It's that time of year again where some people will be making new year's resolutions. Many blogs will suggest resolutions for running a better IT operation, but we thought we'd take a different approach this year. Rather than looking at which resolutions you should make, let's look at those that might not always be worth following religiously. Here are some new years' resolutions for your IT management that you can afford to let slip every once in a while:
Strict change management:
Ideally, IT departments will have a set of procedures in place to manage any change to their systems, such as the introduction of new program versions or patches. That's all very well, but sometimes they need to speed things up to avoid disaster. Major security flaws such as Heartbleed or Log4Shell are cases in point. They were so potentially catastrophic that IT departments needed to patch as soon as possible. When one of these happens along, it might mean circumventing traditional change management processes in the interest of system security.
Tech stack standardisation:
Conventional wisdom has it that a standard technology stack is best, because it makes things simpler to manage. While that's fine in theory, there adopting new technologies or allowing limited flexibility is useful in some cases.
It might not be feasible or cost-effective to standardise a mission-critical legacy system that is incompatible with modern technology stacks. In such cases, maintaining the existing stack and integrating new technologies selectively is a more practical approach. In other cases, you might need to deviate from a company standard for innovation purposes. Putting some special sauce in your tech stack, perhaps from a specific vendor with valuable proprietary capabilities, can improve performance or open up new functionality and might give you a competitive advantage in your industry.
Vendor lock-in avoidance:
Vendor lock-in has traditionally been a sin in IT departments, because it can limit your options. Nevertheless, there are some situations when it makes sense to throw in your lot with a vendor and embrace their architecture at the expense of interoperability.
If you have a strategic partnership and the technology is critical to your business's core operations, or if the benefits, such as cost savings, innovation, support, and integration, outweigh the risks and costs of being locked in, then it might be appropriate to abandon an interoperability-at-all-costs approach.
A close reliance on a vendor's architecture can also be appropriate to meet stringent compliance and security requirements, or when resource constraints make it more practical to rely on a single vendor rather than managing multiple products or services.
Inflexible security policies:
Cybersecurity policies are typically rigid, offering no latitude for busy employees to bend the rules. This might protect your systems, but eventually there's a law of diminishing returns. When security policies make it increasingly difficult for employees to do their jobs, you have a problem.
People have an annoying habit of finding loopholes in security processes, circumventing them to complete their work. Replace the resolution to secure systems at all costs with a vow to balance security requirements and employee needs.
Automating all of the things:
Automation is a current trend, as vendors and consultants alike preach the benefits of streamlined processes governed by software. AI often features heavily in these discussions. Technology-based automation can deliver impressive results, but it isn't always the solution.
It is often important to keep a human in the loop, or to keep the entire process manual. This is true when the process requires complex, nuanced decision-making that automation cannot reliably replicate, or when tasks are low volume and/or involve a high degree of customisation. Processes focused on customer relationship building - especially sensitive ones requiring sensitivity and understanding - should be automated with extreme caution, or preferably not at all. For examples of what can go wrong when people favour efficiency over compassion, just ask the Dutch tax authority.
These rules of IT are fine to follow most of the time, but a little flexibility goes a long way - especially in a fast-moving discipline where things can change quickly. A little maverick action every now and then can keep you agile and your IT department healthy, just so long as you have good reason for breaking some of these cardinal commandments.