How to Talk Tech to Get Business Results

In many construction companies, the responsibility for information technology (IT) often falls on the CFM’s shoulders. Knowing how to talk tech will help you invest in technology that will support your business goals and needs – both now and in the future.

This article isn’t meant to be a complete IT dictionary, but it will define some keywords and acronyms you should understand to take advantage of the potential cost-savings, productivity, and other benefits today’s technology offers.

Key Cloud Terms
The “cloud” is a commonly used term, yet 58% of construction professionals say they are only somewhat familiar with cloud computing, and 25% have no idea what it means.1 In simplest terms, cloud computing is the delivery of on-demand computing resources as a service over the Internet or other network.

Your company is probably most familiar with an “on-premise” IT setup in which all servers, networks, operating systems, data, software applications and other components reside inside your company’s walls.

Cloud computing allows you to move part or all of your IT “off-premise” by working with a cloud service provider. Advantages of cloud computing include simpler IT administration, faster deployment of IT initiatives, mobile access to information, workload scalability, reduced capital expenditures for hardware, and more predictable, pay-as-you-go IT costs.

When working with cloud computing providers, you may bump into the acronyms IaaS, PaaS, and SaaS, which are considered the three fundamental models of cloud computing. Let’s take a look at what they mean to your business:

Infrastructure as a Service (IaaS): In this model, the cloud service provider owns the equipment (including networking) and is responsible for housing, running, and maintaining it; you, the customer, maintain the software, data, and operating system.

In your office, there may be aging servers, hardware, and networking components. To replace everything would be expensive. Rather than invest in new equipment, you can outsource these IT components with cloud service providers that offer IaaS.

A recent IT survey showed that 32% of contractors are using IaaS for their IT infrastructure. However, the survey showed that even more contractors (77%) are using the information storage capabilities of IaaS for the purposes of backup and disaster recovery.2 The cloud can provide a way to store backup data far enough offsite (e.g., in another geographic location) and be able to recover it faster than traditional methods.

Recent events have shown the importance of having a geographically diverse data backup plan for your business. For example, consider the companies impacted by Hurricanes Katrina and Sandy, as well as the tornadoes and flooding in Oklahoma and Texas.

Platform as a Service (PaaS): Often referred to as “application hosting” or just “hosting,” with PaaS, the cloud service provider owns and manages the hardware and network infrastructure as well as the operating system. The customer is only responsible for the software and data.

This model is ideal if you have limited in-house IT resources or want to more easily set up remote access to your licensed software.

Software as a Service (SaaS): Likely the most familiar term for CFMs who are considering cloud solutions, this all-inclusive option is a subscription to an application that is fully hosted by a software company or cloud service provider. To access the software, users log in to the application via the Internet.

The customer does not have to install, troubleshoot problems, or download upgrades or enhancements. Another major advantage of SaaS products is the ability to access these cloud applications from any web-enabled mobile device. If your company is using smartphones and tablets in the field, then users can connect to cloud-based software to obtain project information, share documents and collaborate, submit and approve time worked, and file field reports.

In addition to understanding the basics of IaaS, PaaS, and SaaS cloud models, here are a few other cloud-related terms that will help you to determine the best course of action for your company.

There are three types of clouds offered by service providers: public, private, and hybrid clouds.

A public cloud provides services over the Internet; most SaaS applications run on a public cloud.

A private cloud provides services on a network dedicated solely to your company. This type of cloud offers the greatest level of security but is more costly.

A hybrid cloud combines both public and private cloud services, allowing you to keep very sensitive information more secure while taking advantage of public cloud efficiencies where it makes the most sense.

Virtualization: Virtualization software allows multiple operating systems and applications to run on the same server or storage device. A virtualized server inside your company will allow you to do much more with that machine and reduces equipment costs.

For example, you can run more software applications on a virtualized server, even if those applications are on different operating systems. In the cloud, virtualization provides your own secure space on physical servers that are shared with others.

Failover: Because cloud computing enables you to tap into a shared pool of computing resources, you’re not reliant on one piece of equipment or software. If an application, server, or other system component fails, then a standby exists to take over so there is no disruption to your business. This is often referred to as failover.

Multi-Tenant: Many SaaS applications are considered multi-tenant. So, one instance of the SaaS application is shared by multiple customers (i.e., tenants), which makes it more efficient to deploy software updates and enhancements. While multiple tenants share the software, each customer’s data is securely stored and not visible to other tenants.

Single-Tenant: SaaS applications can also be single-tenant. In this scenario, each customer has a separate instance of the software. Organizations that require a lot of software customization or that have stringent privacy requirements (such as government agencies and banks), are more likely to use a single-tenant SaaS solution or multi-tenant software that will run in a single-tenant environment.

Cloud computing services can improve your company’s technical capabilities. But, just as with any other business partner, make sure you understand exactly what you will be responsible for and what the cloud service provider controls. The cloud terms just covered can get you started on that important dialog.

The True Definition of Interoperability
The terms interoperability and integration are often used interchangeably, but they have very different meanings.

Interoperability allows different software programs to “talk” with one another. It allows applications to work together across organizational boundaries, regardless of the construction software used.

Think of sharing design details, prequalification information, RFIs, RFQs, submittals, and other data with designers, customers, subcontractors, and other business partners – directly from the software each uses every day.

Integration has traditionally been used to describe how data (e.g., design, estimating, accounting, project management, scheduling, etc.) is shared internally among a company’s software programs. Integration has often been accomplished by purchasing software from one vendor.

As you look to improve communication and collaboration internally and externally with your project partners, there’s a new language of interoperability emerging.

agcXML: Extensible Markup Language (XML) is a standard computer language that can be read by any XML-compatible software application. It’s often used to export and share data between multiple software programs.

The standard agcXML was first developed by the Associated General Contractors (AGC) of America in 2008 as a way to en-courage the efficient exchange of data between software solutions in the industry.

In 2012, the Construction Open Software Alliance (COSA) was formed. Working alongside AGC to develop complementary standards, COSA also served as a voluntary test group for agcXML. Presently, COSA now leads the agcXML effort to better connect construction project data across independent software providers.

Schemas: A schema provides a specific structure for XML data, making it easier to share among multiple software systems. Today, agcXML and COSA offer multiple schemas for the exchange of data among software systems. These include data exchange standards for contractor records, timesheets, planroom information, ConsensusDocs 721, RFIs, and more.

What do all these technical terms mean for your company? Essentially, they provide options to choose the software that best fits your business needs while helping you to easily share information internally and externally with all members of the building team. True interoperability, though still in its infancy, will go a long way to remove many of the barriers to collaboration.

Words to Keep Your Data Secure
As presented in “Time to Get Serious: Protecting Your Company from Cyberattacks” by Rob Rudloff in the July/August issue, cybercrime is on the rise and affects companies of all sizes. Being unfamiliar with common cybersecurity terms could put your company’s data at serious risk.

While security should be a concern whether your data resides on-premise or in the cloud, the increasing use of mobile devices and cloud services is adding a new dimension to the discussion. In fact, more than half of contractors don’t currently have a mobile security plan in place.3

Here are some key terms to understand, especially when putting together a mobile security plan and talking with cloud service providers.

Malware: Any type of malicious software that infects computers and mobile devices is called malware. Different types of malware include viruses, spyware, worms, and Trojans. Ransomware is a relatively new and more sophisticated form of malware that encrypts your files until you pay for a code that will unlock them.

Network Eavesdropping: Usually difficult to detect, network eavesdropping is an attack in which the hacker intercepts data communications being transmitted across either a wired or wireless network.

International Organization for Standardization (ISO) 27001: The ISO 27000 family of voluntary standards offers best-practice specifications for securely managing financial data, intellectual property, employee details, and other information. (You may already be familiar with ISO 9000 quality standards.) ISO/IEC 27001 is a well-known standard and focuses on how to securely manage sensitive company information.4 The platforms upon which many SaaS applications are built will often be certified by a third party that they meet ISO 27001 requirements.

Service Organization Control (SOC) Reports: SOC reports were created by the AICPA to address the increase in the number of businesses outsourcing various functions to service organizations such as cloud computing providers. “The SOC 2 and SOC 3 reports both look at a service organization’s controls related to the security, availability, processing integrity, and the privacy or confidentiality of information the system processes.” The reports help provide assurance regarding the confidentiality and privacy of information processed by a cloud service provider.5

Authentication: Any time a password is used to gain authorized access to information, authentication occurs. Ideally, employees have the convenience of single sign-on (SSO) – that is, only one username and password is needed per person to gain access to multiple corporate and cloud-based services, which enhances productivity.

With that convenience, however, comes some obvious security concerns if an employee’s SSO password is lost or stolen. To strengthen security, especially when using SSO, technology providers are moving toward two-factor authentication (2FA) or even multi-factor authentication (MFA). With 2FA or MFA, your employees would be required to provide at least two forms of authentication to verify their identity.

Some examples of additional authentication methods include a secret question (e.g., What was the name of your first pet?) and the use of a security “token” (e.g., a USB that automatically transmits authentication data when connected to a computer). Additionally, there is the still sci-fi-like method of biometric authentication in which fingerprints and retina scans are used for identity verification.

Encryption: While you are probably familiar with this term, the process of transforming data into an unreadable format is vital to data security. For example, you might encrypt data at rest (data stored in your databases, files systems, laptops, and mobile devices) as well as data in transit (typically information moving over the Internet or other network).

Bring Your Own Device (BYOD): It is becoming increasingly popular to allow employees to use their own devices for work purposes. In fact, a recent IT survey of construction companies showed 56% allow it.6

Virtual Desktop Infrastructure (VDI): VDI is a remote desktop service that allows employees to use any hardware device (even if it is personally owned) to securely access company information and applications from anywhere. This helps to solve problems that arise from employees using various types of mobile devices.

Virtual Private Network (VPN): A VPN connects a private internal company network to remote offices, jobsites, or individuals; it is often described as creating a secure “tunnel” over a public network, such as the Internet. Data is encrypted between the sending and receiving ends to prevent unauthorized access.

Mobile Device Management (MDM): Many companies use MDM to better manage mobile devices. MDM is especially useful in BYOD environments because it separates and secures corporate data from an employee’s personal information. The technology can be used to remotely lock or delete data when a device is lost or stolen, manage the use of company-approved applications, fix common user problems, and other mobile administrative and security tasks.

Knowing these common security-related terms will go a long way to help you ask the right questions to protect your company’s information.

On the Horizon
Even as you read this article, new technologies and terms are being born while others are becoming extinct. We’re already hearing about:

Internet of Things (IoT): A concept where everyday objects such as construction machinery, materials, and devices worn by workers become part of the Internet, increasing your ability to monitor equipment repair needs, inventory levels, and safety concerns.

Streaming Data or High-Velocity Data: The ability to get real-time insights out of a wide variety of big data sources, such as the large amounts of data being collected from buildings – from electricity usage to system maintenance monitoring.

Data Visualization: A graphical representation of data that makes it easier to interpret the data, spot trends, and make decisions. This primarily shows up in dashboards and business intelligence applications.

No-Touch Interfaces: Technology that will allow you to operate computers, tablets, smartphones, and other devices through hand motions, voice, or signals. No keystrokes, clicks, or finger-tapping necessary.

As technology advances, terms like time-sharing, computer terminal, card punches, and batch mode are now part of our IT history. However, one thing is certain: Tech talk is a language that will continue to evolve.

Endnotes
1. Sage 2015 Construction IT Survey.
2. Ibid.
3. Ibid.
4. www.iso.org/iso/home/standards/management-standards/iso27001.htm.
5. Bourke, James C. “Explaining SOC: Easy as 1-2-3.” AICPA CPA Insider. June 11, 2012. www.cpa2biz.com/Content/media/PRODUCER_CONTENT/Newsletters/Articles_2012/CPA/Jun/Easy123.jsp.
6. Sage 2015 Construction IT Survey.


DENNIS J. STEJSKAL is Vice President of Strategy for the Construction and Real Estate Business Unit of Sage in its Beaverton, OR, location.

He has more than 30 years’ experience developing, supporting, and selling software and technology to construction and real estate companies.

Dennis is an industry presenter and previous author for CFMA Building Profits. He is a longtime CFMA member and has served on the former IT Council, including as Co-Chair.

E-Mail: dennis.stejskal@sage.com
Website: www.sagecre.com
Twitter: @stejskald


Copyright © 2015 by the Construction Financial Management Association. All rights reserved. This article first appeared in CFMA Building Profits. Reprinted with permission.
Contact publications@cfma.org for reprinting information.


Click here for a PDF of this article.