Slashdot Mirror
What Would You Demand From Your IT Department?
ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?
ZombieMime asks: "The non-IT employees at my company (approximately some 5,000,000,000 people) are showing signs of incompetence, and have been ignoring knowledgeable technology input for about a year. Additionally, they haven't been able to accept needed changes to senior management. Unacceptable computer usage, maxed bandwidth usage, and no common sense have hit the bottom line, and those on top are starting to notice. We geeks are staging a revolt to make users more responsable to IT by creating a group from the company divisions to discuss needs and solutions. What would you put in our meeting room to kill as many people as possible?"
Your company may have IT problems if any of the following has happened recently:
There are many more -- these are just a few I've experienced that exclaimed "improved [insert your favorite trait/characteristic here]" and had mostly the opposite and unexpected (to decision makers) results.
(btw, your "500" count is listed after the mention of your company, it's not clear if you're talking about a company of 500 employees or a company for which it's IT segment comprises 500 employees...)
The UK-based ITIL initiative describes in gory detail a collection of best practices that IT can follow to provide better service to their customers. They can do as much or as little of the whole program as they want, and it can even be driven from the outside by the user community if absolutely necessary. Obviously, if there's cooperation it works better, but if they roll their eyes at "another total quality management initiative" (which it's not) you can still use the terminology and methods and eventually drag them into it.
g y_Infrastructure_Library
http://en.wikipedia.org/wiki/Information_Technolo
http://www.itil.co.uk/
Outsourcing to someone else?
:-)
Seriously, if you're going to have a department of lazy, inefficient slugs, you might as well have them for cheaper
In addition, the very threat might make your IT department shape up real quick...nothing like the threat of losing your job to light a fire under your butt and get working.
By the way raymondsimms@hotmail.com I'd be careful using fullnames around stuff like that. An IT guy at your company is probably checking the company database right now for names that match that...prepare for the vengeance of an IT Guy.
...in bed
You need to map out your requirements and then formulate them into an SLA, a Service Level Agreement. Then get your management to agree to it and take it to the barganing table. Make it clear that this is what they (the IT department) will be measured and evaluated against. If they can't agree to it, then get them to counterproposal. But, what ever you do, get it in writing in the form of an SLA, with the bosses on board... The particulars about what services and what responses and what responsibilities you want from them are details that go into the SLA. Once you hash out the details, get them locked into that SLA, though...
"Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice."
I don't know your situation... but maybe more money is needed for people, equipment, etc etc. You can demand all you want, but if you don't pony up the resources... *shrugs* You get what you pay for.
This is beyond a no-brainer. I actually doubt the authenticity of the story based on how the real world works. Or maybe the poster is really in a 25 person company or something.
Anyway, here is how it works. Your department has IT needs. These needs are written down. The IT department has guaranteed services it provides. These are written down. Your department takes a budget "hit" to pay for an internal IT department. These are the givens.
Now, if IT does not provide services you NEED/REQUIRE (like backup, duh), then you go to the whomever is above both departments (COO, VP of division, president...) and you show the mismatch. This is not a complaint, just a reason why you are increasing your budget next year to get the services you need to succeed.
Of course, you are keeping a log of all incidents that are occurring and a log of down time and a log of costs to you as a result, etc.
Look, business people are not idiots. The 3 previous paragraphs I write above are beyond no-brainers. Why is this stuff so non-obvious to today's geeks??
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
It sounds like your company has other issues beyond an unresponsive IT department. You indicated that IT has been unable to sell necessary changes to senior management. Are you positive that senior management agrees that changes are needed or that they actually understand the seriousness of the problem? You might find that IT feels that their hands have been tied and have nowhere else to go since senior management isn't helping them.
A group of users making "demands" of the IT department is somewhat inappropriate. Yes, the IT department exists to help users with their work, but their priorities are set by senior management. If you plan to create some kind of IT Steering Committee, I would recommend a few things: (1) Lose the attitude -- all you'll do is put the IT folks on the defensive (and remember, since you're not in their group, you may actually have NO idea what priorities have been laid out for them by senior management); (2) Get the blessing of senior management before you try this; (3) Make sure at least one or two high-level people attend your meetings and buy-in to what you talk about.
Treat the IT folks like human beings. They may have perfectly good reasons for dismissing what you consider reasonable ideas. Perhaps they're seriously understaffed so that great desktop Linux rollout one of your users is convinced is the right idea just doesn't pay off for them, for example.
--No Backup Systems
--No Storage Space
These sound like budget issues. Do you think that if the IT staff, just tries really hard or is competent that they can just create File Storage and Backup Systems out of thin air.
I AM the IT department, you insensitive clod!
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
As a non-technical person with enough engineering friends to get to this site and have an iota of what might be reasonable to expect from IT professionals, here's my list of expectations:
-Security of data: obviously no data is *absolutely* secure if the computer is connected to the net, but enough security that I could feasibly work with medical records and HIPPA-privledged information without constantly worrying about crackers. For those of you who don't know what HIPPA is, imagine a very protective law about patient confidentiality that can result in serious jail time if it is violated.
-Continual access (within reason): If there are natural disasters, power outages, or personal emergencies, then certainly one can't reasonably expect 24-hr access. At almost any other time, however, I'd like to be able to turn a computer on at the workplace and not worry about downtime or have to call someone to fix the system (as my colleagues and I do now).
-Work ethic: Nothing pisses me off more than lazy people, especially those who try to use technobabble to hide incompetence. If there is work to be done, then I'd like to dial up the local expert/employee and know that the problem will be fixed *quickly* and efficiently. Certainly there will be problems that require more time than others and nothing runs smoothly all the time, but no one should have to brook crap from employees who pad schedules. If there are problems, say so and at least *try* to explain them, don't go into geekspeak/technical language in hopes that I don't understand and give up and let them go back to (insert game here).
-Keeping me informed of new tech without trying to be a salesman: Not every new upgrade is worth getting and keeping up with the Joneses can be prohibitively expensive. Sure, new tech is very cool and I'd like a wireless device to use around my office to tie labs/patient data together, but that doesn't mean it's worth constantly annoying the boss for tech upgrades
-Honesty: Don't overcharge me or bend/stretch/break the truth with me. Medical professionals *seem* to be a prime target for fleecing among computer folks and I've heard horror stories about people paying several times market rate for upgrade and basic tech services. If you work for me, please be honest about all systems or equipment. If I've made a poor decision and there's new data, say so. If there's a better program/hardware setup out there and I'm not familiar with it or am being blindsided by the saleswoman, make mention of it. I don't have the time or patience to micromanage, if your job is technical material than I rely on your expertise and expect to be able to trust you and your decisions.
That shouldn't be too much to ask and is what I will expect of any technical employees I'd hire once I graduate and get a practice up and running a few years from now.
As long as there is a Second Amendment, there will always be a First Amendment.
I am the IT Director for a smaller organization, about 300 total employees. Every little complaint you have there is something that I have seen a hundred times over regardless of the firm. Let me explain where you have started to go wrong here. First mistake, assuming incompetence, instead of researching the root cause of any service problems. It is easy to just say, "Well Bob over there is an idiot". When maybe Bob is following protocol that he didn't establish. Or that the IT resources are stretched to the breaking point.
Ignoring knowledgeable user input, ok that I have a huge problem with. Everyone in the IT community, programmers come to mind the most often, seem to think because they work in front of a pc all day that they know their ass from a hole in the ground when it comes to managing a network or a server farm. Sorry but that it the absolute truth. I have interviewed countless people for jobs in IT, well over 50% of them programmers trying to get Sysadmin positions. When asked specific questions about administrative tasks the answer is almost always the same. I know something about it but I have never implimented anything like that. Everyone wants to be an expert, trust me you aren't.
Unable to sell needed changes. Have you considered that management and accounting do not see the corporate finances in the same way that you do? Some changes are simply impossible to sell. Unless your corporate focus is in technology some of the upgrades needed to improve infrastructure will always be lacking. The exceptions tend to be when the powers that be are directly inconvenienced. But the IT Dept probably caters to them quicker than any other department so they do not see the need. They pick up the phone and Bob is right there, where as you submit a trouble ticket and you are lucky to see someone in 48 hours.
Starting a revolt? Wow you guys are arrogant. Plain and simple. What makes people think that they know another departments job better than they do? Much less "demanding" services. Just astounding. You efforts would be much better spent working with the IT department to figure out ways to get management to invest in more staff, more training and equipment upgrades. That benefits everyone, and doesn't just stroke your self-important little ego.
"The IT department at my company (approximately some 500 people) is showing signs of incompetence"
The IT department at my company is incompetent. But I work for the goverment, so I guess that's to be expected.
lets pull this little ditty to bits...
/. because of server downtime, they're running around like headless chooks trying to patch up an obviously ailing (underfunded?) system.
"The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year.
Hmmm...well lets get to that 'incompetence' thing a little later.
But as for "ignoring knowledgeable user input for about a year"...lemme see, you've been harping on about something for a year to the IT department?
Well, what is "knowledgeable user input" anyway? "At my old company we used to..." or "my friend who is an IT genius says..."
Seriously, if you have a suggestion, detail it and submit it to the IT manager and cc it to your manager.
Berating some poor schmuck when he comes to help you format a word doc is not an effective change management strategy!
Additionally, they haven't been able to sell needed changes to senior management.
LMAO...but somehow you and your band of IT-vigilantes is going to change the world? Good luck!
So IT ARE going to management with suggestions, but are getting knocked back?
So somehow you equate managements lack of willingness to resource your IT department to be a failure of the IT guys lack of bargaining skills...not a boneheaded lack of foresight on behalf of your management team?
Wow...tough crowd...
Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice.
GOOD! Now "those on top" need to find the money they should spent on protecting their investment in the first place.
You do realise that IT guys dont just down servers for no reason, dont you? You probably do...or you think they do it on purpose just to piss you off.
And while you're sitting around moaning about how long it's taking for you to be able to get back onto
From your comments so far, I'm assuming you are not one of the "knowledgeable user's" you mentioned before.
We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions.
Yeah, you go girl!
Nice of you to harass IT some more. After all they have nothing better to do than sit in on your moanapolooza.
Why not form your little revolt and march on the guys that will have to OK and pay for your demands...oh wait, lemme guess...'cause if you did you'd get your ass fired!
Face it, you dont want a solution or you would go to the people who can effect change. You want to vent. Well, you have...does that feel better?
What would you put in our charter? What services and responsibilities would you demand out of your IT department?
Well, first up...I'd want suitably qualified and trained professionals in charge of the decision making process.
And as your "knowledgeable user's" are neither...I'd demand that they get trained or STFU.
Then I'd demand that the reasons for management knocking back IT requests be made public.
Im hoping the moment management have to front staff and explain why there will be "no increase in storage" or "no funds for disaster recovery" will be one of those life changing events for you...when you realise IT budgets have to be approved or people (like you) wont get what they want, so that you then take the fight to those with the money and leave your nerds to get on with keeping your sad little network up and running.
If you really want to help your IT department effect a postive change, quit harrasing them and take your fight to the people at the top who are ultimately responsible.
Find the guys that sign's off on the IT budget and ask them why server space hasn't increased to meet demand.
Because the answer is either your IT department is siphoning off $$$ to day-trade with, or there was nothing budgeted to allow for it.
Was their BUDGET cut years ago, and never brought back up.
A lot of people I know tend to blame IT staff for lack of space, lack of bandwidth etc. when problem was that IT dept could not afford to purchase equipment to upgrade a service, and they just tend to use all the budget to maintain status quo. Trust me all IT folks out there LOVE to push out new technology, increase storage, better networks, and reduce helpdesk calls. But a lack of staffing and money can put a damper in the best of IT staff in the world.
And if they can't work as a team, they should be fired and security should escort them from the building. And if security can't work as a team, then they should be fired as well.
I even love saying the word team. You probably think I have a picture of my family on my desk - it's not. It's the A-Team. Bodie, Doyle, Tiger, Jewellery Man. The whole lot of them.
Task Mangler
I bid against EDS on a contract. We were cooperating with IBM. We both agreed that the cost for the project would be 20x to implement we bid 30x. EDS came in at 8x.
BTW EDS has lost money on virtually every contract. I don't think its kickbacks they just underbid cost and then try and make it up on other charges.
I come from a long helpdesk background and am now a senior developer at a mid-sized company. Unlike most of you nerds there's one thing I enjoy more than "being right" and that's "being lazy." That's why I love stupid users. I loved having a job where the biggest problem I faced in a day was telling a user to turn their monitor on. Or turn their capslock off. The worst job I EVER had was working with some very bright and very motivated individuals who were not geeks but were extremely competent in everything they did. The one thing they didn't know well was computers, and in that business you didn't need to know computers to make a crapload of money. But because they were all so brilliant, every little thing was nitpicked. Everything had to be done now now now. There were no easy problems and every day I was challenged to learn and perfectly perform something that I'd never done before with technology. There was always some shit on the line: huge fines from regulatory institutions, huge investments of money, hundreds of employees counting on your work. If the worst you have to deal with is someone dumber than you, you have it made. Make friends with your users, treat them like people, and soon you'll be in middle management, making bad decisions for a big salary.
Cool! Amazing Toys.
No, the password criteria given above SUCK. 8 characters, 2 lower, 2 upper, 2 numeric, 2 symbol. There's too much information given away in the security policy about the composition of the password. Whereas a normal 8-character password would have around 90 possibilities for each letter, in this case, each character would have a maximum of around 26 possibilities - even less for some because numerics only have 10 possibilities. You really cut your password space down with overly-restrictive policies.
Of course, hard-to-crack passwords only matter in cases where it would be feasible for someone to try and brute-force the system without being detected and locked out. That's generally only possible against targets like encrypted files, not live system logins.
The only thing that is going to let people in to live targets via the normal user login (ie: Not through a bug/hole/exploit) is either easy-to-guess passwords (like spouse name, dog name, birthdate, etc - dictionary words are not necessarily easy to guess unless there would be some reason an attacker would be likely to guess the word) or through the user disclosing their password in some manner.
Of the two, user disclosure is more likely. Even with an easy-to-guess password, it's unlikely even a knowledgable attacker would be able to guess it in few enough tries not to set off any lockouts the system may have. In any case, you don't need to go to such a draconian level to prevent easy-to-guess passwords. Require two non-alphabetic characters in non-adjacent positions in the password, and you're pretty much safe.
The most likely route for password compromise is user disclosure, and there is no technical way to protect against that except for relying on additional, non-password security measures (keycards, biometrics, etc). You could try educating your users, but like that's going to work.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Thats because they are auditors and don't have a clue about security. Security is 95% psychology, and 5% technology.
A user password policy that is too restrictive means users will never remember them, and end up doing things like writing them on post-it notes and sticking them on the monitor.
A better solution is have easy-to-remember passwords (though not trivial passwords such as "password", the login name or "1234567890") and put in a 3-strikes-you-are-out rule and a hierachical user access policy - "need to know". Remember - 80% of attacks come from within. Don't trust your users.
Naturally, the root/Admin passwords for servers containing critical business data and de-encryption keys are long, complicated, regularly changed then written down and placed in an envelope in the corporate fireproof safe, along with the weekly backup tapes.
Norman Cook's Ode to Sl
"As for checkwriting ability, good point, not something I'd considered off the top of my head."
.)
Get used to unexpected consequences to your decisions, if you're going to run your own business. You MUST learn to think things through - i.e. "look before you leap". You have to do it as a doctor; so just remember to do it as a boss, too.
Today we rearranged our office. Impromptu - no planning - just "do it now" and "we'll figure it out as we go". Moving one row of cubicle dividers next to the wall meant that the power, phone, and data outlets along that wall were no longer accessible and the previously used outlets became too far away. Management said "no down time" and then had to accept down time for four production workstations while someone made a Home Depot run for extension cables - which, of course, are yet another kind of mistake. (Then there was a second run, as management had forgotten that power cables are not the only kind of cables . .
We needed to move our servers over by seven feet. "What do you have to take them down for? The cables will reach. We need our productivity!" So after sending everybody home when two of our 1-TB RAID volumes stopped communicating with the server, I got an earful from management about how we employees had bungled a "simple" rearrangement of the entire office. We employees also got blamed for "our" failure to plan!
I also got an extraordinarily polite ass-chewing from a Dell server tech about trying to physically move a running server with external RAIDs - and believe me, I did make it VERY clear to management that that move was NOT a good idea! We came very close to losing about 1.5-TB of data today; despite our backups the loss would still be hurting us months from now.
Hopefully you will do better.
Adherence to the truth is a form of disloyalty.
"When the Nachi/Welshia worm got on our network we had to disable that rule. It tried account passwords so rapidly; every account that had a strong password and it couldn't get into, would get locked every 30 minutes. We couldn't unlock them fast enough."
You just illustrated what the users have been complaining about. Instead of cleaning your systems of the worm you are running around unlocking accounts. Leave them locked until you get the flipping worm off your systems THEN unlock those accounts. It isn't rocket science folks...
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
You're getting your head handed to you here and it may seem unfair, but by asking the question the way you did you demonstrate that you have no clue about actual IT responsibilities. Thus, it's impossible to take your idea of "knowledgable user input" serioulsly, much less your diagnosis of IT incompetence. Your IT department may be incompetent, but you have demonstrated that you are in no position to judge at present.
The answer to your question? SLA or Service Level Agreement.
It is reasonable to ask management what you should expect from IT. Find out what the SLA is or help create one. This will be a lot of work. You will encounter resistance, for no more sinister reason than that is hard. Just make sure this SLA takes into account senior management's requirements of IT as well. Perhaps IT incompetence isn't the reason management isn't providing the needed upgrades. An SLA provides some metric for performance. If the SLA is unsatisfactory, that is a matter to be taken up after performance against it is measured, but what amounts to a formal job description is a reasonable starting point.
There's good literature on all of this, and it's easy to find if you are interested in improving IT in your organization, and not just playing Napoleon. If you'd rather just whine and make everything worse, ignore everyone here and stage your little petty revolt. It will be easier, but if management has a clue at all, this will be a career limiting move for you. Cynically, either way, the SLA is the starting point.
I don't deny that IT can be incompetent, but it is rare in my experience. It occured to me that you were a troll, posting here. Regardless, there are others who really think IT is incompent because of their own ignorance, who would benefit from gaining a little insight into what IT is about.
If I worked with you, I probably would tell you this in person, and tell you who might have more insight into the actual priorites set for IT. I've had plenty of similar conversations with people over the years. It's just another part of the usual perception problem for IT.
Assembly is the reverse of disassembly.
At all three companies where I've been an IT worker, there has been a common problem: managers who are generally good managers - good people skills, organizational skills, ability to look at the big picture - but who advertise their "technical ignorance" to anyone who will listen. They let the IT department and all other departments know that they will defer to the IT department on technical matters.
So, you end up with technical decisions that serve the people who deal with technology, as opposed to serving the users who are doing the main work of the company, or serving the company's goals as a whole.
I'm not sure what causes effective managers to decide to take a different approach to technical issues than they do with others, but I'm convinced that's the root cause of the sort of problem described by the poster.
I believe top management - and department managers, following their lead - should be pressing IT managers to break down technical issues to the point where they can make effective decisions. When the IT manager says "it will take 3 months to set up a new mail server" and the sales manager throws her hands in the air, their boss should sit down with the IT manager and make them explain what the factors are that will make it take that long. And if it's too technical and they don't understand, they should SAY so, and make the IT manager explain it again. Until they understand. Then, they should say things like "what would it take to do it in 1 month?" and by that time, they should be informed enough to reject bullshit answers like "we need another $75k employee."
"technical ignorance" is not an excuse, when you have people on staff who are capable of educating you. And IT workers who perpetuate the myth that it's "beyond a non-technical user's understanding" merely for their own convenience should be...fired.
If your management doesn't see things this way, there's probably not much you can do about the problem.
Pete Forsyth
28 days! Pshaw! You're just *inviting* the bad guys into your system if you follow such a lax plan.
Every day should start out with changing your passwords. You may have to hire a few more people who's job is to reset forgotten passwords, but when you have to do it constantly it shouldn't take more than a minute per person.
Of course, if the bad guys learn that everyone changes their password in the morning, it wouldn't take much effort to be in the right place at the right time and get unrestricted access to the systems for 24 hours.
So you'll want to back this up with some sort of bio-identity methods. Fingerprint identification, retina scans, and instant DNA testing.
Some people say that these aren't secure enough, that someone can get fingerprints, a DNA sample, and a picture of your retina. There is an easy solution to this if you just think about it, the daily random mutation of all your employees before they change their password and give a DNA sample.
Anything less than the method outlined above simply isn't secure.
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
You give 'em hell!! Speaking as a user, I can say that I could put together an entire server room in a week using off the shelf parts from CompUSA and Best Buy. And it wouldn't cost the millions that most IT departments spend on those elitist devices like SCSI drives, ECC RAM, DLT tapes, Cisco Managed Switches and SANs. The first thing I'd do is build a big system based on the latest gaming system specs (since gamers push the technology envelope) and cram it with ten 300 gig SATA drives. That's 3 terabytes of storage (more than those piddly SANs!) and at a fraction of the cost. Then I'd make sure had a dual layer DVD burner in it for backups. That way WE could have full backups on really inexpensive mediums. When I saw the price of a DLT II tape on an IT invoice, I nearly flipped. They're TOO expensive!!!!1111!!! Then I'd throw Windows 2003 Server on the box to manage all this stuff in one place. A few Linksys or Netgear switches can start connecting the resst of the networks together and they'd be WAYYY cheaper than the highway robbery that Cisco foists on us through our IT elitists.
The workstations would be even easier. I'd buy everyone the $300 AMD specials with Windows XP Home. That way they'd be more familiar with the OS since they probably have XP Home at home too. Just plug them into the network and away they go. They can all get their IP address from the Linksys router like I do at home and then they're online easy as pie. Don't need to get out any stupid manuals to manage Cisco switches or anything like that. All the gobbledygook is just for elitist snobs. For restoring a PC if it gets hosed, I'd just use a copy of Ghost. Sometimes you can even get Ghost for free if you buy the right hard drive. Just hook up a laptop with Ghost to a PC using a USB cable and make an image to burn onto a DVD. The next time the PC needs to be revived, just grab the DVD from the pouch on the side of that box, pop it in the laptop and Ghost the other way around! Easy as pie and FAST too!!
In this day and age, what company with a competent IT staff does it's own e-mail? I've been trying to tell the folks in my IT department to ditch our mail server (some antiquated Unix based thing that nobody really likes) and just let everyone get Hotmail accounts. Now that GMail is around, that's an option too since they give you a pretty comfortably sized mail box as opposed to the meager offerings of the clueless IT staff. E-mail should be able to hold whatever I put into it no matter how much or how big. Period.
The voice over IP thing is easy too. Just buy a VOIP box from Linksys and get a Vonage account for every group of ten users you've got. You'll need multiple DSL lines to do it, but that would still be far cheaper than having one of those snobby PRI or T1 lines to carry your voice traffic. Speaking of which... why on earth is anyone using T1s and T3s these days? They're so costly and they don't perform anywhere near what I get on my cable modem at home. Just get cable modem and be done with it. Your users will thank you forever.
Barron, I'm glad you gave me a chance to get that out there. The users need to know the truth.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o