While internal IT teams play a critical role to the fundamental operations of businesses today, they tend to lack the knowledge and/or opportunity to focus on critical aspects of business vision, cost-effectiveness, and legal responsibility. Internal IT organizations do not miss out on these important functions due to lack of desire, they miss out due to opportunity and, at times, understanding of the financial and/or legal ramifications of not performing these tasks.
IT Managers and even Directors of IT usually come from technical backgrounds. Most often they rise through the ranks because they were good with technology and their leaders supposed that if they were good with technology, they would be a good manager. While this can hold true, most often it does not. I have seen great technologists fail after a promotion; not because they changed, but because they were placed in a role that was not suited to their skill set. Granted that a number of these individuals graduated with Bachelors, and even Masters Degrees, their focus tends to be in a technical field and were not exposed to finance, accounting, business law, etc. Based on these realities, one should have a better understanding as to why Internal IT tends to focus on the day to day operations and not long term visionary or protective projects.
In addition to internal IT leadership not having the experience or skill set to focus on the aforementioned important functions, more times than not, the teams don’t have the time. Internal IT is mostly about firefighting. The network is slow. Great Plains doesn’t work. Salesforce.com doesn’t have the data we need. Email blocks too many external users because spam filters are improperly configured. I can go on and on with the mass numbers of day to day issues that information technology professionals deal with. Based on this well-known fact, one must again ask themselves, if internal IT focuses on these day to day nuisances, how can they pay attention to critical business and legal functions?
IT has a focus to make sure the environment “just runs” and that the infrastructure maintains availability. In performing these tasks, standard information technology teams lose sight of or never had visibility of, the big picture. IT staff and management rarely focus on the business needs, financial requirements or legal ramifications of the company. They are rote, doing what they’ve always done, maintain availability. You must have the best accounting software that lets you record the cash balance of your enterprise and analyze your financial position.
The critical outcome of the basic premise herein lies with the fact that businesses tend to lack fundamental disaster recovery and business continuity solutions. Additionally, most companies have contracts with 3rd party vendors that either don’t offer what they need, offer more than they require and/or come with too great a cost, direct and indirect. Another key item, legal responsibility. Windows Domain Administrators and Unix Administrators with root access have access to everything in the computing environment. They can read every email by every employee. They have access to every file. They have access to every account. What safeguards do most businesses implement to watch the watchers? How about physical access to the data center and network uplinks? The scariest part of the legal issue, the vast majority of IT professionals don’t even realize their obligation or personal vulnerability should things go awry.
Businesses need to understand the strengths and weaknesses of their internal IT organization and ask themselves if their teams provide the necessary technical protections, financial responsibility and legal safeguards necessary for sustaining and hopefully growing the business.