What Would You Demand From Your IT Department?

ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?

Re:ITIL

I have to post this one as AC, sorry.

The UK-based ITIL initiative describes in gory detail a collection of best practices that IT can follow to provide better service to their customers. They can do as much or as little of the whole program as they want, and it can even be driven from the outside by the user community if absolutely necessary. Obviously, if there's cooperation it works better, but if they roll their eyes at "another total quality management initiative" (which it's not) you can still use the terminology and methods and eventually drag them into it.

The company I work for decided to "implement" ITIL about five years ago. It has improved nothing, and has essentially just served as a different set of buzzwords for managers to use.

What it reminds me of is an article I read about the US military and its "transformational" thing a few years ago. Everyone and their mother was scrambling to claim that their pet project was a great example of a "transformational" weapon, even though they changed nothing about it.

Re:What would you demand from your IT users?

[shokk]

Dear ZombieLine,
Maybe your company, like most others, is drastically underfunding the IT department, expecting superhuman performance on less than shoe-string budgets, while every day demanding all new buzzword compliant services and ignoring IT requests for additional warm bodies. Not to mention the fact that you are using high maintenance Microsoft Outlook type services while surfing for pr0N and jam packing your mail server full of the latest Happy Fun Tentacle Rape Party videos that everyone is mailing around.

Unacceptable server downtime? Are you clustering critical services?

Bad backups? Chances are your company is very content with single tape drives that the sysadmins can swap tapes from rather than having a good tape library with enough licenses to cover all servers with a decent retention time.

Maxed network storage? Are you paying for more RAID disk shelves? Or are you still feeling brilliant telling your IT staff all about how "you can get an IDE 200GB drive for $50 at Staples, so why can't that be plugged into the EMC or NetApp fileserver?"

My recommendation: stop demanding Five 9's of service and stop expecting services to never reboot or need maintenance if you aren't going to fund it. Stop dicking around at being a business and spend money to make money. Otherwise, save everyone time and bend over to your competition now. You can recommend all the fantastic new upgrades and services, but if your company doesn't recognize the value of improved infrastructure services, and an educated staff, you don't deserve to stay in business and sooner or later Darwin will rear his ugly head.

Get your little posse of idiots together an ask senior management why they are refusing to fund the needed changes. You might be pleasantly surprised to find out that they have no friggin clue about how to manage IT. Or maybe you haven't been paying enough attention to quarterly financial reports to realize that your company is experiencing a classic symptom of the death spiral.

Oh, BTW, you're an asshole. You and your 2Live Crew can go fuck off.
Love,
Shokk

Re:From the non-tech perspective

[TheRaven64]

I recall another organisation that had a similar policy. Their policy was that you were not allowed to have the a wheel in their cryptographic system in the same place on two consecutive days, and you were not allowed to have the all same wheels in the machine two days in a row (i.e. you had to replace at least one wheel and re-order the others). Something else that could have been described as policy, but was really an part of the machine's original design, was that no letter could map to itself in any configuration. The cryptographic engine was called Enigma, and the organisation that came up with this policy was the Third Reich. Now, I'm skirting dangerously close to Godwin's Law here, but I will continue.

At the same time, a bright young English mathematician named Alan Turing came into possession of this knowledge. He realised that these rules dramatically reduced the number of possible cyphertexts for any given plaintext (and vice versa), making the search space much smaller than it would otherwise have been. As a result of this, he and his colleagues were able to crack the encryption with the primitive computers available at the time.

Arbitrary restrictions on passwords are not sensible. Do not allow dictionary words and trivial permutations of them, since they can be cracked by a simple method, but any further restrictions only serve to narrow the search space for an attacker. The scheme listed means that most passwords will have two upper case letters, two lower case, two symbols and two numbers. This is an almost trivial subset of the number of possible eight character combinations of letters, numbers and symbols.

In summary, whoever came up this this policy is an idiot both for social and mathematical reasons. They should, therefor, not be allowed to interact with either humans or computers.