Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What Are Some 'Best Practices' IT Should Avoid At All Costs? (cio.com)

Posted by BeauHD on from the look-the-other-way dept.

snydeq writes: From telling everyone they're your customer to establishing a cloud strategy, Bob Lewis outlines 12 "industry best practices" that are sure to sink your company's chances of IT success: "What makes IT organizations fail? Often, it's the adoption of what's described as 'industry best practices' by people who ought to know better but don't, probably because they've never had to do the job. From establishing internal customers to instituting charge-backs to insisting on ROI, a lot of this advice looks plausible when viewed from 50,000 feet or more. Scratch the surface, however, and you begin to find these surefire recipes for IT success are often formulas for failure." What "best practices" would you add?

22 of 348 comments (clear)

  1. Management Frameworks... by Anonymous Coward · · Score: 4, Insightful

    ISO 9000
    ITIL
    TQM
    CMM

    You need to have to crawl before you can walk Management frameworks are for Olympic Class organizations.
    Suggestion - Build your own policies, procedures, and get those in place so you know what the pain points are before you try to implement someone else's idea of what's ideal in IT.
    Fred in IT

    1. Re:Management Frameworks... by haruchai · · Score: 5, Interesting

      I heard people raving about ITIL so I tried to find out what it is. I still don't know because even thinking about it makes me fall alkdshjg;;dfpgsdgjgshgjpsdhfj gf skoppppppppppkgp

      I went through the ITIL Foundations course quite a number of years ago. Could not fucking stay awake.
      The instructor was engaging, knowledgeable, they supplied us was a much coffee as we could stand, I kept going outside (in February) to keep myself awake and I still snored through the entire course.
      Managed to retain enough, long enough to pass the exam but I couldn't tell you the difference between a process & a function (by the ITIL definition) with a gun to my head.

      --
      Pain is merely failure leaving the body
    2. Re:Management Frameworks... by lucm · · Score: 4, Informative

      ISO 9000
      ITIL

      I disagree. In both cases, the problem is not the framework (or standard), it's the blind trust in it and the misconception that it's going to make you deliver higher quality.

      They won't. But done right, both ITIL and ISO 9000 give you one thing: predictable, repeatable output. Maybe your desktop guys are not very good at reinstalling Windows, and maybe your X-Ray QA is not good at spotting bad weld jobs on titanium alloy. But if you're an ISO 9000 or ITIL shop, the procedure will always be the same so you can know in advance that 24% of desktops will need re-imaging and that 61% of QA will give false positive, so you can adjust your planning accordingly. The actual quality is not better or worse, but it's consistent.

      The alternative is to get sometimes good output, sometimes bad, depending on who gets the tasks, the time of day, was it before or after the first coffee break, etc. Maybe in such chaos you can find high quality once in a while, but it makes it very difficult to establish any kind of pipeline or planning.

      --
      lucm, indeed.
  2. Buy not build. by jellomizer · · Score: 5, Insightful

    I am not talking about common tools such as email servers, word processing, spreadsheet...
    But software core to the operation of your business. Companies will sell you massive enterprise solutions, filled with best practices and buzzword features.
    However the effort in implementing this is usually much more complex and costly than a small team of full time developers to make simple solutions to solve the problems unique to the business.

    These companies selling these solutions hire a team of full time employees just to support the company. Then they charge you for the software and their time plus the profit margin. So you end up paying more for features you don't use and extras that are hacked in and barely work.

    Your organization offers solutions, products or services that are unique. Why would you expect software and best processes to be the same.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  3. Adoptin Technology you don't understand.. by bobbied · · Score: 5, Informative

    ALWAYS avoid adopting technology that you don't understand just because somebody on your staff or a salesman with some glossy sales flyer says it will be great! If your manager shows up with the idea, convinced that it's going to be the solution to all his problems and won't take your advice on the matter, update your resume....The devil is ALWAYS in the details...

    There is no silver bullet... Trust me, I've looked for years... However, that doesn't mean you cannot shoot yourself in the foot with a plain old lead round.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  4. ITIL by prisoner-of-enigma · · Score: 5, Informative

    From bitter personal experience, trying to implement the entire ITIL manual down to the tiniest detail instead of treating it as a guideline for what might be applicable.

    Case in point: my former employer had a dated-but-usable change management and helpdesk system they'd used for years. It was due for replacement. They brought in a non-IT project manager to design it. Mrs. Non-IT Project Manager proceeded to treat the ITIL guidelines as some sort of roadmap, demanding the most granular, process-laden, cumbersome, needlessly-complex system I've ever seen. It was universally reviled. Nobody understood it. Nobody was properly trained on it. Tasks that used to take hours now took days. People started working around it, not using it, in order to get even basic stuff done. The system required a complete overhaul -- this time using actual input from the people who would be using it and/or served by it -- and eventually became usable at a cost and schedule far beyond the original mandate.

    Meanwhile Mrs. Non-IT Project Manager was given a raise and promoted to somewhere where she couldn't do that kind of damage again.

    --
    In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
  5. Password Changes by darkain · · Score: 5, Insightful

    Forced password changes every X days. This just leads to people picking really shitty passwords. At one company I worked at for a while, they mitigated this by simply doing "simple word" + month + year. TOTALLY hard to figure out!

    1. Re:Password Changes by sdinfoserv · · Score: 5, Informative

      It may be crappy - but forced password changes are required for many organizational level certifications. Example: PCI, wanna take credit cards, forced password changes required. Just like HIPAA, CJIS, SOX... and a bunch others...

    2. Re:Password Changes by Thad+Boyd · · Score: 5, Funny

      The mandatory online security training we did the first day at GoDaddy actually recommended satisfying the mixed-case/symbols requirements by using an initial capital letter and an ending exclamation point.

      Course, Go Daddy is also the company where they fired one of the five guys on my team, didn't replace him, and then the next week started having daily meetings to discuss how our productivity had gone down 20%. Math was not management's strong suit.

    3. Re:Password Changes by _Sharp'r_ · · Score: 4, Informative

      Enforce a single-sign-on long and complex password.

      That you rarely (years) require to be changed.

      Forcing a password change every 60 days doesn't accomplish anything but either create easily guessable variations, reducing the password space, or create lists of passwords, generally in something insecure for most people.

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
  6. Re: Avoid directory service, aka AD by Nkwe · · Score: 5, Informative

    A directory service is good in theory but most it departements isn't competent enough to hande it, i.e. it will cost more than not using it. .

    So every computer and server in the company should have separate accounts and passwords? I ask because having a common source for accounts and passwords across an enterprise (or even a small business) is one of the primary things a directory service does for you. Thinking about using Google, Facebook, or Microsoft accounts for you employees to log into company resources? Those are (outsourced) directory services as well.

    Secondarily, directory services provide the ability to group users together for various permission granting. You grant rights to accounting resources to your "accountants" group and then you place your accountants in that group. When you hire a new accountant, you just put them the the group; when an accountant leaves the company or moves to a different job function, you take them out of the group. How would you accomplish this reliably without some sort of directory service?

    If you are talking Microsoft's directory service (AD), you also have the ability to maintain consistent workstation configuration, which can be quite difficult without a directory service.

    I believe it would cost you more in terms of time, effort, and mistakes you will make if you *don't* have a directory service.

  7. Best practices to avoid by Hognoxious · · Score: 4, Funny

    If there's a best practice to avoid then avoiding it becomes a best practice, and then you should avoid avoiding it. Or something.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  8. Re:Outsource by BiggerIsBetter · · Score: 4, Informative

    Also, Insource the IT from India.

    Seriously, it's like every Architect, Developer, and Tester is Indian. The BAs too lately. Same problem as outsourcing through... no speed, no creativity, no ownership, no quality. Just confusion and half-assed results. And immigration for the whole familty. Good luck taking the PM roles from the angry middle-aged white women though!

    --
    Forget thrust, drag, lift and weight. Airplanes fly because of money.
  9. Don't verify that web-apps follow your standards by gweihir · · Score: 4, Insightful

    Or have very bad standards in the first place. That way, you are going to enjoy all "Web Application Worst Practices" that people can think of. I am currently assisting a customer wading thorough such a mess.

    Also nice: Fire people that created and understand the application after they have finished, but before anything is documented.

    And to top it off: Declare the proof-of-concept to be the final application. It is much cheaper!

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  10. Re:The #1 practice sure to sink your business by EmagGeek · · Score: 5, Funny

    I spend a lot of money paying Internet trolls to trash-talk linux in public forums so that my competitors won't run it.

  11. Re:All of them by Anonymous Coward · · Score: 5, Interesting

    From a book on Photographic Technique:

    "Best Box. The Photographer has their Camera Bags. The Assistant has the Best Box. "Best" in this context is lost in History, but was generally considered as containing the most important Lighting goodies. The term dates back to Shakespeare. In Cinema, the person responsible for the Best Box is known as the Best Boy, regardless of gender. (Before "Boy" had any specific youthful gender assignment, it referred merely to a Servant or somebody useful, and maintains this definition in Ireland, where such people are known as "Boyos".) About two decades ago, a new term emerged, stolen right from Cinema- "Best Practices"; originally concerning Lighting. Anybody using this term these days off-stage is a fraud, and "Best Practices" is a phrase best commonly employed in the game of "Bullshit Bingo"."

  12. NIST 800-63-3B changed that by Anonymous Coward · · Score: 5, Informative

    As of NIST 800-63-3 forced password changes based solely on time interval is no longer a 'Best Practice'. Now the Best Practice is to expire passwords only when there is suspicion of account or system compromise.

    Sadly it will take some time before the many organizations who copied the old best practice into their own documentation can step up to current best practice.

  13. Absolutely by lucm · · Score: 5, Informative

    Ahh yes, the "we really suck, but we consistently suck, we've got the ISO 9000 cert to prove it" argument.

    Yes. That's the whole point.

    True story. I used to work for a company that did low-cost assembly for big vendors. Razor-thin margins, which means that the whole business depends on a highly efficient supply chain composed of other low-cost suppliers. When it came to a specific production line, a change of less than 1% in components rejection would either cause a financial loss on the whole batch, or create an expensive shipping buffer which also incurred unsustainable losses. So at one point the company ditched a "mostly high-quality" supplier for a consistently terrible one. Being able to tune the production line and let it run at a predictable rate was immensely more profitable than getting fewer average component rejections.

    And I believe this approach also works in large organizations. You don't want to have two sets of baselines for a big project depending on "how long will it take to get working environments"; you want always the same kind of environments and use that as a reliable figure in your planning. Both ISO 9000 and ITIL include continuous improvement mechanisms, but they're not higher priority than having a predictable, consistent delivery.

    --
    lucm, indeed.
    1. Re:Absolutely by Anonymous Coward · · Score: 5, Insightful

      "So at one point the company ditched a 'mostly high-quality' supplier for a consistently terrible one. Being able to tune the production line and let it run at a predictable rate was immensely more profitable than getting fewer average component rejections."

      This is why the logic of capitalism will, ultimately, destroy us all.

  14. Laying off old people by Snotnose · · Score: 4, Insightful

    Who have 20+ years experience in favor of outsourced "engineers" for 1/3 the salary and 1/10 the experience.

    / not bitter

  15. Re:It's always tempting to outsource by AK+Marc · · Score: 4, Informative

    Goes with #4. Internal Chargebacks. If you do internal chargebacks, make sure they are lower than what it'd take a consultant to do the same job. I've seen the chargeback rate so high, it was easier for the developers drive to the store and pick up a Dell Server (or whatever), and install that instead of buying the IT Server Service. Then you have piles of "rogue servers" running around and a valid business reason to undermine your own IT department.

    When you spend $1M on IT and IT collects $5M on chargeback, making the "Service" profitable, at the expense of logic and reason, and leading to outsourcing.

    If chargebacks reflect the cost of providing the service, and are lower than can be obtained elsewhere, then it will only be a good thing. It demonstrates the value, and prevents budget squeezing.

    --
    Learn to love Alaska
  16. Re:Avoid Tape Backup by dbIII · · Score: 4, Interesting

    A backup is better than a badly working, slow or intervention-prone backup which is synonymous to cheap tape system offers ($100k)

    If $100k is a cheap tape system then I've got a cheap bridge to sell you.
    LTO5 drives come down in price a lot since the newer LTO types have come out, and you can hold a lot of stuff with staggered backups over a few of those 1.5Tb tapes at less than $30 each.
    It doesn't take a massive amount of data before the combined drive and tape cost beats external USB drives.
    The important thing is so long as you have something that is not actually connected when disaster strikes. A tape or USB drive that is not physically connected to the machine when things go wrong is the idea.