Seven Things IT Should Be Doing (but Isn't)
Pity the poor IT managers.
They're expected to know what their end-users want need, even if their end-users can't articulate it themselves. They're under constant pressure to develop new skills (like AJAX) while maintaining old ones (COBOL, anyone?), and to not only maintain line-of-business apps but jazz them up to meet the expectations of the Facebook generation.
They've got to deal with a data tsunami that increases more than 30 percent per year while simultaneously protecting the company jewels from devastating data spills. They're required to gird for disasters of unknown proportions and figure out how to keep the business going in the aftermath.
[ Think you've got it bad, check out "The 7 dirtiest jobs in IT." ]
And, oh yeah -- they need to take a few business finance courses. In their copious spare time, of course.
Tough job? You bet. But in this Web 2.0-centric data-engorged world, it's the cost of doing business. Do them well and both you and your company will succeed.
Here are seven (more) things to add to your must-do list. Ignore them at your peril.
[ See also our slideshow "Seven things IT should be doing (but isn't)" ]
No 1: Follow your users.
You don't have to hire a gumshoe to find out how people actually use technology inside your company's walls, but it couldn't hurt.
"IT folks should shadow their users to find out what they really do for a living," says Jonathan Ezor, assistant professor of law and technology at Touro Law Center in Central Islip, N.Y. IT personnel often complain users don't understand enough about technology, but Ezor says the opposite is also true -- IT recommendations don't reflect the real world of users.
[ Or you can cut down on the to-do list by putting end-users to work. See "Guerrilla IT: How to stop worrying and learn to love your superusers" ]
Case in point: pervasive wireless Net access. Great for many companies, but a potential disaster in Ezor's law classrooms. So starting next fall, some of the school's IT managers will begin auditing Ezor's classes, to get a feel for what student life is like.
Even better: Shoulder-surf your biggest customers. It's the best way to figure out what works and what needs fixing, says Richard Rabins, co-founder of database maker Alpha Software.
When Alpha builds custom apps for its biggest clients, it puts a development team inside the offices of the departments that will ultimately be using the software.
"Having developers feel the actual pain is very powerful," says Rabins. "If our IT folks can walk in the shoes of users and understand their business processes, that gives us a real competitive edge."
No 2: Embrace Web 2.0.
Like it or not, we live in a Facebook/Twitter/iPhone world. And if your line-of-business apps don't sport the latest Web service features, you could lose your best young employees to a company that does.
"Many IT organizations are not as ready for Web 2.0 as they need to be," says David McFarlane, COO for Nexaweb Technologies, which makes software and services for modernizing legacy applications. "They need to prepare for the millennium generation -- the audience that has only heard the legend of the DOS interface and expects to have a ubiquitous iPhone-like experience every time they touch a computer or related device."
[ For tips on giving your apps a Web 2.0 makeover, see "Rich Web development tools bring bling to the browser." ]
Your youngest, most tech-savvy employees expect to interact with the system from any browser, whether it's on their laptop or a cell phone, and access virtually any data from anywhere. If you don't provide that, somebody else will.
"Part of the reason to embrace Web 2.0 is to show your employees that your company is forward-thinking and willing to do things differently," says Jim Lanzalotto, vice president of Yoh, a technology talent and outsourcing firm. "It sounds bizarre, but if you don't do enough to energize your employees, they may lose interest in you as a company."
Your customers also have increasingly high expectations, adds Nexaweb's McFarlane.
"They expect to be part of the extended enterprise," McFarlane says. "If they order a part from you, they expect to be able to track where it is in the process, when it was dispatched, where it is now. If they file an insurance claim, they expect to participate, to take photos of the damage and upload them to the file. Companies can't departmentalize these things anymore. You need to deliver rich, compelling, engaging applications for your customers as well."
No. 3: Tame the data monster.
Bad, incomplete, or unusable data has been the bane of thousands of enterprises. Even data that's perfectly usable in one form may be useless in a broader context -- which leads to poor decision-making.
Tony Fisher, CEO of data-quality specialists DataFlux, recalls the time he was working with the CEO of a Fortune 10 company who was concerned about the aging population of the company's workforce.
[ How important is data cleansing and validation? Read "The perils of dirty data" and beware. ]
"His first question was, 'How many employees do we have and where are they?'" says Fisher. "But the best estimate he could get was between 90,000 and 115,000. He was never able to drill down to age of the population or its distribution."
The problem: It was huge global company with 120 locations, each with an HR system that treated data just a little bit differently. The data was sufficient for the needs of the local organizations, says Fisher, but they couldn't integrate it across different systems -- an increasingly common dilemma for many enterprises.
"Better data makes for a better business," Fisher says. "You need to make sure data isn't just accurate but is also fit-for-purpose, so it can drive business initiatives."
And this should be done sooner rather than later because the data deluge is only growing. Studies have found that the amount of data generated per year is growing by 35 to 40 percent, notes Sean Morris, sales director at Digitech Systems, an enterprise content management provider.
"IT folks need to take a closer look at how they are capturing, encrypting, and storing all the data their companies generate, including e-mail, invoices, and contracts," says Morris. "Companies with a solid ECM strategy will have a competitive advantage going forward, and IT can be positioned to be the hero."
No 4: Flirt with disaster.
Many organizations think they have a disaster recovery plan in place, only to find out too late it's inadequate. Or they think that simply backing up their data is enough, with no way to keep the biz running -- and the revenue flowing -- while they attempt to recover.
"You'd be surprised how much downtime happens -- as well as lost goodwill from clients and vendors -- when you lose your data," notes Dimitri Miaoulis, vice president of Baroan Technologies, which provides 24/7 tech support for small businesses. "Every business needs a continuity plan that describes how it will continue to function, not only with technology but mail, fax, deliveries, phone calls, where people go, and what do they do."
But simply having a plan isn't enough -- it needs to make sense in real-world situations, says John Biglin, CEO of Interphase Systems, a management and technology consultancy.
"We had one client, a multi-billion-dollar HR services company, with a disaster recovery manual four inches thick," Biglin says. "On its Exchange Server Configuration page, there was one sentence: 'See company intranet for the latest information.' If the network at their corporate headquarters went down, they'd be completely hosed."
Blank backup sets, crumbling storage media, and recovery plans that haven't been updated since 9/11 -- all are recipes for an even bigger disaster. Large firms may have a comprehensive continuity plan but fail to update it regularly or do dry runs to see if they actually can recover and keep operating, says Biglin.
"Even customers who have a plan rarely take the time to validate that it works," he adds. "Unless you've tested it and can show that it truly works, you don't have a plan."
No 5: Capture old knowledge (before it disappears).
Odds are you have at least some of your key business data written in an ancient computer language, locked away on old iron, or buried inside the brains of aging coders. You need to capture that knowledge and bring it into the service-oriented century, or have a staff of semi-retired COBOL programmers on hand to draw from.
"The biggest thing IT isn't doing is capturing the 'corporate knowledge/culture' that their retiring IT staff has," says Robert Rosen, CIO of a U.S. government agency. "It's all the stuff not captured that will come back to bite IT when something fails and they say, 'Joe always knew how to do that.'"
It's not just the graybeards, says Venkat S. Devraj, co-founder and CTO of datacenter automation firm Stratavia. Everyone's day-to-day tasks need to be documented so that business processes continue to flow. "Otherwise, when an employee is on vacation, gets sick, is promoted, or leaves the company, the IP [intellectual property] is not available to get the job done with the same level of quality and predictability," he says.
The bigger, more important step: Become less dependent on aging code, says McFarlane, whose Nexaweb Advance software explores aging code, documents the business logic and rules embedded within it, and transforms it into a modern Java application that can be delivered over the Web.
"Enterprises must learn how to be less dependent on the shrinking number of folks who are well versed in the applications running the business like COBOL, PowerBuilder, and Oracle Forms," McFarlane says. "Most CIOs won't admit it, but not only do many of them not know how these applications work, they don't know if these applications work. All they know is they've got 30 million lines of COBOL code and no COBOL programmers, institutional knowledge, or documentation. They need to go in and liberate their intellectual property from the bowels of legacy systems."
No. 6: Plug data leaks.
Data spills are almost inevitable, but you can minimize risk and mitigate damage by keeping an eye on orphaned accounts, lax oversight of permissions, and mobile data access.
A survey of more than 850 executives by security firm Symark revealed that 42 percent of all businesses have no idea how many orphaned accounts exist on their networks, and nearly one-third have no procedure for removing them. Worse, many organizations are lax about policing who's allowed to access what data on the network.
"It's not uncommon for folders on file shares to have access control permissions allowing everyone to access the data inside it," says Johnnie Konstantas, vice president of marketing at Varonis Systems, a data governance solutions provider. "Global access to folders should be removed and replaced with rules that give access to the explicit groups that need it."
Konstantas says IT departments need to maintain a current list of everyone who "owns" each data store and review or revoke permissions on a regular basis.
Lax permissions policies, coupled with the growing threat from rogue mobile devices, raise the possibility of accidental data spills and deliberate data breaches, notes Ben Halpert, an information security researcher and consultant.
"The current security model is inadequate for dealing with today's threats," he says. "When it comes to mobile security, every organization needs to recognize certain realities. The first is that you can't stop mobile device proliferation. The second is that user awareness alone is ineffective. And third, point solutions like encryption will only shift the target."
A December 2007 survey conducted by the Ponemon Institute found that nearly 40 percent of employees have reported losing a mobile device containing company data, and that more than half copied sensitive data to USB drives despite company policies forbidding the practice.
Halpert says enterprises need to implement an overarching strategy for mobile security, taking into account technology, user populations, and processes.
"While the majority of your workforce does not have malicious intent, those involved in social engineering are masters of the human condition and will attain the information they desire," Halpert warns.
No. 7: Follow the money.
If IT wants to overcome its reputation as a corporate money suck, tech managers need to learn a few things about the bottom line -- including how to translate long-term goals into quarterly results for the CFO.
"Having financial knowledge is important, especially when you've got a $50 million IT budget that can easily spiral out of control," says Interphase Systems' Biglin. "The CIO can't approve every invoice. We find IT directors managing multimillion-dollar projects who don't know what costs to capitalize and which ones to expense. If you don't understand the difference, it's easy to wind up a year down the road where something has to be reclassified. It can really impact companies who report their numbers to Wall Street."
Basic concepts -- such as the difference between cash flow and profits -- need to extend throughout the IT organization, says Joe Knight, co-author of "Financial Intelligence for IT Professionals: What You really Need To Know about The Numbers."
"I think everybody in the IT department needs to understand how projects are made, why they're important, and the future benefits they will bring to the company," says Knight. "If you can speak the language of finance and present your IT case in financially astute way, you'll not only make better decisions but you'll also be able to drive your decision through the organization."