IT Turf Wars: the Most Common Feuds In Tech 217
snydeq writes "InfoWorld's Dan Tynan reports on the most common feuds in tech: turf wars in the IT department. 'IT pros do battle every day — with cyber attackers, stubborn hardware, buggy software, clueless users, and the endless demands of other departments within their organization. But few can compare to the conflicts raging within IT itself.' Dev vs. ops, staff vs. management — taking flak from fellow IT pros has become all too common in today's highly territorial IT organizations."
Turf wars... Pfft... (Score:5, Insightful)
Got a great idea and want to get it past security without trouble? that's simple... simply get buy-in from a senior executive. get him to adopt it as his pet project and get it working on the Dev servers. now when he announces it Security cant do anything but say yes and do your bidding because they do not dare tell the Senior VP of marketing that they wont let his project run. Do I make enemies withing security? yup. Every one of them hated me because my default approach to them was an end run. And it was simply because the security guys were incapable of thought outside of the "lock it all down" OMG OMG! DANGER DANGER! WE got a iphone/ipod app launched for use in the company and made every one of the security guys froth at the mouth and fall on the floor convulsing when I end ran them to a VP who loved it and wanted every sales person to have it. They lost their mind at allowing 190 non company locked up iphones and ipods connected to the holy internal wifi.
Just wait when my ipad system for sales forecasting get's greenlighted and they have to allow 200+ ipads on it as well...
Re:Turf wars... Pfft... (Score:3, Insightful)
Have you tried no being a dick yet?
Re:Define "the network". (Score:2, Insightful)
A-fucking-men.
I didn't completely understand why the networking team always seemed so irritable when they would get called until I started doing that job at another company.
Anything where one user can't get to one website, one file share or their PC won't boot up is always suggested to be network related. After the other people claim to check the file server(s), VMWare(if it's a VDI client), etc., they come to me and it's up to me to prove that it's not the network. Invariably, I end up owning the issue and come to find that they locked out their AD account, they rearranged their desk and plugged into the wrong wall jack, their PC has a bad NIC (rare) or some other non-network related problem.
On the firewall/proxy side, am I the only one who HATES gotomeeting.com?
Re:Turf wars... Pfft... (Score:4, Insightful)
Got a great idea and want to get it past security without trouble? that's simple... simply get buy-in from a senior executive.
One of the best environments I ever worked security for allowed for senior managers to take personal responsibility for these kinds of decisions. The business unit would announce their Big Idea. InfoSec would look at it, analyze risks / security issues, and (often missing from many InfoSec groups) work out ways to allow the same functionality while mitigating any discovered risks, and ultimately document those risks. If the business unit didn't want to follow InfoSec's recommendations, they could take their Big Idea to their boss and make the business case for it so that their boss can take personal responsibility for the decision. InfoSec would provide the risk assessment. Senior management would then decide if the business case overcame the risk and everyone would press on accordingly. The process did wonders for enforcing open communication. Management wanted good information before they put their own butts on the line. Business units couldn't get away with just grousing or avoiding InfoSec and InfoSec couldn't get away with arbitrarily dismissing any new ideas. I should point out that this system is seeped in conflict. And that's good. Conflict is fundamental to security and, in many ways, any pursuit that has many options guided by creative thinking - something that all good IT environments should be encouraging. The key is to ensure that conflict can drive a constructive process. Too many IT environments pretend conflict doesn't exist and has no proper outlet for it.
Re:The cycle to hell. (Score:4, Insightful)
Building security has problems with assholes defeating the building's fire alarm so they can sneak out to a fire escape (or worse yet, a ground-floor alley) and smoke and get back in.
If an addiction is causing people to break company policy (or worse, the law), then maybe it's time to fire their butts (pun intended).
Re:The cycle to hell. (Score:5, Insightful)
No offense (I'm an ops/security guy and I was nodding the whole time till I thought about it), but this is exactly what the article is talking about. Of course Marketing wants it shiny and iPhone enabled. It's marketing, it's supposed to catch the eye and cause people to pay attention. Of course management wants to save money.. Money saved here is money that can used elsewhere or go into someone's pocket (often management's of course, but in theory anyone's). Of course Dev wants to have access to the live servers, there's info they want/need on there and very rarely it actually is useful to make changes on the fly when the situation is serious enough (It shouldn't ever be, but we don't live in a perfect world). Of course you want reliable, stable secure code that changes as little as possible.
The solution isn't "Make all these other guys understand that I'm right". It's to try to minimize the siloing so that everyone has a say in process from the ground up. So the dev guy can tell the marketing guy, "Hey you can't have iPhone *and* Flash. Do we want to find a shiny that doesn't use Flash, or accept that iPhones don't see our shiny?" Marketing can say to Ops "Ok that shiny I wanted was insecure, I get that, is there a secure way to do something similar?" Ops can say to Dev "I set you up a limited access account on the live servers to collect the usage data you need, please don't let it stack up." And Management can say to everyone "This is how much we really have to spend and the results if we break budget."
That way everyone can be an adult. There'll still be conflicts of course, but if everyone knows that each group is legitimately trying to facilitate everyone else, they can become points of discussion and resolution instead of small scale wars that every side is trying to "win".
Re:The cycle to hell. (Score:5, Insightful)
I've got friends who work in hospital security who have a devil of a time with people leaving their passwords and usernames on sticky-notes everywhere. Building security has problems with assholes defeating the building's fire alarm so they can sneak out to a fire escape (or worse yet, a ground-floor alley) and smoke and get back in.
You had me up until this point. While your cited cases might be reasonable, there is also the all-to-frequent case where "security" regulations induce this behavior.
What does hospital security expect users to do when users are required to rotate passwords every two weeks, have a 12 character long mix of upper/lowercase alpha's and numerics, and then also be subject to a 7 password history non-reuse restriction? Security is cognizant that the result of these provisions will be that users write down their passwords on stickies, so how is this more secure than allowing people to pick a less complex password and retain it longer?
The answer is that this presumes that everyone is playing the same game, with the goal to be the best possible security equilibrium state balanced against inconvenience/usability. Running counter to this is security's CYA factor: they experience no penalty for the insane password restrictions that reduce overall security, because if there is a security breach from the post-it passwords they can dump all the blame on the hapless user for violating the published security protocol that prohibits such actions. So, security has a payoff table that disrupts the equilibrium resulting in the paradoxical, reduced security steady state that is observed in these cases (ie. security is externalizing the costs of implementing the high-grade security practices).
PS. As for defeating the fire alarms, maybe they shouldn't have turned the entire hospital into a "tobacco-free campus", with the nearest "approved" smoking area located six blocks away. This is basic psychology. Normal people like to abide by the rules/laws even if they find them onerous, but there is a limit to their willingness to comply. This is essentially what happened to the entire US during the Prohibition. Again, as I said, your cited cases might be reasonable, but I have seen many that were not.
Re:Too many assumptions there. (Score:4, Insightful)
I think the conflict here is between reasonable people and assholes. You sound like a reasonable person, Lumpy sounds like a bit of an asshole, but that may be the fault of working with assholes. It's quite possible that if you were Lumpy's security guy, and he knew he *could* come to you and open a reasonable dialog that would result in a mutually acceptable solution, he would. Since he works with obstructionist asshats, he bypasses them whenever possible. It's also possible he's just an asshole who always wants to get his way. Hard to tell under the circumstances. Personally my policy is to never say "no" without at least trying to come up with an alternative.