星期一, 9月 15, 2008

20 more IT mistakes to avoid

Fall prey to any one of these common IT blunders and watch your company's prospects suffer -- not to mention your own


By Neil McAllister, IDG News Service

September 15, 2008

Back in 2004, InfoWorld's then-CTO Chad Dickerson polled the best and brightest to reveal 20 IT mistakes that were surefire recipes for cost overruns, missed deadlines, and in some cases, lost jobs.

A lot has changed in the past four years, but one thing hasn't: IT's capacity to fall prey to misguided practices, given the complexity of the responsibilities involved. So in the spirit of "forewarned is forearmed," we bring you 20 brand-new mistakes that today's IT managers would do well to avoid. As before, the names have been changed to protect the guilty, but the lessons learned are plain to see.

1. Overzealous password policies
A clear and consistently enforced password policy is essential for any network. What good is a firewall when an attacker only needs to type "password" to get in?

[ Beware the original 20 IT mistakes and seven things IT should be doing but isn't. ]

But strict password security cuts both ways. If your password requirements are too complex and draconian, or if users are forced to change their passwords too often, your policy can have the opposite of its intended effect. Users pushed to the limit of remembering passwords end up writing them down -- in a drawer, on a Post-It, or on a piece of tape stuck to their laptop's keyboard. Don't undermine the ultimate aim of your password policy by insisting on unrealistic requirements.

Besides, passwords are so 2004. If you want strict access control today, think multifactor authentication.

2. Mismanaging the datacenter
Sys admins aren't exactly known for their neatness, but in the datacenter, order is essential. Spaghetti cabling, mislabeled racks, and orphaned equipment can all cause big problems. Careless provisioning can easily lead an admin to reconfigure the wrong server or reformat the wrong volume, so keep things tidy (and always double-check your log-ins).

Good systems housekeeping also means getting production servers off engineers' desks and out of their hiding places in the basement. Managing those assets is IT's job, and it should shoulder the burden with diligence and gusto. Make sure your CFO understands the importance of maintaining a datacenter that's large and well-equipped enough to grow with the business without turning into a jungle.

3. Losing control over critical IT assets
Senior management has a request: "The marketing team needs to run ad-hoc SQL queries against the production database." It's simple enough to implement, so you grudgingly make it happen and move on. Next thing you know, poorly formed queries are bringing the server to its knees before every Thursday marketing meeting. Your next assignment? "Fix the performance issue."

Backseat drivers are a hazard; handing over the keys to someone who can't drive can be fatal. The experience and judgment of IT management plays a crucial role in all decisions related to IT assets. Don't abdicate that responsibility out of a desire to avoid confrontation. A bad idea is a bad idea, even if business managers don't realize it.

4. Treating "legacy" as a dirty word
Eager young techies may hate the idea that mission-critical processes are still running on systems their grandparents' age, but there's often good reason for IT to value age over beauty. Screen-scraping isn't as sexy as SOA, but an older system that runs reliably is less risky than a brand-new unknown.

Modernizing legacy systems can be expensive, too. For example, the State of California expects to spend $177 million on a revamped payroll system. And according to one IDC study, annual maintenance costs for new software projects typically run into the millions. In these days of tightened IT budgets, don't be in too much of a hurry to make your "dinosaurs" extinct before their time.

5. Ignoring the human element of security
Today's network admins have access to a dizzying array of security tools. But as hacker Kevin Mitnick is fond of saying, the weakest link in any network is its people. The most fortified network is still vulnerable if users can be tricked into undermining its security -- for example, by giving away passwords or other confidential data over the phone.

[ Think like an online con artist and you increase your odds of avoiding the top 10 security land mines. ]

For this reason, user education should be the cornerstone of your site security policy. Make users aware of potential social engineering attacks, the risks involved, and how to respond. Furthermore, encourage them to report suspected violations immediately. In this era of phishing and identity theft, security is a responsibility that every employee must share.

6. Creating indispensible employees
As comforting as it may be to know that a single employee understands your systems inside and out, it's never in a company's best interests to let IT workers become truly indispensible. Take, for example, former City of San Francisco employee Terry Childs, who was eventually jailed for refusing to reveal key network passwords that only he knew.

In addition, employees who are too valuable in specific roles can also get passed up for career advancement and miss out on fresh opportunities. Rather than building specialized superstars, you should encourage collaboration and train your staff to work with a variety of teams and projects. A multitalented, diverse IT workforce will not only be happier, it will be better for business, too.

7. Raising issues instead of offering solutions
Are your warnings of critical vulnerabilities falling on deaf ears? Identifying security risks and potential points of failure is an important part of IT management, but the job doesn't end there. Problems with no apparent solutions will only make senior management defensive and dismissive. Before reporting an issue, formulate a concrete plan of action to address it, then present both at the same time.

To win support for your plan, always explain your concerns in terms of business risk -- and have figures available to support your case. You should be able to say not just what it will cost to fix the problem, but also what it could cost if it doesn't get fixed.

8. Logging in as root
One of the oldest rookie mistakes is still alive and well in 2008. Techs who habitually log in to the administrator or "root" account for minor tasks risk wiping out valuable data or even entire systems by accident, and yet the habit persists.

Fortunately, modern operating systems -- including Mac OS X, Ubuntu, and Windows Vista -- have taken steps to curb this practice, by shipping with the highest-level privileges disabled by default. Instead of running as root all the time, techs must enter the administrative password on each occasion they need to perform a major systems maintenance task. It may be a hassle, but it's just good practice. It's high time that every IT worker took the hint.

9. Teetering on the bleeding edge
With public beta programs now commonplace, the temptation to rely on cutting-edge tools in production systems can be huge. Resist it. Enterprise IT should be about finding solutions, not keeping up with the Joneses. It's OK to be an early adopter on your desktop, but the datacenter is no place to gamble.

Instead, take a measured approach. Keep abreast of the latest developments, but don't deploy new tools for production use until you've given them a thorough road test. Experiment with pilot projects at the departmental level. Also, make sure outside support is available. You don't want to be left on your own when the latest and greatest turns out to be not ready for prime time.

10. Reinventing the wheel
There's no better way to ensure IT agility than to take charge of your own software needs. But too often, companies employ software developers only to squander their talents on the wrong projects.

You wouldn't write your own Web browser or relational database. Why, then, do so many companies waste energy building custom CRM apps or content management systems, when countless high-quality products already exist to fill those needs?

[ Cut down your to-do list by putting users to work and letting them manage their own PCs. ]

In-house software development should be limited to projects that confer competitive advantage. Functions that aren't unique to your business are best handled with off-the-shelf software. Failing that, start with an open source project and tweak it to meet your requirements. Redundant development projects only distract from genuine business objectives.

11. Losing track of mobile users
Networked tools make it easy to push security updates, run nightly backups, and even manage software installation for users across an entire organization -- provided, of course, that their PCs are connected to the corporate LAN. But what about users who spend most of their time off-site?

Mobility and telecommuting have changed the game for systems management, network security, and business continuity. Laptops that lack current security patches are a prime vector for malware. Files that are never backed up can mean countless hours of lost productivity. And what will happen to your sensitive data in the event of theft? Automated IT policies offer no reassurance if road warriors can slip through the cracks.

12. Falling into the compliance money-pit
When it comes to complying with Sarbanes-Oxley, HIPAA, and other regulations, too many companies fall back on the Band-Aid method. But throwing money at nebulous compliance objectives only drains funds that might otherwise be used for more tangible projects. While a critical regulatory deadline may necessitate a quick compliance fix in some cases, overall it's best to take a holistic approach.

When planning your compliance strategy, think in terms of global policies and procedures, rather than point solutions targeted at specific audits. Aim to eliminate redundant procedures and manual record-keeping, and focus on ways to automate the compliance process on an ongoing basis. To do otherwise is just throwing good money after bad.

13. Underestimating the importance of scale
You may think you've planned for scalability, but chances are, your systems are rife with hidden trouble areas that will haunt you as your business grows. First and foremost, be mindful of process interdependencies. A system is only as robust as its least reliable component. In particular, any process that requires human intervention will be a bottleneck for any automated processes that depends on it, no matter how much hardware you throw at the task.

Also, cutting corners today is a sure recipe for headaches tomorrow. As tempting as it may be to piggyback a departmental database onto an underutilized Web server or let an open workstation double as networked storage, resist. Today's minor project could easily become tomorrow's mission-critical resource, leaving you with the unenviable task of separating the conjoined twins.

14. Mismanaging your SaaS strategy
Salesforce.com proved that SaaS (software as a service) has real legs in enterprise computing. When compared to traditional desktop software, the on-demand model offers customers a low barrier to entry and virtually no maintenance costs. Little wonder, then, that a growing number of software vendors have begun offering hosted products in numerous software categories. If you haven't at least considered SaaS options, you're doing your business a disservice.

Too much SaaS, on the other hand, can become problematic. Hosted services don't interoperate as well as desktop software, and the level of customization offered by SaaS vendors varies. Remember, SaaS is just a business model -- it isn't really a bargain if the software itself is immature.

15. Not profiling your code
Relative performance is a perennial debate among programmers. Does code written for one language or platform run as well as equivalent code written for another?

Here, software development dovetails with carpentry, as it's often the poor craftsman who blames his tools. For every application that suffers due to an underlying flaw in the language, countless others are rife with poorly designed algorithms, inefficient storage calls, and other programmer-created speed bumps.

Locating these trouble spots is the goal of code profiling, and that's what makes it so essential. Until you've identified the slowest portions of your code, any attempt to optimize it will ultimately be fruitless. Because who knows? Maybe the problem isn't your fault after all.

16. Failing to virtualize
If you aren't taking advantage of virtualization, you're only making things harder on yourself. Virtual machines were a key selling point of early mainframe computers, but today similar capabilities are available on industry-standard hardware and operating systems, often at no additional cost.

Stacking multiple VMs onto a single physical machine drives up system utilization, giving you a greater return on your hardware investments. Virtualization also allows you to easily provision and de-provision new systems, and to create secure sandbox environments for testing new software and OS configurations.

Some vendors may tell you that their products can't be installed in a virtualized environment. If that's the case, tell them bye-bye. This is one technology that's too good to pass up.

17. Putting too much faith in one vendor
It's easy to see why some companies keep going back to the same vendor again and again to fulfill all manner of IT needs. Large IT vendors love to offer integrated solutions, and a support contract that promises "one throat to choke" will always be appealing to overworked admins. If that contract has you relying on immature products that are outside your vendor's core expertise, however, you could be the one who ends up gasping for breath.

Rarely is every entry in an enterprise IT product line created equal, and getting roped into a subpar solution is a mistake that can have long-term repercussions. While giving preferential consideration to existing vendor partners makes good business sense, remember that there's nothing wrong with politely declining when the best-of-breed lies elsewhere.

18. Plowing ahead with plagued projects
Not every IT initiative will succeed. Learn to recognize signs of trouble and act decisively. A project can stumble for a thousand different reasons, but continuing to invest in a failed initiative will only compound your missteps.

For example, the Federal Bureau of Investigation wasted four years and over $100 million on its Virtual Case File (VCF) electronic record-keeping system, despite repeated warnings from insiders that the project was dangerously off-track. When the FBI finally pulled the plug in 2005, VCF was still nowhere close to completion.

Don't let this be you. Have an exit strategy ready for each project, and make sure you can put it in motion before a false start turns into a genuine IT disaster.

19. Not planning for peak power
Sustainable IT isn't just about saving the planet. It's also good resource planning. When energy costs spiral out of control, they threaten business agility and limit growth. Don't wait for your datacenter to reach capacity to start looking for ways to reduce your overall power consumption.

From CPUs to storage devices, memory to monitors, energy efficiency should be a key consideration for all new hardware purchases. And don't limit your search to hardware alone; software solutions such as virtualization and SaaS can help consolidate servers and shrink your energy footprint even further. The result will be not just a more sustainable planet, but a more sustainable enterprise.

20. Setting unrealistic project timetables
When planning IT projects, sometimes your own confidence and enthusiasm can be your undoing. An early, optimistic time estimate can easily morph into a hard deliverable while your back is turned. For that reason, always leave ample time to complete project goals, even if they seem simple from the outset. It's always better to overdeliver than to overcommit.

Flexibility will often be the key to project success. Make sure to identify potential risk areas long before the deadlines are set in stone, particularly if you're working with outside vendors. By setting expectations at a realistic level throughout the project lifecycle, you can avoid the trap of being forced to ship buggy or incomplete features as deadlines loom.

星期日, 7月 06, 2008

Colin Powell on Leadership

I think this is a great quote. It reflects some of my personal core values:

Leadership is solving problems. The day soldiers stop bringing you their problems is the day you have stopped leading them. They have either lost confidence that you can help or concluded you do not care. Either case is a failure of leadership. ~Colin Powell

星期一, 6月 02, 2008

Interesting article on mitigating IT risks

I found this article interesting & well-written:


星期一, 3月 31, 2008

Employee Engagement is Vital to Improve Job Satisfaction, Loyalty and Profits

SALT LAKE CITY--(Business Wire)--Emotionally connected and engaged employees are the most loyal and productive, according to Allegiance, Inc., a premier provider of
Enterprise Feedback Management (EFM) solutions. Allegiance today identified Eleven Ways to Increase Employee Loyalty to help companies improve employee satisfaction and reduce turnover.

"Improving employee engagement directly impacts measurable business outcomes such as revenues and profits," said Kyle LaMalfa, Allegiance best practices and loyalty expert. "Employees who are committed to success, emotionally attached, and socially involved with a company are more productive at work, take fewer sick days and are less likely to leave. In short, engaged employees are the best employees."

Top Eleven Ways to Increase Employee Loyalty

1. First, Measure Employee Engagement - Start measuring employees' passion about work and the work environment by issuing a survey with a few questions about job satisfaction. Surveys using a scale of agreement (a Likert Scale) provide a quantitative measurement that can be combined with open-ended comments to identify opportunities to make employees happy.

2. Identify What Employees Like - By gathering compliments in addition to concerns, your company can find out if its engagement efforts make a meaningful, lasting contribution to employees.

3. Help Employees See the Big Picture - Employees want to feel that they are contributing and making a difference. Help your employees to see the big picture and how they contribute to a functioning whole. This will also empower employees to make decisions.

4. Use Training to Increase Confidence - Managers who cut training budgets to save costs do not understand how service delivery and morale can suffer as a result. Employees need training to do their job confidently and to facilitate career advancement within the company.

5. Establish Mentoring Programs - Train and encourage seasoned employees to be mentors. A mentoring program can facilitate dynamic skill growth through an organization and foster a sense of community.

6. Promote Team Building - Encourage team building activities among employee groups to create trust and acceptance. Strong, loyal teams provide one level of acceptance, and teamwork between departments provides another.

7. Build a Supportive Environment - Often, dissatisfaction with
wages and benefits masks problems that relate back to acceptance by a team or manager. Employees may need help with coping skills, problem-solving skills, tactics for handling difficult situations, or expressing their personal feelings.

8. Don't Be Afraid to Tell the Truth - Respect your employees through degrees of transparency. Communicate how your business is really doing on a quarterly or semi-annual basis. Give your employees information to understand shifts in corporate policy due to the economic or competitive environment.

9. Retrain or Get Rid of Bad Managers - One bad manager can pollute multiple layers of an organization. Poor managers bring down employee morale, which spills over into the engagement level of customers.

10. Recognize Employee Contributions - Recognition from a supervisor of at least two ranks above an employee makes a meaningful, engaging difference in employee morale.

11. Use Technology to Manage Employee Engagement - Technology is available to help you go beyond a single annual survey or an email link on the company Intranet. Enterprise Feedback Management systems can be used to centralize surveys and employee feedback and track both qualitative and quantitative information. Third-party systems provide for employee anonymity, which encourages open and honest employee feedback.

Allegiance, Inc.
Chris Cottle, 801-617-8034
chris.cottle@allegiance.com
or
Chereskin Communications
Valerie Chereskin, 760-942-3116
valerie@chereskincomm.com

Copyright Business Wire 2008

© Reuters 2008 All rights reserved

星期一, 3月 03, 2008

To Lead, You Have to Follow: 8 Traits of Effective IT Leaders

By Hank Marquis

A study claims that 97% of IT workers say their job is stressful on a daily basis. Four out of five say they feel stressed before they even get to work. Some 25% report
that they have taken time off from work to deal with the stress.

The top reason listed is "lack of support, increasing pressure, interruptions and bullying behavior" from their direct manager.

The report goes on to list other reasons, including: Workload, feeling undervalued, deadlines, type of work people have to do, having to take on other people's work, lack of job satisfaction, lack of control over the working day, having to work long hours, and frustration with the working environment.

It seems the reasons for this stress come directly from a lack of leadership from IT managers. Effective leaders build a trusted team and then follow the team's advice. Many IT managers lack this understanding, and this causes the stress.

How Zen that most of the IT job-related stress comes from a failure of those in IT management roles to understand that to lead, you have to follow. I have put together a list of 8 traits that show leaders how to follow their constituents - and succeed.

#1 Leadership means focusing on the needs of others, not yourself
Real leaders try to provide service - to their team, their customers, and anyone else met. Leadership is not a 9-to-5 job. By focusing on the needs of customers, and then trying to align his or her team in ways to meet those needs as well as the needs of the team, a leader gets the job done and develops followers. Customers want to work with a leader because a leader team produces results. Your team wants to follow your lead because you take into account its needs and requirements.

To improve your leadership skills consider spending as much time with your customers as you do with your team.

#2 Leadership comes from your actions, not your title
Some of the best leaders don't have CIO or VP titles. Leadership in fact has nothing to do with title or pay-grade. Leaders lead because others want to follow them. Why would anyone want to follow a leader? Because a leader motivates its followers, gives them purpose, supports them, guides and mentors them, and even "takes flak" to protect them.

To be a better leader you need to ask yourself some hard questions. If you are not leading then you are dictating, and no one follows a dictator.

#3 Leadership makes you accountable, even if it's not your fault
A leader take full responsibility for his or her mission and with this comes accountability for failure. Leaders don't blame their team, or complain about unreasonable customer requirements. Leaders set expectations by focusing on the needs of others (Trait #1) and build consensus for what can be accomplished. If something goes wrong, a leader accepts responsibility - even if it was a team member that was the cause.

Think about the last time someone on your team made a mistake. Did you support and counsel them? Did you turn the failure into a learning opportunity? Or did you ridicule, shun, or punish him or her?

#4 Leadership is not a 9-to-5 activity
Being a leader means focusing on the needs of others and helping others when they fail. This can require additional work, even after hours. Often it is only personal engagement that uncovers the root cause of an unhappy worker. And many times these root causes present opportunities for improvement beyond the single worker.

Do you stay and work with the team? Not just being in the office, but do you actively engage and work to deliver when required?

#5 Leadership takes trust from your followers
When you focus on the needs of others, motivate your team, and satisfy your customers, when you take responsibility for success and failure, when you engage with your team on a personal level, then you build trust. Trust does not come easily. You have to earn trust. It won't come because you have an impressive title. You can't buy, barter, or steal trust. You have to earn it. You have to follow the first four traits on a regular basis for enough time to have earned the trust of your customers and team.

Do your customers trust you? Does your team get behind your ideas because they know you will protect and guide them?

#6 Leaders get their best ideas from their team
The best ideas are not going to come from the leader, but rather from those being led. A good leader develops consensus for a project based on its relationships to customers, company, and staff. Exactly how the project should unfold is often best left to the team to determine. Nothing so engages and commits a team to a leader than for them to be part of the design of the solution. No one knows the job better than the person who does it every day.

Do you dictate schedules to your team or do you and your teams negotiate on how to get things done? Ask your team for their ideas - and then use them. Just remember trait #6 - always give the credit to the team. The leader's credit comes only by crediting the team he or she leads.

#7 Leadership thrives on diversity
I love the story about the IT group at a major retailer. The business needed to know the conversion ratio: that is, how many people entering a store purchased something. IT began brainstorming traditional IT solutions -- complicated, highly automated, and expensive. On a whim, an IT leader asked a non-IT person how they might determine how many shoppers who came into a store actually purchased something. The non-IT solution after just a few minutes of thought was to hire a couple of temporary workers and have them count the number of people entering the store and then leaving with a shopping bag.

Instead of the typical all-consuming and expensive 18-month IT project more likely to fail than succeed, they got a cost-effective low-tech solution in a few hours. The best ideas come from those who don't think as you do. Expand your circle of relationships; nurture those who think differently from you.

#8 Leadership comes from continuous communication
To be able to lead and embrace these traits requires communications skills. I'm not talking about superior comedic skills when presenting. I am talking about person-to-person verbal and non-verbal communications.

This is counter-intuitive, but to present your ideas requires that you listen. To understand and accept the ideas of others requires that you talk. These are skills many people never develop, but all true leaders seem to have mastered.

In a meeting, do you do most of the talking? When you are listening to others, are you an active listener, repeating what you have heard to make sure you understand what was said?

Summary
Leader is a title given to you by those whom you follow and serve. They see you as a leader when you pay attention to their needs. By listening to their needs and addressing their issues, you demonstrate leadership. You can lead a team of equals, you can lead a team of superiors, and you can lead a team of subordinates. Leadership is a way of acting and communicating.

Anyone can improve his or her leadership skills. Leadership comes from a desire to succeed and the realization that your success comes from what others do on your behalf of their own free will - because they trust you and want to follow you. To be a leader you have to understand this indirect linkage.

Sometimes it can be difficult to be a leader. You may know exactly what you want to get done and find it hard to accept the team's input about what it thinks can be done. If your team trusts you as its leader, it will take a leap of faith and follow you even if it has reservations. Of course, there are always "executive" decisions to make, but in general, if you have built trust you should follow your team's advice whenever possible.

It can also be difficult to work with customers, but very few people are truly unreasonable and unwilling to listen to facts - if presented in ways they can understand and evaluate.

If any of these suggestions rings true to you, then go take a course on leadership. Have your management style evaluated. Hire a consultant to understand the effect it has on your customers, company, and team. You will probably be surprised at what you learn.

About the Author
Hank Marquis is Chief Technology Officer at itSM Solutions LLC, a Global Knowledge Partner. Previously CTO at Opticom, a venture-funded producer of IT Service Management software, Hank is an ITSM entrepreneur, practitioner, and manager with over 25 years of practical hands-on experience gained at the US Government, MCI, US Sprint, Timeplex, Compuware, and other organizations. He was an early ITIL proponent, adopter, and frequent contributor to the ITIL community. He writes the popular weekly DITY™ (Do IT Yourself™) column, lectures on ITIL, and teaches IT executives how to implement ITIL. He has written dozens of articles; several books; and Cisco, CompTIA, ISEB, and EXIN certification programs. He holds the highest ITIL credential-ITIL Service Manager (Masters) certification, with distinction in Service Delivery.

Copyright ©2008 Global Knowledge Training LLC All rights reserved.

星期一, 1月 07, 2008