Barrier to Web 2.0 — IT Departments

jcatcw writes "Wikis, social networks, and other Web 2.0 technologies are finding resistance inside companies from the very people who should be rolling them out: the IT staff. The National Endowment for Science, Technology and the Arts (NESTA) in London had to bypass IT to get Web 2.0 technologies to end users. Both Morgan Stanley and Pfizer are rolling out Web 2.0 projects, but it took some grass roots organizing to get there."

Possible Explanation

[MightyMartian]

Perhaps it's because IT departments actually know how complicated, messy, potentially insecure and how awful support of such "projects" are going to be. As a general rule of thumb, tech-types don't usually give into the hype about things like Web 2.0 that columnists, marketers and your usual assortment of weirdos do.

Re:Possible Explanation

[garcia]

Perhaps it's because IT departments actually know how complicated, messy, potentially insecure and how awful support of such "projects" are going to be. As a general rule of thumb, tech-types don't usually give into the hype about things like Web 2.0 that columnists, marketers and your usual assortment of weirdos do.

Fuck Web 2.0, IT departments are slow to move on any project except those that somehow benefit IT itself. We have an extraordinarily difficult time getting IT to update broken links on our website (we used to have access via the shitty CMS they were running but they now took that away too) nevermind solutions such as chat, online appointment scheduling, or additional databases to store information captured from web forms.

We have had to go to third party outfits that specialize in hosting their own web application solutions and paying them yearly sums of money to do for us what IT will not. Not a single department has a decent relationship with IT at any of the last few places I have worked (especially the current) and we're all wasting money because of it.

So, while Web 2.0 is an example, I can name 100 other issues that are not Web 2.0 that are priority that they also will not support -- and it has nothing to do with those that work in IT not accepting the "fads" that others will.

Re:Possible Explanation

[MightyMartian]

It's too bad your IT department won't fix broken links, but jumping into AJAX and related technologies without properly assessing security and maintenance costs is insane. It's the IT guys who are going to have to deal with all of this one way or the other, so they're probably quite happy that some outsider is going to have the pleasure and pain.

Web 2.0 is about 80% hype, 10% mature technologies and 10% immature technologies. Marketers are pushing hard for this (through their loyal minions the columnist and the tech reporter), but I still think when the guys who maintain all of this are saying "Whoah, let's think real hard about this", someone ought to listen. Blaming IT is simply shooting the messenger.

Re:Possible Explanation

[MightyMartian]

Precisely, IT hates work, whereas the profit side of the business is used to it.

There's work, and then there's nightmares.

Years ago, the ISP I worked for was sold, and the new guy didn't like the web server we were using, and insisted on moving over to Windows and IIS. I strongly urged against it, at least right away, and not without properly assessing the issues.

Of course, tons of Perl scripts broke, pissing off our hosting customers. There were difficulties in just about every area, and I spent at least a couple of weeks of very long hours finally bringing everything together, only to have the most outrageous vulnerabilities surface, and a bunch of the sites we hosted being defaced.

You can call me lazy if you like, but you're damn right that I don't like jumping into things just because it's the kewl, sexy new way of doing things.

Re:Possible Explanation

Your problem is that you need to kill the BOFH. You will need a silver stake, electrical gloves, KCN pills, a SCBA, 20 oz of deionized water blessed by a geek, and The New Testament. Don't enter at night, and don't expect to catch the BOFH by surprise. They don't sleep, they lurk. If you can sabotage the coffee and soda machines you can drive them out of their lair. Otherwise you may have to defeat their army of PFYs. Good luck! And if they capture you and decide to Megger your balls, use the cyanide pills.

Re:Possible Explanation

[TheSkyIsPurple]

I work in Enterprise IT, and we love work.
Our problem is that we're kept so busy because they've laid everyone off that we don't have time to get fluent in the specifics of every technology we'd like to implement.
And if we put something out there, since we're "Enteprise", it has to basically be perfect the first time out or whoever is in charge of us this week will end up torching the moving the project to another group to mis-run.

It's not "IT" that's your problem... its the executives and management.

Re:Possible Explanation

[gad_zuki!]

>Precisely, IT hates work, whereas the profit side of the business is used to it.

Right, and the "profit" side is busy hiring drones to churn out more TPS reports and all their plans end with "and the consulants will build x y and z." In IT WE build xyz. There's a difference "work" and "getting shit done." A good IT department does the latter.

No matter though, these articles are just springboards for people to complain about their companies IT department. Enjoy the bitchfest.

Re:Possible Explanation

[Clover_Kicker]

If IT doesn't want to support your pet technology, calling it a "paradigm shift" isn't going to change any minds.

Re:Possible Explanation

[The+Great+Pretender]

I'm supporting the parent here. The ego's associated to our IT department were astronomic. They actually believed that they can never be fired because they were the only ones who know the 'guts' of our infrastructure. You should have seen them drop a load in their shorts when we had the whole IT infrastructure review by a third party. They pointed out the security risks that hadn't been noticed, the short-falls, the poor implementation (from a business perspective) and more importantly the fact that 25% time was being wasted by IT on IT 'pet' projects that had no sign-off from management. We fired the whole department except for a temp and hired him full-time because he actually worked efficiently and restocked (out-sourcing during the re-hire process). Now we have a more secure system and an IT group who are actually responsive to the IT needs of the company, rather than pretendeding that the IT position was a personal hobby. What a bunch of arrogant, egotistical, slackers we had.

Re:Possible Explanation

[jp10558]

The problem is every user and department figures their needs are the most important with immediate response necessary. This isn't possible in most IT departments because they don't have several people per department they have to support.

We try to be responsive to users, but there's only so much time in a day, and when a user refuses to read the online documentation on how to clean up their roaming profile for the 10th time, and just want's IT to do it then they need to be a little patient and lock their machine rather than logging out till we can do the cleanup.

When we discussed the major database + client update and whether we would do it for v2008 or v2009 and agreed on v2009 version, don't be suprised that we balk at a sudden "How much work would it really take to jump into the 2008 version?" with something like "We could get on that about when the 2009 version comes out".

Then you have the people who complain about being unable to install software when our policies are clear that they need to run it past their supervisor first and then submit a request to finance + IT for funding and install. (Not entirely our policy, money is an issue) No, we aren't going to make you a local admin. Bonus points for realizing the requested software is already installed on the machine anyway!

Then there's the set of users who don't understand Scope of Support, I.E. you can use your personal laptop if you want, but we can't put software on it for you and we will not fix it for you. Except for the special cases where management decides we can and we will...

Somewhere in here we actually need to look at Vista, EL5, Server 2003/2008, replacing edge netgear switches with HP managed switches oh and working in concert on some things with another unit plus about 50 things I don't know about.

Lastly, what were these "Side Projects"? How do you think IT figures out if a new product will help you or not (or were you looking for a "There's this product I'd like to read about and maybe play with for an hour. I don't rightly know if it's going to be useful or not as I haven't done anything yet but wanted to ask permission to find out if I need to ask permission to do a test run with it.")?

I'm not saying IT should not be a service group. I am saying that there is often more things going on then just the website and it might take a little while to update. Especially if we recommended a Wiki so *you* could do the updates and you decided that was a bad idea.

Re:Possible Explanation

[cHiphead]

In this case, maybe Web developers should be forced to learn about REAL server security and stop blaming the fucking IT departments when we respond with a resounding "no" to their requests that contain little or no concern for their shit quality code (RAILS? ARE YOU KIDDING ME?) they want to put on the front of a site for a fortune 500 company where any hack = negative pr = negative revenues as calculated by point hairs = blame the fucking IT department. At least when you are forced to implement it inside(the horrible, nightmare of a shitfest) Sharepoint, us guys in IT can fall back a little tiny bit on blaming MS for shoddy work and the newness of their product when the CEO and CIO come downstairs to tear off OUR heads. IT is on the line for server security and WE get reamed when a web dev team's work goes south.

Its frankly laughable that you suggest the IT group shouldn't be running exterior services and suggest an external web group should work 'with them', web dev should be under the oversight of IT managers.

"IT" does not mean HELP DESK.

Cheers.

Duh..

[TBerben]

Of course the IT 1.0 staff is causing trouble, companies need to upgrade them to 2.0 first!

Spin

[Rycross]

Am I the only one who read this as:

"IT departments are wisely refusing to spend uneeded man hours and money on technological buzzwords that will not help, and will likely hurt, the business. Management foolishly decided to override them instead of listening."

Maybe I'm just jaded.

Question

[sphealey]

How did the end-users get to bypass HIPPA, Sarbanes-Oxley, Regulation FD, and general GAAP auditing, management control, and business continuity requirements? If they could teach the "IT Departments" how to do that I am sure there would be great appreciation.

sPh

Absolutely true

[hobo+sapiens]

The company I work for is a VERY large tech company. We are JUST NOW starting to roll out things like Wiki and forum based support for applications, social networking software, etc. It's quite sad. I am sure this is the case in most IT departments in most large corporations. I have some theories as to why:

1) the obvious, resistance from upper management. Upper management is afraid of being "bleeding edge". New stuff, and especially open source stuff, is scary. PHBs fail to realize that the F/OSS community operates on a different set of values than corporations. Corporations only offer free stuff if it gets them good PR or creates a bunch of indentured customers. There is much FOSS that is quite viable, but it usually gets turned down in favor of proprietary crap.

2) complacent IT staff. In many large companies, the people who make decisions have promoted to their level of incompetence. In turn, they just phone it in, just do the minimum they need to do to get by. This precludes their actually learning anything new. When the decision makers are victims of FUD, what do you want?

3) red tape. Where I work, if you want to use non-standard software you have submit an exception, which then has to get approved by the people in bullet point number 2 above. It also has to get sent to upper management. Some supervisors are afraid of that and so strongly discourage you from submitting these exceptions. So people just use the same old software in the same old ways and nobody actually keeps up with the industry.

Case in point: on my intranet, AJAX use is still pretty small scale. Maybe for certain internet sites, AJAX isn't always appropriate, but on the intranet, where you can ensure that everyone is using a somewhat modern browser, it's an obvious choice for certain things. Yet, you still have people developing sites the same way sites have been developed for ten years. I use AJAX heavily, and you'd be surprised how people are still amazed by it. But now there is a push to call libraries like prototype "software" and thus make them subject to regulation and corporate standards. Standards committees cannot keep up with the industry, so you have a situation where you cannot, by decree, use anything *too* new. I can see disallowing joe service rep from installing webshots on his PC, but disallowing a developer from using his software of choice is pretty shortsighted.

Re:Too bad!

[Rycross]

Certain things like wikis are really nice for development teams. The trick is using the technology for the correct problem.

I see two possible cases here:
1) The IT department is incompetent.
2) Some manager who wants to be able to write that he "synergized the business using new paradigms in a Web 2.0 world" in their resume.

I'm betting on the latter. But thats probably because I'm used to it.

Re:Too bad!

[hobo+sapiens]

Web 2.0 is a slippery term. If by web 2.0 you mean user-generated content, then I have to disagree.

One example: wiki based support. I find that people are, for many reasons, willing to help others. Some may like showing how much they know. Some are altruistic. And so on. Now, let's say you have an application that gets used by 25000 people and a development team of 15 people. You probably don't have time to support the application to the extent it needs. Enter a wiki. If you have a wiki, that can at least minimize the questions / requests sent to your team, leaving you to focus on enhancements, future looking stuff, etc. Using a wiki, you can actually get your user base to at least partially support itself.

Sure, a social networking site *might* not be the right thing for you F500 company's intranet. But a wiki might be just what you need.

Who works for whom?

[oatworm]

Wow. I know this is Slashdot, but this is getting ridiculous. IT departments have one job and one job only:

Support the elements of the company that make money.

That's it. That's our job. If the elements of whatever company we're working for wants a "Web 2.0" app, instead of immediately jumping on our pedestals and saying, "Whoa there, mister! That's insecure and NEW! Put that thing away," we should instead be asking ourselves, "Hey, what problem are they trying to solve with this, and can we find a better solution?" When the employees are using Gmail or Facebook for inter-office communication, it means we're not doing our jobs, not because we're not locking down outside communication paths but because the communication paths we're providing are inadequate. When our customers start firing up MSN Messenger without our permission, we should be asking ourselves what we can use that's better, more secure, and easier to manage in an enterprise. When our customers come up to us and say, "We're tired of chasing Word docs everywhere - we're getting a wiki to manage our information", we should be looking at their problems and figuring out if a wiki is the best solution, or if they really just need a document management system.

Get it? WE are at the disposal and discretion of our coworkers, NOT the other way around.

De-aggregate angsty tags to IT channel-partners.

[delire]

Web 2.Oooh isn't a technology, a thing or even a classifiable approach to client-server engineering. It's the term given to a fad whereby users freely contribute content to increase the bankable assets of entrepreneurs that generally use impossibly complex and dubious EULA's for their own gain.

Perhaps IT staff aren't keen on implementing it because they don't buy into The Silliness. Call it "Capitalism Meets Social Engineering 2.0" and perhaps the guys in suits with MacBooks and artistic mohawks might have takers in IT.

As Mark Pilgrim so eloquently put it:

"Praising companies for providing APIs to get your own data out is like praising auto companies for not filling your airbags with gravel. I'm not saying data export isn't important, it's just aiming kinda low. You mean when I give you data, you'll give it back to me? People who think this is the pinnacle of freedom aren't really worth listening to."

For those of you wanting to make a proverbial killing of this 'phenomenon' I refer you to a vital dictionary of terms.

Get with the times!

[fm6]

We have an extraordinarily difficult time getting IT to update broken links on our website

Your company is really out of date. Maintaining a web isn't an IT function, it belongs to specialized web developers. If you guys were with it, you wouldn't have inept IT people who can't keep the web site up to date; you'd be like other companies, with an inept web team that can't the web site up to date!

Reading between the lines

[laron]

When Adam Carson, an associate at Morgan Stanley, first began pushing the use of Web 2.0 tools, he faced a major obstacle in the New York-based investment bank's 10,000-member IT department. "Most of our IT department didn't get it," he said. "This was all new to them. They had just been stuck in the world of enterprise IT."

So, the IT department would have prefered to do their job (enterprise IT) instead of building something just to use the tools.

However, he said he worked closely with IT team members to convince them of the merits of Web 2.0, which led them to implement Asynchronous JavaScript and XML (AJAX) technologies, a key requirement for building and supporting Web 2.0 tools

He didn't stop nagging until they told an intern to cobble something together and paint the relevant acronyms in two feet letters on it.

Once IT was convinced of the value of Web 2.0, he said, the organization was "really good at making sure that [systems] worked really well and didn't break, but they weren't really good at making sure ... people liked using them."

So, people don't use the new-fangled stuff. Obviously this is the fault of IT, and not because they don't see the need.

Carson noted that the company now has about 80 Web 2.0 projects under way, including an effort to create social networks for its clients.

Now we have 80 unused projects. Even our customers refuse to use theirs so far.

During the education process, Carson said he also had to find a manager that would require the use of a Web 2.0 tool for a specific project.

He had an hammer and was looking for a nail. A screw would probably work as well.

That would help spur employees to use the new tools, he noted. The effort also faced cultural resistance from some users clinging to the use of e-mail and other traditional tools rather than switch to new Web 2.0 collaboration tools, he added.

So, with hard work he managed to have something implemented that nobody else thought necessary. Now he is looking for a way to make the users use it.

The other side

[BVis]

Fuck Web 2.0, IT departments are slow to move on any project except those that somehow benefit IT itself.

Nothing else benefits IT, so of course they're looking out for themselves. It almost seems like there's a course in business school now called "Never Give IT Anything To Work With." 1/3 staffing levels, ancient tech, constant micromanagement by non-technical departments, it goes on and on.

We have an extraordinarily difficult time getting IT to update broken links on our website (we used to have access via the shitty CMS they were running but they now took that away too) nevermind solutions such as chat, online appointment scheduling, or additional databases to store information captured from web forms.

Isn't it just possible that your IT is so busy covering up for the idiot users' mistakes that they don't have time to do anything useful? It's hard to get time to update a web site when the CEO has to have his bridge program on his laptop RIGHT FUCKING NOW, or when Marketing is trying to get you to do their research for them, or when the Vice President Of Things That Begin With H On Alternate Tuesdays has hosed his registry for the tenth time, despite ludicrous amounts of coaching (compounded by the fact that he absolutely HAS TO HAVE admin rights on his desktop, or the world would end.)

We have had to go to third party outfits that specialize in hosting their own web application solutions and paying them yearly sums of money to do for us what IT will not. Not a single department has a decent relationship with IT at any of the last few places I have worked (especially the current) and we're all wasting money because of it.

Have you tried using that money to bring staffing levels in IT up to sane levels? Or investing in more infrastructure? How about not treating IT like a red-headed stepchild and appreciating the fact that your business is DEAD without your computers? No? Not shocked.

It's really not that difficult a concept. Has anyone tried saying "please" and "thank you" to any of these folks? Or tried to find out what they do with their time? I'd bet you a paycheck that they're so busy putting out fires that idiot users or executives (but I repeat myself) are setting that they don't have TIME to do anything else. If you treat IT half as badly as it sounds, I think you're lucky they haven't dragged you from your car yet.

Re:The other side

[zerocool^]

Case in point: I'm the linux admin for the place that I work (a Computer Science department at a university). I support linux-on-desktop, our remote login cluster, a bunch of random servers that faculty members decide they need because "I need feature X that is [so insanely out of date | so insanely bleeding edge] that our infrastructure isn't going to support it". I manage licenses for a dozen mathematical, statistical, and otherwise proprietary closed source programs. Lately, the Mac guy quit, so all of a sudden, I'm also the support for the Macintosh folks. I manage the linux backup rotation, which is all nightly rsync-based. I handle the linux half of our windows domain / ldap / kerberos / nfs-automount / samba / cifs single log-on system. I also am still the admin for a handful of Sun servers, and (believe it or not) a few DEC Alphas we have running Tru/64 (or whatever the hell it's called now) Unix. I can't tell you how many projects have been installed/written/maintained by Graduate students who have since left school that fall into my lap when the faculty member realizes no one is maintaining random-app-that-no-one-uses-but-must-always-be-wor king. Oh, I also am in charge of maintaining the stock of toner for the 25-odd different laser printers we have, and distributing it out to people when they come knocking.

What am I spending about 8-10 hours of my 40 hour work week on lately? The powers that be decided that they could fire the part-time student work-study that we used to have to do odd IT jobs, and now, I manage 30-odd card-swipe door locks, which a monkey could do, and which are a huge time sink, considering they're spread out across 3 buildings among 5 square miles, and everyone wants them updated at least three times a week. So, I have to cart one of two different laptops to each physical key card lock and update them.

If I don't get around to moving your Laserjet printer from computer A to computer B, configuring the cups server, and reconfiguring all other 9 computers in your project lab to print to the new server today, it's cause I'm freaking busy. If I can't figure out why your mouse doesn't refocus on matlab on your home linux box when you SSH into the cluster and display the graphical component locally, I'm sorry. If I can't get your bleeding-edge hot off the assembly line wireless card to work in any of [fedora core 5 | fedora core 6 | ubuntu | Centos 5.0] with several different kernels and everything from the stable to the nightly build of NDISwrapper, and the best I can do is that it works *most of the time*, and only causes a kernel panic *sometimes*, I'm sorry. If I can't find an unused room for your new multimedia lab, move 8 powermacs across campus, set them up, get the networking people to install and activate network ports (after getting the paperwork pushed through the financial people), and set up all your software by the time you teach class on Wednesday, when you tell me Monday afternoon, and especially when I had sent out emails in freaking JUNE asking what needed to be done for the upcoming fall semester, sorry - I'm only human.

Honestly, I know a lot of IT staff are lazy control freaks, but come on - some of us are spinning our wheels trying to move as fast as we can, while you all are pulling us in 40 different directions. We're expected to be master of all trades, and that takes time and effort. And I don't respond well to insults, questions of ability, yelling, or last-minute-emergencies-that-could-have-been-preve nted. Try smiling and doing a bit of planning in advance, and you'll go far. Trust me.

~Will

Re:The other side

[Basehart]

FWIW seeing IE7 and web 2.0 in the same sentence makes me want to drink Draino. Good luck.

YOU CAN'T HANDLE THE TRUTH!!!

[JRHelgeson]

Son, we live in a world that has firewalls, and those firewalls have to be maintained by men with root access. Whose gonna do it? You? You, with your blogging buddies? I have a greater responsibility than you could possibly fathom. You whine about port blocking and you curse the administrators. You have that luxury. You have the luxury of not knowing what I know: That blocking ports, while frustrating, probably saves bandwidth... And my existence, while grotesque and incomprehensible to you, saves packets. You don't want the truth because deep down in places you don't talk about at LAN parties, you want me on that firewall, you need me on that firewall. We use words like source address, port 80, destination... We use these words as the backbone of an access control list. You use them as a punchline. I have neither the time nor the inclination to explain why I block access to YouTube to a man who points and clicks on the very network that I provide, and then questions the manner in which I provide it. I would rather you just said thank you, and went on your way, Otherwise, I suggest you pick up a whitepaper, and create your own web 2.0 app. Either way, I don't give a damn what you think you are entitled to.

Eventually, they came on board

[danilo.moret]

The "cool digital media lady" went down the IT section and asked:

- Hey, could you install some MediaWikis with capacity to five thousands access per minute by friday? I read it's super simple and light, just as Web 2.0 is supposed to be, so it should be very easy to do!

And the "boring IT guys" replied:

- You know we can't, we need to deal with all other emergency priorities you set last week about mail and the new Vista boxes. Besides, it's simple to install in one single machine for amateur use, it's complicated to prepare it for the security and load we'll need.

- You IT guys can't deal with changes. You complicate everything. I'll have a smart consultant friend to come over, install it for a few thousand bucks and hand the maintenance over to you.

- Gahhh...

Weeks later, she gave an interview boasting her boldness in "bypassing IT to get Web 2.0 technologies to the group's end users":

- IT started to realize it was happening without them anyway. They weren't interested until they started to get multiple requests from around the business. Eventually, they came on board.

The "boring IT guys" couldn't be interviewed. They were overwhelmed by client's support requests of system configurations, security alarms, the same old email problems and configuring tens of new servers with load balancing.

Next on "The Daily Buzzword Bugle", the folksonomy is being slowed down by the users.

I work in IT, we built a Wiki but nobody came.

[Nonesuch]

I'm part of the tiny IT Security department of a Fortune 500 with many offices around the world. We're understaffed and overburdered with "approvals" and "sign-offs" and other process, but we make do with what we have.

So earlier this year we had a conference call with the various remote site operations and networking and help desk We had a bunch of customers saying "Why doesn't the company use Web 2.0? Why is Instant Messaging discouraged? Why is there no Wiki on the Intranet?"

While this wasn't a priority, we had a small server sitting idle from a failed project. So we built a MediaWiki server, gave it a catchy DNS name, and configured it so anybody who can authenticate to the company LDAP server has an auto-created Wiki account. Even preloaded the server with the Help: namespace and some documents from IT's old file share. I also contacted the biggest site's help desk and inquired whether they would be interested in importing their "how to" documents, but only got a snarky "I know what a Wiki is, and we don't want any" reply.

After some testing internally, about two weeks ago we send out a preliminary announcement about the new Wiki to 100 "power users", including the specific individuals who were complaining about the lack of a Wiki. The response?

Deafening silence.
Perhaps fifty users bother to click on the link, a dozen of those logged in, and four go so far as to create a personal "User" page or make a test edit to one of the existing pages. You can lead users to a wiki, but you can't make them contribute.

Skype is corporate security enemy #1

[Nonesuch]

, Skype saves us TONS of money, and that, for some reason, is public enemy #1 with them.

I agree with your IT department 100% on Skype. That is one creepy closed-source product/protocol which has no place in a business network.

I've been trying for the past year to get Skype/EBay to talk to us at all, to even begin to have a conversation about how to securely enable internal clients to make and receive Skype phone calls without also enabling any and all other encrypted peer-to-peer applications.

Because that is what Skype really is, on the wire -- an obfuscated, encrypted peer-to-peer tunnel in which anything can be exchanged between the internal PC running Skype and a random workstation in some former soviet block nation which it appears to be using as a supernode. Any network where you can reliably use Skype, you can use the same network and host security holes to run P2P filesharing, botnets, or anything else your dark little twisted heart desires.