Corporate IT needs to be torn apart, blown up, re-imagined and rebuilt from scratch.
Today’s information technology departments are obsessed with restricting access to technology and telling you “don’t touch that.” They won’t let you access Google Docs, even though working on a centralized, collaborative document will make your team more efficient. They won’t let you transfer a large file via SendSpace, so you’ll need to burn that to a disc and spend at least $20.00 to overnight it via FedEx. They force thousands upon thousands of employees to muddle through what is certainly one of the inner rings of Hell: Internet Explorer 7. Simply put, IT has become ineffective, burdensome and downright crippling to corporations.
It’s not their fault. They were built this way. In the 90s, employees everywhere started becoming hyper-connected to the outside world via the Internet. This was deemed a risk. Solution: Build a department devoted to keeping viruses, evil-doers and digital riff-raff out.
IT became the corporate moat.
Tomorrow’s information technology departments will have a simple charter: Get the best technology into the hands of employees so they can do their jobs better. Instead of lurking in basements with no natural light and responding to support tickets, they’ll be proactive. They’ll train senior executives on the latest technology trends. They’ll ask team members what their needs are and respond quickly. They will be obsessed with keeping the corporation digitally fit and competent.
I completely understand the need for security, risk management and business continuity. But these can no longer be the responsibility of the IT department. Firing the detonation charges will take significant culture and personnel changes, but it can be done.
The IT staff of the future will be educators, enthusiasts and helpers. Not hall monitors and security guards.
Comments on: "Blowing up IT" (10)
Great concept, and so true. Like the idea of these tech leaders training others before problems arise. They could help the early adopters succeed at making new tools work better within the corporate structure while still fostering productivity and creativity.
Nathan, while I completely agree with your premise that IT needs to be more innovative and embrace new technology, it’s not enough to just say that “security, risk management and business continuity … can no longer be the responsibilities of the IT department.” Those three areas are just as critical to the business, if not moreso, than easy access and collaboration. SOMEONE has to be responsible for those critical components, so if it’s not the people managing the hardware and databases, who exactly should do it? Who exactly do we TRUST to do ACTUALLY do it? We’ve just moved the responsibility of ‘restricting access’ to someone else. This is the dirty work of not only keeping the lights on and the servers running (even in a disaster, including inevitable hardware failures), but also keeping the bad guys out and your intellectual property/trade secrets/data in. Nobody is better positioned to play that role than the people who work with the data and the infrastructure it sits on the closest. That’s IT.
As an IT Manager, I can’t just suggest that everyone go grab a free 2GB Dropbox account and start sharing decentralized data all over the place. I can, however, look into solutions like Citrix’s ShareFile that gives them the ease of use they are looking for, and the control over the data that we absolutely must have. I can’t tell everyone to create their own Evernote account and keep all of their most critical business meeting notes in it. I can, however, suggest using OneNote that syncs to SharePoint. I can’t tell all of my laptop users to “make sure their data is backed up” and just trust that it’s going to happen, but I can offer them a centralized hosted backup solution like Mozy so I KNOW that they are backed up and that I have access to those files whenever I need them.
There are ways that IT can be enablers, but still adhere to the critical importance of the role of data protectors. I can get on board with Corporate IT needing to be blown up, but when rebuilding, start making your IT people ‘project managers’ that outsource as much of the work as possible to consultants and give them time to shift their focus on working more closely with the users on coming up with innovative solutions for their business needs. IT needs to have a more positive partnership with their users. The users need to know that IT wants to HELP them do their job better, not slow them down or prevent them from it. That’s a mentality shift that IT needs to promote. It’s also something that needs to be embraced at the Executive level. If the CEO and other Execs feel that IT is a ‘necessarily money pit’ rather than a source of innovation to be profitable and stay ahead of the competition, then I would suggest IT might not be the only place you need to stick your dynamite.
Great article and discussion point, thanks for sharing!
Hi Aaron, I was secretly hoping you’d chime in here. Thanks for the additional perspective!
Aaron, great commentary and thought leadership. One of your suggestions is farming out the development to consultants. In my experience that is a wolf in sheep’s clothing. One of the biggest black holes in IT is supporting and enhancing applications. You can only do this efficiently if you have the subject matter experts, the developers, in house. Knowing what every stored procedure, table, and line of code looks like under the hood is more valuable than anything in my opinion.
Ryan, you are absolutely right, you have to be careful how you utilize consultants. Too many times we just hire a consultant, give them the keys to the kingdom and expect them to create the perfect solution. Hiring a consultant takes almost the same amount of time as actually doing the work yourself sometimes, but if it’s being done right, it allows you to manage several projects at once versus one at a time when you’re running with a lean staff. Your internal staff obviously needs to keep a very good pulse on what is going on and how it’s being done (and that it’s being documented), but if they don’t have the training or expertise that a true expert does, this allows someone to create the solution that you can end up supporting. I’d love to just hire an in-house SharePoint expert, a Citrix expert, a CRM expert, a SQL expert, another Cognos expert, etc., but having a few people that know a bit more than the basics of these systems and how to support them while managing outsourced developers is a way to stay lean and still provide a lot of powerful solutions for the company. You always need a backup plan though, and your internal folks should be that for your consultants in case there is a falling out or change for some reason. That works vice versa too. Great stuff, thanks!
I agree with Aaron. A lot of times, it’s the policies that are in place that prevent users from using the technology they want. For instance, you probably wouldn’t want a customer database floating around the internet on dropbox or G-docs. As an IT guy, I personally don’t care if a user uses dropbox. It’s my job to implement the policies of my employer. I’ve had users complain about screen saver lockout times and have had to explain that as much as I want to disable it and make their lives easier, it’s against our security policy. Sometimes it sucks saying no, but it’s my butt on the line if something were to go wrong.
IT’s job is to get the best technology they can afford while adhering to polices. If I had the budget, I sure would get everybody the newest and latest and greatest gadget. IT can make people more efficient and save money, given the budget and executive level backing.
Security, Business Continuity, and Risk Management is ultimately the responsibility of the board/executive level. It’s everybody’s responsibility to adhere and implement policies set by the board. All those security measures in place are no good if your password is on a sticky note attached to your monitor. There’s no patch for people.
Nathan – I understand what you’re getting at. I’ve met IT people as you have described. Years of telling people to reboot have left them calloused. They simply say no instead of trying to explain why they said no and finding an effective solution. IT departments like that need to be blown up. Not all IT people are like that.
Hi Tyler! Thanks for chiming in. Great stuff here. Most of the IT departments (and individuals) that I work with are educator/security hybrids leaning toward the future model, which is great. My favorite quote from you – “There’s no patch for people.”
Good stuff, Tyler. I agree that “ultimately”, the security/business continuity/risk management is the responsibility of the board/executive level, but you definitely can’t just ask them to come up with the policies so IT can enforce them. IT needs to be intimately involved in helping shape those policies. Frankly, IT should write them and then see if the executives want anything changed. There might be hard and set policies written around document management and retention, for example, but once IT points out the costs and challenges associated with those, they might change their minds. If IT has a mindset of “we’re just doing what we’re told” without having a discussion around the “Whys”, then we are still stuck in the archaic model Nathan warned of.
There is always a fine balance between what is the most secure way to do things, what is the most convenience, and what is the most affordable. If IT is to live within a budget, then I would hope that IT had a very big role in setting or requesting that budget because they are the ones that know best about what things cost. IT also has to have a good history of spending money wisely. If they just ‘spend it because they have it’ or throw tons of consulting dollars down a toilet with nothing to show for it, they’ll lose the respect of the executives and have a harder time getting some of that finite capex pool.
At the end of the day, if the CEO isn’t an advocate and supporter of IT, then this ideal scenario that we’ve been discussing here just won’t happen. Something or someone has to give.
One more point of clarification. To help abolish the “us” vs. “them” mentality of IT vs. Executives, the head of IT should ideally be considered an Executive team member!
Absolutely. IT should be involved with writing the policies. Also agree with your comment about IT as an executive team member.