What Would You Demand From Your IT Department? 671
ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?
from personal anecdotal experience (Score:5, Interesting)
Your company may have IT problems if any of the following has happened recently:
There are many more -- these are just a few I've experienced that exclaimed "improved [insert your favorite trait/characteristic here]" and had mostly the opposite and unexpected (to decision makers) results.
(btw, your "500" count is listed after the mention of your company, it's not clear if you're talking about a company of 500 employees or a company for which it's IT segment comprises 500 employees...)
Have you thought about... (Score:5, Interesting)
Seriously, if you're going to have a department of lazy, inefficient slugs, you might as well have them for cheaper
In addition, the very threat might make your IT department shape up real quick...nothing like the threat of losing your job to light a fire under your butt and get working.
By the way raymondsimms@hotmail.com I'd be careful using fullnames around stuff like that. An IT guy at your company is probably checking the company database right now for names that match that...prepare for the vengeance of an IT Guy.
knowledgeable user input?? (Score:2, Interesting)
In most user communities you see divisions that ignore the entire enterprise and base their knowledgeable input on what will most help them, but maybe dosen't work in the enterprise, or adversely affects other divisions.
This situation fits 90% of input from the users, and makes it hard for an IT department to isolate what is actually valuable input.
performance criteria, & resources to meet them (Score:3, Interesting)
I think that if your IT team have been beaten into submission by a tight-fisted upper management, they may well know that things are not as they should be, but know that no matter how hard they push, upper managemtn wont do anything until it becomes a crisis. More of a sense of resignation, and coping from day to day rather than implementing the best practise they know that they should have
my old office had a server die and take down all the files for a day or so during business hours due to a faulty power supply. no hot swappable power supply on that server. They were continually running out of server space for files (not due to massive mp3 libraries sitting on the server either), which seemed mad to an end user who just wanted to know that things would be able to be saved.
They also had two email gateway servers (i'm not in IT so i may be using jargon incorrectly) and periodically one would fall over, and every other email would fall into a black hole, with no bounceback or indication your email wasn't lost. It got so bad that i would phone people when critical emails were coming through so i could be sure that they were receieved.
the firm I am with right now has a really good internal help desk system which quickly answers user queries, and the system is set up so well that you become oblivious as to the system because you can just get down to doing your work rather than worrying about how stable things are.
A user revolt? Good luck! (Score:3, Interesting)
Do you think you workin some kind of democracy? End users, have no budgets and as such, little influence.
Also, all of the issue you describe are operations and not applications-related. Unfortunately, if the PHBs are getting what they want from the apps (reports, closing the books, sales info, etc...), then nobody will give two cents abouyt bad ops.
The people you need to convince about your issues are executive management in your departments. If you succeed in doing that and enough of them talk to the CEO, there's a good chance that the CIO will be asked to come up with a plan to turn things around. If not, then either you and your compatriots did a poor job of making yoru case, or executive management is happy with the status quo. If that's the case, and you're really fed up with it, your only recourse may be to look for a new job.
Re:ITIL (Score:5, Interesting)
The UK-based ITIL initiative describes in gory detail a collection of best practices that IT can follow to provide better service to their customers. They can do as much or as little of the whole program as they want, and it can even be driven from the outside by the user community if absolutely necessary. Obviously, if there's cooperation it works better, but if they roll their eyes at "another total quality management initiative" (which it's not) you can still use the terminology and methods and eventually drag them into it.
The company I work for decided to "implement" ITIL about five years ago. It has improved nothing, and has essentially just served as a different set of buzzwords for managers to use.
What it reminds me of is an article I read about the US military and its "transformational" thing a few years ago. Everyone and their mother was scrambling to claim that their pet project was a great example of a "transformational" weapon, even though they changed nothing about it.
Re:What would you demand from your IT users? (Score:3, Interesting)
Although the cost of the drives may have come down, there are other costs associated with adding another drive - that additional 1 meg of on line messages multiplied by X numbers of users needs to be monitored, maintained, backed up and made redundant
Technically Savvy - but business DUMB ? (Score:2, Interesting)
Knowledgeable user input? Yeah Right... (Score:5, Interesting)
Ignoring knowledgeable user input, ok that I have a huge problem with. Everyone in the IT community, programmers come to mind the most often, seem to think because they work in front of a pc all day that they know their ass from a hole in the ground when it comes to managing a network or a server farm. Sorry but that it the absolute truth. I have interviewed countless people for jobs in IT, well over 50% of them programmers trying to get Sysadmin positions. When asked specific questions about administrative tasks the answer is almost always the same. I know something about it but I have never implimented anything like that. Everyone wants to be an expert, trust me you aren't.
Unable to sell needed changes. Have you considered that management and accounting do not see the corporate finances in the same way that you do? Some changes are simply impossible to sell. Unless your corporate focus is in technology some of the upgrades needed to improve infrastructure will always be lacking. The exceptions tend to be when the powers that be are directly inconvenienced. But the IT Dept probably caters to them quicker than any other department so they do not see the need. They pick up the phone and Bob is right there, where as you submit a trouble ticket and you are lucky to see someone in 48 hours.
Starting a revolt? Wow you guys are arrogant. Plain and simple. What makes people think that they know another departments job better than they do? Much less "demanding" services. Just astounding. You efforts would be much better spent working with the IT department to figure out ways to get management to invest in more staff, more training and equipment upgrades. That benefits everyone, and doesn't just stroke your self-important little ego.
Re:From the non-tech perspective (Score:5, Interesting)
sPh
Re:What would you demand from your IT users? (Score:5, Interesting)
Dear ZombieLine,
Maybe your company, like most others, is drastically underfunding the IT department, expecting superhuman performance on less than shoe-string budgets, while every day demanding all new buzzword compliant services and ignoring IT requests for additional warm bodies. Not to mention the fact that you are using high maintenance Microsoft Outlook type services while surfing for pr0N and jam packing your mail server full of the latest Happy Fun Tentacle Rape Party videos that everyone is mailing around.
Unacceptable server downtime? Are you clustering critical services?
Bad backups? Chances are your company is very content with single tape drives that the sysadmins can swap tapes from rather than having a good tape library with enough licenses to cover all servers with a decent retention time.
Maxed network storage? Are you paying for more RAID disk shelves? Or are you still feeling brilliant telling your IT staff all about how "you can get an IDE 200GB drive for $50 at Staples, so why can't that be plugged into the EMC or NetApp fileserver?"
My recommendation: stop demanding Five 9's of service and stop expecting services to never reboot or need maintenance if you aren't going to fund it. Stop dicking around at being a business and spend money to make money. Otherwise, save everyone time and bend over to your competition now. You can recommend all the fantastic new upgrades and services, but if your company doesn't recognize the value of improved infrastructure services, and an educated staff, you don't deserve to stay in business and sooner or later Darwin will rear his ugly head.
Get your little posse of idiots together an ask senior management why they are refusing to fund the needed changes. You might be pleasantly surprised to find out that they have no friggin clue about how to manage IT. Or maybe you haven't been paying enough attention to quarterly financial reports to realize that your company is experiencing a classic symptom of the death spiral.
Oh, BTW, you're an asshole. You and your 2Live Crew can go fuck off.
Love,
Shokk
how to remember a secure password? (Score:3, Interesting)
The rate of passwords either written down or programmed into the function keys (anyone else remember Wyse terminals?) was really high. Especially among the bosses.
Re:From the non-tech perspective (Score:4, Interesting)
-- what was the name of that cute girl in 3rd grade?
-- what was your favorite restaurant in high school
-- What do you get mom for her birthday
The same question doesn't get reused for 180 days or so.
Re:From the non-tech perspective (Score:3, Interesting)
No. It needs redundancy or maintenance windows. Have several systems doing the same work, and then take one down make the modifications then have it re-sink take the next one down.... And yes that may mean multiple lines. I don't think this guy wants to pay for 365x24, most people who say they want 365x24 can get buy on 345x18 fine but 365x24 is very doable. The system for the London stock exchange hasn't crashed or gone down for something like 25 years. And its been upgraded a lot.
Management is almost always to blame (Score:3, Interesting)
Many times, an organization starts out small, and the most 'IT savvy' person in the office cobbles together a 'server' and 'network' from some old PCs and some network gear they bought from the office supply store on the corner. I arrive to find a Windows Workgroup (ugh) or poorly implemented Active Directory with a host of replication issues, orphaned objects and broken name resolution. Today I worked on a production network that was running their directory services, print queues and files shares off of a 120 day evaluation copy of Windows server!
There are usually local user accounts, local printers shared off of a workstation, no redundancy, broken or no backups, physical layer problems (bad wiring) and a host of other problems. Quick fixes that were implemented over the course of years are now recurring problems that suck up the majority of the IT staff's time.
These same kinds of problems can plague a large organization, albeit they may present as slightly different symptoms. The cause is always the same: inability of management to see the big picture. This lack of attention to detail starts with management and trickles down.
The way to fix this is to get upper management to recognize that there is a problem. Unfortunately, this often would require somebody to admit that they aren't doing their job. Good luck with that. 90% of the time I find that this type of wholesale cleanup and reengineering only happens during a regime change.
What I expect (Score:3, Interesting)
Re:Was IT outsourced to EDS? (Score:4, Interesting)
BTW EDS has lost money on virtually every contract. I don't think its kickbacks they just underbid cost and then try and make it up on other charges.
I Love Stupid Users (Score:5, Interesting)
Cost/Benefit (Score:1, Interesting)
Before anyone came for my head, I drew up a list of the dollar costs of doing everything properly and presented it to the owner. He just laughed and said "I thought so."
Now, when anyone whines, I point them to the boss, and he tells them to get over it. Of course, I got him to pony up for a more reliable nationally known service provider, but there's still no redundancy. God Bless Free Software.
Re:ITIL (Score:2, Interesting)
Also note that ITIL bills itself as a best-practice theory; think of it as the "logical" structure, not necessarily the "physical" structure. There are plenty of large IT companies that can work with your organization on successfully implementing an ITIL-based service management process framework, along with sophisticated products to back their processes up; Computer Associates (now CA [ca.com]) and IBM [ibm.com] are two of the most prominent ones that come to mind.
Re:IT pays users for downtime/inconvenience (Score:3, Interesting)
As for charging back "lost time" to the IT department... that would mean that every single employee got to dictate to the IT group what their individual needs for the day were rather than having IT work with management and users to get company needs addressed. How would you handle the user that as pissed off because IT wouldn't help them with their home network and they considered that "lost time".
I do agre that computing should be convenient for the end user (I'm an IT Director), but could not imagine a day when I could have 2,000 separate requests - 1 from each user - all over the board and I was held accountable for each and every one, no matter how irrational.
There is a balance!
Re:From the non-tech perspective (Score:3, Interesting)
Great idea - nice and simple so it's easy to remember for the user without having to right it down or use the same password across many systems.
But...
When setting up any new users, you'll need to collect (at the minimum) 180 pieces of information. 360 if they can define their own questions. 360 * ? if they can define their own questions and you force a new "password" for each time that they have to unlock their machine after the screen saver kicks in or for asking for a different "password" should they enter one incorrectly.
Resolutions to your problems... (Score:3, Interesting)
Generally speaking, the solution to incompetence is to fire people. Generally starting at the top, and replacing them with competent people. They will generally proceed with the firing. Meeting to discuss their lack of competence isn't going to help. It's generally a situation of the blind leading the blind (if you were really good at large scale IT, why don't you actually work there, short of previous experience, running a corporate network generally has little to do with personal experince on a home network. If it really is such a problem, you should apply for the job with seriously good incentive based pay). As someone who was one half of the IT departement (SA, programming, help desk, DBA duties) at a fast growing company that went from 10 to 150 people in about 4 years, I can assure that most users outside of IT have no idea what is easy, and what is hard. The number of stupid requests put in by "knowledgable users" was insane.
Lack of backups is a serious problem. However, you haven't described why. In my experience, it's a lack of budget or priority. Generally speaking, good backup units are one of the single most expensive pieces of equipment an IT place will purchase (backups generally scale with the type of IT equipment you buy, if you buy $10K servers, your buying $25K backup libraries. If you purchase $1K servers, you buy $2-4K tape drives. I've never been purchasing $100K+ computers, I'm not sure what type of tape solution they need). The next most common reason for no backups, is literally not enough hours in the day, or backups are such a tremendous strain on the production systems that they can't be run during business hours. Which means that they can't finish. I've seen a fully justified case of not making backups as it literally wasn't cost effective. We could have made backups, but just regenerating the data was far more cost effective. The hardware and software we needed just wasn't justifiable for the volume of data. Critical data we made backups of. The scads of other data we had that turned over regularly wasn't worth it. In the end, we ended up building a hot spare and kept short term online backups on it. Getting a tape unit capable of the storage requirements was too expensive. We generated about 1-2TB/hr, 99% of which would never ever be needed again and after two weeks it was so outdated it had no value. We processed the 1% upon being identified. So backing it up was just stupid. Unless a bug was found in the identification algorithm, then it was useful to have the other 99%. Generally, you just started with the oldest data still of use and processed it all again.
Lack of storage space, is generally attributable to users if users don't have a quota. Given a group of 2 people, at least one of them is a digital pack rat. I'd say given a group of 1, but I've seen a handful of non-pack rats. For the record, I'm a pack rat, but when I am good about cleaning up when disk space gets tight. In my experience, the solution to storage is to parcel it out by type of usage. 80% of the usages will have no problems. The others will use petabytes of storage if they are given access to it. At which point, it's strictly a budget issue and resolving the issue with the users. Generally speaking, near-line storage on CD or DVD that the user could burn themselves, or spooled for an IT professional to do was the solution. We did all CD's of data in triplicate. The original user got one, their supervisor got one, and the IT department held onto one. CD's go bad, and people tend to lose them, hence the three copies held by independent people. What is needed is an archival plan for moving data from online to offline, or deleting it.
Kirby
Re:From the non-tech perspective (Score:5, Interesting)
At the same time, a bright young English mathematician named Alan Turing came into possession of this knowledge. He realised that these rules dramatically reduced the number of possible cyphertexts for any given plaintext (and vice versa), making the search space much smaller than it would otherwise have been. As a result of this, he and his colleagues were able to crack the encryption with the primitive computers available at the time.
Arbitrary restrictions on passwords are not sensible. Do not allow dictionary words and trivial permutations of them, since they can be cracked by a simple method, but any further restrictions only serve to narrow the search space for an attacker. The scheme listed means that most passwords will have two upper case letters, two lower case, two symbols and two numbers. This is an almost trivial subset of the number of possible eight character combinations of letters, numbers and symbols.
In summary, whoever came up this this policy is an idiot both for social and mathematical reasons. They should, therefor, not be allowed to interact with either humans or computers.
Re:how to remember a secure password? (Score:3, Interesting)
Yep. Many times I have seen cases where the IT-department decides to "make things secure" by making passwords "hard to crack". And in process of doing that, they jeopardize the security of the system. Once I saw a setup where the password had to be at least 12 characters long, it had to contain special characters and numbers, they couldn't re-use old passwords (not even with modifications), no normal words were allowed and it had to be changed every week. All nice and secure, right? Wrong. The passwords ended up being so complicated and difficult to remember, that users simply wrote them down on a piece of paper that they carried with them. Some had it in a post-it that was attached to their monitor. Some wrote it down on their pocket-calendar. Not like this.... Not like this.
Had the requirements for the password been a bit more reasonable, the user could have memorized them. But since the bar was set so high, there were pieces of papers in users desks where they had written down their passwords.
Re:how to remember a secure password? (Score:3, Interesting)
If I was running your hyptothetical IT dept, I'd probably turn off account locking for the day while we were writing the new IDS rules, firewall rules etc to stem the spread of the worm.
Of course I'd remember to turn em back on again after the day was done
Min
Re:Was IT outsourced to EDS? (Score:1, Interesting)
Parent company [Big Corp] outsourced desktop support to EDS. However, because of our remote location, EDS would in-turn have to outsource local help. You think EDS is bad? The other places were even worse. No one here used EDS. Maybe it was good for the cubicle dones in NYC at the corp offices, but for our remote location in the country who was simply part of [Big Corp] as a result of a fluke, I still ran the show. Everyone was happy. Problems got solved. Server and network structure was stabilized and improved. Things ran smoothly.
Then [Big Corp] decided to wrestle more control. They wanted more IT homogonizing. Things were stirred-up here at our location, to make them more like the rest of the company, without taking into account the differences in what happened here. It was simply the blind 50-mile high view of homogonizing=savings and consolidation=savings. Employees here started getting less happy. Features were lost. Restrictions increased. Ridiculous things were put into place which inconvenienced people, made them less-productive, lead to more down-time. Broad-sweeping changes came barreling through our company without any regard to the unique impact here, but we were forced to implement them.
Then [Big Corp] decides to outsource all their server/network IT to [Current Employer]. Overnight a bunch of us become employees of a different company. We answer to and get paychecks from people we never met, never see.
Everything gets 100X worse. It was bad enough that [Big Corp] called broad shots without paying attention to places like our site. But now [Big Corp] told [Current Employer] what to do, and I was forced to march in line. [Current Employer] doesn't want or care to hear about problems I have with corporate mandates coming down the line. They are simply hired to do whatever [Big Corp] tells/pays them to. If I disagree, I become not a team player, a troublemaker. People who've never met me, never visited this site, and have no idea what goes on here on a daily basis write up my review and control my paycheck and raises (or lack thereof).
Now employee morale overall is very very low. Everyone hates the new IT stuff, not the least of which myself. Instead of contacting me and having their problem solved in 15 mins, they have to run through a complex, error-prone ticketing system to some place halfway across the country to people who have no clue what goes on here. Then with any luck, I eventually get a trouble ticket assigned to me in a few hours, which may or may not have correct or complete information. I have 2-3 conference calls a day, to discuss all the issues around the work I could be doing if I wasn't wasting my day in conference calls or wrestling with the nightmare ticketing system. More and more big sweeping IT changes are coming down the pipe, turning things upside-down at this location because the timing is horrible and its forcing massive changes with zero benefit for this site. Because no one up on high ever bothers to look into the trenches at the real-world effect on the people actually trying to make money for the company. But we have to do it, because it's what [Big Corp] wants to do and is doing across the board, and since they are hiring [Current Employer] to do it, I have to follow suit. As a result of being forced to do stupid stuff, the employees around me for whom I used the the hero now hate me. I am the lightning rod for all which is hated about the new policies, as if they're my fault. I am the sole representive for [Current Employer] here, forced to take the flak for every failure and bad idea.
My reward for all this? No raise last year because I was stubborn, a complainer, and not a "team player".
Re:*quickly* is relative (Score:1, Interesting)
If your boss(es), who presumably hired you for your technical expertise, override you after you've explained the risks, that's their decision. At this point I'd respectfully ask for that order in writing. If nothing else it may force them to reevaluate their decision. They may not. They have to consider more that just the technical aspect.
"Wow chief, that's brilliant. Can you put that in writing so I can frame it?"
The fall back is to write up all your concerns and outline the risks in an e-mail, send it out and print out a copy.
Of course if you had a decent boss they would have recalled their decision, and not beaten you up over their call.
Don't mean to pick on you in particular, just want to get the word out that CYA is not something to overlook.
The best of course is to have a boss that you can look in the eye, tell them "I told you so" and have them just laugh and tell you to get out of their office and fix it so they can buy you a pint later. Or at least shields you from higher ups whose decision he was implementing earlier.