What Would You Demand From Your IT Department? 671
ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?
First thing to demand - an SLA (Score:5, Insightful)
What are we starting with? (Score:5, Insightful)
I don't know your situation... but maybe more money is needed for people, equipment, etc etc. You can demand all you want, but if you don't pony up the resources... *shrugs* You get what you pay for.
No Brainer (Score:5, Insightful)
Anyway, here is how it works. Your department has IT needs. These needs are written down. The IT department has guaranteed services it provides. These are written down. Your department takes a budget "hit" to pay for an internal IT department. These are the givens.
Now, if IT does not provide services you NEED/REQUIRE (like backup, duh), then you go to the whomever is above both departments (COO, VP of division, president...) and you show the mismatch. This is not a complaint, just a reason why you are increasing your budget next year to get the services you need to succeed.
Of course, you are keeping a log of all incidents that are occurring and a log of down time and a log of costs to you as a result, etc.
Look, business people are not idiots. The 3 previous paragraphs I write above are beyond no-brainers. Why is this stuff so non-obvious to today's geeks??
It sounds like your company has other issues... (Score:5, Insightful)
A group of users making "demands" of the IT department is somewhat inappropriate. Yes, the IT department exists to help users with their work, but their priorities are set by senior management. If you plan to create some kind of IT Steering Committee, I would recommend a few things: (1) Lose the attitude -- all you'll do is put the IT folks on the defensive (and remember, since you're not in their group, you may actually have NO idea what priorities have been laid out for them by senior management); (2) Get the blessing of senior management before you try this; (3) Make sure at least one or two high-level people attend your meetings and buy-in to what you talk about.
Treat the IT folks like human beings. They may have perfectly good reasons for dismissing what you consider reasonable ideas. Perhaps they're seriously understaffed so that great desktop Linux rollout one of your users is convinced is the right idea just doesn't pay off for them, for example.
Re:What would you demand from your IT users? (Score:0, Insightful)
Not enough storage. When 200GB drives are under $150 maybe it's time to stop complaining at the people who dare to keep a meg of on line messages.
As the masturbation you have not seen how busy a competent IT technician is. It's the ones that people know they can't turn to with problems who have time on their hands.
This may be Senior Managements Fault (Score:5, Insightful)
--No Storage Space
These sound like budget issues. Do you think that if the IT staff, just tries really hard or is competent that they can just create File Storage and Backup Systems out of thin air.
Centralized IT is the problem... (Score:2, Insightful)
If I manage a group of 40 people, I should be able to hire an IT person to service my 40 people. Their salary should come out of my budget. My IT person should have to adhere to corporate architectural guidelines. But this IT person should report to me and be accountable to me.
Internal corporate IT SLAs are a joke. If an SLA is violated, it turns into nothing but a moronic yelling match complete with finger-pointing, et cetera. Meanwhile... the end-user still suffers.
Down with centralied IT, I say. Put IT staff inside of each business function. Make them accountable to that business group/function... where it belongs.
Re:What would you demand from your IT users? (Score:3, Insightful)
Users who think the network drives are for their personal music, picture and video collections.
Re:Common Occurence (Score:3, Insightful)
O RLY?
Maybe this should have been a wake-up call to the bozos with pointy hair that they actually NEEDED all the headcount that used to be on payroll.
From the non-tech perspective (Score:5, Insightful)
-Security of data: obviously no data is *absolutely* secure if the computer is connected to the net, but enough security that I could feasibly work with medical records and HIPPA-privledged information without constantly worrying about crackers. For those of you who don't know what HIPPA is, imagine a very protective law about patient confidentiality that can result in serious jail time if it is violated.
-Continual access (within reason): If there are natural disasters, power outages, or personal emergencies, then certainly one can't reasonably expect 24-hr access. At almost any other time, however, I'd like to be able to turn a computer on at the workplace and not worry about downtime or have to call someone to fix the system (as my colleagues and I do now).
-Work ethic: Nothing pisses me off more than lazy people, especially those who try to use technobabble to hide incompetence. If there is work to be done, then I'd like to dial up the local expert/employee and know that the problem will be fixed *quickly* and efficiently. Certainly there will be problems that require more time than others and nothing runs smoothly all the time, but no one should have to brook crap from employees who pad schedules. If there are problems, say so and at least *try* to explain them, don't go into geekspeak/technical language in hopes that I don't understand and give up and let them go back to (insert game here).
-Keeping me informed of new tech without trying to be a salesman: Not every new upgrade is worth getting and keeping up with the Joneses can be prohibitively expensive. Sure, new tech is very cool and I'd like a wireless device to use around my office to tie labs/patient data together, but that doesn't mean it's worth constantly annoying the boss for tech upgrades
-Honesty: Don't overcharge me or bend/stretch/break the truth with me. Medical professionals *seem* to be a prime target for fleecing among computer folks and I've heard horror stories about people paying several times market rate for upgrade and basic tech services. If you work for me, please be honest about all systems or equipment. If I've made a poor decision and there's new data, say so. If there's a better program/hardware setup out there and I'm not familiar with it or am being blindsided by the saleswoman, make mention of it. I don't have the time or patience to micromanage, if your job is technical material than I rely on your expertise and expect to be able to trust you and your decisions.
That shouldn't be too much to ask and is what I will expect of any technical employees I'd hire once I graduate and get a practice up and running a few years from now.
Re:Centralized IT is the problem... (Score:2, Insightful)
Your company may be totally average if... (Score:2, Insightful)
Re:What would you demand from your IT users? (Score:5, Insightful)
A competent IT technician has just enough time on his hands to learn new technology and retain sanity. A competent IT technician does not give users access to anything that could cause unpredictable consequences and makes sure that the systems they do have access to don't have problems in the first place.
An IT guy who is constantly running from place to place is the result of one (or more) of three things.
1. An understaffed department. Your IT guy is not working the floor in a retail outlet, if he's on his feet or crawled under a desk most of the day you need more IT guys.
2. An imcompetent IT guy (or IT decision maker causing IT guys to perform IT tasks incompetently). When IT is done properly there are not fires everywhere to put out.
3. Incompetent users. Incompetent users are the types who keep the IT guys busy fixing phantom problems, doing user training, or bug them with water cooler talk that fails to recognize that IT guys don't like people or talk. Your IT guy does not care to tell you about the cell phone or digital camera on the market.
Attit00d... (Score:3, Insightful)
Making demands and staging revolts is only going to get *you* fired. It won't resolve any of the technical problems.
Who the hell is in charge? (Score:3, Insightful)
Gather your allies and information. Details about what is wrong, why it's bad for the company, and how to fix it. Demand an audience with whoever is the highest person in the company you can meet with, and lay it all out. To be brutally honest, someone needs to be fired over this. Make this suggestion. Don't necessarily pick who, but make it clear that the people running IT aren't getting the job done. People outside the IT department shouldn't have to draft the job requirements of the IT department. If they know what they're doing, they'll know what to do.
If you can't get upper management to take action, then either suck it up and deal with it, or leave.
The first thing to do... (Score:2, Insightful)
It is far more useful to have an ally in any person or group, than to make an enemy of them.
We had an issue at a past job where we got a new manager who happened to work from a remote site. He laid down mandates that were ludicrous in nature, including to stop stocking extra hardware. Mouse broke? Put in a P.O. for a new one, get it approved, order it, and wait for it to come in. User can't work? Too bad, not enough money in the new budget to have all that extra stuff we don't actively use, and wasted storage space. The kicker is that he also blocked complaints about this pratice, from both within IT and from the users, from getting above his level. It took an end-run around him from frustrated users and IT staff to get a VP to notice. (Why did he do this? Our guess was to save an assload of cash, look good, then pass the problems on to his sucessor when he got promoted.)
Before you say "The IT Team is not serving our needs," make an effort to find out why there is an issue. Ask one of the techs what's up. I'm sure you would not want someone saying your entire department (including you) was performing unsatisfactorily due to reasons you have no control over.
Centralized Can Work (Score:2, Insightful)
However, I disagree that centralized IT should die. I have spent much time in my professional career undoing the nightmare of islands of systems where information is stored in multiple places (and only one is current), the same data value is stored differently (different customer numbers, item numbers, etc.). Attempting to reconcile differences in procedures, bring info together after the fact, etc. etc. is time consuming and error prone.
I can see having dedicated resources as long as the enterprise architecture is coordinated and reasonably centralized.
Re:From the non-tech perspective (Score:4, Insightful)
Security is a two edged sword... To increase security - you the end user get the following. All traffic is encrypted. All fields that display sensitive information are invisible, unless you move the mouse pointer over it, and click (hold the click to see the info). All screen savers are locked on blank screen (no user customizable fancy dancy screen savers) - and set at 1 Minute, maximum - no user ability to change / reset this. All user systems have USB disabled, no cdrom drive, no floppy drive. All passwords must be a minimum of 8 characters long, have at least 2 numerics, 2 symbols, 2 capital letters and 2 lower case letters. Zero repeat characters, and no character can be used in the same position more than once in 16 months. Passwords must be reset every 28 days - no exceptions. All users must pass basic computer literacy / ability tests. You fail the test, you're fired. Internet access is restricted to Intranet and *approved* work related internet sites. Usage is monitored, and reviewed by supervisors monthly. Users must face the entrance to their work environment, with their monitors facing away from the entrance. Spot checks will be done to see if anyone has passwords written down, if they do - they're shit-canned. Anyone caught sharing / using someone else's password is fired - no questions asked. Supervisors caught logged in as one of their employees are also shit-canned. Supervisors have the ability to review their people's work, without logging in as the user.
- Continual access - Users get as much access as the business areas are willing to provide. IE - Continuous access costs money. Get the IT areas the money, they will get you the access. Clustered servers with snap-shot capable databases / filesystems are not cheap. Nor are the test servers needed to allow for full regression testing of each patch / update for every system in the office. All of these things must be provided for to get you your *full time access*.
- Work Ethic - Nothing *PISSES* me off more than lazy end users who say "can't you just?" or
"quick question" - especially when I've already answered the question 15 times previously. Nothing is ever as *simple* as you think it is. With today's systems that are interconnected at levels previously not even dreamed of - taking that simple table offline so you can *refresh* the data, causes 13 other business areas to sit idle until that data is made available again.
- Keeping you informed - While not every new technology is great, there are sooo many new technologies that *could* make your life easier, if only you could get over this *fear of change* you seem to have. Change is good - without it, we'd all be dead.
-Honesty: I've never stretched the truth, nor have I overcharged. However, the reverse is also true - don't ask questions like - "Honestly now, isn't it *physically* possible to do x/y/z?" Even when it's physically possible to do something you want, doesn't mean it's the right / correct / intelligent thing to do. Since it's our job to be technical, and *know* these things, let us do our jobs - without butting in with your inane prattling.
Remember - as a computer analyst, we are expected to be right 100% of the time, and aren't allowed to *experiment*. As a doctor, you are expected to be right 100% of the time - however, with computers if the *patient* dies - nothing but information is lost.
Re:A user revolt? Good luck! (Score:3, Insightful)
Good luck!
Corporate Oversite=Bad Idea (Score:2, Insightful)
Basically what happened with us... we had an under funded IT department of 6 people for several thousand in the company. Backups and the like were uncommon. A quartely meeting was conviened where all the regional (basically different areas of engineering) managers would meet with IT and decide what IT's priorities would be and decide what resources would be allocated.
Immediate results:
IT got better funding. More staff for watching servers.
Bloat. After the original problems where fixed, the quartely meeting became a wish list. The IT department gained more and more control of individual users.
Now, this may not be a big issue in your company. In mine, 80%+ of the employees are engineers who travel a lot. We need control of their own computers. From IT's perspective, it was cheaper to lock down everyones computer rather than the few bad actors.
From a company performance standpoint, this caused issues with clients. When you end up in some random office at a client's building and need to print a new document you can't install drivers. We couldn't install test equipment software without 'dialing home' so IT can VPN in. We couldn't cleanup our own registry when an install/uninstall goes bad without dialing in again. Overall, if cost us time and lost us clients.
Currently the control is now swinging back from IT to the users. If you work for a technology company I STRONGLY suggest that you spell out IT's responsibilities AND IT's limits. My vague suggestions follow.
Responsibilities:
1) e-mail
2) webroot servers
3) local network servers
4) inter-office network (if you have one)
5) Helpdesk functions.
'Limits': (you probably want to call this requirements)
1) employees in group 'X' must have admin access over their machines, subject to periodic software audits
2) office managers remain responsible for telephones and other items not directly computer related (IT should not control PA/lights/etc)
3) office managers (or equivalent) dictate (and pay for) equipment to be purchased
4) Managers dicate/pay for software to be installed. IT is still responsible for company licenses.
5) An individual in each office must have admin rights for people not in group 'X'. This employee need not be (and need not be) IT related.
95% of user IT issues can be handled easily (and often more quickly) within a group of technically competent people. The IT department should provide support for the other 5% (which includes maintaining servers and the like).
IT managment advice from untrained geeks roxorz! (Score:3, Insightful)
"The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year.
Hmmm...well lets get to that 'incompetence' thing a little later.
But as for "ignoring knowledgeable user input for about a year"...lemme see, you've been harping on about something for a year to the IT department?
Well, what is "knowledgeable user input" anyway? "At my old company we used to..." or "my friend who is an IT genius says..."
Seriously, if you have a suggestion, detail it and submit it to the IT manager and cc it to your manager.
Berating some poor schmuck when he comes to help you format a word doc is not an effective change management strategy!
Additionally, they haven't been able to sell needed changes to senior management.
LMAO...but somehow you and your band of IT-vigilantes is going to change the world? Good luck!
So IT ARE going to management with suggestions, but are getting knocked back?
So somehow you equate managements lack of willingness to resource your IT department to be a failure of the IT guys lack of bargaining skills...not a boneheaded lack of foresight on behalf of your management team?
Wow...tough crowd...
Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice.
GOOD! Now "those on top" need to find the money they should spent on protecting their investment in the first place.
You do realise that IT guys dont just down servers for no reason, dont you? You probably do...or you think they do it on purpose just to piss you off.
And while you're sitting around moaning about how long it's taking for you to be able to get back onto
From your comments so far, I'm assuming you are not one of the "knowledgeable user's" you mentioned before.
We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions.
Yeah, you go girl!
Nice of you to harass IT some more. After all they have nothing better to do than sit in on your moanapolooza.
Why not form your little revolt and march on the guys that will have to OK and pay for your demands...oh wait, lemme guess...'cause if you did you'd get your ass fired!
Face it, you dont want a solution or you would go to the people who can effect change. You want to vent. Well, you have...does that feel better?
What would you put in our charter? What services and responsibilities would you demand out of your IT department?
Well, first up...I'd want suitably qualified and trained professionals in charge of the decision making process.
And as your "knowledgeable user's" are neither...I'd demand that they get trained or STFU.
Then I'd demand that the reasons for management knocking back IT requests be made public.
Im hoping the moment management have to front staff and explain why there will be "no increase in storage" or "no funds for disaster recovery" will be one of those life changing events for you...when you realise IT budgets have to be approved or people (like you) wont get what they want, so that you then take the fight to those with the money and leave your nerds to get on with keeping your sad little network up and running.
If you really want to help your IT department effect a postive change, quit harrasing them and take your fight to the people at the top who are ultimately responsible.
Find the guys that sign's off on the IT budget and ask them why server space hasn't increased to meet demand.
Because the answer is either your IT department is siphoning off $$$ to day-trade with, or there was nothing budgeted to allow for it.
Support isn't simply at the user's computer (Score:3, Insightful)
Remember that IT means running the file and printer servers, the email, the HR and accounting systems, your web site, your internet connection, your firewall, etc. etc. etc. Don't forget purchasing and provisioning all new desktops and servers. Throw in backups and 24/7/365 coverage and that person will burn out pretty quickly. (Also what do you do when they're on vacation?)
I suppose there has to be some happy medium between everything being handed down from on high and every small group going their own way. What's really needed is a good support group that is responsible for set groups of desktops, an IT consultancy hit-squad that can come in and launch projects, application owners, and the infrastructure maintenance people. Beats me how many people that works out to be.
You missed a biggie- $$$ (Score:4, Insightful)
A lot of people I know tend to blame IT staff for lack of space, lack of bandwidth etc. when problem was that IT dept could not afford to purchase equipment to upgrade a service, and they just tend to use all the budget to maintain status quo. Trust me all IT folks out there LOVE to push out new technology, increase storage, better networks, and reduce helpdesk calls. But a lack of staffing and money can put a damper in the best of IT staff in the world.
Re:What would you demand from your IT users? (Score:3, Insightful)
Horseshit! IT support IS about users and you'd better learn how to talk to them if you want to keep working in IT. RTFM as a response to stupid user questions will eventually get you your walking papers.
Re:No Brainer (Score:2, Insightful)
Or he could start searching for a new job so that he doesn't have to work in the negative and inefficient work environment you describe.
Re:From the non-tech perspective (Score:2, Insightful)
Re:No Brainer (Score:3, Insightful)
If your work environment is such that you need to find "dirt" on people to get your work done, then nothing good's going to come from working there. Think in terms of "What will my resume look like?", "Who here is going to give me a reference for another job?",
If your IT dept relies on catastrophic failure in order to get funds necessary to do its job, then you really need to move on and find somewhere where that isn't tolerated.
Re:What would you demand from your IT users? (Score:3, Insightful)
A meg? Ha! Try a gig. I've seen users routinely go well over 1 gigabyte of mail because they just can't help leaving those MS IdonthavemeaningfulcontentbutidohaveneateffectsPo
This is a pet peeve you need to get over. First of all, those cheap 200GB drives are shit compared to what real data center storage should be built on. Sure, you *could* line up 20 of them in a hyper redutant mega RAID or something, but something's gonna blow. The controller, that cheap ass motherboard you put in your storage server. It is low end stuff, for the most part. And that amounts to big headaches in the long run.
Second, how do you back all that up? Good tape libraries are not cheap and managing terrabytes of backup amounts to even more headaches. The more data you have, the more time it takes to get full backups.
-matthew
Re:how to remember a secure password? (Score:5, Insightful)
Of course, hard-to-crack passwords only matter in cases where it would be feasible for someone to try and brute-force the system without being detected and locked out. That's generally only possible against targets like encrypted files, not live system logins.
The only thing that is going to let people in to live targets via the normal user login (ie: Not through a bug/hole/exploit) is either easy-to-guess passwords (like spouse name, dog name, birthdate, etc - dictionary words are not necessarily easy to guess unless there would be some reason an attacker would be likely to guess the word) or through the user disclosing their password in some manner.
Of the two, user disclosure is more likely. Even with an easy-to-guess password, it's unlikely even a knowledgable attacker would be able to guess it in few enough tries not to set off any lockouts the system may have. In any case, you don't need to go to such a draconian level to prevent easy-to-guess passwords. Require two non-alphabetic characters in non-adjacent positions in the password, and you're pretty much safe.
The most likely route for password compromise is user disclosure, and there is no technical way to protect against that except for relying on additional, non-password security measures (keycards, biometrics, etc). You could try educating your users, but like that's going to work.
Re:From the non-tech perspective (Score:3, Insightful)
They might THINK they need that level of uptime, but that falls under "user education".
Something I have very little patience for lately, unfortunately.
(yes, I do desktop support, why do you ask?)
Re:Knowledgeable user input? Yeah Right... (Score:3, Insightful)
If your customers are not happy with your service, then I suggest it is more than them being arrogant. Unhappy customers tend to find other ways to get things they want, in spite of your dictatorship. Deal with it.
Re:From the non-tech perspective (Score:3, Insightful)
Re:What are we starting with? (Score:3, Insightful)
Re:What would you demand from your IT users? (Score:5, Insightful)
I bought 20 of these 300gb scsi monsters. At 1500 bucks a pop!
They wanted to upgrade an aging 20 node Single Athlon MP Cluster. I told em it'd be cheaper to buy new hardware than to upgrade them to 2 cpu's, quadruple the ram and add 300gb scsi hard drives.
Originally = 1xAthlon MP 1800, 1 Gig Ram, 1x76gig HD
Upgraded = 2xAthlon MP 2800, 4 Gig Ram, 1x300gig HD & 1x76gig HD
They didn't believe me. . .
When these old, out of warranty machines, started having all failures (mobo/power supply) it was my fault! Try as I could, I couldn't get replacement parts. The legacy parts, ATXGES (Non-Standard) power supply and discontinued mobo were nowhere to be found. . .
The guy who posted this "ask slashdot" probably knows more about his local IT department than I do. All I can say is that I got a reputation very similar to the posters IT dept. Incapable of keeping servers up, yadda yadda yadda, even though I had made it clear that this was NOT the way to go. Just because IT is in charge of it, doesn't mean they created the mess. . .
Re:What would you demand from your IT users? (Score:3, Insightful)
a home computer
DVD player
crap program riddled with spyware that is supposed to be good
any sort of technical thing entirely unrelated to work
discussing cool movies or whatever
is another minute that has to be spent doing things that are work related after the person asking the questions has gone home.
During quiet periods it doesn't matter - but some guy coming into the server room to interupt a frantic operation to get a replacement server up ASAP and asking about the video card on his home computer is more the rule than the exception. Be unapproachable and you can't do the job. Be approachable enough to do the job and people expect you to fix their personal things.
At least slashdot can be excused as keeping track of current tech trends and not purely relaxation.
Re:from personal anecdotal experience (Score:3, Insightful)
Okay, maybe it's just me, but if I took a $500K loss and some motherfucker walked off with $500M, I'd be at his front door conducting a frank exchange of views with him while holding an AK-47 to his crotch. And if he agreed to make good my losses, he'd get his wife and kids back unharmed.
Motherfucking CEOs get away with this shit because the middle class lacks balls. Eighty years ago, if you were an assembly line worker at Ford or GM, you'd be sitting down in the factory, rioting, or throwing Molotov cocktails at the Pinkerton thugs that management hired to bust skulls.
But the middle class doesn't riot. The middle class has no stomach for violence. Every so often, the sons of the middle class might smash the windows of a Starbucks in the name of anti-globalization, but that's more teen angst than protest.
Ann "Visible Adam's Apple" Coulter once said that someone should shoot liberals so that they should know that they're vulnerable (this was right after 9/11, when she was really off the hook). I think the same should apply to CEOs who loot their companies and walk off with multi-million dollar "golden handjobs". Make them spend some of their "hard earned" millions on a security perimeter worthy of the Secret Service.
k.
Re:No Brainer (Score:3, Insightful)
In other words you have a tech job in a socialist economy. You get the good and the bad of it. Enjoy the good, you'll miss it more than you think when you leave.
Re:From the non-tech perspective (Score:3, Insightful)
Re:how to remember a secure password? (Score:4, Insightful)
A user password policy that is too restrictive means users will never remember them, and end up doing things like writing them on post-it notes and sticking them on the monitor.
A better solution is have easy-to-remember passwords (though not trivial passwords such as "password", the login name or "1234567890") and put in a 3-strikes-you-are-out rule and a hierachical user access policy - "need to know". Remember - 80% of attacks come from within. Don't trust your users.
Naturally, the root/Admin passwords for servers containing critical business data and de-encryption keys are long, complicated, regularly changed then written down and placed in an envelope in the corporate fireproof safe, along with the weekly backup tapes.
Speaking for the IT Dept. (Score:3, Insightful)
No it's easier as an end user to just sit back, and play both ends (Management and IT) against the middle. Perhaps just for once you and other end users could try working with us instead of against us. Just once try and understand that the easier we make your life the easier it makes ours and vice versa, meaning I'm not suggesting the change to bother you, I'm doing it to protect you.
My fear is that in your company, end users and management deserve each other. One group to bent on the right now bottom line. The other group bent on using IT as an excuse for not being able to meet unreasonable demands made by the same management that can't see past todays ink.
The first step in any situation like this is to ask yourself the question. What am I doing wrong. Stop trying to fix others problems before you bother to fix your own.
I think you're missing the point (Score:3, Insightful)
"Your department has IT needs. These needs are written down."
The poster's question was (essentially) "What are some needs that we might write down?" The poster is looking for suggestions as to
1. Phrasing of needs, e.g. instead of saying "keep servers up most of the time" write down: servers have less than 1% unscheduled downtime and scheduled downtime is limited to Sunday nights from 1 AM to 6 AM.
2. Identifying needs, e.g. 90% of user requests should receive a response within two business days and 100% within seven business days. A response is defined as one of a solution, a request for more information, or a denial of the request (w/ explanation). What other needs have slashdot readers noticed? Sure, some of these will be inapplicable to the poster's situation. However, some things we could suggest might be applicable but not obvious.
3. Realism of needs, e.g. are 99% uptime and 90% response rate within two days realistic? Is it required?
4. Requirements of needs, e.g. is seven business days too lax? Does a requirement that lax cause operational issues? Should it be tighter?
You're right, writing down needs is a no brainer. Note that the original post said that that was what they were trying to do. To define the requirements on which they wanted upper management to sign off. The request is for help *generating* that list.
It's important to get the right list of needs the first time, because it will be hard to get management to change them upwards (which requires more budget). Once the list is settled, it will be much easier to get budget for that list than it will be to change the list. Getting the list right the first time will be hard, as obviously they don't have an existing list from which to work. In fact, they may not be measuring things like uptime and response rates.
It's also important to be realistic. For example, if the list says 100% uptime, it's going to quickly be obvious that that is impossible. The net result is that management will get to pick an uptime. Otoh, if you pick an uptime of 99%, that at least seems reasonable. If the actual uptime is 98%, then you can demand more resources to push up the uptime.
Oh, crap, senior management just found /. ! (Score:2, Insightful)
As a lower-middle-level IT guy, I have heard this type of BS before. I have been accused of incompetence by half the managers in my freaking company. The other half think I'm a saint. Lots of luck on your commitee. That really is the best way to come up with new ideas. Or at least blow a week without working.
All IT department are ultimately bottle-necked by the willingness of management to commit to ever-increasing levels of service.
That's fancy talk for "They're a bunch of tightwads."
I can't imagine a bonafide "incompentent" IT department. It's pretty hard to fake technical knowledge for long (between technicians), and we constantly test each other for dominance in our work groups, whether we see it as such or not.
More like, the described IT department is understaffed and/or underfunded. That, or the mangement refuses to upgrade from ancient, widely varying production systems on the grounds of costs or other "difficulty". I once supported 5 completely different production systems, and a host of secondary systems, running on different hardware and software, spread across 13 locations all over SoCal. I did it alone for 1.5 years. There were entire weeks when I couldn't have described what I did to keep things working after the fact, because I was totally and completely fried. Not conducive to producing orginal or innovative ideas, especially when they had no audience.
Thank goodness we finally converted to a nice centralized system, added staff, and got things relatively stable. Now when people complain, I tell them the story above. Our system is FAR from perfect, but it's better than it was, and apparently that's the best I can expect from my crap company. Without a truly serious commitment to improved software, the system we've built will ultimately rot. Development is key, and if your oganization doesn't have developers working on your system EVERY DAY, whether they are in-house or out, then your system is rotting as we speak.
Which of course is all very compelling to management, until to lay out the costs involved in constant development.
For the management: You get what you pay for.
For the IT guys: A good boss could be worth your sanity. Know any?
Re:how to remember a secure password? (Score:4, Insightful)
You just illustrated what the users have been complaining about. Instead of cleaning your systems of the worm you are running around unlocking accounts. Leave them locked until you get the flipping worm off your systems THEN unlock those accounts. It isn't rocket science folks...
B.
Amid the attacks, an answer (Score:5, Insightful)
The answer to your question? SLA or Service Level Agreement.
It is reasonable to ask management what you should expect from IT. Find out what the SLA is or help create one. This will be a lot of work. You will encounter resistance, for no more sinister reason than that is hard. Just make sure this SLA takes into account senior management's requirements of IT as well. Perhaps IT incompetence isn't the reason management isn't providing the needed upgrades. An SLA provides some metric for performance. If the SLA is unsatisfactory, that is a matter to be taken up after performance against it is measured, but what amounts to a formal job description is a reasonable starting point.
There's good literature on all of this, and it's easy to find if you are interested in improving IT in your organization, and not just playing Napoleon. If you'd rather just whine and make everything worse, ignore everyone here and stage your little petty revolt. It will be easier, but if management has a clue at all, this will be a career limiting move for you. Cynically, either way, the SLA is the starting point.
I don't deny that IT can be incompetent, but it is rare in my experience. It occured to me that you were a troll, posting here. Regardless, there are others who really think IT is incompent because of their own ignorance, who would benefit from gaining a little insight into what IT is about.
If I worked with you, I probably would tell you this in person, and tell you who might have more insight into the actual priorites set for IT. I've had plenty of similar conversations with people over the years. It's just another part of the usual perception problem for IT.
Re:From the non-tech perspective (Score:3, Insightful)
The basic facts are still accurate. Anyone who had rigid patterns in the way they worked could have their code content guessed. There was an airstrip in the alps that used to send a weather report every day that was word for word the same - "Weather fine, skies clear, visibility good" etc. Bletchley knew from the number of letters in the message that it was the same today as yesterday.
There is another important moral here. The fact that no letter mapped onto itself - a weak property but exploitable if you have enough text - arose because some engineer reckoned if you sent the electrical signal back through the rotors again, then it would be like having twice as many rotors. if didn't - it made the code weaker. You can make everyone have long passwords with random characters, but there is little benefit in this unless you are sure all your ports are protected, and your computer does not have any of the standard service or administration accounts still enabled. If the password is really the limiting security weakness, then maybe it is time to go to something more advanced, like a USB dongle to prove you are who you say you are.
Yep, there are ways around that, too. But every little helps...
Their side (Score:2, Insightful)
Re:What would you demand from your IT users? (Score:1, Insightful)
Now THIS is why you need to be able to mod a comment higher than 5.
A management problem - not a technical one (Score:3, Insightful)
So, you end up with technical decisions that serve the people who deal with technology, as opposed to serving the users who are doing the main work of the company, or serving the company's goals as a whole.
I'm not sure what causes effective managers to decide to take a different approach to technical issues than they do with others, but I'm convinced that's the root cause of the sort of problem described by the poster.
I believe top management - and department managers, following their lead - should be pressing IT managers to break down technical issues to the point where they can make effective decisions. When the IT manager says "it will take 3 months to set up a new mail server" and the sales manager throws her hands in the air, their boss should sit down with the IT manager and make them explain what the factors are that will make it take that long. And if it's too technical and they don't understand, they should SAY so, and make the IT manager explain it again. Until they understand. Then, they should say things like "what would it take to do it in 1 month?" and by that time, they should be informed enough to reject bullshit answers like "we need another $75k employee."
"technical ignorance" is not an excuse, when you have people on staff who are capable of educating you. And IT workers who perpetuate the myth that it's "beyond a non-technical user's understanding" merely for their own convenience should be...fired.
If your management doesn't see things this way, there's probably not much you can do about the problem.
Re:Knowledgeable user input? Yeah Right... (Score:3, Insightful)
16 years ago, we faced exactly the same situation as the person asking the question (same sixe of company, even). Then 15 years ago, "We the Users" staged a revolt (actually I did) and started a working group exactly as he describes to sort stuff out. Things were painful in the beginning, but once everybody understood what it was all about, improvement set in. We've been meeting on a monthly basis ever since. Today, I'm the chairman of that working group and the IT people are very unhappy that I have decided to leave the company. Some of them even hinted that I'd be welcomed to become head of IT in case I were to change my mind about leaving. Yet, I still don't know the nitty gritty details of a lot of stuff they do (and they know it), but I do have significant "power" because they trust me to do the right thing when I know what I'm doing and to keep my fingers off it when I don't.
The key thing is that there is also a lot of stuff that I - being the "ignorant user with some knowledge" that I am - know about what my fellow users - as well as the company - need and do that the IT people don't know. Such as priorities. Or future development strategies (Stick to UNIX? Switch to Linux? How fast do we need to migrate? Or does the market force us to do it all on Windows after all?)
The attitude that you display in your post is one of the key reasons why this sort of mess happens irrespective of which side of the "war" applies it. Both the users as well as IT need to understand that they don't know shit about the other side until they set up a constructive dialogue with people on that other side, educating them along the way.
Finally, IT exists to serve the users and the company. It is doesn't bring in any money on its own and payed by the company, So it'd better be willing to at least listen to what the rest of the company has to say.
3 months (Score:3, Insightful)
Anywhere that lets passwords run for 3 months does not really consider security a high priority.
28 days, 8 character minimum and 2 non alpha keys is a minimum. Any weaker than that and the sales dept must be in control of security. If not them some other technical illiterates.
Re: Leave them locked? (Score:2, Insightful)
- Air Travel should be banned until we win the War on Terror
- Hospitals should be closed until antibiotic-resistent diseases are cured
- Credit cards should be blocked until fraud is prevented
Insightful? Pah! (BOFH Archives) [ntk.net]Comment removed (Score:2, Insightful)
Re:how to remember a secure password? (Score:3, Insightful)
It's not hard to get people to remember a password that's still fairly complex.
What you do is you use an acronym. You look around for one of their stupid desk plackards that says some stupid phrase like "You want it done WHEN?!?" or whatever, and you make a password out of that, like 'YwidW?'. I know that's only 6 characters, and there's no numerics, but it's a start - it's relatively secure (compared to, for instance, 'kitty' or 'cowboys', both of which I've seen).
Seriously. Give it a try. Have them find some thing or use some sentance they look at or say often. There's this box of Vodka choclates on my desk at the moment, the description says "Vodka Choclates - Dark choclates filled with Vodka and fruit", and the net weight is (was) 260g. Bam. Password. Vc-dcfwVaf260 That's a secure password. Easy to remember? Nope. Not unless you know where you're looking. Can the end users do it? Most of 'em can.
~Will
Re:how to remember a secure password? (Score:2, Insightful)
Replace my example with any other internal security breaches you can think of, and you will understand why easy password protection is not a good idea for internal protection of company resources.
Re:how to remember a secure password? (Score:1, Insightful)
And any BOFH who doesn't know the difference between "right" and "write" should be fired immediately.
"But I wasn't hired to know the difference between 'right' and 'write!'"
And most employees aren't hired for their ability to memorize passwords.
Need real access to data (Score:2, Insightful)
no unsupported access/mysql/etc databases, but provide no alternative.
As a manufacturing engineer, I must collect megabytes of data on each unit built to do my job.
I can't realistically have technicians manually enter data in some slow Oracle forms java interface without doubling the cost of my parts, thereby guaranteeing that all of our jobs will go to China.
Some things I could do with a scanner and Oracle's mobile applications... if they would enable that
I really need to use Oracle's Open Interfaces. I understand them. I read the manual. I just need access.
But the answer is no. They don't want the headache, and think that forms is good enough for all users.
So what can I do? My leaders are too clueless to understand the problem. They just demand that I collect all the data so they can later magically get 'six-sigma' data from me.
So I enrage IT by creating whatever databases I need to get the job done. Some of them have gotten nervy enough to delete these production databases, knowing full well they are critical, just to prove their point. I back eveything up to multiple network locations hourly, so I only lost a few minutes of production, but that only makes them madder, as data backup is their job, and I'm using up an obscene amount of disc space.
Too damn bad. I know that my customers are 1. Manufacturing Floor 2. Management that needs good data to make decisions 3. Design engineers, who need feedback on their designs to create next generation products. 4. Customers. IT is not in that list. I am their customer, and a damn demanding one, and rightfully so.
Yes, I'm one of those people who uses 80% of their time. I manage hundreds of production PCs running various pieces of test software written in dead languages with obsolete and esoteric hardware and they need to last long enough for me to replace them with something modern. You can't just walk by and take something with a Metrobyte ISA IO card in it and stick a new box with XP there instead, no matter what your upgrade policy is.
Expectations? (Score:1, Insightful)
Bottom line is clamor for the change. It may be A: Mangement issues in the IT group or B: the workers or C: Both and lots of changes need to be made. Be aware that it will take time but make sure the changes are followed thru. It also depends on the influence and ability to change that you have in the company.
There should be no us and them (Score:2, Insightful)
Then I would horizontally organize formal and informal communication channels at each level, where each level is in touch with its counterpart in other domain units. At each level there is a support team to provide the means to standardize and keep an eye on productivity and focus.
Your IT department organisation can be graphically represented as a field of stacks of three checker discs, with a large sheet of paper thru the stacks at each level starting at the bottom, representing the support and communication channels.
The most important thing is that users are full time member of the groups, are directly involved an take their part of responsability in the IT processes.
There should be no us and them. No choosing sides.
And if ever you need a consultant, treat him as one of yours.