Forgot your password?
typodupeerror

What Would You Demand From Your IT Department? 671

Posted by Cliff
from the minimum-level-of-service dept.
ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?
This discussion has been archived. No new comments can be posted.

What Would You Demand From Your IT Department?

Comments Filter:
  • by yagu (721525) * <yayaguNO@SPAMgmail.com> on Monday March 13, 2006 @09:30PM (#14912572) Journal

    Your company may have IT problems if any of the following has happened recently:

    • your company has right-sized the work force (could cause loss of corporate memory since right-sizing is usually code for age discrimination
    • decided to become a [insert technology here] shop by executive fiat with no input from IT staff (could de-moralize IT staff, they're not going to care much if their input isn't being counted)
    • changed the review process (more de-moralization -- they're (reviews) usually not changed in a positive way)
    • eliminated bonuses
    • implemented mandatory overtime (I've experienced this many times -- it's the best way to instill attitude in an IT organization)
    • gotten a new CEO soon to loot your company and run (I experienced this... once I experienced a half million loss in options and 401K it was hard to like what my company had become when the CEO walked away with $500M)
    • frozen pension benefits (ditto)
    • cut back on medical coverages (ditto)
    • implemented a required "certification" process for IT staff (gag)

    There are many more -- these are just a few I've experienced that exclaimed "improved [insert your favorite trait/characteristic here]" and had mostly the opposite and unexpected (to decision makers) results.

    (btw, your "500" count is listed after the mention of your company, it's not clear if you're talking about a company of 500 employees or a company for which it's IT segment comprises 500 employees...)

  • by tekiegreg (674773) * <tekieg1-slashdot@yahoo.com> on Monday March 13, 2006 @09:32PM (#14912583) Homepage Journal
    Outsourcing to someone else?

    Seriously, if you're going to have a department of lazy, inefficient slugs, you might as well have them for cheaper :-)

    In addition, the very threat might make your IT department shape up real quick...nothing like the threat of losing your job to light a fire under your butt and get working.

    By the way raymondsimms@hotmail.com I'd be careful using fullnames around stuff like that. An IT guy at your company is probably checking the company database right now for names that match that...prepare for the vengeance of an IT Guy.
  • by Anonymous Coward on Monday March 13, 2006 @09:35PM (#14912604)
    What do you consider knowledgeable user input?
    In most user communities you see divisions that ignore the entire enterprise and base their knowledgeable input on what will most help them, but maybe dosen't work in the enterprise, or adversely affects other divisions.
    This situation fits 90% of input from the users, and makes it hard for an IT department to isolate what is actually valuable input.

  • by Engineer Andy (761400) on Monday March 13, 2006 @09:40PM (#14912629) Journal
    set down what is reasonable in terms of expectations (not more than "x" minutes of downtime during business hours every "y" weeks, scheduled downtime compared to unscheduled downtime. I would have thought that data storage would be part of your record keeping requirements for your Quality management system, just as the system should spell out how you should be filing your correspondence, verifying your work, and all the other mundane bits of Quality in a business

    I think that if your IT team have been beaten into submission by a tight-fisted upper management, they may well know that things are not as they should be, but know that no matter how hard they push, upper managemtn wont do anything until it becomes a crisis. More of a sense of resignation, and coping from day to day rather than implementing the best practise they know that they should have

    my old office had a server die and take down all the files for a day or so during business hours due to a faulty power supply. no hot swappable power supply on that server. They were continually running out of server space for files (not due to massive mp3 libraries sitting on the server either), which seemed mad to an end user who just wanted to know that things would be able to be saved.

    They also had two email gateway servers (i'm not in IT so i may be using jargon incorrectly) and periodically one would fall over, and every other email would fall into a black hole, with no bounceback or indication your email wasn't lost. It got so bad that i would phone people when critical emails were coming through so i could be sure that they were receieved.

    the firm I am with right now has a really good internal help desk system which quickly answers user queries, and the system is set up so well that you become oblivious as to the system because you can just get down to doing your work rather than worrying about how stable things are.

  • by winkydink (650484) * <sv.dude@gmail.com> on Monday March 13, 2006 @09:49PM (#14912688) Homepage Journal
    "but when you go carrying pictures opf Chariman Mao, you ain't gonna make it with anyone, anyhow."

    Do you think you workin some kind of democracy? End users, have no budgets and as such, little influence.

    Also, all of the issue you describe are operations and not applications-related. Unfortunately, if the PHBs are getting what they want from the apps (reports, closing the books, sales info, etc...), then nobody will give two cents abouyt bad ops.

    The people you need to convince about your issues are executive management in your departments. If you succeed in doing that and enough of them talk to the CEO, there's a good chance that the CIO will be asked to come up with a plan to turn things around. If not, then either you and your compatriots did a poor job of making yoru case, or executive management is happy with the status quo. If that's the case, and you're really fed up with it, your only recourse may be to look for a new job.
  • Re:ITIL (Score:5, Interesting)

    by Anonymous Coward on Monday March 13, 2006 @09:50PM (#14912694)
    I have to post this one as AC, sorry.

    The UK-based ITIL initiative describes in gory detail a collection of best practices that IT can follow to provide better service to their customers. They can do as much or as little of the whole program as they want, and it can even be driven from the outside by the user community if absolutely necessary. Obviously, if there's cooperation it works better, but if they roll their eyes at "another total quality management initiative" (which it's not) you can still use the terminology and methods and eventually drag them into it.

    The company I work for decided to "implement" ITIL about five years ago. It has improved nothing, and has essentially just served as a different set of buzzwords for managers to use.

    What it reminds me of is an article I read about the US military and its "transformational" thing a few years ago. Everyone and their mother was scrambling to claim that their pet project was a great example of a "transformational" weapon, even though they changed nothing about it.
  • by a55mnky (602203) on Monday March 13, 2006 @09:56PM (#14912722)
    Your ignorance of what is involved in supporting IT is showing.

    Although the cost of the drives may have come down, there are other costs associated with adding another drive - that additional 1 meg of on line messages multiplied by X numbers of users needs to be monitored, maintained, backed up and made redundant ... and of course restored when somebody mistakenly deletes the wrong message.
  • by Bartzo1 (836080) on Monday March 13, 2006 @10:06PM (#14912780)
    There seems to be more people out there who know a lot about technology but don't know jack about running a business. There is less people out there - who can convince the management (and rightly so) that spending $$$ pays off in the long run. Can you put a $$$ on the missing files because you didn't have a the proper backup strategy in place ? down time of the servers and the amounts of people who are sitting around and looking at the ceiling because their email and phone system are not working ? $$$ it would cost to recreate the work of a team which spent 3 months on it ? ) People in a company like that - cannot just create a "Committee" to see that changes happen - it just doesn't work - policies like that need to come down from the top. It only shows that either the people who are the heads of such departments are not speaking the right language to the top or are just plain LAZY (Incompetent, inefficient ...etc)- or the top (lower top) is refusing to listen - because they want to look like they are doing a good job by keeping the costs down - I've seen both. In either case - you need to start from the bottom and work your way up. Approach the IT Manager, and present him with your findings, ask him to take it up - if no result - take it a step over him - As a last resort approach your CTO/CIO or (CEO if you have to) with realistic numbers on the amounts of time lost due to server outages - multiply it by the number of employees affected and then by their hourly wage - $$ starts to add up...especially if you have ridiculous downtime rates... But I bet you - somewhere along your trip UP someone will start to listen. But get the numbers first...and get some "weight" behind you - get managers and directors of other departments to back you up on this...Even have them present this UP to the VP's.. etc.
  • by DnemoniX (31461) on Monday March 13, 2006 @10:43PM (#14912939)
    I am the IT Director for a smaller organization, about 300 total employees. Every little complaint you have there is something that I have seen a hundred times over regardless of the firm. Let me explain where you have started to go wrong here. First mistake, assuming incompetence, instead of researching the root cause of any service problems. It is easy to just say, "Well Bob over there is an idiot". When maybe Bob is following protocol that he didn't establish. Or that the IT resources are stretched to the breaking point.

    Ignoring knowledgeable user input, ok that I have a huge problem with. Everyone in the IT community, programmers come to mind the most often, seem to think because they work in front of a pc all day that they know their ass from a hole in the ground when it comes to managing a network or a server farm. Sorry but that it the absolute truth. I have interviewed countless people for jobs in IT, well over 50% of them programmers trying to get Sysadmin positions. When asked specific questions about administrative tasks the answer is almost always the same. I know something about it but I have never implimented anything like that. Everyone wants to be an expert, trust me you aren't.

    Unable to sell needed changes. Have you considered that management and accounting do not see the corporate finances in the same way that you do? Some changes are simply impossible to sell. Unless your corporate focus is in technology some of the upgrades needed to improve infrastructure will always be lacking. The exceptions tend to be when the powers that be are directly inconvenienced. But the IT Dept probably caters to them quicker than any other department so they do not see the need. They pick up the phone and Bob is right there, where as you submit a trouble ticket and you are lucky to see someone in 48 hours.

    Starting a revolt? Wow you guys are arrogant. Plain and simple. What makes people think that they know another departments job better than they do? Much less "demanding" services. Just astounding. You efforts would be much better spent working with the IT department to figure out ways to get management to invest in more staff, more training and equipment upgrades. That benefits everyone, and doesn't just stroke your self-important little ego.
  • by sphealey (2855) on Monday March 13, 2006 @10:49PM (#14912964)
    === If there is work to be done, then I'd like to dial up the local expert/employee and know that the problem will be fixed *quickly* and efficiently. ===
    Only the fire department and the Marine Corps keep enough people on standby to handle any problem presented to them immediately (and even the Marines are a bit tied up at the moment). Every other entity queues, prioritizes, and triages. Your IT department *could* maintain enough knowledgable experts to answer your difficult questions in depth whenever you picked up the phone - I once worked with one that did. That department lasted a little less than 2 years; once senior management figured out how much it was costing they terminated it and replaced it with an outsourcer at 1/3 the cost. 1/5 the level of service, but that was not senior management's concern (and perhaps rightly so).

    sPh

  • by shokk (187512) <ernieoporto&yahoo,com> on Monday March 13, 2006 @10:57PM (#14913000) Homepage Journal

    Dear ZombieLine,
    Maybe your company, like most others, is drastically underfunding the IT department, expecting superhuman performance on less than shoe-string budgets, while every day demanding all new buzzword compliant services and ignoring IT requests for additional warm bodies. Not to mention the fact that you are using high maintenance Microsoft Outlook type services while surfing for pr0N and jam packing your mail server full of the latest Happy Fun Tentacle Rape Party videos that everyone is mailing around.

    Unacceptable server downtime? Are you clustering critical services?

    Bad backups? Chances are your company is very content with single tape drives that the sysadmins can swap tapes from rather than having a good tape library with enough licenses to cover all servers with a decent retention time.

    Maxed network storage? Are you paying for more RAID disk shelves? Or are you still feeling brilliant telling your IT staff all about how "you can get an IDE 200GB drive for $50 at Staples, so why can't that be plugged into the EMC or NetApp fileserver?"

    My recommendation: stop demanding Five 9's of service and stop expecting services to never reboot or need maintenance if you aren't going to fund it. Stop dicking around at being a business and spend money to make money. Otherwise, save everyone time and bend over to your competition now. You can recommend all the fantastic new upgrades and services, but if your company doesn't recognize the value of improved infrastructure services, and an educated staff, you don't deserve to stay in business and sooner or later Darwin will rear his ugly head.

    Get your little posse of idiots together an ask senior management why they are refusing to fund the needed changes. You might be pleasantly surprised to find out that they have no friggin clue about how to manage IT. Or maybe you haven't been paying enough attention to quarterly financial reports to realize that your company is experiencing a classic symptom of the death spiral.

    Oh, BTW, you're an asshole. You and your 2Live Crew can go fuck off.
    Love,
    Shokk
  • by wadiwood (601205) on Monday March 13, 2006 @11:07PM (#14913045) Journal
    This criteria for password is fairly secure except for the slight problem - that they're really difficult to remember. The only way I learnt passwords like this was when I had to type it in every 30 minutes - cos that's how often the system I was working on crashed, and at least the IT dept wasn't mean enough to make us learn a new one every six months.

    The rate of passwords either written down or programmed into the function keys (anyone else remember Wyse terminals?) was really high. Especially among the bosses.
  • by jbolden (176878) on Monday March 13, 2006 @11:29PM (#14913134) Homepage
    No one is going to use this password scheme they are too hard. You don't use passwords. They really aren't secure, you need a "something you have, something you know, something you are". For the "are" control access to the machines. For the password use a have and the password changes in a scheduled way every-time its used. Then for know use something much harder than a phrase
    -- what was the name of that cute girl in 3rd grade?
    -- what was your favorite restaurant in high school
    -- What do you get mom for her birthday

    The same question doesn't get reused for 180 days or so.

  • by jbolden (176878) on Monday March 13, 2006 @11:34PM (#14913154) Homepage
    4x7x365 operation needs some maintenance windows.

    No. It needs redundancy or maintenance windows. Have several systems doing the same work, and then take one down make the modifications then have it re-sink take the next one down.... And yes that may mean multiple lines. I don't think this guy wants to pay for 365x24, most people who say they want 365x24 can get buy on 345x18 fine but 365x24 is very doable. The system for the London stock exchange hasn't crashed or gone down for something like 25 years. And its been upgraded a lot.
     
  • by un4given (114183) <bvoltz&gmail,com> on Monday March 13, 2006 @11:36PM (#14913163)
    I am an IT consultant, and I make my living cleaning up the mess left behind by incompetent IT staff and management.

    Many times, an organization starts out small, and the most 'IT savvy' person in the office cobbles together a 'server' and 'network' from some old PCs and some network gear they bought from the office supply store on the corner. I arrive to find a Windows Workgroup (ugh) or poorly implemented Active Directory with a host of replication issues, orphaned objects and broken name resolution. Today I worked on a production network that was running their directory services, print queues and files shares off of a 120 day evaluation copy of Windows server!

    There are usually local user accounts, local printers shared off of a workstation, no redundancy, broken or no backups, physical layer problems (bad wiring) and a host of other problems. Quick fixes that were implemented over the course of years are now recurring problems that suck up the majority of the IT staff's time.

    These same kinds of problems can plague a large organization, albeit they may present as slightly different symptoms. The cause is always the same: inability of management to see the big picture. This lack of attention to detail starts with management and trickles down.

    The way to fix this is to get upper management to recognize that there is a problem. Unfortunately, this often would require somebody to admit that they aren't doing their job. Good luck with that. 90% of the time I find that this type of wholesale cleanup and reengineering only happens during a regime change.
  • What I expect (Score:3, Interesting)

    by adoll (184191) * <alex@doll.agdconsulting@ca> on Monday March 13, 2006 @11:46PM (#14913224) Homepage Journal
    I quote jobs on the basis of "bring my own computer" and the basic software for it. I expect the IT dept at the jobsite to provide:
    1. Email access to the local system through something like IMAP or POP, but I'll settle for Lotus Notes in a pinch.
    2. Network filesystem access for my workstation, either direct or VPN. No remote terminals! My software is needed to do my calculations, and if I can't store the files on "your network", then I'll store them on my hard drive and too bad for you.
    3. Filesystem access from remote locations (home, other offices). I travel a lot and can't get much done if I'm limited to working in "their" office.
    In return, I promise the customer:
    1. To provide a PC with all relevant security patches installed, and virus protection enabled.
    2. To use Client sanctioned applications where, in my professional opinion, they are capable of performing the tasks. This usually means Microsoft Office and usually means I get in a scrap with the IT guys when Excel is mandated for doing material balance [agdconsulting.ca] or matrix calculations [agdconsulting.ca] - both duties it is not suitable for. (Anybody able to explain to an IT dude what a Singular Matrix is and why it is not Invertible, in spite of what Excel does?)
    -AD
  • by jbolden (176878) on Monday March 13, 2006 @11:49PM (#14913236) Homepage
    I bid against EDS on a contract. We were cooperating with IBM. We both agreed that the cost for the project would be 20x to implement we bid 30x. EDS came in at 8x.

    BTW EDS has lost money on virtually every contract. I don't think its kickbacks they just underbid cost and then try and make it up on other charges.
  • I Love Stupid Users (Score:5, Interesting)

    by inKubus (199753) on Monday March 13, 2006 @11:59PM (#14913288) Homepage Journal
    I come from a long helpdesk background and am now a senior developer at a mid-sized company. Unlike most of you nerds there's one thing I enjoy more than "being right" and that's "being lazy." That's why I love stupid users. I loved having a job where the biggest problem I faced in a day was telling a user to turn their monitor on. Or turn their capslock off. The worst job I EVER had was working with some very bright and very motivated individuals who were not geeks but were extremely competent in everything they did. The one thing they didn't know well was computers, and in that business you didn't need to know computers to make a crapload of money. But because they were all so brilliant, every little thing was nitpicked. Everything had to be done now now now. There were no easy problems and every day I was challenged to learn and perfectly perform something that I'd never done before with technology. There was always some shit on the line: huge fines from regulatory institutions, huge investments of money, hundreds of employees counting on your work. If the worst you have to deal with is someone dumber than you, you have it made. Make friends with your users, treat them like people, and soon you'll be in middle management, making bad decisions for a big salary.

  • Cost/Benefit (Score:1, Interesting)

    by Anonymous Coward on Tuesday March 14, 2006 @12:06AM (#14913330)
    I'm the only IT guy at a small business (35 people), and I run completely without a budget. Costs are kept to the bone. People were starting to bitch about spotty email service (below-bargain-basement local provider who was friends with the family owning the business), downtime when a server would fail (no redundancy), and slow Internet access (it turns out that forwarding 15MB videos to all of your friends DOES make a difference).

    Before anyone came for my head, I drew up a list of the dollar costs of doing everything properly and presented it to the owner. He just laughed and said "I thought so."

    Now, when anyone whines, I point them to the boss, and he tells them to get over it. Of course, I got him to pony up for a more reliable nationally known service provider, but there's still no redundancy. God Bless Free Software.
  • Re:ITIL (Score:2, Interesting)

    by drgroove (631550) on Tuesday March 14, 2006 @12:07AM (#14913337)
    The issue you highlight is one of implementation of a practice, not within the practice itself. ITIL-based Service Management practices bring a high degree of process management and process maturity to an IT organization when implemented correctly. I would strongly caution against denegrating a product or practice when in actuality the problems lie elsewhere.

    Also note that ITIL bills itself as a best-practice theory; think of it as the "logical" structure, not necessarily the "physical" structure. There are plenty of large IT companies that can work with your organization on successfully implementing an ITIL-based service management process framework, along with sophisticated products to back their processes up; Computer Associates (now CA [ca.com]) and IBM [ibm.com] are two of the most prominent ones that come to mind.
  • by mrscott (548097) on Tuesday March 14, 2006 @12:34AM (#14913449)
    I agree with you... to a point. We do allow the use of USB drives on all computers, but if I worked in a security sensitive environment, that kind of access would go.

    As for charging back "lost time" to the IT department... that would mean that every single employee got to dictate to the IT group what their individual needs for the day were rather than having IT work with management and users to get company needs addressed. How would you handle the user that as pissed off because IT wouldn't help them with their home network and they considered that "lost time".

    I do agre that computing should be convenient for the end user (I'm an IT Director), but could not imagine a day when I could have 2,000 separate requests - 1 from each user - all over the board and I was held accountable for each and every one, no matter how irrational.

    There is a balance!

  • by TykeClone (668449) * <TykeClone@gmail.com> on Tuesday March 14, 2006 @12:53AM (#14913516) Homepage Journal
    The same question doesn't get reused for 180 days or so.

    Great idea - nice and simple so it's easy to remember for the user without having to right it down or use the same password across many systems.

    But...

    When setting up any new users, you'll need to collect (at the minimum) 180 pieces of information. 360 if they can define their own questions. 360 * ? if they can define their own questions and you force a new "password" for each time that they have to unlock their machine after the screen saver kicks in or for asking for a different "password" should they enter one incorrectly.

  • by ComputerSlicer23 (516509) on Tuesday March 14, 2006 @01:45AM (#14913688)
    Generally, I've found that when you get a bunch of idiots in a room, not much useful happens. A lot gets said, a lot of plans get laid. Not a lot of real work gets done.

    Generally speaking, the solution to incompetence is to fire people. Generally starting at the top, and replacing them with competent people. They will generally proceed with the firing. Meeting to discuss their lack of competence isn't going to help. It's generally a situation of the blind leading the blind (if you were really good at large scale IT, why don't you actually work there, short of previous experience, running a corporate network generally has little to do with personal experince on a home network. If it really is such a problem, you should apply for the job with seriously good incentive based pay). As someone who was one half of the IT departement (SA, programming, help desk, DBA duties) at a fast growing company that went from 10 to 150 people in about 4 years, I can assure that most users outside of IT have no idea what is easy, and what is hard. The number of stupid requests put in by "knowledgable users" was insane.

    Lack of backups is a serious problem. However, you haven't described why. In my experience, it's a lack of budget or priority. Generally speaking, good backup units are one of the single most expensive pieces of equipment an IT place will purchase (backups generally scale with the type of IT equipment you buy, if you buy $10K servers, your buying $25K backup libraries. If you purchase $1K servers, you buy $2-4K tape drives. I've never been purchasing $100K+ computers, I'm not sure what type of tape solution they need). The next most common reason for no backups, is literally not enough hours in the day, or backups are such a tremendous strain on the production systems that they can't be run during business hours. Which means that they can't finish. I've seen a fully justified case of not making backups as it literally wasn't cost effective. We could have made backups, but just regenerating the data was far more cost effective. The hardware and software we needed just wasn't justifiable for the volume of data. Critical data we made backups of. The scads of other data we had that turned over regularly wasn't worth it. In the end, we ended up building a hot spare and kept short term online backups on it. Getting a tape unit capable of the storage requirements was too expensive. We generated about 1-2TB/hr, 99% of which would never ever be needed again and after two weeks it was so outdated it had no value. We processed the 1% upon being identified. So backing it up was just stupid. Unless a bug was found in the identification algorithm, then it was useful to have the other 99%. Generally, you just started with the oldest data still of use and processed it all again.

    Lack of storage space, is generally attributable to users if users don't have a quota. Given a group of 2 people, at least one of them is a digital pack rat. I'd say given a group of 1, but I've seen a handful of non-pack rats. For the record, I'm a pack rat, but when I am good about cleaning up when disk space gets tight. In my experience, the solution to storage is to parcel it out by type of usage. 80% of the usages will have no problems. The others will use petabytes of storage if they are given access to it. At which point, it's strictly a budget issue and resolving the issue with the users. Generally speaking, near-line storage on CD or DVD that the user could burn themselves, or spooled for an IT professional to do was the solution. We did all CD's of data in triplicate. The original user got one, their supervisor got one, and the IT department held onto one. CD's go bad, and people tend to lose them, hence the three copies held by independent people. What is needed is an archival plan for moving data from online to offline, or deleting it.

    Kirby

  • by TheRaven64 (641858) on Tuesday March 14, 2006 @01:50AM (#14913705) Journal
    I recall another organisation that had a similar policy. Their policy was that you were not allowed to have the a wheel in their cryptographic system in the same place on two consecutive days, and you were not allowed to have the all same wheels in the machine two days in a row (i.e. you had to replace at least one wheel and re-order the others). Something else that could have been described as policy, but was really an part of the machine's original design, was that no letter could map to itself in any configuration. The cryptographic engine was called Enigma, and the organisation that came up with this policy was the Third Reich. Now, I'm skirting dangerously close to Godwin's Law here, but I will continue.

    At the same time, a bright young English mathematician named Alan Turing came into possession of this knowledge. He realised that these rules dramatically reduced the number of possible cyphertexts for any given plaintext (and vice versa), making the search space much smaller than it would otherwise have been. As a result of this, he and his colleagues were able to crack the encryption with the primitive computers available at the time.

    Arbitrary restrictions on passwords are not sensible. Do not allow dictionary words and trivial permutations of them, since they can be cracked by a simple method, but any further restrictions only serve to narrow the search space for an attacker. The scheme listed means that most passwords will have two upper case letters, two lower case, two symbols and two numbers. This is an almost trivial subset of the number of possible eight character combinations of letters, numbers and symbols.

    In summary, whoever came up this this policy is an idiot both for social and mathematical reasons. They should, therefor, not be allowed to interact with either humans or computers.

  • by 10Ghz (453478) on Tuesday March 14, 2006 @04:34AM (#14914209)
    You really cut your password space down with overly-restrictive policies.


    Yep. Many times I have seen cases where the IT-department decides to "make things secure" by making passwords "hard to crack". And in process of doing that, they jeopardize the security of the system. Once I saw a setup where the password had to be at least 12 characters long, it had to contain special characters and numbers, they couldn't re-use old passwords (not even with modifications), no normal words were allowed and it had to be changed every week. All nice and secure, right? Wrong. The passwords ended up being so complicated and difficult to remember, that users simply wrote them down on a piece of paper that they carried with them. Some had it in a post-it that was attached to their monitor. Some wrote it down on their pocket-calendar. Not like this.... Not like this.

    Had the requirements for the password been a bit more reasonable, the user could have memorized them. But since the bar was set so high, there were pieces of papers in users desks where they had written down their passwords.
  • by Minupla (62455) <minupla&gmail,com> on Tuesday March 14, 2006 @08:21AM (#14914783) Homepage Journal
    I know how my users would react if I told them "Yes we know your account is locked out, we're working on fighting the worm." it'd be "Can't you just unlock my account" for every single user in the building.

    If I was running your hyptothetical IT dept, I'd probably turn off account locking for the day while we were writing the new IDS rules, firewall rules etc to stem the spread of the worm.

    Of course I'd remember to turn em back on again after the day was done :)

    Min
  • by Anonymous Coward on Tuesday March 14, 2006 @11:13AM (#14915767)
    When I started working here, I was the IT guy. Everything ran well.

    Parent company [Big Corp] outsourced desktop support to EDS. However, because of our remote location, EDS would in-turn have to outsource local help. You think EDS is bad? The other places were even worse. No one here used EDS. Maybe it was good for the cubicle dones in NYC at the corp offices, but for our remote location in the country who was simply part of [Big Corp] as a result of a fluke, I still ran the show. Everyone was happy. Problems got solved. Server and network structure was stabilized and improved. Things ran smoothly.

    Then [Big Corp] decided to wrestle more control. They wanted more IT homogonizing. Things were stirred-up here at our location, to make them more like the rest of the company, without taking into account the differences in what happened here. It was simply the blind 50-mile high view of homogonizing=savings and consolidation=savings. Employees here started getting less happy. Features were lost. Restrictions increased. Ridiculous things were put into place which inconvenienced people, made them less-productive, lead to more down-time. Broad-sweeping changes came barreling through our company without any regard to the unique impact here, but we were forced to implement them.

    Then [Big Corp] decides to outsource all their server/network IT to [Current Employer]. Overnight a bunch of us become employees of a different company. We answer to and get paychecks from people we never met, never see.

    Everything gets 100X worse. It was bad enough that [Big Corp] called broad shots without paying attention to places like our site. But now [Big Corp] told [Current Employer] what to do, and I was forced to march in line. [Current Employer] doesn't want or care to hear about problems I have with corporate mandates coming down the line. They are simply hired to do whatever [Big Corp] tells/pays them to. If I disagree, I become not a team player, a troublemaker. People who've never met me, never visited this site, and have no idea what goes on here on a daily basis write up my review and control my paycheck and raises (or lack thereof).

    Now employee morale overall is very very low. Everyone hates the new IT stuff, not the least of which myself. Instead of contacting me and having their problem solved in 15 mins, they have to run through a complex, error-prone ticketing system to some place halfway across the country to people who have no clue what goes on here. Then with any luck, I eventually get a trouble ticket assigned to me in a few hours, which may or may not have correct or complete information. I have 2-3 conference calls a day, to discuss all the issues around the work I could be doing if I wasn't wasting my day in conference calls or wrestling with the nightmare ticketing system. More and more big sweeping IT changes are coming down the pipe, turning things upside-down at this location because the timing is horrible and its forcing massive changes with zero benefit for this site. Because no one up on high ever bothers to look into the trenches at the real-world effect on the people actually trying to make money for the company. But we have to do it, because it's what [Big Corp] wants to do and is doing across the board, and since they are hiring [Current Employer] to do it, I have to follow suit. As a result of being forced to do stupid stuff, the employees around me for whom I used the the hero now hate me. I am the lightning rod for all which is hated about the new policies, as if they're my fault. I am the sole representive for [Current Employer] here, forced to take the flak for every failure and bad idea.

    My reward for all this? No raise last year because I was stubborn, a complainer, and not a "team player".
  • by Anonymous Coward on Tuesday March 14, 2006 @11:41AM (#14916004)
    This is a clear case for demanding your orders in writing.

    If your boss(es), who presumably hired you for your technical expertise, override you after you've explained the risks, that's their decision. At this point I'd respectfully ask for that order in writing. If nothing else it may force them to reevaluate their decision. They may not. They have to consider more that just the technical aspect.

    "Wow chief, that's brilliant. Can you put that in writing so I can frame it?"

    The fall back is to write up all your concerns and outline the risks in an e-mail, send it out and print out a copy.

    Of course if you had a decent boss they would have recalled their decision, and not beaten you up over their call.

    Don't mean to pick on you in particular, just want to get the word out that CYA is not something to overlook.

    The best of course is to have a boss that you can look in the eye, tell them "I told you so" and have them just laugh and tell you to get out of their office and fix it so they can buy you a pint later. Or at least shields you from higher ups whose decision he was implementing earlier.

He keeps differentiating, flying off on a tangent.

Working...