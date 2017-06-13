Ask Slashdot: What Are Some 'Best Practices' IT Should Avoid At All Costs? (cio.com) 92
snydeq writes: From telling everyone they're your customer to establishing a cloud strategy, Bob Lewis outlines 12 "industry best practices" that are sure to sink your company's chances of IT success: "What makes IT organizations fail? Often, it's the adoption of what's described as 'industry best practices' by people who ought to know better but don't, probably because they've never had to do the job. From establishing internal customers to instituting charge-backs to insisting on ROI, a lot of this advice looks plausible when viewed from 50,000 feet or more. Scratch the surface, however, and you begin to find these surefire recipes for IT success are often formulas for failure." What "best practices" would you add?
A directory service is good in theory but most it departements isn't competent enough to hande it, i.e. it will cost more than not using it.
So every computer and server in the company should have separate accounts and passwords? I ask because having a common source for accounts and passwords across an enterprise (or even a small business) is one of the primary things a directory service does for you. Thinking about using Google, Facebook, or Microsoft accounts for you employees to log into company resources? Those are (outsourced) directory services as well.
Secondarily, directory services provide the ability to group users together for various permission granting. You grant rights to accounting resources to your "accountants" group and then you place your accountants in that group. When you hire a new accountant, you just put them the the group; when an accountant leaves the company or moves to a different job function, you take them out of the group. How would you accomplish this reliably without some sort of directory service?
If you are talking Microsoft's directory service (AD), you also have the ability to maintain consistent workstation configuration, which can be quite difficult without a directory service.
I believe it would cost you more in terms of time, effort, and mistakes you will make if you *don't* have a directory service.
I believe you're right, but there is a tipping point. As with many things, working well small does not equal working well large.
An office of three people may be better off without trying to manage AD where every OU has to be customized for one person. At three hundred, that same management style will break down in a never-ending cycle of fixing dozens of issues every day that could have been avoided with group policy.
The trick is knowing when a system will save you work vs when it will cost you more. Our of
This all depends on the size of your organization and competency / bandwidth of your IT department.
For an organization with 10s of thousands of employees located at hundreds of sites around the world, yes, AD is priceless (if, still somewhat less than 100% up to expectation at times.)
For an organization with 10s of employees located at a single site and an IT "department" of one or two guys... ummm.... been there, done that, no, AD was NOT worth the time and apparent effort - maintaining separate passwords
Offline backups are fine, you don't have to do them on tape anymore. Most people however have never worked or cannot afford modern tape. A backup is better than a badly working, slow or intervention-prone backup which is synonymous to cheap tape system offers ($100k)
Make sure you FUND things like back-up tapes and document-security-review-and-inspection-staff. Certain parties like to cut their funds to sub-bare-bones.
That's #9...
Outsource the IT to India.
You didn't RTFA. That is on the list.
Outsource the IT to India.
You didn't RTFA. That is on the list.
You must not have read the article to the very end: #13: Don't read the article, just assume from the title and move one like you know what it said.
Also, Insource the IT from India.
Seriously, it's like every Architect, Developer, and Tester is Indian. The BAs too lately. Same problem as outsourcing through... no speed, no creativity, no ownership, no quality. Just confusion and half-assed results. And immigration for the whole familty. Good luck taking the PM roles from the angry middle-aged white women though!
It's because they have IT degree mills. Not actual learning facilities. The whole purpose is to drain other economies as theirs is shit in the streets bad.
Management Frameworks... (Score:4, Insightful)
ISO 9000
ITIL
TQM
CMM
You need to have to crawl before you can walk Management frameworks are for Olympic Class organizations.
Suggestion - Build your own policies, procedures, and get those in place so you know what the pain points are before you try to implement someone else's idea of what's ideal in IT.
Fred in IT
I heard people raving about ITIL so I tried to find out what it is. I still don't know because even thinking about it makes me fall alkdshjg;;dfpgsdgjgshgjpsdhfj gf skoppppppppppkgp
I heard people raving about ITIL so I tried to find out what it is. I still don't know because even thinking about it makes me fall alkdshjg;;dfpgsdgjgshgjpsdhfj gf skoppppppppppkgp
I went through the ITIL Foundations course quite a number of years ago. Could not fucking stay awake.
The instructor was engaging, knowledgeable, they supplied us was a much coffee as we could stand, I kept going outside (in February) to keep myself awake and I still snored through the entire course.
Managed to retain enough, long enough to pass the exam but I couldn't tell you the difference between a process & a function (by the ITIL definition) with a gun to my head.
ISO 9000
ITIL
I disagree. In both cases, the problem is not the framework (or standard), it's the blind trust in it and the misconception that it's going to make you deliver higher quality.
They won't. But done right, both ITIL and ISO 9000 give you one thing: predictable, repeatable output. Maybe your desktop guys are not very good at reinstalling Windows, and maybe your X-Ray QA is not good at spotting bad weld jobs on titanium alloy. But if you're an ISO 9000 or ITIL shop, the procedure will always be the same so you c
The big problem with adopting quality frameworks* is that people adopt them to check a checkbox without understanding how they are supposed to work. Lousy but reproducible work is the result of doing the bare minimum to get certification. Unfortunately, that bare minimum is still a lot of effort because you have to document all your
Best practice is code word to stop complaining and do it my way.
Have you quantified the strategy of only using measurable policies vs. using "best practices" based on some other measure to determine if it is, in fact, a better strategy?
None of those were best practices...
Best practices are like, "never auto-commit schema changes, always dry run them first".
Buy not build. (Score:5, Insightful)
I am not talking about common tools such as email servers, word processing, spreadsheet...
But software core to the operation of your business. Companies will sell you massive enterprise solutions, filled with best practices and buzzword features.
However the effort in implementing this is usually much more complex and costly than a small team of full time developers to make simple solutions to solve the problems unique to the business.
These companies selling these solutions hire a team of full time employees just to support the company. Then they charge you for the software and their time plus the profit margin. So you end up paying more for features you don't use and extras that are hacked in and barely work.
Your organization offers solutions, products or services that are unique. Why would you expect software and best processes to be the same.
Second-System Effect. What you're really buying is a programming framework in the end.
Second-System Effect. What you're really buying is a programming framework in the end.
Are you sure you didn't mean the Inner-Platform Effect [wikipedia.org]? (Although if you're really lucky you could end up with both simultaneously
I did mean that, but forgot the name. But I'm pretty sure that it's the first stepping stone on the way to Inner-Platform Effect anyway. Very likely you have both.
Your organization offers solutions, products or services that are unique. Why would you expect software and best processes to be the same.
Spot on. Being the best at implementing whatever is in Gartner's magic quadrant is not a difference maker.
Implementing this kind of enterprise product is often a minefield, especially since those products assume that:
1) your business process are in line with the industry
and
2) you actually have well-defined business processes that apply to the whole organization
which is almost never the case. Even inside a large, somewhat stable organization, rolling out a big ERP a la SAP is a nightmare because Branch X has
I only want to add the caveat that you have to have someone with some kinda clue how to evaulate the solutions your programmers are making.
I've had a 'software developer' melt down because
1) The mere thought that the system java is updated because he need a very specific version, even tho he doesnt write aganist the system JRE
2) The queries are to complex for jdbc/odbc and can only be done via the full Oracle client
3) incapable of understanding that NTFS is the default file system for Windows XP, but is t
It's always tempting to outsource (Score:2)
Adoptin Technology you don't understand.. (Score:5, Informative)
ALWAYS avoid adopting technology that you don't understand just because somebody on your staff or a salesman with some glossy sales flyer says it will be great! If your manager shows up with the idea, convinced that it's going to be the solution to all his problems and won't take your advice on the matter, update your resume....The devil is ALWAYS in the details...
There is no silver bullet... Trust me, I've looked for years... However, that doesn't mean you cannot shoot yourself in the foot with a plain old lead round.
ITIL (Score:3, Informative)
From bitter personal experience, trying to implement the entire ITIL manual down to the tiniest detail instead of treating it as a guideline for what might be applicable.
Case in point: my former employer had a dated-but-usable change management and helpdesk system they'd used for years. It was due for replacement. They brought in a non-IT project manager to design it. Mrs. Non-IT Project Manager proceeded to treat the ITIL guidelines as some sort of roadmap, demanding the most granular, process-laden, cumbersome, needlessly-complex system I've ever seen. It was universally reviled. Nobody understood it. Nobody was properly trained on it. Tasks that used to take hours now took days. People started working around it, not using it, in order to get even basic stuff done. The system required a complete overhaul -- this time using actual input from the people who would be using it and/or served by it -- and eventually became usable at a cost and schedule far beyond the original mandate.
Meanwhile Mrs. Non-IT Project Manager was given a raise and promoted to somewhere where she couldn't do that kind of damage again.
Sounds sadly common. Project managers shouldn't own the requirements in the first place, just delivery against agreed requirements.
ITIL is usually fully implemented by management companies that attempt ICT.
ITIL is *NOT* for ICT companies that attempt management.
SlashDot (Score:2)
And blindly following banal best practices that may or may not apply in any given circumstance. In other words, learn from others, but always use you best judgement.
I agree. I'd pick "right practices" over "best practices" any time. Unfortunately, the bigger the organization, the more difficult it is to get decision makers to embrace common sense over whatever 2 minutes of googling tells them.
Got some inadequacy issues to deal with?
I spend a lot of money paying Internet trolls to trash-talk linux in public forums so that my competitors won't run it.
And the ugly trick is... (Score:2)
If you follow those "best practices"; you are basically doing what you can to act like a contract or outsourced IT service provider despite being an internal unit. If that's the best relationship the department can have with the rest of the company, yeah, odds are that it isn't going to go all that well. Best ca
Password Changes (Score:5, Insightful)
Forced password changes every X days. This just leads to people picking really shitty passwords. At one company I worked at for a while, they mitigated this by simply doing "simple word" + month + year. TOTALLY hard to figure out!
Re: (Score:1)
The mandatory online security training we did the first day at GoDaddy actually recommended satisfying the mixed-case/symbols requirements by using an initial capital letter and an ending exclamation point.
Course, Go Daddy is also the company where they fired one of the five guys on my team, didn't replace him, and then the next week started having daily meetings to discuss how our productivity had gone down 20%. Math was not management's strong suit.
Forced password changes every X days. This just leads to people picking really shitty passwords. At one company I worked at for a while, they mitigated this by simply doing "simple word" + month + year. TOTALLY hard to figure out!
If you want to know what will happen if you don't force users to change passwords, just look on Facebook for their pets/kids name. I'm certain you won't find 80% of your passwords there or anything...
(Oh, and don't forget to keep that a secret. We wouldn't want hackers to TOTALLY figure that out!)
Enforce a single-sign-on long and complex password.
That you rarely (years) require to be changed.
Forcing a password change every 60 days doesn't accomplish anything but either create easily guessable variations, reducing the password space, or create lists of passwords, generally in something insecure for most people.
Don't think that user selected forced password change policies are the worst. I can literally log in as anybody in the company.
Leaving cycles to refactor code ... (Score:1)
Because if it's been delivered and it works, there will be no time to clean it up.
Hire Millennials (Score:1, Informative)
Sure, McKinsey says you should hire millennials but when you do the next thing you know you're running up bills for transgender bathrooms and safe spaces for a varying number of genders.
Best practices to avoid (Score:2)
If there's a best practice to avoid then avoiding it becomes a best practice, and then you should avoid avoiding it. Or something.
Nobody ever got fired for buying IBM (Score:2)
therefore, buy IBM
Rapid anything, Do It All At Once, NoRollbackTest (Score:1)
1. Anything with rapid in it's name. Rushing stuff means it breaks. It may not break today, but it will break under heavy load when you're trying to do payroll.
2. Do It All At Once. Trying to change multiple things at the same time inevitably means you didn't understand the implications of the massive retraining, the fact that the sales force can't complete transactions fully, and the fact that the world ain't perfect like the software and hardware think it is.
3. Not having either rollbacks or testing, or c
Strict OO architecture (Score:2)
It seems "web architectures" are just becoming unnecessarily complex, perhaps because architectural purists are over-doing pet concepts (not just OO), or because we are all waiting for a new web UI/standard to be invented so that "web apps" are not so damned Rube-Goldberg-ified.
"We have to do it that way because the web has no state and is not a real GUI." We'll, let's find a way to give it real state & real GUI then, instead of fake it with blindfolded twirling back-flips, turning CRUD into Braille roc
Don't verify that web-apps follow your standards (Score:2)
Or have very bad standards in the first place. That way, you are going to enjoy all "Web Application Worst Practices" that people can think of. I am currently assisting a customer wading thorough such a mess.
Also nice: Fire people that created and understand the application after they have finished, but before anything is documented.
And to top it off: Declare the proof-of-concept to be the final application. It is much cheaper!
Disagree with Bob's # 6: Charter IT projects (Score:1)
I disagree with Bob's #6, that it is a mistake to charter IT "projects."
He says:
>
The problem is that IT does not have control over something like "increase sales effectiveness." It's nice to push that as a goal and justification for a project, but all IT can be held to is "implement Salesforce.com." That is our expertise and what we can deliver. Of course you can partner with other departments, but you shouldn't commit to nebulous goals that depend on them having their shit together and excelling.
Do not label printers with network names for user (Score:2)
Do not treat your users like customers (Score:2)