Ask Slashdot: What Are Some Hard Truths IT Must Learn To Accept?

snydeq writes: "The rise of shadow IT, shortcomings in the cloud, security breaches -- IT leadership is all about navigating hurdles and deficiencies, and learning to adapt to inevitable setbacks," writes Dan Tynan in an article on six hard truths IT must learn to accept. "It can be hard to admit that you've lost control over how your organization deploys technology, or that your network is porous and your code poorly written. Or no matter how much bandwidth you've budgeted for, it never quite seems to be enough, and that despite its bright promise, the cloud isn't the best solution for everything." What are some hard truths your organization has been dealing with? Tynan writes about how the idea of engineering teams sticking a server in a closet and using it to run their own skunkworks has become more open; how an organization can't do everything in the cloud, contrasting the 40 percent of CIOs surveyed by Gartner six years ago who believed they'd be running most of their IT operations in the cloud by now; and how your organization should assume from the get-go that your environment has already been compromised and design a security plan around that. Can you think of any other hard truths IT must learn to accept?

Re:If it aint' broke

[Ichijo]

But if you don't understand why it works, then it may fail in a mysterious way at the worst possible time.

Re:The Cloud is your enemy.

[Strider-]

I would argue the opposite, especially if you are a small company.

This exactly. I work with a midsized non-profit (roughly $3,000,000/year revenues), and we didn't do credit cards for years because we didn't have the ability (or desire) to have to deal with the security hassles associated with them. We finally found a good partner/vendor and were able to outsource the credit card portion of our online operations to them, and with the long delayed arrival of proper EMV terminals in the US, we can finally handle them on-site without having to take absurd security precautions.

In effect, the unencrypted/unsecured cardholder never, ever, touches our networks or computers. All we get from the payment processor is a hash that confirms the payment, and allows us to reconcile and/or reverse the charge if needed. It works great, and is far more secure than something I could have rigged up as a volunteer.

Some things to learn

[WillAffleckUW]

1. State actors never have your own best interests at heart.

2. Frat tech boys will always get their feelings hurt. And whine whenever they aren't winning massively.

3. Comment your code. Always. And stick to naming conventions, it saves a lot of time - for you, and for others.

4. Low cost index mutual funds and ETFs will always outperform actively managed stock and bond funds. Property will always outperform all of these in areas of high population and job growth. You can't take it with you, so don't buy a house you don't need until you actually need it, and never look back.

5. Lists are for people who have problems. Which is, quite frankly, everyone.

6. Take showers and brush teeth/hair. Don't wear shirts or underwear more than one day. Keep spares at work or a gym if that's hard to do.

Re:If it aint' broke

[MrLogic17]

That's how you create Technical Debt.
Every upgrade cycle you skip makes the next one that much harder...

Re:The Cloud is your enemy.

[anegg]

I worked in corporate IT for a fairly large (40k employees) company back in the first half of the 1990s. The CIO would have new ideas regularly about what "we" should be doing (i.e., corporate IT strategy). After a while, we figured out that there was a strong correlation between whatever was recently in "CIO Magazine" and what the CIO's latest ideas for corporate IT strategy were. Unfortunately, it was difficult to have a conversation with the CIO about context and why not everything in CIO Magazine would work in our environment. Fortunately, a new issue of CIO Magazine would generate a whole new set of ideas, and the previous set would generally be forgotten. The one really big idea that came out in that timeframe (using HTTP/HTML to create a corporate information service) wasn't found in CIO Magazine. My impression of CIO Magazine was that it was like "Teen Beat" for CIOs.