Quantcast
Jump to content


Shop Management tools


Recommended Posts

Go with an actual SMS (not QB's).  It'll provide you tools that will directly aid you in ways that you don't even know about.   You will spend about $400/month, but this will pay for itself many times over as it will provide you computer-calculated margins on parts and and will let you see your profit margins as you are building the ticket.    If it is too low, you need to adjust.  This live realtime feedback loop is how it pays for itself.  You'll be able to order parts online without having to call your parts supplier, which saves you time.   You'll get builtin reporting that lets you see your business health in realtime.

I'm using Protractor.   It has been around for a long time and has a deep breadth of features.  It's missing a built-in DVI though.   Others started with the DVI and have a lesser set of features.   Stealing from Joe, I'd say consider these:  Tekmetric, Shop Ware, Protractor, Mitchell1 (only to be used with Bolt On Technology).  I was unimpressed by AutoLeap and have heard nothing great about ShopBoss.  But these are also contenders.

Most of these are cloud-based now.  This means that you need a reliable internet connection.  They handle the software backups for you.  I still backup some of my data monthly, but it's just a subset.

Lastly, stay away from the CHEAP SMS's.  Just like in any business, you get what you pay for.  Pay more to avoid the pig-in-a-dress!  😬   Your monthly fee allows them to continue innovating their software so that you get new features that may help you.

Hope this helps! 

  • Like 2
Link to comment
Share on other sites

On 1/14/2023 at 9:53 AM, Joe Marconi said:

There are many programs out there, and some are better than others, depending on the size of your business and the type of work you do. From what I hear around the industry, a few of the top names are Tekmetric, Shop Ware, Protractor, Micthell1 (only to be used with Bolt On Technology), Auto Leap, and Shop Boss. There are others, but I would say these what I hear are the most popular. 

I used Mitchell, but there are a lot of drawbacks. Now that I coach, from my perspective, many clients are happy with Tekmetric, Protractor, Auto Leap, and for smaller shops, Shop Boss.

Let's see what other ASO members say about this. By the way, any company you are interested in will do a demo. 

I will definitely be taking demos but want to cut the list down a bit. This information is helpful, so thank you. I have 4 bays and really want things to be more accurate and time/cost sensitive. 

Do you know what the people you are coaching like about Tekmetric vs protractor or autoleap?

Link to comment
Share on other sites

On 1/15/2023 at 11:36 AM, bantar said:

Go with an actual SMS (not QB's).  It'll provide you tools that will directly aid you in ways that you don't even know about.   You will spend about $400/month, but this will pay for itself many times over as it will provide you computer-calculated margins on parts and and will let you see your profit margins as you are building the ticket.    If it is too low, you need to adjust.  This live realtime feedback loop is how it pays for itself.  You'll be able to order parts online without having to call your parts supplier, which saves you time.   You'll get builtin reporting that lets you see your business health in realtime.

I'm using Protractor.   It has been around for a long time and has a deep breadth of features.  It's missing a built-in DVI though.   Others started with the DVI and have a lesser set of features.   Stealing from Joe, I'd say consider these:  Tekmetric, Shop Ware, Protractor, Mitchell1 (only to be used with Bolt On Technology).  I was unimpressed by AutoLeap and have heard nothing great about ShopBoss.  But these are also contenders.

Most of these are cloud-based now.  This means that you need a reliable internet connection.  They handle the software backups for you.  I still backup some of my data monthly, but it's just a subset.

Lastly, stay away from the CHEAP SMS's.  Just like in any business, you get what you pay for.  Pay more to avoid the pig-in-a-dress!  😬   Your monthly fee allows them to continue innovating their software so that you get new features that may help you.

Hope this helps! 

Thanks for your help. My understanding was that I would need to run servers for Mitchell and that it isn't cloud-based. 

Do you have by chance know the reasons someone would favor say a TekMetric over a Mitchell or vice versa?

  • Like 1
Link to comment
Share on other sites

On 1/15/2023 at 11:36 AM, bantar said:

Go with an actual SMS (not QB's).  It'll provide you tools that will directly aid you in ways that you don't even know about.   You will spend about $400/month, but this will pay for itself many times over as it will provide you computer-calculated margins on parts and and will let you see your profit margins as you are building the ticket.    If it is too low, you need to adjust.  This live realtime feedback loop is how it pays for itself.  You'll be able to order parts online without having to call your parts supplier, which saves you time.   You'll get builtin reporting that lets you see your business health in realtime.

I'm using Protractor.   It has been around for a long time and has a deep breadth of features.  It's missing a built-in DVI though.   Others started with the DVI and have a lesser set of features.   Stealing from Joe, I'd say consider these:  Tekmetric, Shop Ware, Protractor, Mitchell1 (only to be used with Bolt On Technology).  I was unimpressed by AutoLeap and have heard nothing great about ShopBoss.  But these are also contenders.

Most of these are cloud-based now.  This means that you need a reliable internet connection.  They handle the software backups for you.  I still backup some of my data monthly, but it's just a subset.

Lastly, stay away from the CHEAP SMS's.  Just like in any business, you get what you pay for.  Pay more to avoid the pig-in-a-dress!  😬   Your monthly fee allows them to continue innovating their software so that you get new features that may help you.

Hope this helps! 

Thanks for responding. A couple of questions if that's ok.

What is it about QB that you like so much better than the SMS you ran before?

What are some of the reasons you know to avoid cheap systems?

Thanks for your help!

  • Like 1
Link to comment
Share on other sites

1 hour ago, cooterdavenport1 said:

Thanks for responding. A couple of questions if that's ok.

What is it about QB that you like so much better than the SMS you ran before?

What are some of the reasons you know to avoid cheap systems?

Thanks for your help!

I'll make this easier for you....  No for Mitchell - Most Mitchell folks are happy after switching and wonder why they waited so long.    Protractor is very complex and can be overwhelming if you are not used to a SMS.   Protractor has a builtin accounting system too (that I don't use).  When you need complexity it is your friend.  At the beginning, it can be a foe.  When they finally release an integrated DVI, they would be worth considering.  ShopWare and TekMetric are liked by many, but I've seen people try it and leave it too.  For you, I'd start with these 2.  No one is 100% happy with any SMS.  

Remember this:  Once you start using an SMS, switching to a new system can be a disruptive effort for the shop.   Unless required, don't be wishy-washy.  Pick a long-term winner.  

QB's is an accounting program.  It works well.  Use it for accounting.    Some people integrate with back office to pull data into QB's.  We don't do this.  We make a daily sales entry into QB's manually.   I balance my parts accounts using Protractor and when it's balanced, I transfer over the total owed for each vendor.  This approach reduces the noise in QB's.   I let the SMS be the expert Parts Handling System and Sales Management System.  I let QB's do the books.   Good luck.

  • Like 1
Link to comment
Share on other sites

20 hours ago, Transmission Repair said:

First, let me clarify something, I was using QuickBooks Desktop Pro which is not cloud based. Cloud based QuickBooks, in my opinion, is lame and very limited. QuickBooks Desktop has many more features that are helpful to the business.  I was able to configure QuickBooks to the way I ran the business, not conforming how our business is run to some SMS system.  Estimates and invoicing were 2 templates I designed.  (shown below)Neil Gause.pdf I was also able to create various fields in our vendor list and customer lists.  The front counter ran seamlessly with our accounting.  I could print out a P&L or balance sheet with only a few mouse clicks.  I have to confess that the way I configured QB bordered on programing because it included knowing QB code.  I can't honestly recommend QB Desktop to the average shop, but it is one hellava better app than the cloud-based QB.

I don't know any tips to avoid a cheap SMS other than to ask other shops.  Whatever they recommend will likely involve configuring the way your shop is ran to the software.

2011P&L.pdf 10.47 kB · 1 download

Thank you for all the help so far. Asking other shops is precisely why we're doing this. Like you said, I don't have time to make a mistake and have to replace a solution. I think I have a good start here so far, and will definitely be factoring QB into my decision, but I am hopeful I can find an system where I don't need it. 

What has been a huge drag on my time is the labor guide. I don't have time to look all of this up and call around for parts, etc. I need to be in a bay, especially until I can afford another tech. 

I've heard this is an additional cost with a lot of systems. Can anyone provide insight into what systems this would be an additional cost for or one's that don't work as well as a shop would need it to? @Joe Marconi @bantar

  • Like 1
Link to comment
Share on other sites

2 minutes ago, Joe Marconi said:

All business systems have access to labor and parts guides. I can't speak to the cost for each system, sorry. But, it is not significant when you think about its value. Please bear in mind that a labor guide is just a guide.  And sometimes they are way off.  Also, the parts guide gives OE prices.  With this said, it will be important to understand YOUR DESIRED labor and part margins.  One step at a time; don't get overwhelmed. Put first things first, shop around, get demos and make a decision. 

And don't worry about a wrong or right decision. No business system is perfect and will do all you want it to do.  

OK that is helpful. My understanding is that not all of them had access to these guides which would mean a lot of lost time for my investment if other options have them. I have been approached for demos by RO writer and Napa Tracks already, but am concerned about using an on-premise system for reasons like these. 

Are there other reasons I should not be considering an on-premise system? this will help me figure out who to spend my time shopping. Thank you so much for your help.

  • Like 1
Link to comment
Share on other sites

27 minutes ago, Joe Marconi said:

When you say "on-premise system" are you referring to a non-cloud based system? 

Yes. I've been told I'll have to house servers for Mitchell or other on-premise systems, which sounds like a bigger headache than I can imagine from anything where I don't have to. I'm not a computer whiz but I'm good enough to get by on something with no maintenance I'd bet.

Link to comment
Share on other sites

I was using QB until about 2 years ago I looked around and finally settled on Shop-Ware. It's absolutely the best thing I could've done. I love it. Greatly simplifies my life, easy to use, helps me keep track of profit margins, easy to order parts...the list goes on and on. I use QuickBooks online as my accounting software and Shop-Ware automatically sends the data across on each ticket as soon as it's paid and customer picked up the vehicle. Works awesome. Has a great built in vehicle inspection system as well. Customers love pictures. Another thing that my customers really like is getting their invoice texted to them when I'm done and it also has a pay button so they can pay via card if they want. 

  • Like 3
Link to comment
Share on other sites

  • 4 months later...
On 1/18/2023 at 9:52 AM, cooterdavenport1 said:

Yes. I've been told I'll have to house servers for Mitchell or other on-premise systems, which sounds like a bigger headache than I can imagine from anything where I don't have to. I'm not a computer whiz but I'm good enough to get by on something with no maintenance I'd bet.

I am not sure what or who has told you that you will have to house servers, but I think they are trying to scare you into buying their program.

Depending on your setup and business size/# of locations, your "Server" could be nothing more than your desktop computer.  Properly configured a simple desktop computer with moderate hardware (CPU speed, # of processors, memory, etc.) can be your "Server" and you could connect as many "clients" or satellite computers to it as you have in your shop. 

One thing to consider when "going on the cloud" is you do NOT own your data, period, full stop. Why is this important? Because if you were to stop paying that company for access to YOUR DATA that THEY OWN, you will lose all of it.  Meanwhile, most local installation (on your shop computer's hard drive) programs will have some kind of legacy access.  Meaning, if you change programs and no longer pay them the subscription fee, you can still access the data, just with very limited rights, such as view and print customer information/invoices only.  Other local programs, like the old desktop QuickBooks, once you buy the program, you own it and it will work forever (at least until you have a catastrophic hardware failure) and will always have access to your data.  On the cloud, once you as the cash cow stop paying the cloud company, you lose access.  Although I guess some will allow you limited access for a short period of time afterward, it's not in perpetuity like a local installation. 

And one last consideration of you do not own your data, no matter what their "Privacy Policy" says, they have every legal right to access any of your data, mine it, sell it, use it, delete it, modify it, do anything they want to with it.  Most won't do anything with your data that is evident to you but they will certainly be able to mine it, use it, sell it anyway, anytime and to anyone they want and you won't be the wiser.  This is not conspiracy theory, this is actual fact and legal, because "They who own the server, own the data."

 

I am currently reviewing new SMS systems so that is how I found this thread.  Although it's not very informative, as most queries like these aren't either.

  • Like 1
Link to comment
Share on other sites

58 minutes ago, TheTrustedMechanic said:

One thing to consider when "going on the cloud" is you do NOT own your data, period, full stop.

Me thinks TheTrustedMechanic doesn't trust these guys!  😬😁    However, it's critical to be certain of where you stand, so I'm with you on that. 

Ownership of your data is a contractual issue.  If it's not stated as yours, it's not yours.   But, think about the reputation of the software companies that block you from transferring your data to the next guy...   They would get a bad rap and not live much longer.   Therefore, most will allow your data to be exported.  Ask the SMS about this before signing up.    Most SMSs can import data from other SMSs.  Once the data export is completed, there is no need to access your data from the old SMS (with the caveat that not all items can be imported).   See Import Example below.  

Personally, I don't have an issue with either on-prem(ise) SMSs or cloud-based SMSs.   If you have on-prem, you must have a disaster plan in place for everything from hardware failures to virus recovery to ransomware attacks.  And you must establish a solid backup process that ensures that you lose very little data in the worst case scenario.   You are not impacted much by an internet outage.   If you have a hardware or data failure, you are the IT guy that must bring it back up.  You will likely get phone support from your SMS on the steps to recover.    With redundancy and a stellar backup strategy and practice, this can be 30-60 minutes.   It can be way longer depending on what the failure mode is.   You are the IT guy!    You will perform software updates when you approve them.

With Cloud based SMSs, your data is stored in a professional data center.  Backups and hardware failures are managed by the SMS.  You are VERY dependent on the internet working as no internet means no SMS.   There are mitigations that might help if your main internet goes down, such as using a Mobile Hotspot for temporary internet access.  You are beholden to the SMS technical team to correct any software bugs / outages that might occur in the cloud.  You can only complain and wait on resolution.  Software updates on Cloud-based SMSs usually occur more often as these are easier deployments for the developer of the SMS.

Pick whichever is better for you.

Import Example:   I use Protractor that allows me to have all customer family members, with separate emails and phone numbers per person under a single record.   The software does not allow this on a number of other SMSs.  There structure is a single person and phone number.  By definition, if I were to import the data to another one, the import would discard the extra names and only select one to be primary contact, email and phone number.   This is not horrible, but it is an example where data import is NOT Perfect.  

Personally, as a computer guy, I distrust computers.   I know that they can fail on a moments notice.   I have my own backup strategy and backup my data monthly on top of what the SMS is doing for me in the cloud.   This includes my contacts, vehicles, invoice summaries, financials, etc.  What I don't backup are the actual invoices.   Now, this happens monthly.  I also backup this data to an offline storage drive, but because I'm lazy or forgetful, this happens maybe quarterly.  Ransomware cannot get a hold of a storage drive that is not connected to the network!

Access to your data:   I'm also using AutoFlow for DVIs.  I asked them about their access policy should I desire to switch to the next new thing.   They said that I would have access to MY data with no additional fees for as long as I need.  It's read only data.  I can't modify anything.  I can't run reports, but I can access the completed DVIs.   What a great policy by them!!!   This is what stand-up companies do.   Ask your potential SMS about this, and ask them to show you this in writing to be sure.   They are likely going to have a solution.

Ask the right questions and pick a good partner companies to work with that you trust! 

58 minutes ago, TheTrustedMechanic said:

And one last consideration of you do not own your data, no matter what their "Privacy Policy" says, they have every legal right to access any of your data, mine it, sell it, use it, delete it, modify it, do anything they want to with it.  Most won't do anything with your data that is evident to you but they will certainly be able to mine it, use it, sell it anyway, anytime and to anyone they want and you won't be the wiser.  This is not conspiracy theory, this is actual fact and legal, because "They who own the server, own the data."

This should be considered on a case-by-case basis.   Hunt with Paar Melis and Associates, an auto shop accounting firm, is mining his clients data with permission and presenting to all of us a set of baselines that may help us manage our businesses.  This is a good use of data mining.   Now, when I talked to RepairPal, they wanted access to my SMS and I had no desire to allow them into my system.   I don't see any good reason why I should allow my customer data and sales to escape.  Given that this was a contractual requirement, I opted not to work with them.   Now, if Protractor wanted to mine my data for some statistical data exercise, I can't see how I could be hurt.  Leave my customers alone and we're good.   And lastly, I allow my marketing companies to access my customer data for marketing purposes.  This benefits me and my customers and I'm trusting that they will not STEAL my customers.

Edited by bantar
  • Like 2
Link to comment
Share on other sites

11 minutes ago, bantar said:

Me thinks TheTrustedMechanic doesn't trust these guys!  😬😁    However, it's critical to be certain of where you stand, so I'm with you on that. 
I don't trust what I know to be a potential breach of trust and privacy.

Ownership of your data is a contractual issue.  If it's not stated as yours, it's not yours.   But, think about the reputation of the software companies that block you from transferring your data to the next guy...   They would get a bad rap and not live much longer.   Therefore, most will allow your data to be exported.  Ask the SMS about this before signing up.    Most SMSs can import data from other SMSs.  Once the data export is completed, there is no need to access your data from the old SMS (with the caveat that not all items can be imported).   See Import Example below.  
This is NOT the point, sure, you might be able to transfer your data to a new service, but as was admitted, "not all items can be imported."  The point is, you only have a license to access your data, nothing more.

Personally, I don't have an issue with either on-prem(ise) SMSs or cloud-based SMSs.   If you have on-prem, you must have a disaster plan in place for everything from hardware failures to virus recovery to ransomware attacks.  And you must establish a solid backup process that ensures that you lose very little data in the worst case scenario.   You are not impacted much by an internet outage.   If you have a hardware or data failure, you are the IT guy that must bring it back up.  You will likely get phone support from your SMS on the steps to recover.    With redundancy and a stellar backup strategy and practice, this can be 30-60 minutes.   It can be way longer depending on what the failure mode is.   You are the IT guy!    You will perform software updates when you approve them.

With Cloud based SMSs, your data is stored in a professional data center.  Backups and hardware failures are managed by the SMS.  You are VERY dependent on the internet working as no internet means no SMS.   There are mitigations that might help if your main internet goes down, such as using a Mobile Hotspot for temporary internet access.  You are beholden to the SMS technical team to correct any software bugs / outages that might occur in the cloud.  You can only complain and wait on resolution.  Software updates on Cloud-based SMSs usually occur more often as these are easier deployments for the developer of the SMS.

This is irrelevant, because in the event that your local system goes down, you won't have access to the online services anyway.  You will still have to be, "...the IT guy." Not to mention that hackers and malcontents will target which, your local system or a large data server?  And don't pretend that large data servers are impervious to hacker, malware and ransomware attacks.

Pick whichever is better for you.

Import Example:   I use Protractor that allows me to have all customer family members, with separate emails and phone numbers per person under a single record.   The software does not allow this on a number of other SMSs.  There structure is a single person and phone number.  By definition, if I were to import the data to another one, the import would discard the extra names and only select one to be primary contact, email and phone number.   This is not horrible, but it is an example where data import is NOT Perfect.  

Personally, as a computer guy, I distrust computers.   I know that they can fail on a moments notice.   I have my own backup strategy and backup my data monthly on top of what the SMS is doing for me in the cloud.   This includes my contacts, vehicles, invoice summaries, financials, etc.  What I don't backup are the actual invoices.   Now, this happens monthly.  I also backup this data to an offline storage drive, but because I'm lazy or forgetful, this happens maybe quarterly.  Ransomware cannot get a hold of a storage drive that is not connected to the network!

Access to your data:   I'm also using AutoFlow for DVIs.  I asked them about their access policy should I desire to switch to the next new thing.   They said that I would have access to MY data with no additional fees for as long as I need.  It's read only data.  I can't modify anything.  I can't run reports, but I can access the completed DVIs.   What a great policy by them!!!   This is what stand-up companies do.   Ask your potential SMS about this, and ask them to show you this in writing to be sure.   They are likely going to have a solution.

Ask the right questions and pick a good partner companies to work with that you trust! 

This should be considered on a case-by-case basis.   Hunt with Paar Melis and Associates, an auto shop accounting firm, is mining his clients data with permission and presenting to all of us a set of baselines that may help us manage our businesses.  This is a good use of data mining.  
The key here is that this professional service provider has sought PERMISSION.  The cloud based data storage (your SMS provider) does not, will not and is not required to seek your permission before accessing, mining, selling or using your data because, despite all the flowery, "Your privacy is very important to us," male bovine excrement in the Privacy Policy, YOU HAVE NO PRIVACY.  Read it, every line and then try to think of how it can be twisted to allow them the access they are trying so hard to deny they will take.  And this access, mining, sale and use, as I said will NOT be in ways that are readily apparent to you or your customer.

Now, when I talked to RepairPal, they wanted access to my SMS and I had no desire to allow them into my system.   I don't see any good reason why I should allow my customer data and sales to escape.  Given that this was a contractual requirement, I opted not to work with them.   Now, if Protractor wanted to mine my data for some statistical data exercise, I can't see how I could be hurt.  Leave my customers alone and we're good.   And lastly, I allow my marketing companies to access my customer data for marketing purposes.  This benefits me and my customers and I'm trusting that they will not STEAL my customers.

Again, RepairPal asked for access, they asked for permission and you denied it.  Your marketing company has access to your customer data because YOU GAVE PERMISSION.  Cloud based storage services do not ask for permission because it is in the EULA and (you have NO) "Privacy Policy" that people do not read.  Just like a used car salesman says, "Trust me, we inspect every car we sell." What they don't tell you but you are led to believe is that they may inspect the car, find problems but they do NOT fix them.  "Look, over there! So you don't see the scam I'm running over here."  Same thing.  It's a very simple situation, you do you, do what you feel serves your business, but please don't try to downplay, dismiss or deny what happens every single day and what is common knowledge to those with any level of research into the "privacy policies" and actions of these companies.  There is a reason why lawsuits have been brought and the decision was, "Those who own the server, own the data."

 

Link to comment
Share on other sites

The good news is that there are SMSs with on-prem solutions that meet your data privacy requirements.   You'd want to ask them if they are planning to switch to cloud, so that you don't get one that wants to force you to upgrade later.   It's an expensive transition to rewrite their software for cloud, so some companies may choose to never go cloud.

I see value in both models and only tried to lay out a pros/cons list.

1 hour ago, TheTrustedMechanic said:

Not to mention that hackers and malcontents will target which, your local system or a large data server?  And don't pretend that large data servers are impervious to hacker, malware and ransomware attacks.

I've previously written a large detailed description of why targeting a production data server is not as easy as it seems.   A modern cloud compute engine and it's database are isolated.  The malware and ransomware attacks generally hit those systems that must be "open by design".   For example, I must access this shared filesystem to be able to share my spreadsheet / document with other employees.  These open systems are where the attacks occur.   I'll just say that the cloud systems have a much lower risk of attack.   The cloud computers in our shops don't ACCESS the cloud server, but rather ask it to perform tasks.  The cloud server is a closed/isolated system.  It's safe to consider.   I contend that it is much safer than my local and secured network.

  • Like 1
Link to comment
Share on other sites

17 hours ago, bantar said:

The good news is that there are SMSs with on-prem solutions that meet your data privacy requirements.   You'd want to ask them if they are planning to switch to cloud, so that you don't get one that wants to force you to upgrade later.   It's an expensive transition to rewrite their software for cloud, so some companies may choose to never go cloud.

I see value in both models and only tried to lay out a pros/cons list.

I've previously written a large detailed description of why targeting a production data server is not as easy as it seems.   A modern cloud compute engine and it's database are isolated.  The malware and ransomware attacks generally hit those systems that must be "open by design".   For example, I must access this shared filesystem to be able to share my spreadsheet / document with other employees.  These open systems are where the attacks occur.   I'll just say that the cloud systems have a much lower risk of attack.   The cloud computers in our shops don't ACCESS the cloud server, but rather ask it to perform tasks.  The cloud server is a closed/isolated system.  It's safe to consider.   I contend that it is much safer than my local and secured network.

And just how do you "ask" the server to perform those tasks or get data from it or store data to it?  You seem awfully argumentative and too eager to try and prove your point when you are only make specious claims.  But, you do you and I will protect my data as I see fit.  Since you are endeavoring to ignore reality, logic and only argue. 

Because there were numerous articles citing specific examples and they were so easy to find regarding hacked cloud servers, this discussion with you is moot because you continue to refuse to admit to reality.  For just one example, Reuters reported,
 

"August 27, 20216:06 PM EDTUpdated 2 years ago
 

SAN FRANCISCO, Aug 26 (Reuters) - Microsoft (MSFT.O) on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher."
Then there was another article from CyberTalk - dot - org that cited 5 major could server security breaches in 2021 as well. 

 

What is even scarier, according to a search for "are cloud servers hacked 2023" and a resulting article from tech - dot - co, there have been 37 data breaches of varying significance or severity (cyber attacks) on cloud servers in 2023 so far and another 72 in 2022.  These ranged from fast food companies to healthcare to big pharma all the way up to the government (a smallish department as well as the House of Representatives).  And, if a tech company like Farcebook or even Western Digital can be hacked, so to can Tekmetric, Shop Ware, Protractor, Micthell1, Auto Leap, and Shop Boss, google docs, Microshaft and many others.

At the risk of being overly brusque, since you are desperate to prove yourself right when you aren't, refuse to admit that you are wrong and are unwilling to admit to the facts and reality and claim things that simply are not true,at least not to the extent that you are pretending, this discussion is pointless.  I have provided facts to back up my position and after this, I am done with this discussion.  I refuse to engage in an endeavor where the other party is seeking to beat me with experience. I hope you have a blessed day.

 

Link to comment
Share on other sites

8 hours ago, TheTrustedMechanic said:

And just how do you "ask" the server to perform those tasks or get data from it or store data to it?  You seem awfully argumentative and too eager to try and prove your point when you are only make specious claims.  But, you do you and I will protect my data as I see fit.  Since you are endeavoring to ignore reality, logic and only argue. 

I'm sorry to hear that you feel that I'm arguing.  It is not my intention.  I have nothing to gain in this discussion.  My only goal is to provide some comfort to others that they can safely use cloud solutions.   Clearly, I recognize that cloud is not your cup-o-tea.   Only because you asked "how do you "ask", is the rest of this response below presented.  It's a very deep topic.

TLDR:   Request-Response messaging design limits what can be done.   You want access to the filesystem to create the real carnage.   SMS cloud designs don't expose their filesystems.   Most shops don't store data worth stealing (e.g. CC).

There are numerous types of software applications that utilize cloud resources of varying types.   You can't lump them all in the same bucket.  Some software architectures will have more exposure to hacks than others.   Regardless, all network-connected systems are vulnerable to an attack.   Disconnect from the network to reduce your attack profile.    This is even true for on-prem software solutions.   If it is connected to the internet, it can be attacked.   So, we agree on this point.

Security is not a singular item, but rather a layered set of protection strategies.   One of which is a rock-solid data backup strategy which includes off-site and offline storage of backups.   When you are attacked, assuming a worst case scenario, how quickly can you erase everything, then restore backups and lose as little data as possible.   On a redundant system, service restoration can be measured in milliseconds, a few hours on run-of-the-mill systems and on terribly managed system, this can take weeks or even be unrecoverable (data loss).   There's a billion combinations of system designs.   However, we can take any given architecture and analyze it for security weaknesses and then build a plan around it's vulnerabilities in order to reduce our risk.  Risk is never eliminated, only mitigated.  I can tell you that my background in Software Development was with redundant systems.   Our downtime was measured in seconds per year.   I do have a rudimentary knowledge of security and protocol design.

SMS Cloud Applications generally will have these properties

  • Request-Response Protocol
    • It exposes limited operations.  You don't have free reign to do what you will.
    • This is the ask the server to do something.  For instance,
      • Store this text blob which contains my labor ops description for WO #112233.
      • Give me the data I need to prepare a report of my daily sales (client retrieves raw data and presents it to the user in various formats)
      • Requests and Commands to the server are primitives (raw data) that are processed locally by the client
      • And every other operation that a SMS does
    • You must understand the protocol and build well formed messages, or it will not process the operation
  • API Access Keys are required
    • You will not access the system without using an encrypted API key that allows you to send messages
    • API Access Key only allows you to communicate.  It does not mean that you are authenticated.  Passwords are also required.

So, I can either attack the protocol to wreck the system or steal data, or instead, I attack the operating systems to get at the filesystem.   It would be easier to hack my shop than a cloud based system that inherently has many more layers of protection. 

If I were to give you my API key and my password, you could read, modify and delete all of my data.   You won't get the next guys data without another API key and password.   The best attack of my system would be to attack my network and get access to my computers to grab my data.   If you were to attack my system, you'd get names, addresses, invoices, sales data - pretty boring stuff.  I don't store any credit card data or customer passwords.   The value of my data is nil and IMO, not worth pursuing.  This is where we likely disagree... on the value of the data being protected.   I simply desire to be a good steward of my customers' data / information. 

Personally, my biggest financial risks are having online access to my bank accounts.   I reduce my risk by having unique passwords for every online account and 2 factor security... my passwords are 20+ characters of gibberish each.   My next biggest risk are my credit cards on file at all of the local dealers and Amazon, etc.  This bit me once by an independent dealer 300 miles away.  How did he get my CC info????  We resolved it though.  

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Available Subscriptions

  • Have you checked out Joe's Latest Blog?

         0 comments
      It always amazes me when I hear about a technician who quits one repair shop to go work at another shop for less money. I know you have heard of this too, and you’ve probably asked yourself, “Can this be true? And Why?” The answer rests within the culture of the company. More specifically, the boss, manager, or a toxic work environment literally pushed the technician out the door.
      While money and benefits tend to attract people to a company, it won’t keep them there. When a technician begins to look over the fence for greener grass, that is usually a sign that something is wrong within the workplace. It also means that his or her heart is probably already gone. If the issue is not resolved, no amount of money will keep that technician for the long term. The heart is always the first to leave. The last thing that leaves is the technician’s toolbox.
      Shop owners: Focus more on employee retention than acquisition. This is not to say that you should not be constantly recruiting. You should. What it does means is that once you hire someone, your job isn’t over, that’s when it begins. Get to know your technicians. Build strong relationships. Have frequent one-on-ones. Engage in meaningful conversation. Find what truly motivates your technicians. You may be surprised that while money is a motivator, it’s usually not the prime motivator.
      One last thing; the cost of technician turnover can be financially devastating. It also affects shop morale. Do all you can to create a workplace where technicians feel they are respected, recognized, and know that their work contributes to the overall success of the company. This will lead to improved morale and team spirit. Remember, when you see a technician’s toolbox rolling out of the bay on its way to another shop, the heart was most likely gone long before that.
  • Similar Topics

    • By carmcapriotto
      Thanks to our partners, NAPA TRACS and Promotive
      In this episode of Business by the Numbers, Hunt explores the benefits and considerations of owning your auto shop's real estate. Learn about financing options, affordability, and real-life examples to help you make an informed decision.
      -Understand different financing options for purchasing real estate.
      -Assess your shop's ability to afford property ownership.
      -Learn the long-term benefits of owning your business premises.
      -Real-life examples to illustrate key points.
      
      Thanks to our partners, NAPA TRACS and Promotive
      Did you know that NAPA TRACS has onsite training plus six days a week support?
      It all starts when a local representative meets with you to learn about your business and how you run it.  After all, it's your shop, so it's your choice.
      Let us prove to you that Tracs is the single best shop management system in the business.  Find NAPA TRACS on the Web at NAPATRACS.com
      Paar Melis and Associates – Accountants Specializing in Automotive Repair
      Visit us Online: www.paarmelis.com
      Email Hunt: [email protected]
      Get a copy of my Book: Download Here
      Aftermarket Radio Network
      Click to go to the Podcast on Remarkable Results Radio
    • By carmcapriotto
      Welcome to another episode of the Auto Repair Marketing Podcast, hosted by Brian and Kim Walker! 
      Today, we have a very special guest, Michael Doherty, who was our exceptional service advisor at Peak Automotive in Apex, North Carolina. 
      Michael has been a pivotal figure in our journey, and we are thrilled to share his insights on customer loyalty and retention. He’ll discuss his unique approach to building lasting client relationships and the importance of genuine care and transparency.
      Thank you to RepairPal for sponsoring The Auto Repair Marketing Podcast. Learn more about RepairPal at https://repairpal.com/shops
      Lagniappe (Books, Links, Other Podcasts, etc)
      WorldPac - https://www.wtitraining.com/
      Worldpac STX - https://automotivetrainingevents.com/event/stx/
      Traver Technologies: https://traverconnect.com/
      ShopWare - https://shop-ware.com/
      How To Get In Touch
      Group - Auto Repair Marketing Mastermind
      Website - shopmarketingpros.com 
      Facebook - facebook.com/shopmarketingpros 
      Get the Book - shopmarketingpros.com/book
      Instagram - @shopmarketingpros 
      Questions/Ideas - [email protected] 
      Click to go to the Podcast on Remarkable Results Radio
    • By carmcapriotto
      Thanks to our Partners, NAPA TRACS, AutoFix Auto Shop Coaching, and Today's Class Discover the significance of mentorship with Bill Weaver, a NAPA Autotech Trainer, and his mentor, Jim Dzurik. They share personal stories and insights into their mentor-mentee relationship, highlighting how mentorship has profoundly impacted their lives and careers. The conversation delves into the importance of passing on knowledge and wisdom to the next generation. The episode emphasizes the value of seeking and offering mentorship to foster growth and personal development. Bill Weaver, NAPA Autotech Trainer. Listen to Bill’s previous episodes HERE Show Notes
      The idea of a mentor-mentee episode (00:01:02) Bill Weaver proposes the idea of a mentor-mentee episode, leading to the discussion of mentorship and the impact of having a mentor in one's life and career. Mentoring Bill Weaver (00:02:05) Bill and Jim discuss their mentor-mentee relationship, including Jim's initial impressions of Bill and the challenges and growth they experienced together. Teaching and learning (00:04:45) How Jim taught Bill about responsibility, punctuality, and the importance of learning and listening, leading to Bill's personal growth. Bill's entry into the transmission shop (00:05:58) Bill's entry into Jim's transmission shop and the initial impressions and experiences of working together. Challenges and growth in the mentorship (00:07:17) Jim's candid admission of being frustrated at times and the challenges they faced, including humorous anecdotes about being fired multiple times. Teaching the "why" and "how" (00:10:24) The importance of mentors teaching the "why" and "how" to their mentees, and Jim's realization of his role as a mentor. Passing on knowledge (00:12:07) Bill's realization of the importance of passing on knowledge and being a mentor to the next generation, inspired by his own mentors. Memorable moments and popular culture (00:14:11) Fond memories and experiences shared between Bill and Jim.. Star Wars memory (00:17:20) Discussion about watching Star Wars and the impact it had. Mentorship and life skills (00:20:26) Discussion about the mentorship relationship, life skills, and wisdom. Importance of research and failure (00:24:06) The significance of research, failure, and learning from mistakes in mentorship. NASCAR and boxing stories (00:28:47) Stories about NASCAR involvement and interactions with famous boxers. Retirement and family influence (00:31:29) Conversation about retirement, longevity, and family influence. Legacy of mentorship (00:32:56) Reflection on the impact of mentorship and teaching. Finding one's calling (00:38:00) Discussion on how individuals may discover their true calling and the importance of pursuing it. Becoming a mentor (00:40:11) Encouragement for individuals to volunteer as mentors and the impact of expressing gratitude to mentors. Persisting and seeking knowledge (00:44:25) The importance of persistence, continuous learning, and adapting to changes in the automotive industry. Thanks to our Partner, NAPA TRACS NAPA TRACS will move your shop into the SMS fast lane with onsite training and six days a week of support and local representation. Find NAPA TRACS on the Web at http://napatracs.com/ Thanks to our Partner, Auto-Fix Auto Shop Coaching Proven Auto Shop Coaching with Results. Over 61 Million in ROI with an Average ROI of 9x. Find Coach Chris Cotton at AutoFix Auto Shop Coaching on the Web at https://autoshopcoaching.com/ Thanks to our Partner, Today's Class Optimize training with Today's Class: In just 5 minutes daily, boost knowledge retention and improve team performance. Find Today's Class on the web at https://www.todaysclass.com/ Connect with the Podcast: -Follow on Facebook: https://www.facebook.com/RemarkableResultsRadioPodcast/ -Join Our Private Facebook Community: https://www.facebook.com/groups/1734687266778976 -Subscribe on YouTube: https://www.youtube.com/carmcapriotto -Follow on LinkedIn: https://www.linkedin.com/in/carmcapriotto/ -Follow on Instagram: https://www.instagram.com/remarkableresultsradiopodcast/ -Follow on X (Twitter): https://twitter.com/RResultsBiz -Visit the Website: https://remarkableresults.biz/ -Join our Insider List: https://remarkableresults.biz/insider -All books mentioned on our podcasts: https://remarkableresults.biz/books -Our Classroom page for personal or team learning: https://remarkableresults.biz/classroom -Buy Me a Coffee: https://www.buymeacoffee.com/carm -The Aftermarket Radio Network: https://aftermarketradionetwork.com -Special episode collections: https://remarkableresults.biz/collections                                  
      Click to go to the Podcast on Remarkable Results Radio
    • By mikezat
      Hi! I got a bunch of engine and cabin filters - leftovers from my store. What's the best way to get rid off the inventory? eBay sales are slow and not an option due to the time it takes to list a filter and due to expensive cost of shipping.
      Many thanks in advance,
      Mike

    • By carmcapriotto
      The Weekly Blitz is brought to you by our friends over at Shop Marketing Pros. If you want to take your shop to the next level, you need great marketing. Shop Marketing Pros does top-tier marketing for top-tier shops.
      Click here to learn more about Top Tier Marketing by Shop Marketing Pros and schedule a demo:https://shopmarketingpros.com/chris/
      Check out their podcast here: https://autorepairmarketing.captivate.fm/
      If you would like to join their private Facebook group go here: https://www.facebook.com/groups/autorepairmarketingmastermind
      In this podcast episode, Chris Cotton from Auto Fix Auto Shop Coaching shares his expertise on team development within the auto repair industry. He advises against being the best person on your team, as it can hinder growth and lead to burnout. Instead, he offers strategies for building a capable team, such as hiring top talent, training, delegating, and fostering leadership. Chris emphasizes the benefits of collaboration, clear expectations, feedback, and a positive work environment. He also discusses transitioning to a team-focused approach and succession planning. The episode wraps up with Chris offering personalized advice and thanking the audience and sponsor, Shop Marketing Pros.
      The importance of not being the best person on your team (00:01:15) Chris discusses the negative impact of being the best person on your team and its limitations on business growth. The drawbacks of being the best person on your team (00:02:25) Chris outlines the negative consequences of being the best person on your team, including burnout, dependency, and stifled innovation. Building a stronger team (00:06:05) Chris provides practical tips for building a stronger team, including hiring the best, investing in training, and fostering leadership. Transitioning from being the best to building the best team (00:09:41) Chris offers steps to transition from being the best person on your team to building the best team, emphasizing the need for assessment, training, and succession planning.  
       
       
      Connect with Chris:
      [email protected]
      Phone: 940.400.1008
      www.autoshopcoaching.com
      Facebook: https://www.facebook.com/
      AutoFixAutoShopCoachingYoutube: https://bit.ly/3ClX0ae
       
      #autofixautoshopcoaching #autofixbeautofixing #autoshopprofits #autoshopprofit #autoshopprofitsfirst #autoshopleadership #autoshopmanagement #autorepairshopcoaching #autorepairshopconsulting #autorepairshoptraining #autorepairshop #autorepair #serviceadvisor #serviceadvisorefficiency #autorepairshopmarketing #theweeklyblitz #autofix #shopmarketingpros #autofixautoshopcoachingbook
      Click to go to the Podcast on Remarkable Results Radio


  • Our Sponsors



×
×
  • Create New...