a very interesting private cloud infrastructure that can be leveraged by clients across all of Apogee.
We are extremely excited to be operating in Toronto as we continue to extend Apogee’s impact across northeastern North America. The acquisition of a branch in Toronto was also very personal for me. While I have lived in the US my entire life, my father lived in the Greater Toronto Area for nearly four decades, and the city was a second home to me for many years.
Specialization of Talent
Given the breadth and pace of change in the IT industry, many IT Services companies struggle to maintain the depth of expertise and redundancy of technical talent needed to ensure consistent ongoing support. Indeed “Jack of All Trades” describes technical staffing at many companies in our industry, and it is unusual for any company in our industry to achieve the scale needed to build a team with full technical breadth, depth, and redundancy across all technical areas.
With over 50 technical staff (and over 75 total staff) Apogee has reached a size and scale that allows our more experienced technologists to specialize. It provides our clients with a technical team that has a breadth, depth and redundancy of skills that is unusual in our industry. It gives our technical staff the opportunity to specialize in areas of greatest interest to them. That means better career paths for our talented technologists, which in turn allows Apogee to retain and grow the very talented team that is the heart of everything we do.
Mimecast (Anti-Spam Platform) Transition
In late 2015, McAfee announced its decision to sunset its popular email anti-spam platform (widely used by Apogee’s US clients, especially in Pittsburgh) leaving Apogee to find and implement a replacement. After a detailed search and analysis effort, we chose Mimecast.
Mimecast is a highly respected industry leader, and generally specked out as a higher quality platform than McAfee. We spent months planning the migration of over 100 Pittsburgh-based clients from McAfee to Mimecast. These cut-overs began over the summer, and all migrations were complete before the end of December, well ahead of McAfee’s end-of-January shut-down.
Though the effort consumed hundreds of hours of Apogee staff time, we were able to execute the project with minimal disruption to users.
A Look Ahead
As we reach the one-year anniversary of our EOS initiative, we are now in the midst of an organizational and operational change. We call it “Hub & Spoke”. The rationale behind this is simple.
There are functions that must be performed onsite, or (more importantly) where knowledge of and relationship with the client are critical. These functions will remain with our Branch teams in Boston, Pittsburgh, and Toronto (the “Spokes”).
On the other hand, there are many functions that we perform (including many technical functions, administrative functions, and back-office functions) that can be performed remotely and that are also highly transactional, high volume, and either are not very apparent to users, or fairly fast and simple to execute. Such functions can be performed more effectively and efficiently by dedicated resources in a Centralized Operation (the “Hub”).
The goal of this new model is two-fold. First, we want to empower Branch staff to focus even more time on clients by transitioning some of the less client-intensive functions to the Centralized Operation. Meanwhile, specialists in the Centralized Operation who are dedicated to those transactional (but important!) functions will become more proficient, effective, and efficient at executing them.
In this model, our Help Desk team will become much more self-sufficient, with dedicated teams of Tier I, Tier II and Tier III/IV technologists capable of handling the vast majority of situations without interrupting our engineers in the field. While all Help Desk staff will be part of the Centralized Operation, Tier II Help Desk staff remain physically embedded in the Branches, and dedicated to their local branch. That means you will continue working with Help Desk staff you already know and trust, augmented by some Tier I and Tier III/IV staff as appropriate.
For clients, Hub & Spoke means increased focus from the Apogee staff you know best (including Account Management, Field Engineering and Help Desk) as we transition less client-apparent functions to staff who love those tasks and do them well.
It is our hope and expectation that most of the changes we implement will be transparent to our clients, and those that are not transparent will be changes for the better.
In Closing….and Thank You
While our company continues to build, our primary focus continues to be where it always has been: delivering predictable, reliable IT to our clients.
That said, I ask you please to stay close to us. Everything we do we do for you, as part of our effort to be the best service provider we can be. While we believe we have a good plan, we also know we aren’t perfect. If there is a change you think has been helpful, please let us know. If something doesn’t feel right, please let us know that too – we can’t correct any of the issues we don’t know about! Please take 5 minutes to complete the Client Satisfaction Surveys when you receive them, or reach out to your Apogee contacts – or to me – to provide any feedback.
As always, we appreciate the opportunity to be your technology support provider. We strive hard each and every day to learn new technologies, improve our systems and processes and increase our value to our customers. Thank you for allowing us to perform. We appreciate the trust and confidence you place in our company and our people. As we look back on the past year we are proud of what we have accomplished, and we are excited about the possibilities 2017 brings. We anticipate many challenges in the coming year – both expected and unforeseen—and we look forward to tackling them as we always do – prudently, thoughtfully, methodically.
Thank you for your interest and – most importantly – for allowing us to be your partner. Have a GREAT 2017!
Michael Halperin, CEO, Apogee IT Services/Apogee IT Services Canada
David Minker, President/CTO and acting VP Boston Branch Operations, Apogee IT Services
Michelle Fink, VP Toronto Branch Operations, Apogee IT Services Canada
Clint Laviano, VP Pittsburgh Branch Operations, Apogee IT Services