Overwhelming Bureaucracy in the IT Department?

Nedry57 asks: "I am in the somewhat unique position of being a technology worker, who lives outside of the IT department in my company (a very large organization in the US). By far, the biggest challenge I face is getting anything done due to the bureaucracy that exists, within IT. There are certain tasks (i.e. anything that happens in the data centers) that I don't have the access to do. Even a simple task, like installing more memory in a non-production server, can take nine months and massive mountains of paperwork (no exaggeration), thus costing many times more than it should. The lack of agility is maddening, because I know we are missing significant business opportunities. My management is extremely supportive and despite our excellent track record of success in creating robust/secure applications--our work has passed audit numerous times with flying colors--we get no support from IT. Even senior management can't break through the barrier. I am very interested in hearing the experiences Slashdot readers have had in similar situations." How do you get your technology work done, when your IT department is more hindrance than help?

IT

[by Anonymous Coward]

You don't. You fire them and outsource their jobs to India.

Re:IT

[Fjan11 (649654)]

I agree, let market economics do its work. Any outsourcing partner will be more than happy to upgrade your server in a matter of days. Of course outsourcing does land you with a whole new set of interesting problems (cost control!) but the net effect is positive on the whole. Flame me if you will, but there is a reason outsourcing is so popular with managers... most of the time you get a more responsive IT department for less money.

Re:IT

[Billly Gates (198444)]

Bolony.

The cost savings are barely %15 at the most and the Indian management companies take most of the cost savings away.

You need to spec requirements for any programming projects and you can't outsource business processing that far away. If anything efficiency eats in and costs actually go up.

There are a few companies that are %100 based here in the US where manufactoring, operations, and management are all in one location. Outsourcing to China will actually cost more because work wont flow seeminglessly or as easily with everything apart.

I wonder if this guy works for a government contractor or has the military as a customer? Such companies are required to do tons of checks and ballances and security.

Re:IT

[Jelloman (69747)]

...or just fire all of the upper and middle management in the narcissistic IT bureaucracy (you might have to barge in on them while they're jerking off to their org charts), and reassign all of the actual skilled IT staff and direct managers to the divisions of the company that they're supposed to be serving. Any arguments about efficiencies of scale are bullshit territory-marking, you can replicate much of that by centralizing procurement and licensing (but not budgets or purchasing authority!). Even if you lose a bit of efficiency, you more than make it up overall by greatly empowering divisions and departments. Costs plummet and productivity skyrockets when functional areas of the business get (only) the information systems they need, instead of forcing enterprise-wide adoption of the same adequate-for-everyone-but-powerful-for-no-one systems, or adding the same immense operational costs to every server when 90% of them need little security and no redundancy. If my creative team needs some more file-sharing space, is the business better served by me going out to Best Buy (ick) and getting a $400 NAS that I can hook up in 15 minutes (and takes my departmental IT guy 5 minutes to include in backups), or waiting 9 months for a $30K/year file server to be deployed to some server room in another time zone?

If you're building an assembly line, do you give everyone a hammer just because it's cheaper than buying different kinds of tools? Most Fortune 500 CIOs would.

When corporate information systems need to be integrated across business units or divisions, then build a development team for that, and have it report to the COO or CFO or someone else who can lean on upper management, rather than just making one centralized self-centered priesthood that controls everyone's systems top to bottom. I'm baffled that anyone can imagine how that could ever work well. That delusion requires a deep ignorance of human nature.

In a well-led enterprise, only a few of the business functions are really important, because they're central to the strategy of the business. Internal IT is never one of those functions. Yes, everyone depends on it, but IT is not really an "it". All employees have similar requirements for air conditioning and paychecks and parking lots and health plans, but IT requirements vary tremendously. Meeting those requirements is hard, and getting hard things done in a corporation requires incentive and accountability. Centralized IT has neither of those, so they say "no" instead of "yes".

Re:IT

[bigman2003 (671309)]

HA! This is so true...and when it happens, it makes me sick.

I work at a large university. My start in IT began in a non-IT department, and I had to work with the IT people all the time. To them it was a game to try to stop any progress I wanted to make.

They would make me wait months just to add a column to a table in a database that only I used.

They took 2 years to 'investigate' moving from a flat table database (FoxPro) to a relational database (Visual FoxPro) but never migrated anything on the production server, because they were worried about incompatibilities. (FoxPro/Visual FoxPro were the only options they gave me)

I could list dozens of things- but their prevailing attitude was that I was an outsider, and only the IT group should be doing any IT work. I wouldn't have even started doing the work if they had been effective.

Well, now I've moved up, and I head a different programming department. The lessons I learned at my previous position have been serving me well. A little too well in fact- other people who have to deal that those other IT people are coming to me just to get a little server space...even from the other department.

I don't know, but I see IT (especially at a University) as a group that should facilitate others in doing their work- not hinder them.

Okay, so I'm bitching, but this stuff happens. And the sys admins get away with it because their boss doesn't understand what the job entails.

Not an IT-specific problem

[sczimme (603413)]

This is not an IT-specific problem: all functional areas in large organizations are vulnerable to this sort of bureaucratic barbed wire.

Even a simple task, like installing more memory in a non-production server, can take nine months and massive mountains of paperwork (no exaggeration), thus costing many times more than it should. The lack of agility is maddening, because I know we are missing significant business opportunities.

If you know that there are real costs associated with the lack of agility, you should a) document in detail the actual losses, b) present these figures calmly and respectfully, and c) gauge the reaction from senior management.

Conflicting Goals

[samkass (174571)]

Progress and stability are often conflicting goals. IT departments generally prefer stability, and that's why your deployments have probably been so stable and passed so many audits. Developers, of course, are charged with driving progress.

The real answer if you need flexibility with regards to "non-production stuff" is to not let IT have anything to do with it at all. Create a separate sub-net if you have to to keep the non-production machines off the IT network, and a firewall between your network and theirs to prevent any viruses, or other effects, from leaking from your net to theirs (this may require having to VPN through it just to work with these machines, c'est la vie). Keep the machines in a different room than the official server room. Maintain them all 100% yourself. Then do what you need to. Anything less and you're asking IT to aid in your development, a task they're probably not equipped to do while maintaining stability.

It's not uncommon for companies to have a "developer", "staging", and "live" system setup that are all completely independent, with some established mechanism and metrics to push products from one level to the next.

Re:Conflicting Goals

[Xzzy (111297)]

Create a separate sub-net if you have to to keep the non-production machines off the IT network, and a firewall between your network and theirs to prevent any viruses, or other effects, from leaking from your net to theirs

Just take special care to educate everyone using the private network that it's not supported by the IT department, and questions regarding such are likely to be met with quite a bit of hostility. I work on the other side of the fence from the story submitter, and the general feeling is that even the technologiclly minded developers don't know diddly about maintaining a stable server. People are generally encouraged to set up their own work environment, but as soon as root access is given out it's made clear that it is no longer our (that is, IT's) problem.

More importantly, after a couple years of running a private network, never ever consider passing off the burden of maintaining the rickety development system that is suddenly 24x7 critical to IT. Those kinds of moves are exactly the kind that destroy IT's willingness to accomodate user requests.

Perhaps you should try

[PIPBoy3000 (619296)]

Moving to another company besides Microsoft?

you need more meetings

[juan2074 (312848)]

Management can keep holding long meetings to find out why work is not getting done.

We guard you while you sleep.

[by Anonymous Coward]

Look, the people you are after are the people you depend on. We install your memory, we code your apps. We run the internets, we guard you while you sleep. Do not... fuck with us.

Dear IT Professional:

[path_man (610677)]

Dear IT Professional:

Please don't change anything about the way your IT organization does business. We love the way you and your team fail to communicate; the way mindless mandates from on-high drive pointless initatives; the way the latest technology trend shifts focus from project to project like the attention span of a two-year-old.

Especially don't pay any attention to streamlining the use of hardware and software investments that you've already made. You and your team need MORE MORE MORE to get this project wrapped up on time. Have you upgraded to the newest rev of our software? Can't you just taste the new-and-improved speed of our lastest hardware?

In summary, we love the way your IT organization is today, and wouldn't change a single thing.

Yours Truly, Your software & hardware vendors

They DENY you for a reason

[MagikSlinger (259969)]

"Our SAMBA connection is broken. Something changed over the weekend."
"Nothing changed over the weekend."
"You sure about it? Why does the AD server report it's running Server 2003 now?"
"Oh that? We tried to implement Windows Server 2003 to replace our AD server, but we backed it out."
*boggle*

That conversation was with our IT dept. In any controlled environment, things should be thought out, documented and multiple sanity checks performed. Even a dev system can impact a production system if they run on the same segment.

Now, having said that, our IT dept tends to mindlessly enforce rules without thinking about them and getting them to wake up to new technologies (e.g., SOAP, web apps) is like trying to bring around a corpse with smelling salts.

A good IT department should make sure things happen in a controlled and documented way, but should also make it as painless as possible to follow the rules. They should be proactive so if you come to them with something new you want to implement. Not only will they know what you're talking about, but have already prepared a white paper of preferred architecture for performance & security.

A really good IT department brings something to the table.

Someone has to keep the bigger picture in mind

[millisa (151093)]

First off, 9 months seems excessive. Very little should take longer than a business quarter.

However, in my experience every person outside of IT and security groups has this mindset that IT groups hinder them for no real reason.

I do not doubt there is bureacracy that slows every company's process. However, the fact that you want a change made to one system now doesn't change that these IT people are responsible for the effects any change might have on an entire organization. I don't know how many times I hear "But all I want is X". And that person requesting 'X' doesn't realize that 'X' has these 3 possible security issues associated with it. Maybe it won't effect his server even if it is exploited, but that risk has to be evaluated, approved and lord knows what else.

The fact is, every change *must* go through a certain amount of bureacracy to make sure all that it could effect have taken the appropriate level of responsibility.

My best advice is work through your own internal processes to see if turnaround time can be expedited. Maybe all they need is a motivated developer type with your skills to assist in making their change control system better. Or maybe there are things you don't see. Don't assume IT folk are just pushing your stuff back because they don't like you (though that could be a factor). If you can get a 'champion' type in your IT group that can help you get your stuff moved through the most efficiently.

But in the end, it is not up to you to decide what priority your request is given over someone else's. Even a simple request should be evaluated properly and must be given priority that is likely outside the IT drone's choice... Maybe your manager/director type needs to champion your projects to get them pushed through with greater priority . ..don't assume the issue is on the IT side I guess is the gist of it.

Oh, and Bill said he didn't wanna give you your ram because you ate his pudding cup.

"We're Not Freaking NASA"

[Chagatai (524580)]

I worked for a meat producer, with a staff of 60 IT folks for a company of 20,000. At the time, I was a real security nut and wanted to improve the company as much as possible. I was there for about a month when I spoke with one of the IT directors about the company's security policy. His response? "There is no security policy."

He and others in the IT department tried doggedly to get security noticed, only to be shot down by executive management. To paraphrase the CFO and strip out the gratutious profanity, "We're a meat company. We turn happy cows into happy steaks and happy pigs into happy bacon. We're not freaking NASA. We don't need to worry about our computers like Lockheed Martin does."

Several months later a virus hits the company and the phone system, which includes all sales offices, dies. I rush and get the tools to remove the virus in every hand possible.

Ultimately, as I was leaving the company, they finally hired a security manager. This was only because of Sarbanes-Oxley, and that person was given the role of a paper tiger--no authority to change things to be more secure, but a perfect picture for blame should something go awry.

When I left, I entered another office with other politics, but it is nowhere as bad as it was there.

Make It Happen

[Bios_Hakr (68586)]

Some number of years ago, I found myself in charge of a private infrastructure. We had maybe 50 servers and 400 users exchanging sensitive information completely seperate from the main, public network.

Because of the percived importance of uptime on this network, everything required mountians of paperwork. Installing and removing nodes from the domain required three administrators, setting up a new machine required a month on a private VLAN being monitored by a sniffer, memory and hard drives were obselete before they got to the customer.

Anyone who ever worked around an UPS knows how they die. They give plenty of warning. Having an UPS fail is a rediculous way to lose your backbone infrastructure.

My predicessor had done a wonderful job of installing an UPS for every router and switch in the datacenter. Problem is, both power supplies in the routers and switches were connected to the same UPS. In cases where an UPS was about to fail, he unplugged the UPS from the wall and plugged it into, you guessed it, another UPS.

He didn't do it out of ineptitude; it was done because the only option was to clash heads with the IT overlords. They would require studies about how many UPSs failed and if it failed before the MTBF, they'd want us to try and recover money from the manufacturer. They'd want contractors to come in and examine the UPS to bid on a UPS monitor and replacement contract.

In short, asking the overlords was like asking to be turked by a syphalitic bear.

So, some BOFH, overwhelmed by the prospect of repairing the power system, chose another path. He walked over to a failing UPS and simply turned it off. He was the only one with the access to turn it back on, so he had no reason to worry.

Within two hours, all in-progress meetings were cancled. The Supreme Overlords demanded from on high that this lowly tech was to get a blank check and a blank trouble ticket (approved by the Supreme Overlords) to do whatever he needed to do to prevent that from ever happening agian.

Electricians installed two seperate power feeds into every rack.

Each power supply got a seperate UPS.

Old equipment was updated.

Everything was strawberry fields and unicorn giggles after that for the infrastructure department.

Now, to answer your question: You have something that someone wants. Hold it hostage till you get what you need.

The DC is not your playground

[digitalhermit (113459)]

Interesting comments...

I've been in IT for close to twenty years in a couple small startups to some multi-nationals and in my own consulting business. One thing that lots of IT folks lose sight of is that IT is first a support organization within the larger organization. If the larger organization is sufficiently forward thinking, then they can (arrg, PHB-speak) *leverage* IT to be more competitive. But IT folks still have to make sure the website is up, the file server is accessible, users can login, etc., *before* you start thinking about the add-ons.

If the business doesn't want to spend money on the servers, then document what the consequences and benefits are for their decision. Don't just write that they'll have slower machines, but play Devil's Advocate and write up the business case for not adding memory.

Or, figure some way to optimize your resources so that less memory is required. This can be as simple as turning off services, or as complex as setting memory and processor caps within the virtual partition. And if you've tried all these and you're just short of memory, let them know.

In my consulting business my first goal is to keep my customers' infrastructure running. Next is to save them money versus some other consultant. Sometimes they need to spend money up front to save more down the road. Let them know if this is the case.

Spreadsheets are ammunition

[jjohnson (62583)]

Here's what you do: take a simple task like adding RAM to a non-production server, and go through the entire, exhausting process in letter-perfect fashion, meeting every paperwork, audit, and permission requirement. Along the way, document every minute you spend on the process, showing exactly what you're doing, how long it took in minutes, and what requirement you were meeting. At the end, create a spreadsheet showing in careful detail that adding a $500 SIMM actually cost the company $5,000 in processes.

That spreadsheet becomes the club with which your managers and directors can beat the IT department because they're effectively offloading cost onto you at a rate of 1,000%.

Your world's a microcosm - IT focus on big picture

[poopie (35416)]

There are certain tasks (i.e. anything that happens in the data centers) that I don't have the access to do. Even a simple task, like installing more memory in a non-production server, can take nine months and massive mountains of paperwork (no exaggeration)

So, let me get this straight...
User is frustrated because request to make standard servers non-standard with a custom request in a datacenter requires paperwork and time. User is upset because IT has formal procedures for change control, service level agreements, and standard hardware configs. User doesn't get ram upgrade and posts rant to Slashdot.

User is technical, probably dual boots their desktop to non-supported OS, probably hacks computer stuff at home, probably very smart and capable of supporting five or six computers by him/herself.

IT department probably supports 1000+ machines, and that number has doubled in the last year or so while staffing has been cut.

IT department probably has 200 servers per admin and only maintans this ratio by with consistent server deployments that maintain standard configurations.

A good IT organization understands the company's business.

A good technology worker needs to learn to work with IT to get what they need. You would probably be able to request and justify 10 servers and get them in the time it takes to get a one-off upgrade

The lack of agility is maddening, because I know we are missing significant business opportunities.

Lack of planning on your part does not create an emergency on my part.

Learn how your IT organization works. Work with it.

we get no support from IT. Even senior management can't break through the barrier

Perhaps you don't see the big picture. Perhaps you don't see the corporate IT budget and where you/your team/your project is on the priority list for that budget.

I'm sure there are all sorts of IT departments, but the *good* ones understand the core business and know what's important to the company's bottom line. If your IT department doesn't understand that, then I'm afraid you're going to have to become the IT liason and teach them. Provide them with your requirements well in advance so that they can plan proper deployments. Work together so that you can understand the pain points of IT, and they can understand your hardware/support requirements and the *value* that this will provide to the company.

You've missed the entire point

[Overzeetop (214511)]

The IT department exists to make sure they have regular, gainful employment. They do NOT exist to make your job easier, or anyone's for that matter, who does not have direct or closelly indirect firing power over them. There are mouths to feed, mortgages to pay, colleges funds to fund, retirement to dream about.

Cynical? Yes, but also very true. The above is the root of the issue. I'll put it in the terms that IT would:

ITs job is to keep the servers running, smoothly, with as little interruption to daily work as possible. As with any complex undertaking, different users have different priorities. CxOs come first. Period. Internal needs come next (see: "servers running, smoothly," above). High profile departments are next - marketing, sales, accounting. The last one is mostly because it comes under a CxO (F - you can choose what it stands for) who is intimitely involved with the month-to-month operation, and through which everyone gets their pay checks (including previously mentioned CxOs). Development is pretty far down, as you can see. You must understand - you don't bring cash into the organization (sales), nor do your efforts directly affect the price of company stock (marketing), both of which are of top importance to the CxOs.

That does not mean that you are not essential. But you are essential in a way that is ongoing - like the janitorial staff. If they lose development, things will slowly start to degrade, but it will be a while before there is a crisis. Either way, its an expensive mess to clean up, but if you throw some cash at it, you can bring things back to livable.

Now, lets look at the flip side. If IT goes down for a day, there will be hell to pay, and heads may roll. Every IT person knows this. Anyone who has dealt with complex modern systems knows that it's a house of cards. There are so many things that can go wrong. One failure, if not just costing your job, is certainly going to make for a long night getting things back in order. That would be uncompensated overtime, remember. Also, ten years without a single failure will not make you a hero, like landing a new sales client, or scoring a great marketing campaign which lifts the stock price or sales. It will make the company think you're reliable, but boring. Bonus aren't given out for boring. One failure, on the other hand, makes you a villain.

Now, if you've made it this far, how much value is there - for the IT professional - in helping you get your job done faster. In case you've skimmed, I'll tell you: none. It's like playing russian roulette for fun. Unless you just happen to like the life-or-death thrill, or have nothing to live for, it's a fools game.

I wish I had better news for you, but if you have a large corporation, than you have an ingrained corporate culture, and IT subculture. And they don't drift your way.

Oh, I've never been in IT. They piss me off 'cause I'm an engineer and just want to get shit done, and they want to worry about making sure the CEO's internet never goes down. I've learned over the years that, in effect, that is their job. I've stopped fighting them and learned to either (a) work with them or (b) work around them. The latter is done carefully to avoid stepping on toes. Just as they are under the thumb of uper management, they like to exert their power where they can. That would be against you and me. You don't tunnel under a mountain if there's a reasonable way to pass around it.

Re:deal with it

[PCM2 (4486)]

be grateful you have a job. it's obvious there is nothing you can do about it, so why are you sweating it? go with the flow and live a less-stressed existence. it's not worth creating ripples. the only people who judge you for your work aptitude are you and other men; no one else cares.

Well all right! Way to spend your life being a doormat.

Sure -- if I can read between the lines of what you seem to be saying -- the chicks might not care if you're good at your work or not. But some of those mere "other men" you mention might also happen to sign your paychecks.

The guy was complaining that his company is missing significant business opportunities. Translation: The company is missing significant business opportunities that he could have been instrumental in acting upon. But he can't, because of IT bureaucracy.

OK, so it's not his fault -- but do you think that's going to matter next time he goes in for a raise or a promotion? They'll want to see all the forward-thinking plans he's executed on, and he's going to have nothing, because trying to do anything is like wading through mud.

Even worse, what happens when it's time to a round of layoffs? What justification will he have to keep his job then?

Maybe it's easy for you to just sit there and be grateful you have a job. If it is, it's probably because you've only had one or two entry-level jobs. For people who have had a job for a number of years, however, just having a job no longer seems like Goal #1. Those people start to have other ambitions -- like buying a house, for instance, or a new car, or providing for their families. Maybe you've put yourself through college. Have you put anybody else through college lately? Dads sometimes like to do those kinds of things. They're hard to do when you've spent the last five or ten years sitting at the same desk in the basement, just spinning your wheels.

Re:Recognize those things you cannot change....

[rovingeyes (575063)]

Seriously, it seems that you have fought the good fight.

OK, by this point I have read TFA at least a few times and I still didn't find what was the good fight this guy fought. I mean he doesn't list any steps that he has taken to fight the IT department. He and his management are unhappy with the way IT department works. So just for argument sake, can I assume that you are making assumptions that may not be valid and drawing conclusions that are plain wrong?

I am not denying that this situations don't exist, but most people just whine about it, they don't do anything about it. For e.g. has this guy filed a formal written complaint to the upper management stating that the IT department is not co-operating? Has he tried forging some good rapport with the IT department? The only time any one remembers the IT department is when stuff don't work. Sometimes acknowledging that they are part of the company and their success may lead them to co-operate more. To support my argument read what the author states:

The lack of agility is maddening, because I know we are missing significant business opportunities. My management is extremely supportive and despite our excellent track record of success in creating robust/secure applications--our work has passed audit numerous times with flying colors--we get no support from IT.

So apparently according to him all the bad things that are happening in the company is due to the incompetence of IT and all the good things are happening because of his development team. Gimme a break!! That attitude (treating IT department like they are 3rd rate employees, a burden) is not going to get him or any body favors.

Suggestion to author: Try toning down your ego, treat IT department with respect, give them credit and appreciate their work. They are the ones who save your ass when you type "rm -rf /". And ocassionaly buy them beer and lunch and see those 9 months turn to 9 seconds!

Re:Recognize those things you cannot change....

[panaceaa (205396)]

You have quite a defeatist attitude. Contrary to Slashdot common belief, responding to challenges by quitting your job doesn't solve any problems, unless your challenge is to find a job where you don't have to think or do any real work. (In that case, you should probably go join this company's bureaucratic IT group -- they seem to have that area covered.)

In any case, the best way to get interdepartmental problems fixed is by providing rewards to both sides for working together. Short of that, you can start your own IT group or work with an outside company to get your solutions hosted. Your IT group should be a resource for you -- if they're not, you should be able to use other resources instead.

One of the managers I'm currently reporting to used to run into a similar problem at his last company. He's a 2nd level manager, and he decided that he would pay the salaries of a few people in the IT group in exchange for them specifically working on projects for his team. It worked great, and they were able to push out new releases every couple months. Before he started the arrangement, releases were taking 9 months.

In conclusion, you should give financial incentives to the other team to reach your goals: Whether it's through paying their salaries, or taking away their work by going with someone else. Unless they have an incentive to work with you, they probably won't.

Bull manure

[rumblin'rabbit (711865)]

You have quite a defeatist attitude. Contrary to Slashdot common belief, responding to challenges by quitting your job doesn't solve any problems...

Cow droppings. Quitting your job often solves problems. I don't recommend people leave their job on a whim, but if it's intolerable and there is no realistic chance of improvement, then you would be stupid not to. There's such a thing as being too loyal. You don't owe any company your sanity.

Beside which, what better way of making things better for those who stay? If management loses good people because of some problem, they just might address that problem.

Re:No Exaggeration?

[Tuna_Shooter (591794)]

Most of the Pharma data centers i've dealt with in the last 5 years are locked down VERY tight. They have to deal with 21 cfr part 11, Hippa, SOX and a list of others issues and as such sound EXACTLY like the situation you describe. Example, in order to upgrade from MSSQL 7.0 to MSSQL2000 on a Pharma house manufacturing server requires changes to the following: Changes to the original Validation Plan Detailed Design Specs Functional Requirements Specs IP's - Installation protocols OP's - Operational protocols QP's - Qualification protocols ALL of the above operations require testing-testing-testing, a multitude of meetings and of course approvals from God all along the way. Then QA-IT-Engineering has to oversee everything. Its a very cumbersome, expensive process. This is for your-our own good. I have seen manufacturing data corrupted if this process is not followed exactly. Remember this the next time you think about the consistancy of those pills you take.