Last week I posted about how the cloud is going to affect IT departments in the future, thinking about how some roles are affected and the like, but this time I’m setting out a mini-manifesto for IT departments. This mini-manifesto isn’t for the IT departments that want to continue doing what they’re doing, it’s for those IT, IS, MI, ICT, (whatever TLA) departments that want to survive and add real value to their business. To be harsh it’s the for ones that want to get on the train of change not be run down by it.
Lets add some context. There are mega trends at work that are changing what IT is asked to do and by whom. Cloud computing is changing the tasks business IT people need to perform, a move from box patching to capability improvement, from break-fix to make-better; Consumerisation is changing who drives decision making, that sexy looking new PC vs. big grey box – the decision came from the user (who works in marketing and likes shiny shiny). To evolve I’ve created the following 5 imperatives that I think could drive modernised IT:
Be a guide not a gate keeper It’s a big scary world out there and whilst user interfaces and workflows have been improved there are still things in technology that go bump in the night. It’s now easy for anyone to go and buy some servers on their personal credit card, buy a web site, bolt in some database stuff and create themselves a business critical ecommerce system – no IT involved. It’s now easy to decide that you don’t like the clunky corporate email system that hasn’t seen investment since 1999, set a rule to forward everything to your favourite web based email of choice (or worse chain them together to circumnavigate policy) and use that wonderful web mail; use it on your PC; your phone; your laptop; your mums-friends-aunts-sons PC. Love sales? Don’t like your cumbersome CRM system? Easy give all your data to someone who appears trustworthy and get selling!
They all sound pretty poor to seasoned IT Professionals and I’ve probably just given all the security people a fit but it’s happening every day. The reason is that it’s become easier to work around IT than with them. That has to stop.
Being the guide is about knowing what the best options for your business are and directing the business accordingly. Lets take email as an example. Everyone uses email (give or take) but the top pain points are all addressed by cloud based email services: storage, availability and ease of use. No one likes having to clear down their email, no one likes it when they can’t access their email (also people don’t like it when they can’t get their email on their device of choice now), no one likes not being able to find things through search. Web based email takes care of all this but not all are created equal. Add in some of the other stuff that people like to have – one single corporate address book that updates automatically, single sign on (so they don’t forget passwords that someone has to keep resetting at £5 per helpdesk call)…you get the picture.
The role here is to guide the business to make a better choice, guide them to fully featured enterprise capable cloud email and not to a consumer focused solution that will eventually cause them and you pain through outage or even worse data leakage.
Make information available in appropriate ways One of the facts of life today is that people need information to do their jobs (yes everyone – as I write this I’m watching a team of builders throw up a block of flats, they keep waking me at 7am on weekends – any way they have an iPad that has their job details on, including the plans they’re building to, I just hope they have the scale right). As a result I believe we have a personal connection with data, we see it as our right.
Unfortunately not everyone spends their time thinking about the consequences of access to data but it’s something that IT professionals know is part of our job – it’s so ingrained it’s a cultural norm for us. Typically though we’ve controlled information by saying – No Bob you don’t need to see the CEOs Payroll details and we did this by preventing Bob’s access, physically stopping him from being able to access the information. With consumerisation and cloud though our data gets more mobility. Let’s say that Bob is actually the HR director and therefore he’s in a position to know our CEOs salary so he has the right to access the information; does his “right” to access the information extend to when he’s on a train, surrounded by people reading over his shoulder? Does that “right” extend to being able to download the information to a device without encryption and leave it on a park bench?
The logical answer is probably not but the people who make that choice are the business and they need to understand the risks and rewards of new ways of working. There are solutions that the new IT department will be required to put in place that will help secure information availability, not just access – luckily the toolbox is full of familiar kit. Need to secure emails so that sensitive info isn’t available on devices with weak encryption (but so that email still flows how your users want) – Rights Management in Exchange 2010 is your friend. Need to provide a secure desktop environement to use the HR system on a variety of devices – RDS, Citrix and Quest have solutions. Need to prevent Bob accessing the CEOs payroll data from his PC that faces an external window at street level (seriously what’s up with Bob!!) – Quest have a solution.
This imperative is about knowing what the right mechanism is to put in place to enable access to information, how the user wants it, with the security that’s just what the business requires. Not too little not too much it’s enabling access not preventing it
Promote inclusion, Prevent exclusion Can your users bring their own device to work? Are your users brining their own devices to work? If you said no then you probably work in a very secure part of the government where mobile phones are removed from people’s pockets when they walk in and placed into individual faraday cages. There’s an inevitability here – the horse has already bolted, sorry, move on. It’s not about stopping people using their devices – that will just p**s them off – use the above imperatives. Guide them to make a good decision about the devices they should buy for personal use, then ensure that they can access most of the information they need for their day to day work life on that device but be sure that the sensitive stuff is protected. Research shows they’ll be more productive (I won’t quote it – they’d charge me) but they’ll probably pay for their own mobile phone handset too because it’s such a personal thing – a part of them.
It’s not just about phones, it’s about any device. It could run Windows, Android, OSX, iOS, Chrome – in the future you won’t care, all you’ll care about is making sure that the person can do their work. That will mean securing their device, securing your network (which means moving to a model of not trusting your own network), securing your information and ensuring it all ticks along.
It is also not just about devices. Your users will be buying corporate resources on their credit cards because it’s easier to source a cloud service than it is through IT. So make sure you know the cloud. Make sure your curate the available cloud resources for your people, make it easier to take your recommendation by making your recommendation worth something. They want to setup forwarding of emails to xyz cloud email solution – just make sure they can’t forward the sensitive ones (see above “Control information availability”). They want to build their own e-commerce system, help them out by recommending one that secures passwords in an encrypted format not plain text – whatever your security standards are.
What’s the alternative. You buy the hardware, you mandate the decisions, you become viewed as the hard route.
Care about the business and the people in it You need to know what the business is doing – it’s not sexy, there are now spinning disks, no flashing lights, no cables – but you need to be as involved in where the business is going as Finance, HR and Marketing are. This one is obvious so we won’t spend much time here, but if you know your business as well as they know themselves and know technology better than they do then you’re onto a winner.
Let your IT people have play time (measure it) This should be very popular for the operational IT Professionals among you and slightly less popular within the operational IT managers. You need time to invest in the new things you want to be able to allow you business to do, your IT team will need to be focused on exactly what your users are – new shiny things that help us make money or feel good. As an IT Professional I believe you should be spending at least 10% of your time exploring technology, we work in the single most exciting field in the world – go play. If you think your job is about making Windows XP work really well for Bob then you’re in the wrong place or at least you will be soon – eventually your business will move on and without your skills being current you’ll be…lets not think about it. If you don’t know Windows 7 as a well as you know Windows XP by now then you should be panicking, downloading evaluations of Windows 7, Windows Server 2008R2, Hyper-V, System Center, Office 365, Windows Intune and anything else you can lay your hands on to get yourself up to speed.
If you’re an IT manager and you’ve not got a team that wants to upskill constantly then how are you ever going to move to a model of guidance, inclusion and information availability that makes your business love you?
The world is changing rapidly and IT needs to change to stay ahead so start with a step change in your organisation, kick off “project new dawn” (sounds very Tom Clancy) and centre on these key themes:
Simon is an IT Pro Evangelist specialising in Client and Cloud technology and doing lots of thinking about the future of the IT Profession. His TechNet blog contains his thoughts on much the same.