Forgot your password?
typodupeerror

What Would You Demand From Your IT Department? 671

Posted by Cliff
from the minimum-level-of-service dept.
ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?
This discussion has been archived. No new comments can be posted.

What Would You Demand From Your IT Department?

Comments Filter:
  • by Olmy's Jart (156233) on Monday March 13, 2006 @09:34PM (#14912594)
    You need to map out your requirements and then formulate them into an SLA, a Service Level Agreement. Then get your management to agree to it and take it to the barganing table. Make it clear that this is what they (the IT department) will be measured and evaluated against. If they can't agree to it, then get them to counterproposal. But, what ever you do, get it in writing in the form of an SLA, with the bosses on board... The particulars about what services and what responses and what responsibilities you want from them are details that go into the SLA. Once you hash out the details, get them locked into that SLA, though...
  • by Conception (212279) on Monday March 13, 2006 @09:38PM (#14912621)
    "Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice."

    I don't know your situation... but maybe more money is needed for people, equipment, etc etc. You can demand all you want, but if you don't pony up the resources... *shrugs* You get what you pay for.
  • No Brainer (Score:5, Insightful)

    by moehoward (668736) on Monday March 13, 2006 @09:45PM (#14912665)
    This is beyond a no-brainer. I actually doubt the authenticity of the story based on how the real world works. Or maybe the poster is really in a 25 person company or something.

    Anyway, here is how it works. Your department has IT needs. These needs are written down. The IT department has guaranteed services it provides. These are written down. Your department takes a budget "hit" to pay for an internal IT department. These are the givens.

    Now, if IT does not provide services you NEED/REQUIRE (like backup, duh), then you go to the whomever is above both departments (COO, VP of division, president...) and you show the mismatch. This is not a complaint, just a reason why you are increasing your budget next year to get the services you need to succeed.

    Of course, you are keeping a log of all incidents that are occurring and a log of down time and a log of costs to you as a result, etc.

    Look, business people are not idiots. The 3 previous paragraphs I write above are beyond no-brainers. Why is this stuff so non-obvious to today's geeks??

  • by mrscott (548097) on Monday March 13, 2006 @09:46PM (#14912674)
    It sounds like your company has other issues beyond an unresponsive IT department. You indicated that IT has been unable to sell necessary changes to senior management. Are you positive that senior management agrees that changes are needed or that they actually understand the seriousness of the problem? You might find that IT feels that their hands have been tied and have nowhere else to go since senior management isn't helping them.

    A group of users making "demands" of the IT department is somewhat inappropriate. Yes, the IT department exists to help users with their work, but their priorities are set by senior management. If you plan to create some kind of IT Steering Committee, I would recommend a few things: (1) Lose the attitude -- all you'll do is put the IT folks on the defensive (and remember, since you're not in their group, you may actually have NO idea what priorities have been laid out for them by senior management); (2) Get the blessing of senior management before you try this; (3) Make sure at least one or two high-level people attend your meetings and buy-in to what you talk about.

    Treat the IT folks like human beings. They may have perfectly good reasons for dismissing what you consider reasonable ideas. Perhaps they're seriously understaffed so that great desktop Linux rollout one of your users is convinced is the right idea just doesn't pay off for them, for example.
  • by Anonymous Coward on Monday March 13, 2006 @09:47PM (#14912680)
    Pet peeves:

    Not enough storage. When 200GB drives are under $150 maybe it's time to stop complaining at the people who dare to keep a meg of on line messages.

    As the masturbation you have not seen how busy a competent IT technician is. It's the ones that people know they can't turn to with problems who have time on their hands.
  • by baggins2002 (654972) on Monday March 13, 2006 @09:49PM (#14912686) Journal
    --No Backup Systems
    --No Storage Space
    These sound like budget issues. Do you think that if the IT staff, just tries really hard or is competent that they can just create File Storage and Backup Systems out of thin air.
  • by javabandit (464204) on Monday March 13, 2006 @09:51PM (#14912700)
    Completely centralized IT should die a paintful death. I'm not sure where this concept of having to centralize all IT functions... but it seems totally idiotic to me.

    If I manage a group of 40 people, I should be able to hire an IT person to service my 40 people. Their salary should come out of my budget. My IT person should have to adhere to corporate architectural guidelines. But this IT person should report to me and be accountable to me.

    Internal corporate IT SLAs are a joke. If an SLA is violated, it turns into nothing but a moronic yelling match complete with finger-pointing, et cetera. Meanwhile... the end-user still suffers.

    Down with centralied IT, I say. Put IT staff inside of each business function. Make them accountable to that business group/function... where it belongs.
  • by Anonymous Coward on Monday March 13, 2006 @09:52PM (#14912704)
    Pet Peeves:

    Users who think the network drives are for their personal music, picture and video collections.
  • by poot_rootbeer (188613) on Monday March 13, 2006 @09:55PM (#14912716)
    Our IT department has been downsized and now it is almost impossible to get assistance

    O RLY?

    Maybe this should have been a wake-up call to the bozos with pointy hair that they actually NEEDED all the headcount that used to be on payroll.
  • by Dukeofshadows (607689) on Monday March 13, 2006 @10:04PM (#14912761) Journal
    As a non-technical person with enough engineering friends to get to this site and have an iota of what might be reasonable to expect from IT professionals, here's my list of expectations:

    -Security of data: obviously no data is *absolutely* secure if the computer is connected to the net, but enough security that I could feasibly work with medical records and HIPPA-privledged information without constantly worrying about crackers. For those of you who don't know what HIPPA is, imagine a very protective law about patient confidentiality that can result in serious jail time if it is violated.

    -Continual access (within reason): If there are natural disasters, power outages, or personal emergencies, then certainly one can't reasonably expect 24-hr access. At almost any other time, however, I'd like to be able to turn a computer on at the workplace and not worry about downtime or have to call someone to fix the system (as my colleagues and I do now).

    -Work ethic: Nothing pisses me off more than lazy people, especially those who try to use technobabble to hide incompetence. If there is work to be done, then I'd like to dial up the local expert/employee and know that the problem will be fixed *quickly* and efficiently. Certainly there will be problems that require more time than others and nothing runs smoothly all the time, but no one should have to brook crap from employees who pad schedules. If there are problems, say so and at least *try* to explain them, don't go into geekspeak/technical language in hopes that I don't understand and give up and let them go back to (insert game here).

    -Keeping me informed of new tech without trying to be a salesman: Not every new upgrade is worth getting and keeping up with the Joneses can be prohibitively expensive. Sure, new tech is very cool and I'd like a wireless device to use around my office to tie labs/patient data together, but that doesn't mean it's worth constantly annoying the boss for tech upgrades

    -Honesty: Don't overcharge me or bend/stretch/break the truth with me. Medical professionals *seem* to be a prime target for fleecing among computer folks and I've heard horror stories about people paying several times market rate for upgrade and basic tech services. If you work for me, please be honest about all systems or equipment. If I've made a poor decision and there's new data, say so. If there's a better program/hardware setup out there and I'm not familiar with it or am being blindsided by the saleswoman, make mention of it. I don't have the time or patience to micromanage, if your job is technical material than I rely on your expertise and expect to be able to trust you and your decisions.

    That shouldn't be too much to ask and is what I will expect of any technical employees I'd hire once I graduate and get a practice up and running a few years from now.
  • by Ykant (318168) on Monday March 13, 2006 @10:05PM (#14912765)
    The day centralized IT goes away is the day the departmental pissing matches come back full force, with the "computer guys" stuck in the middle again. Leave IT management to those best suited to it - good managers with skills in the field. You want one person assigned to your department? Fine - but let their boss, the one who sees the overall scheme, handle it. Your way would have 22 different guys working all on top of each other, vying for redundant resources.
  • by DogDude (805747) on Monday March 13, 2006 @10:06PM (#14912779) Homepage
    Your company may be totally average if those things happened to you. Pensions? Bonuses? Health Insurance? I think you're living in the 1980's. What you're describing is completely normal these days. I don't think that it is indicative of anything at all, actually.
  • by shaitand (626655) on Monday March 13, 2006 @10:08PM (#14912790) Journal
    "you have not seen how busy a competent IT technician is"

    A competent IT technician has just enough time on his hands to learn new technology and retain sanity. A competent IT technician does not give users access to anything that could cause unpredictable consequences and makes sure that the systems they do have access to don't have problems in the first place.

    An IT guy who is constantly running from place to place is the result of one (or more) of three things.

    1. An understaffed department. Your IT guy is not working the floor in a retail outlet, if he's on his feet or crawled under a desk most of the day you need more IT guys.

    2. An imcompetent IT guy (or IT decision maker causing IT guys to perform IT tasks incompetently). When IT is done properly there are not fires everywhere to put out.

    3. Incompetent users. Incompetent users are the types who keep the IT guys busy fixing phantom problems, doing user training, or bug them with water cooler talk that fails to recognize that IT guys don't like people or talk. Your IT guy does not care to tell you about the cell phone or digital camera on the market.
  • Attit00d... (Score:3, Insightful)

    by HermanAB (661181) on Monday March 13, 2006 @10:11PM (#14912801)
    First, I think you have to read a little booklet by Dale Carnegie: "How to make friends and influence people".

    Making demands and staging revolts is only going to get *you* fired. It won't resolve any of the technical problems.
  • by TrappedByMyself (861094) on Monday March 13, 2006 @10:14PM (#14912811)
    It's simple. Lazy people are in charge. The whole committee/suggestion bullshit will do nothing, because in the end lazy people will still be in charge. One thing I've found is that no amount of processes will make up for someone who doesn't want to work.

    Gather your allies and information. Details about what is wrong, why it's bad for the company, and how to fix it. Demand an audience with whoever is the highest person in the company you can meet with, and lay it all out. To be brutally honest, someone needs to be fired over this. Make this suggestion. Don't necessarily pick who, but make it clear that the people running IT aren't getting the job done. People outside the IT department shouldn't have to draft the job requirements of the IT department. If they know what they're doing, they'll know what to do.

    If you can't get upper management to take action, then either suck it up and deal with it, or leave.
  • by GJSchaller (198865) on Monday March 13, 2006 @10:18PM (#14912824) Homepage
    ...is to determine WHY the IT Team is having issues. It may not be the rank-and-file techies that support you, or even the Sys Amdins that handle the network, but something else higher up in the food chain, or even external to IT (i.e. - budget) that is causing the issue.

    It is far more useful to have an ally in any person or group, than to make an enemy of them.

    We had an issue at a past job where we got a new manager who happened to work from a remote site. He laid down mandates that were ludicrous in nature, including to stop stocking extra hardware. Mouse broke? Put in a P.O. for a new one, get it approved, order it, and wait for it to come in. User can't work? Too bad, not enough money in the new budget to have all that extra stuff we don't actively use, and wasted storage space. The kicker is that he also blocked complaints about this pratice, from both within IT and from the users, from getting above his level. It took an end-run around him from frustrated users and IT staff to get a VP to notice. (Why did he do this? Our guess was to save an assload of cash, look good, then pass the problems on to his sucessor when he got promoted.)

    Before you say "The IT Team is not serving our needs," make an effort to find out why there is an issue. Ask one of the techs what's up. I'm sure you would not want someone saying your entire department (including you) was performing unsatisfactorily due to reasons you have no control over.
  • by raftpeople (844215) on Monday March 13, 2006 @10:21PM (#14912842)
    I agree SLA's are worthless, for a variety of reasons.

    However, I disagree that centralized IT should die. I have spent much time in my professional career undoing the nightmare of islands of systems where information is stored in multiple places (and only one is current), the same data value is stored differently (different customer numbers, item numbers, etc.). Attempting to reconcile differences in procedures, bring info together after the fact, etc. etc. is time consuming and error prone.

    I can see having dedicated resources as long as the enterprise architecture is coordinated and reasonably centralized.
  • by GuyverDH (232921) on Monday March 13, 2006 @10:25PM (#14912859)
    - Security: How much of that data gets into hard copy that end-users leave lying around their cubicles, or is displayed on screen when users get up and walk away from their desks without *locking* their systems. How many people *share* userids and passwords so that they can login as each other *just in case* they forget their own passwords, or someone else can do their work for them.
    Security is a two edged sword... To increase security - you the end user get the following. All traffic is encrypted. All fields that display sensitive information are invisible, unless you move the mouse pointer over it, and click (hold the click to see the info). All screen savers are locked on blank screen (no user customizable fancy dancy screen savers) - and set at 1 Minute, maximum - no user ability to change / reset this. All user systems have USB disabled, no cdrom drive, no floppy drive. All passwords must be a minimum of 8 characters long, have at least 2 numerics, 2 symbols, 2 capital letters and 2 lower case letters. Zero repeat characters, and no character can be used in the same position more than once in 16 months. Passwords must be reset every 28 days - no exceptions. All users must pass basic computer literacy / ability tests. You fail the test, you're fired. Internet access is restricted to Intranet and *approved* work related internet sites. Usage is monitored, and reviewed by supervisors monthly. Users must face the entrance to their work environment, with their monitors facing away from the entrance. Spot checks will be done to see if anyone has passwords written down, if they do - they're shit-canned. Anyone caught sharing / using someone else's password is fired - no questions asked. Supervisors caught logged in as one of their employees are also shit-canned. Supervisors have the ability to review their people's work, without logging in as the user.
    - Continual access - Users get as much access as the business areas are willing to provide. IE - Continuous access costs money. Get the IT areas the money, they will get you the access. Clustered servers with snap-shot capable databases / filesystems are not cheap. Nor are the test servers needed to allow for full regression testing of each patch / update for every system in the office. All of these things must be provided for to get you your *full time access*.
    - Work Ethic - Nothing *PISSES* me off more than lazy end users who say "can't you just?" or
    "quick question" - especially when I've already answered the question 15 times previously. Nothing is ever as *simple* as you think it is. With today's systems that are interconnected at levels previously not even dreamed of - taking that simple table offline so you can *refresh* the data, causes 13 other business areas to sit idle until that data is made available again.
    - Keeping you informed - While not every new technology is great, there are sooo many new technologies that *could* make your life easier, if only you could get over this *fear of change* you seem to have. Change is good - without it, we'd all be dead.
    -Honesty: I've never stretched the truth, nor have I overcharged. However, the reverse is also true - don't ask questions like - "Honestly now, isn't it *physically* possible to do x/y/z?" Even when it's physically possible to do something you want, doesn't mean it's the right / correct / intelligent thing to do. Since it's our job to be technical, and *know* these things, let us do our jobs - without butting in with your inane prattling.
    Remember - as a computer analyst, we are expected to be right 100% of the time, and aren't allowed to *experiment*. As a doctor, you are expected to be right 100% of the time - however, with computers if the *patient* dies - nothing but information is lost.
  • by winkydink (650484) * <sv.dude@gmail.com> on Monday March 13, 2006 @10:39PM (#14912923) Homepage Journal
    Unfortunately, 100:2.5 isn't seen as a terrible ratio of users:support by most executives. If you are truly overburdened (and I'm sure you are), then you need to make your case in terms the CEO can understand. Dollars. First, show that your team is 100% utilized (or very close thereto). Then lay out what the investment of another staffer would return. Remember, that you need to look at burdened cost for the new person, which is at least 1.5x annual salary. If you can show a plan that would return significantly over that (think 4-5x in 12 mos), then the CEO would be a fool not to make the investment. Who wouldn't spend $150 to make $400-500? Try to make your case with hard costs, i.e., things that flow to the bottom line, not hard to measure soft costs, like "improved efficiency".

    Good luck!
  • by Persol (719185) on Monday March 13, 2006 @10:46PM (#14912953) Homepage
    Your company sounds to be going in the same direction as my own employeer went ~5 years ago. 'Corporate oversite' is not a very good solution.

    Basically what happened with us... we had an under funded IT department of 6 people for several thousand in the company. Backups and the like were uncommon. A quartely meeting was conviened where all the regional (basically different areas of engineering) managers would meet with IT and decide what IT's priorities would be and decide what resources would be allocated.

    Immediate results:
    IT got better funding. More staff for watching servers.
    Bloat. After the original problems where fixed, the quartely meeting became a wish list. The IT department gained more and more control of individual users.

    Now, this may not be a big issue in your company. In mine, 80%+ of the employees are engineers who travel a lot. We need control of their own computers. From IT's perspective, it was cheaper to lock down everyones computer rather than the few bad actors.

    From a company performance standpoint, this caused issues with clients. When you end up in some random office at a client's building and need to print a new document you can't install drivers. We couldn't install test equipment software without 'dialing home' so IT can VPN in. We couldn't cleanup our own registry when an install/uninstall goes bad without dialing in again. Overall, if cost us time and lost us clients.

    Currently the control is now swinging back from IT to the users. If you work for a technology company I STRONGLY suggest that you spell out IT's responsibilities AND IT's limits. My vague suggestions follow.

    Responsibilities:
    1) e-mail
    2) webroot servers
    3) local network servers
    4) inter-office network (if you have one)
    5) Helpdesk functions.

    'Limits': (you probably want to call this requirements)
    1) employees in group 'X' must have admin access over their machines, subject to periodic software audits
    2) office managers remain responsible for telephones and other items not directly computer related (IT should not control PA/lights/etc)
    3) office managers (or equivalent) dictate (and pay for) equipment to be purchased
    4) Managers dicate/pay for software to be installed. IT is still responsible for company licenses.
    5) An individual in each office must have admin rights for people not in group 'X'. This employee need not be (and need not be) IT related.

    95% of user IT issues can be handled easily (and often more quickly) within a group of technically competent people. The IT department should provide support for the other 5% (which includes maintaining servers and the like).
  • by Madmongo (947123) on Monday March 13, 2006 @10:58PM (#14913003)
    lets pull this little ditty to bits...
    "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year.
    Hmmm...well lets get to that 'incompetence' thing a little later.
    But as for "ignoring knowledgeable user input for about a year"...lemme see, you've been harping on about something for a year to the IT department?
    Well, what is "knowledgeable user input" anyway? "At my old company we used to..." or "my friend who is an IT genius says..."
    Seriously, if you have a suggestion, detail it and submit it to the IT manager and cc it to your manager.
    Berating some poor schmuck when he comes to help you format a word doc is not an effective change management strategy!

    Additionally, they haven't been able to sell needed changes to senior management.
    LMAO...but somehow you and your band of IT-vigilantes is going to change the world? Good luck!
    So IT ARE going to management with suggestions, but are getting knocked back?
    So somehow you equate managements lack of willingness to resource your IT department to be a failure of the IT guys lack of bargaining skills...not a boneheaded lack of foresight on behalf of your management team?
    Wow...tough crowd...

    Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice.
    GOOD! Now "those on top" need to find the money they should spent on protecting their investment in the first place.
    You do realise that IT guys dont just down servers for no reason, dont you? You probably do...or you think they do it on purpose just to piss you off.
    And while you're sitting around moaning about how long it's taking for you to be able to get back onto /. because of server downtime, they're running around like headless chooks trying to patch up an obviously ailing (underfunded?) system.
    From your comments so far, I'm assuming you are not one of the "knowledgeable user's" you mentioned before.

    We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions.
    Yeah, you go girl!
    Nice of you to harass IT some more. After all they have nothing better to do than sit in on your moanapolooza.
    Why not form your little revolt and march on the guys that will have to OK and pay for your demands...oh wait, lemme guess...'cause if you did you'd get your ass fired!
    Face it, you dont want a solution or you would go to the people who can effect change. You want to vent. Well, you have...does that feel better?

    What would you put in our charter? What services and responsibilities would you demand out of your IT department?
    Well, first up...I'd want suitably qualified and trained professionals in charge of the decision making process.
    And as your "knowledgeable user's" are neither...I'd demand that they get trained or STFU.
    Then I'd demand that the reasons for management knocking back IT requests be made public.
    Im hoping the moment management have to front staff and explain why there will be "no increase in storage" or "no funds for disaster recovery" will be one of those life changing events for you...when you realise IT budgets have to be approved or people (like you) wont get what they want, so that you then take the fight to those with the money and leave your nerds to get on with keeping your sad little network up and running.

    If you really want to help your IT department effect a postive change, quit harrasing them and take your fight to the people at the top who are ultimately responsible.
    Find the guys that sign's off on the IT budget and ask them why server space hasn't increased to meet demand.
    Because the answer is either your IT department is siphoning off $$$ to day-trade with, or there was nothing budgeted to allow for it.
  • While it's definitely nice to have a dedicated IT person for a small group of people is that person going to be responsible for ALL of your IT needs or just the desktops and group-specific programs?

    Remember that IT means running the file and printer servers, the email, the HR and accounting systems, your web site, your internet connection, your firewall, etc. etc. etc. Don't forget purchasing and provisioning all new desktops and servers. Throw in backups and 24/7/365 coverage and that person will burn out pretty quickly. (Also what do you do when they're on vacation?)

    I suppose there has to be some happy medium between everything being handed down from on high and every small group going their own way. What's really needed is a good support group that is responsible for set groups of desktops, an IT consultancy hit-squad that can come in and launch projects, application owners, and the infrastructure maintenance people. Beats me how many people that works out to be.
  • by badriram (699489) on Monday March 13, 2006 @11:02PM (#14913018)
    Was their BUDGET cut years ago, and never brought back up.

    A lot of people I know tend to blame IT staff for lack of space, lack of bandwidth etc. when problem was that IT dept could not afford to purchase equipment to upgrade a service, and they just tend to use all the budget to maintain status quo. Trust me all IT folks out there LOVE to push out new technology, increase storage, better networks, and reduce helpdesk calls. But a lack of staffing and money can put a damper in the best of IT staff in the world.
  • by Robber Baron (112304) on Monday March 13, 2006 @11:17PM (#14913086) Homepage
    3. Incompetent users. Incompetent users are the types who keep the IT guys busy fixing phantom problems, doing user training, or bug them with water cooler talk that fails to recognize that IT guys don't like people or talk. Your IT guy does not care to tell you about the cell phone or digital camera on the market.

    Horseshit! IT support IS about users and you'd better learn how to talk to them if you want to keep working in IT. RTFM as a response to stupid user questions will eventually get you your walking papers.
  • Re:No Brainer (Score:2, Insightful)

    by linuxrocks123 (905424) on Monday March 13, 2006 @11:21PM (#14913099) Homepage Journal
    He could do that...

    Or he could start searching for a new job so that he doesn't have to work in the negative and inefficient work environment you describe.
  • by wease21 (647997) on Monday March 13, 2006 @11:32PM (#14913145)
    As someone that also works in hospital IT: I'd be more than happy to secure your systems to the standards HIPAA sets, however with you bitching at me every 5 minutes that 3 username/password combos are too hard to learn and that you don't "need" a computer to work in patient care so you don't have to learn to use it, I seem to have my hands full at the moment.
  • Re:No Brainer (Score:3, Insightful)

    by darnok (650458) on Monday March 13, 2006 @11:55PM (#14913267)
    Actually, the solution is a whole lot simpler - change companies.

    If your work environment is such that you need to find "dirt" on people to get your work done, then nothing good's going to come from working there. Think in terms of "What will my resume look like?", "Who here is going to give me a reference for another job?", ..., then think again about why you're staying there.

    If your IT dept relies on catastrophic failure in order to get funds necessary to do its job, then you really need to move on and find somewhere where that isn't tolerated.
  • by misleb (129952) on Monday March 13, 2006 @11:55PM (#14913269)
    Not enough storage. When 200GB drives are under $150 maybe it's time to stop complaining at the people who dare to keep a meg of on line messages.

    A meg? Ha! Try a gig. I've seen users routinely go well over 1 gigabyte of mail because they just can't help leaving those MS IdonthavemeaningfulcontentbutidohaveneateffectsPoi nt presentations or that funny karate cat video in their Sent Items/Inbox. With 500 employees, that stuff adds up real fast.

    This is a pet peeve you need to get over. First of all, those cheap 200GB drives are shit compared to what real data center storage should be built on. Sure, you *could* line up 20 of them in a hyper redutant mega RAID or something, but something's gonna blow. The controller, that cheap ass motherboard you put in your storage server. It is low end stuff, for the most part. And that amounts to big headaches in the long run.

    Second, how do you back all that up? Good tape libraries are not cheap and managing terrabytes of backup amounts to even more headaches. The more data you have, the more time it takes to get full backups.

    -matthew

  • by LordLucless (582312) on Tuesday March 14, 2006 @12:00AM (#14913296)
    No, the password criteria given above SUCK. 8 characters, 2 lower, 2 upper, 2 numeric, 2 symbol. There's too much information given away in the security policy about the composition of the password. Whereas a normal 8-character password would have around 90 possibilities for each letter, in this case, each character would have a maximum of around 26 possibilities - even less for some because numerics only have 10 possibilities. You really cut your password space down with overly-restrictive policies.

    Of course, hard-to-crack passwords only matter in cases where it would be feasible for someone to try and brute-force the system without being detected and locked out. That's generally only possible against targets like encrypted files, not live system logins.

    The only thing that is going to let people in to live targets via the normal user login (ie: Not through a bug/hole/exploit) is either easy-to-guess passwords (like spouse name, dog name, birthdate, etc - dictionary words are not necessarily easy to guess unless there would be some reason an attacker would be likely to guess the word) or through the user disclosing their password in some manner.

    Of the two, user disclosure is more likely. Even with an easy-to-guess password, it's unlikely even a knowledgable attacker would be able to guess it in few enough tries not to set off any lockouts the system may have. In any case, you don't need to go to such a draconian level to prevent easy-to-guess passwords. Require two non-alphabetic characters in non-adjacent positions in the password, and you're pretty much safe.

    The most likely route for password compromise is user disclosure, and there is no technical way to protect against that except for relying on additional, non-password security measures (keycards, biometrics, etc). You could try educating your users, but like that's going to work.
  • by Knara (9377) on Tuesday March 14, 2006 @12:03AM (#14913306)
    Most organizations don't need that level of uptime.

    They might THINK they need that level of uptime, but that falls under "user education".

    Something I have very little patience for lately, unfortunately.

    (yes, I do desktop support, why do you ask?)
  • Revolt is also known as "strike" in labour circles. I know businesses and government departments that have been shut down for less that what the post described.

    If your customers are not happy with your service, then I suggest it is more than them being arrogant. Unhappy customers tend to find other ways to get things they want, in spite of your dictatorship. Deal with it.

  • by jbolden (176878) on Tuesday March 14, 2006 @12:11AM (#14913350) Homepage
    I agree. Once you get people to convert downtime into a cost then it becomes real easy to figure out how much redundancy they really need. Its like security. Good security costs 400% more (including staffing) than low security. Most people want low or so-so security. :)
  • by Knara (9377) on Tuesday March 14, 2006 @12:26AM (#14913412)
    Metrics are the bane of a competent IT department, they really are. Using trouble tickets *can* be helpful for, oh I dunno, tracking problems. Unfortunately, sometimes (and more often than not) an unnamed, mysterious figure(s) get ahold of the system (or, god forbid, select it), and think they can figure out how good the department is doing based on the (horribly flawed) stats it poops out. So, as a result, the IT staff spends more time making sure their tickets meet some (almost routinely) arbitrary and pointless SLA stats and trying to keep their "numbers" satisfactory in the view of aforementioned overseers, instead of doing the things an IT staff should be doing, namely fixing problems, maintaining systems, and improving infrastructure.
  • by DA-MAN (17442) on Tuesday March 14, 2006 @12:29AM (#14913425) Homepage
    I like anyone to show me a 200gb SCSI drive for any price. The only SCSI drives I have seen recently jumped right from 146GB to 300GB flavors.

    I bought 20 of these 300gb scsi monsters. At 1500 bucks a pop!

    They wanted to upgrade an aging 20 node Single Athlon MP Cluster. I told em it'd be cheaper to buy new hardware than to upgrade them to 2 cpu's, quadruple the ram and add 300gb scsi hard drives.

    Originally = 1xAthlon MP 1800, 1 Gig Ram, 1x76gig HD
    Upgraded = 2xAthlon MP 2800, 4 Gig Ram, 1x300gig HD & 1x76gig HD

    They didn't believe me. . .

    When these old, out of warranty machines, started having all failures (mobo/power supply) it was my fault! Try as I could, I couldn't get replacement parts. The legacy parts, ATXGES (Non-Standard) power supply and discontinued mobo were nowhere to be found. . .

    The guy who posted this "ask slashdot" probably knows more about his local IT department than I do. All I can say is that I got a reputation very similar to the posters IT dept. Incapable of keeping servers up, yadda yadda yadda, even though I had made it clear that this was NOT the way to go. Just because IT is in charge of it, doesn't mean they created the mess. . .
  • by dbIII (701233) on Tuesday March 14, 2006 @12:34AM (#14913447)
    Chances are he'll find time to help you out.
    However the big problem is every minute you are asking for advice on:

    a home computer

    DVD player

    crap program riddled with spyware that is supposed to be good

    any sort of technical thing entirely unrelated to work

    discussing cool movies or whatever

    is another minute that has to be spent doing things that are work related after the person asking the questions has gone home.

    During quiet periods it doesn't matter - but some guy coming into the server room to interupt a frantic operation to get a replacement server up ASAP and asking about the video card on his home computer is more the rule than the exception. Be unapproachable and you can't do the job. Be approachable enough to do the job and people expect you to fix their personal things.

    At least slashdot can be excused as keeping track of current tech trends and not purely relaxation.

  • by ktakki (64573) on Tuesday March 14, 2006 @12:34AM (#14913450) Homepage Journal
    gotten a new CEO soon to loot your company and run (I experienced this... once I experienced a half million loss in options and 401K it was hard to like what my company had become when the CEO walked away with $500M)

    Okay, maybe it's just me, but if I took a $500K loss and some motherfucker walked off with $500M, I'd be at his front door conducting a frank exchange of views with him while holding an AK-47 to his crotch. And if he agreed to make good my losses, he'd get his wife and kids back unharmed.

    Motherfucking CEOs get away with this shit because the middle class lacks balls. Eighty years ago, if you were an assembly line worker at Ford or GM, you'd be sitting down in the factory, rioting, or throwing Molotov cocktails at the Pinkerton thugs that management hired to bust skulls.

    But the middle class doesn't riot. The middle class has no stomach for violence. Every so often, the sons of the middle class might smash the windows of a Starbucks in the name of anti-globalization, but that's more teen angst than protest.

    Ann "Visible Adam's Apple" Coulter once said that someone should shoot liberals so that they should know that they're vulnerable (this was right after 9/11, when she was really off the hook). I think the same should apply to CEOs who loot their companies and walk off with multi-million dollar "golden handjobs". Make them spend some of their "hard earned" millions on a security perimeter worthy of the Secret Service.

    k.
  • Re:No Brainer (Score:3, Insightful)

    by jbolden (176878) on Tuesday March 14, 2006 @12:35AM (#14913451) Homepage
    Think about who goes into academic administration. Generally people who hate business, I mean after all they could be doing the same work for 30-50% more money somewhere else. "Business like processes" aren't popular. OTOH things that don't work very well are accepted.

    In other words you have a tech job in a socialist economy. You get the good and the bad of it. Enjoy the good, you'll miss it more than you think when you leave.
  • by Metzli (184903) on Tuesday March 14, 2006 @01:00AM (#14913548)
    HA clusters, redundant systems, etc. all still need maintenance. There are still patches that need to be applied, think VCS or VVM upgrades, that affect the entire cluster. Shoot, these HA devices need to be connected to shared storage. Sometimes things happen and the storage needs maintenance too. All computer equipment, even the vaunted NSKs and Tandems, need maintenance windows. It's just an art to make sure that the downtime is minimal and the business keeps running. That's why they pay us.
  • by Mateito (746185) on Tuesday March 14, 2006 @01:07AM (#14913566) Homepage
    Thats because they are auditors and don't have a clue about security. Security is 95% psychology, and 5% technology.

    A user password policy that is too restrictive means users will never remember them, and end up doing things like writing them on post-it notes and sticking them on the monitor.

    A better solution is have easy-to-remember passwords (though not trivial passwords such as "password", the login name or "1234567890") and put in a 3-strikes-you-are-out rule and a hierachical user access policy - "need to know". Remember - 80% of attacks come from within. Don't trust your users.

    Naturally, the root/Admin passwords for servers containing critical business data and de-encryption keys are long, complicated, regularly changed then written down and placed in an envelope in the corporate fireproof safe, along with the weekly backup tapes.
  • by Allnighterking (74212) on Tuesday March 14, 2006 @02:21AM (#14913805) Homepage
    First off. No they aren't idiots. Take the one line
    Additionally, they haven't been able to sell needed changes to senior management.
    Has it ever occured to you that the fact that things are working at all is a testiment to how hard the IT people are working. Do you have any idea how many systems they have in the data center that reached their predicted EOL 3 or 4 years ago, and the front office refuses to allow them to replace the system when the HDD fails because it looks better on the bottom line to spend 75 bucks on a cheap 40G drive instead of the 300G needed for expansion. Do you know how many times they've been forced to configure some dumb piece of crap software because end users had to have it to prove their manhood. Or even more importantly they had to have it because they are too dang lazy to move to a more secure product.
    No it's easier as an end user to just sit back, and play both ends (Management and IT) against the middle. Perhaps just for once you and other end users could try working with us instead of against us. Just once try and understand that the easier we make your life the easier it makes ours and vice versa, meaning I'm not suggesting the change to bother you, I'm doing it to protect you.
    My fear is that in your company, end users and management deserve each other. One group to bent on the right now bottom line. The other group bent on using IT as an excuse for not being able to meet unreasonable demands made by the same management that can't see past todays ink.
    The first step in any situation like this is to ask yourself the question. What am I doing wrong. Stop trying to fix others problems before you bother to fix your own.
  • by mdfst13 (664665) on Tuesday March 14, 2006 @02:27AM (#14913826)
    I think that you're missing the point of the question.

    "Your department has IT needs. These needs are written down."

    The poster's question was (essentially) "What are some needs that we might write down?" The poster is looking for suggestions as to

    1. Phrasing of needs, e.g. instead of saying "keep servers up most of the time" write down: servers have less than 1% unscheduled downtime and scheduled downtime is limited to Sunday nights from 1 AM to 6 AM.

    2. Identifying needs, e.g. 90% of user requests should receive a response within two business days and 100% within seven business days. A response is defined as one of a solution, a request for more information, or a denial of the request (w/ explanation). What other needs have slashdot readers noticed? Sure, some of these will be inapplicable to the poster's situation. However, some things we could suggest might be applicable but not obvious.

    3. Realism of needs, e.g. are 99% uptime and 90% response rate within two days realistic? Is it required?

    4. Requirements of needs, e.g. is seven business days too lax? Does a requirement that lax cause operational issues? Should it be tighter?

    You're right, writing down needs is a no brainer. Note that the original post said that that was what they were trying to do. To define the requirements on which they wanted upper management to sign off. The request is for help *generating* that list.

    It's important to get the right list of needs the first time, because it will be hard to get management to change them upwards (which requires more budget). Once the list is settled, it will be much easier to get budget for that list than it will be to change the list. Getting the list right the first time will be hard, as obviously they don't have an existing list from which to work. In fact, they may not be measuring things like uptime and response rates.

    It's also important to be realistic. For example, if the list says 100% uptime, it's going to quickly be obvious that that is impossible. The net result is that management will get to pick an uptime. Otoh, if you pick an uptime of 99%, that at least seems reasonable. If the actual uptime is 98%, then you can demand more resources to push up the uptime.
  • by WillyPete (940630) on Tuesday March 14, 2006 @02:39AM (#14913874)
    May the machine gods be merciful.

    As a lower-middle-level IT guy, I have heard this type of BS before. I have been accused of incompetence by half the managers in my freaking company. The other half think I'm a saint. Lots of luck on your commitee. That really is the best way to come up with new ideas. Or at least blow a week without working.

    All IT department are ultimately bottle-necked by the willingness of management to commit to ever-increasing levels of service.

    That's fancy talk for "They're a bunch of tightwads."

    I can't imagine a bonafide "incompentent" IT department. It's pretty hard to fake technical knowledge for long (between technicians), and we constantly test each other for dominance in our work groups, whether we see it as such or not.

    More like, the described IT department is understaffed and/or underfunded. That, or the mangement refuses to upgrade from ancient, widely varying production systems on the grounds of costs or other "difficulty". I once supported 5 completely different production systems, and a host of secondary systems, running on different hardware and software, spread across 13 locations all over SoCal. I did it alone for 1.5 years. There were entire weeks when I couldn't have described what I did to keep things working after the fact, because I was totally and completely fried. Not conducive to producing orginal or innovative ideas, especially when they had no audience.

    Thank goodness we finally converted to a nice centralized system, added staff, and got things relatively stable. Now when people complain, I tell them the story above. Our system is FAR from perfect, but it's better than it was, and apparently that's the best I can expect from my crap company. Without a truly serious commitment to improved software, the system we've built will ultimately rot. Development is key, and if your oganization doesn't have developers working on your system EVERY DAY, whether they are in-house or out, then your system is rotting as we speak.

    Which of course is all very compelling to management, until to lay out the costs involved in constant development.

    For the management: You get what you pay for.

    For the IT guys: A good boss could be worth your sanity. Know any?
  • by penix1 (722987) on Tuesday March 14, 2006 @04:28AM (#14914189) Homepage
    "When the Nachi/Welshia worm got on our network we had to disable that rule. It tried account passwords so rapidly; every account that had a strong password and it couldn't get into, would get locked every 30 minutes. We couldn't unlock them fast enough."

    You just illustrated what the users have been complaining about. Instead of cleaning your systems of the worm you are running around unlocking accounts. Leave them locked until you get the flipping worm off your systems THEN unlock those accounts. It isn't rocket science folks...

    B.
  • by obtuse (79208) on Tuesday March 14, 2006 @04:38AM (#14914216) Journal
    You're getting your head handed to you here and it may seem unfair, but by asking the question the way you did you demonstrate that you have no clue about actual IT responsibilities. Thus, it's impossible to take your idea of "knowledgable user input" serioulsly, much less your diagnosis of IT incompetence. Your IT department may be incompetent, but you have demonstrated that you are in no position to judge at present.

    The answer to your question? SLA or Service Level Agreement.

    It is reasonable to ask management what you should expect from IT. Find out what the SLA is or help create one. This will be a lot of work. You will encounter resistance, for no more sinister reason than that is hard. Just make sure this SLA takes into account senior management's requirements of IT as well. Perhaps IT incompetence isn't the reason management isn't providing the needed upgrades. An SLA provides some metric for performance. If the SLA is unsatisfactory, that is a matter to be taken up after performance against it is measured, but what amounts to a formal job description is a reasonable starting point.

    There's good literature on all of this, and it's easy to find if you are interested in improving IT in your organization, and not just playing Napoleon. If you'd rather just whine and make everything worse, ignore everyone here and stage your little petty revolt. It will be easier, but if management has a clue at all, this will be a career limiting move for you. Cynically, either way, the SLA is the starting point.

    I don't deny that IT can be incompetent, but it is rare in my experience. It occured to me that you were a troll, posting here. Regardless, there are others who really think IT is incompent because of their own ignorance, who would benefit from gaining a little insight into what IT is about.

    If I worked with you, I probably would tell you this in person, and tell you who might have more insight into the actual priorites set for IT. I've had plenty of similar conversations with people over the years. It's just another part of the usual perception problem for IT.
  • by Richard Kirk (535523) on Tuesday March 14, 2006 @05:17AM (#14914311)
    I believe the fact that no letter mapped onto itself was known long before Alan Turing came on the scene. In fact, all sorts of things that happened at beltchley are commonly attributed to him, which is an intriguing demonstration of how fame works. His major controbution to the code-cracking effort was to devise a decibel-like probablity weighting system that estimated the likelyhood of occurrence of certain words depending on the current news or anticipated news, the current type of message, the writer's style, and so on.

    The basic facts are still accurate. Anyone who had rigid patterns in the way they worked could have their code content guessed. There was an airstrip in the alps that used to send a weather report every day that was word for word the same - "Weather fine, skies clear, visibility good" etc. Bletchley knew from the number of letters in the message that it was the same today as yesterday.

    There is another important moral here. The fact that no letter mapped onto itself - a weak property but exploitable if you have enough text - arose because some engineer reckoned if you sent the electrical signal back through the rotors again, then it would be like having twice as many rotors. if didn't - it made the code weaker. You can make everyone have long passwords with random characters, but there is little benefit in this unless you are sure all your ports are protected, and your computer does not have any of the standard service or administration accounts still enabled. If the password is really the limiting security weakness, then maybe it is time to go to something more advanced, like a USB dongle to prove you are who you say you are.

    Yep, there are ways around that, too. But every little helps...

  • Their side (Score:2, Insightful)

    by bjoeg (629707) on Tuesday March 14, 2006 @05:36AM (#14914371)
    Have you tried being in your IT Department? - You might say they have neglected to sell projects to senior management, but are you sure it is not a money issue? - How big is your IT department? - How skilled is the IT department, again how much money is set aside for education? - How is work in the IT department organized. Myself we are a staff of 3 and 2 part time students for support (for 200 users + guest groups of various sizes), and even our "clients" are complaining that they need to file a helpdesk report rather than we just take notes over the phone. etc. etc.
  • by Anonymous Coward on Tuesday March 14, 2006 @05:49AM (#14914404)
    Fuckin ay.

    Now THIS is why you need to be able to mod a comment higher than 5.
  • by peteforsyth (730130) on Tuesday March 14, 2006 @06:34AM (#14914510) Homepage Journal
    At all three companies where I've been an IT worker, there has been a common problem: managers who are generally good managers - good people skills, organizational skills, ability to look at the big picture - but who advertise their "technical ignorance" to anyone who will listen. They let the IT department and all other departments know that they will defer to the IT department on technical matters.

    So, you end up with technical decisions that serve the people who deal with technology, as opposed to serving the users who are doing the main work of the company, or serving the company's goals as a whole.

    I'm not sure what causes effective managers to decide to take a different approach to technical issues than they do with others, but I'm convinced that's the root cause of the sort of problem described by the poster.

    I believe top management - and department managers, following their lead - should be pressing IT managers to break down technical issues to the point where they can make effective decisions. When the IT manager says "it will take 3 months to set up a new mail server" and the sales manager throws her hands in the air, their boss should sit down with the IT manager and make them explain what the factors are that will make it take that long. And if it's too technical and they don't understand, they should SAY so, and make the IT manager explain it again. Until they understand. Then, they should say things like "what would it take to do it in 1 month?" and by that time, they should be informed enough to reject bullshit answers like "we need another $75k employee."

    "technical ignorance" is not an excuse, when you have people on staff who are capable of educating you. And IT workers who perpetuate the myth that it's "beyond a non-technical user's understanding" merely for their own convenience should be...fired.

    If your management doesn't see things this way, there's probably not much you can do about the problem.
  • by mce (509) on Tuesday March 14, 2006 @06:37AM (#14914520) Homepage Journal
    I'm one of those "knowledgeable users that has never been a sysadmin (except at home)" that you show so much disdain for. So I guess I'm entitled to respond.

    16 years ago, we faced exactly the same situation as the person asking the question (same sixe of company, even). Then 15 years ago, "We the Users" staged a revolt (actually I did) and started a working group exactly as he describes to sort stuff out. Things were painful in the beginning, but once everybody understood what it was all about, improvement set in. We've been meeting on a monthly basis ever since. Today, I'm the chairman of that working group and the IT people are very unhappy that I have decided to leave the company. Some of them even hinted that I'd be welcomed to become head of IT in case I were to change my mind about leaving. Yet, I still don't know the nitty gritty details of a lot of stuff they do (and they know it), but I do have significant "power" because they trust me to do the right thing when I know what I'm doing and to keep my fingers off it when I don't.

    The key thing is that there is also a lot of stuff that I - being the "ignorant user with some knowledge" that I am - know about what my fellow users - as well as the company - need and do that the IT people don't know. Such as priorities. Or future development strategies (Stick to UNIX? Switch to Linux? How fast do we need to migrate? Or does the market force us to do it all on Windows after all?)

    The attitude that you display in your post is one of the key reasons why this sort of mess happens irrespective of which side of the "war" applies it. Both the users as well as IT need to understand that they don't know shit about the other side until they set up a constructive dialogue with people on that other side, educating them along the way.

    Finally, IT exists to serve the users and the company. It is doesn't bring in any money on its own and payed by the company, So it'd better be willing to at least listen to what the rest of the company has to say.

  • 3 months (Score:3, Insightful)

    by Gonoff (88518) on Tuesday March 14, 2006 @07:09AM (#14914597)

    Anywhere that lets passwords run for 3 months does not really consider security a high priority.

    28 days, 8 character minimum and 2 non alpha keys is a minimum. Any weaker than that and the sales dept must be in control of security. If not them some other technical illiterates.

  • by giafly (926567) on Tuesday March 14, 2006 @07:57AM (#14914729)
    In other news:
    • Air Travel should be banned until we win the War on Terror
    • Hospitals should be closed until antibiotic-resistent diseases are cured
    • Credit cards should be blocked until fraud is prevented
    Insightful? Pah! (BOFH Archives) [ntk.net]
  • by gavinchappell (784065) on Tuesday March 14, 2006 @08:49AM (#14914857)
    No, the password criteria given above SUCK. 8 characters, 2 lower, 2 upper, 2 numeric, 2 symbol. There's too much information given away in the security policy about the composition of the password. Whereas a normal 8-character password would have around 90 possibilities for each letter, in this case, each character would have a maximum of around 26 possibilities - even less for some because numerics only have 10 possibilities. You really cut your password space down with overly-restrictive policies.
    The guy said minimum 8 characters, with at least 2 characters from each set (upper, lower, numeric, special). Sounds pretty damn secure to me, especially given that each character can go anywhere (so you don't necessarily know you're looking for, say, "XXxx11$$" format passwords). Even for a minimum length 8 character password you'd have to spend ages trying every possible combination, as each character can be chosen from at least 62 characters (26 lower, 26 upper, 10 numbers) plus whatever special characters can be used.

    Please point out any mistakes I've made in analysing this, but just by having a quick look this actually seems quite good to me. Certainly better than what we use :-)

  • by zerocool^ (112121) on Tuesday March 14, 2006 @09:54AM (#14915170) Homepage Journal

    It's not hard to get people to remember a password that's still fairly complex.

    What you do is you use an acronym. You look around for one of their stupid desk plackards that says some stupid phrase like "You want it done WHEN?!?" or whatever, and you make a password out of that, like 'YwidW?'. I know that's only 6 characters, and there's no numerics, but it's a start - it's relatively secure (compared to, for instance, 'kitty' or 'cowboys', both of which I've seen).

    Seriously. Give it a try. Have them find some thing or use some sentance they look at or say often. There's this box of Vodka choclates on my desk at the moment, the description says "Vodka Choclates - Dark choclates filled with Vodka and fruit", and the net weight is (was) 260g. Bam. Password. Vc-dcfwVaf260 That's a secure password. Easy to remember? Nope. Not unless you know where you're looking. Can the end users do it? Most of 'em can.

    ~Will
  • by fprintf (82740) on Tuesday March 14, 2006 @10:18AM (#14915318) Journal
    I don't know about your company/IT department, but there is a heck of a lot more to worry about from internal security breaches than external cracking. So in your recommended example, I would be much more worried about Joe Pissed Off Employee going over to a random computer with the post - it note on it, deleting some critical data, then handing in his two week notice. As long as he used the posted login data, and you do not have security cameras set up on each floor, he gets away with it scot free.

    Replace my example with any other internal security breaches you can think of, and you will understand why easy password protection is not a good idea for internal protection of company resources.
  • by Anonymous Coward on Tuesday March 14, 2006 @12:10PM (#14916311)
    "Anyone who rights down their passwords should be fired immediately..."

    And any BOFH who doesn't know the difference between "right" and "write" should be fired immediately.

    "But I wasn't hired to know the difference between 'right' and 'write!'"

    And most employees aren't hired for their ability to memorize passwords.
  • by jacks0n (112153) on Tuesday March 14, 2006 @01:17PM (#14917040)
    My number one IT complaint is that they make rules like:

    no unsupported access/mysql/etc databases, but provide no alternative.

    As a manufacturing engineer, I must collect megabytes of data on each unit built to do my job.

    I can't realistically have technicians manually enter data in some slow Oracle forms java interface without doubling the cost of my parts, thereby guaranteeing that all of our jobs will go to China.

    Some things I could do with a scanner and Oracle's mobile applications... if they would enable that ... but they will not. It isn't really enough anyway.

    I really need to use Oracle's Open Interfaces. I understand them. I read the manual. I just need access.
    But the answer is no. They don't want the headache, and think that forms is good enough for all users.

    So what can I do? My leaders are too clueless to understand the problem. They just demand that I collect all the data so they can later magically get 'six-sigma' data from me.

    So I enrage IT by creating whatever databases I need to get the job done. Some of them have gotten nervy enough to delete these production databases, knowing full well they are critical, just to prove their point. I back eveything up to multiple network locations hourly, so I only lost a few minutes of production, but that only makes them madder, as data backup is their job, and I'm using up an obscene amount of disc space.

    Too damn bad. I know that my customers are 1. Manufacturing Floor 2. Management that needs good data to make decisions 3. Design engineers, who need feedback on their designs to create next generation products. 4. Customers. IT is not in that list. I am their customer, and a damn demanding one, and rightfully so.
    Yes, I'm one of those people who uses 80% of their time. I manage hundreds of production PCs running various pieces of test software written in dead languages with obsolete and esoteric hardware and they need to last long enough for me to replace them with something modern. You can't just walk by and take something with a Metrobyte ISA IO card in it and stick a new box with XP there instead, no matter what your upgrade policy is.
  • Expectations? (Score:1, Insightful)

    by Anonymous Coward on Tuesday March 14, 2006 @01:28PM (#14917160)
    An IT department of 500 people is astounding. Where I work there were similar issues. A certain department got fed up and formed their own IT group which I am a part of. This got the blessing senior mangement. So far the main IT group is still doing a crappy job but the group I belong to seems to have a good handle on things. people seem to be happy with the service we rarely get the upset user. We even have users whom we arent supposed to support occassionaly try to get support from us because of what they heard.

    Bottom line is clamor for the change. It may be A: Mangement issues in the IT group or B: the workers or C: Both and lots of changes need to be made. Be aware that it will take time but make sure the changes are followed thru. It also depends on the influence and ability to change that you have in the company.
  • by stefaanh (189270) on Tuesday March 14, 2006 @02:36PM (#14917847)
    I would ask them to vertically organise domain expert groups in their department, with users (domain experts), analysts and IT project leaders at level one, technical analists at level two and programmers at level three. The groups form a single unit of competence. And I always talk about roles, not persons, to be clear.
    Then I would horizontally organize formal and informal communication channels at each level, where each level is in touch with its counterpart in other domain units. At each level there is a support team to provide the means to standardize and keep an eye on productivity and focus.

    Your IT department organisation can be graphically represented as a field of stacks of three checker discs, with a large sheet of paper thru the stacks at each level starting at the bottom, representing the support and communication channels.

    The most important thing is that users are full time member of the groups, are directly involved an take their part of responsability in the IT processes.

    There should be no us and them. No choosing sides.

    And if ever you need a consultant, treat him as one of yours.

For God's sake, stop researching for a while and begin to think!

Working...