Top 20 IT Mistakes to Avoid
1. Outsourcing:
Outsource important function in IT just to avoid the hardwork while keep the
simple function that easily to be outsourced
2. OpenSource:
Decision to adopt OpenSource strategy in the system does not go through
carefull analysis. If a company does not exercise the possibility of
utilizing OpenSource, there will be loss of opportunity in cost reduction
for system support and license management, however OpenSource will create
significant burden for system developers in supporting the system due to its
lack of stability
3. Offshoring:
Not carefully conduct detail analysis before deciding to offshore some of IT
Support Jobs (in India in particular). Cultural Issues, many non-technical
issues (including travelling) shows for some un-succesful offshore strategy
only create less than 20% in TCO (Total Cost of Ownership)
4. Internal Security Threats:
Based on survey and study conducted by Gartner, 70% of security threats are
generated by internal employees. Based on CERT and US Secret Service: 87% of
insider security conducted using simple and legitimate procedures / process
IT focus on external threats and forget the internal threats.
5. Security of Fluid Perimeter:
As our workforce move towards mobile workforce, the IT Security perimeter
increase not only cover the Company LAN / WAN but also the 'wild-west'
network arena from any internat café in the world. In most cases IT adopt
the 'mobility' strategy without preparing the security risks associated with
it
6. Security for Handheld devices
Many companies embrace handheld, such as PDA and SmartPhone, as their IT
devices, however IT security policy and procedures for those devices are
note properly defined and implemented. In some instances some executives,
sales person, using PDA to store any e-mails that they can read anywhere
they want, and they forget to assign password to their PDA. Once the PDA is
lost, those critical information can leak to other parties easily.
7. Promoting Wrong People
In some IT department in a company, to reward a very talented technologiest,
they promote him/her to managerial position. So he/she shifts from
technology hands-on type of job to people management type of job. Not all
technologiest can shift their skill easily, in some cases, the technologiest
not doing good in managing his/her members therefore the results expected
from the team does not meet the initial expectation
8. Change Management
IT Profesional sometimes is not fully aware of things they did will impacts
business siginificantly. In the technical sides it may be just another
'tweak' in the data entry form, but to user in the field it is big-deal
because it changes the way they do their jobs. In some cases, many dollars
and time is spent just to mitigate system change that are not properly
analyzed and communciated
9. People in Software Development: Quality vs Quantity
Based on Fred Brooks' book, "Mythical ManMonth" it is described that most of
the time project managers in IT calculated people requirements in term of
mandays, manmonth etc without carefully analyze the skill requirements.
Experience teaches us, in IT project, quality of the people give more
impacts to success of IT projects compared with the quantity
10. Developers conduct QA Test
Letting IT developers doing their own QA test is basically will bring your
IT department into disaster. Many unproperly tested applciation, system, or
infrastructure updates create business catasthropes because of this issue.
11. Overconfidence on Ms IE
Ms Internet Explorer has been the de-facto application for Web Browser, but
be aware of its security weaknesses.
12. Network performance Indicator
Giving simple / one report to management regarding network peformance in
most cases create miss-understanding. Network performance should be measured
in the various aspects such as port utilization, link utilization, and
client utilization.
13. Bandwidth is not always the answer for Network problems
In most cases, if an IT Department has problems in network response the
immediate solution will be to increase the bandwidth. Not in all cases
increasing the network bandwidth will automatically increase your network
response. Detail analysis should be done before investing $$ to additional
network bandwidth
14. Weak Password policy
Based on SANS Institute'a Top 20 IT Vulnerabilities list, weak
authentication and password policy.
In some company policy regarding with password and user access is not
properly implemented
15. Never Sweating the small stuff
Although CIO should focus on big pictures, in some cases they also need to
pay attention to small things. Take example of 'The Washington Post' domain
renewal issue happened in Feb 2004, where their domain was not renewed
because of somebody in IT Dept forget about it and cause e-mail knocked out
for hours before it got renewed.
16. Clinging to prior solutions
For new IT management, do not force what you've done succefully in your
previous place in the new place. Most of the it does not work...
17. Cope with new technology
In the newdays where technology is easier to implement, some users utilize
technology which IT Dept does not know about that it all. It is important to
keep updated about the new tehcnology outside.
18. PHP
This is for Web Application Development. Don't only focus on J2EE and .Net
developing tools
19. KISS (Keep It Simple and Stupid) principle
Many IT projects resulted with products that significantly complex to be
used for users.
20. Slave to Vendors Marketting Strategy
Be carefull with your IT Strategy. Make sure your IT Strategy does not fall
into Vendor Marketting Strategy especially in ther of release or version
management.
Outsource important function in IT just to avoid the hardwork while keep the
simple function that easily to be outsourced
2. OpenSource:
Decision to adopt OpenSource strategy in the system does not go through
carefull analysis. If a company does not exercise the possibility of
utilizing OpenSource, there will be loss of opportunity in cost reduction
for system support and license management, however OpenSource will create
significant burden for system developers in supporting the system due to its
lack of stability
3. Offshoring:
Not carefully conduct detail analysis before deciding to offshore some of IT
Support Jobs (in India in particular). Cultural Issues, many non-technical
issues (including travelling) shows for some un-succesful offshore strategy
only create less than 20% in TCO (Total Cost of Ownership)
4. Internal Security Threats:
Based on survey and study conducted by Gartner, 70% of security threats are
generated by internal employees. Based on CERT and US Secret Service: 87% of
insider security conducted using simple and legitimate procedures / process
IT focus on external threats and forget the internal threats.
5. Security of Fluid Perimeter:
As our workforce move towards mobile workforce, the IT Security perimeter
increase not only cover the Company LAN / WAN but also the 'wild-west'
network arena from any internat café in the world. In most cases IT adopt
the 'mobility' strategy without preparing the security risks associated with
it
6. Security for Handheld devices
Many companies embrace handheld, such as PDA and SmartPhone, as their IT
devices, however IT security policy and procedures for those devices are
note properly defined and implemented. In some instances some executives,
sales person, using PDA to store any e-mails that they can read anywhere
they want, and they forget to assign password to their PDA. Once the PDA is
lost, those critical information can leak to other parties easily.
7. Promoting Wrong People
In some IT department in a company, to reward a very talented technologiest,
they promote him/her to managerial position. So he/she shifts from
technology hands-on type of job to people management type of job. Not all
technologiest can shift their skill easily, in some cases, the technologiest
not doing good in managing his/her members therefore the results expected
from the team does not meet the initial expectation
8. Change Management
IT Profesional sometimes is not fully aware of things they did will impacts
business siginificantly. In the technical sides it may be just another
'tweak' in the data entry form, but to user in the field it is big-deal
because it changes the way they do their jobs. In some cases, many dollars
and time is spent just to mitigate system change that are not properly
analyzed and communciated
9. People in Software Development: Quality vs Quantity
Based on Fred Brooks' book, "Mythical ManMonth" it is described that most of
the time project managers in IT calculated people requirements in term of
mandays, manmonth etc without carefully analyze the skill requirements.
Experience teaches us, in IT project, quality of the people give more
impacts to success of IT projects compared with the quantity
10. Developers conduct QA Test
Letting IT developers doing their own QA test is basically will bring your
IT department into disaster. Many unproperly tested applciation, system, or
infrastructure updates create business catasthropes because of this issue.
11. Overconfidence on Ms IE
Ms Internet Explorer has been the de-facto application for Web Browser, but
be aware of its security weaknesses.
12. Network performance Indicator
Giving simple / one report to management regarding network peformance in
most cases create miss-understanding. Network performance should be measured
in the various aspects such as port utilization, link utilization, and
client utilization.
13. Bandwidth is not always the answer for Network problems
In most cases, if an IT Department has problems in network response the
immediate solution will be to increase the bandwidth. Not in all cases
increasing the network bandwidth will automatically increase your network
response. Detail analysis should be done before investing $$ to additional
network bandwidth
14. Weak Password policy
Based on SANS Institute'a Top 20 IT Vulnerabilities list, weak
authentication and password policy.
In some company policy regarding with password and user access is not
properly implemented
15. Never Sweating the small stuff
Although CIO should focus on big pictures, in some cases they also need to
pay attention to small things. Take example of 'The Washington Post' domain
renewal issue happened in Feb 2004, where their domain was not renewed
because of somebody in IT Dept forget about it and cause e-mail knocked out
for hours before it got renewed.
16. Clinging to prior solutions
For new IT management, do not force what you've done succefully in your
previous place in the new place. Most of the it does not work...
17. Cope with new technology
In the newdays where technology is easier to implement, some users utilize
technology which IT Dept does not know about that it all. It is important to
keep updated about the new tehcnology outside.
18. PHP
This is for Web Application Development. Don't only focus on J2EE and .Net
developing tools
19. KISS (Keep It Simple and Stupid) principle
Many IT projects resulted with products that significantly complex to be
used for users.
20. Slave to Vendors Marketting Strategy
Be carefull with your IT Strategy. Make sure your IT Strategy does not fall
into Vendor Marketting Strategy especially in ther of release or version
management.
posted by Linawati @ 2:11 AM
4 comments
