What Would You Demand From Your IT Department?

ZombieLine asks: "The IT department at my company (approximately some 500 people) is showing signs of incompetence, and has been ignoring knowledgeable user input for about a year. Additionally, they haven't been able to sell needed changes to senior management. Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice. We users are staging a revolt to make IT more responsive to users by creating a group from the company divisions and IT to discuss needs and solutions. What would you put in our charter?" What services and responsibilities would you demand out of your IT department?

What would you demand from your IT users?

[by Anonymous Coward]

ZombieMime asks: "The non-IT employees at my company (approximately some 5,000,000,000 people) are showing signs of incompetence, and have been ignoring knowledgeable technology input for about a year. Additionally, they haven't been able to accept needed changes to senior management. Unacceptable computer usage, maxed bandwidth usage, and no common sense have hit the bottom line, and those on top are starting to notice. We geeks are staging a revolt to make users more responsable to IT by creating a group from the company divisions to discuss needs and solutions. What would you put in our meeting room to kill as many people as possible?"

From the non-tech perspective

[Dukeofshadows (607689)]

As a non-technical person with enough engineering friends to get to this site and have an iota of what might be reasonable to expect from IT professionals, here's my list of expectations:

-Security of data: obviously no data is *absolutely* secure if the computer is connected to the net, but enough security that I could feasibly work with medical records and HIPPA-privledged information without constantly worrying about crackers. For those of you who don't know what HIPPA is, imagine a very protective law about patient confidentiality that can result in serious jail time if it is violated.

-Continual access (within reason): If there are natural disasters, power outages, or personal emergencies, then certainly one can't reasonably expect 24-hr access. At almost any other time, however, I'd like to be able to turn a computer on at the workplace and not worry about downtime or have to call someone to fix the system (as my colleagues and I do now).

-Work ethic: Nothing pisses me off more than lazy people, especially those who try to use technobabble to hide incompetence. If there is work to be done, then I'd like to dial up the local expert/employee and know that the problem will be fixed *quickly* and efficiently. Certainly there will be problems that require more time than others and nothing runs smoothly all the time, but no one should have to brook crap from employees who pad schedules. If there are problems, say so and at least *try* to explain them, don't go into geekspeak/technical language in hopes that I don't understand and give up and let them go back to (insert game here).

-Keeping me informed of new tech without trying to be a salesman: Not every new upgrade is worth getting and keeping up with the Joneses can be prohibitively expensive. Sure, new tech is very cool and I'd like a wireless device to use around my office to tie labs/patient data together, but that doesn't mean it's worth constantly annoying the boss for tech upgrades

-Honesty: Don't overcharge me or bend/stretch/break the truth with me. Medical professionals *seem* to be a prime target for fleecing among computer folks and I've heard horror stories about people paying several times market rate for upgrade and basic tech services. If you work for me, please be honest about all systems or equipment. If I've made a poor decision and there's new data, say so. If there's a better program/hardware setup out there and I'm not familiar with it or am being blindsided by the saleswoman, make mention of it. I don't have the time or patience to micromanage, if your job is technical material than I rely on your expertise and expect to be able to trust you and your decisions.

That shouldn't be too much to ask and is what I will expect of any technical employees I'd hire once I graduate and get a practice up and running a few years from now.

Re:From the non-tech perspective

[sphealey (2855)]

=== If there is work to be done, then I'd like to dial up the local expert/employee and know that the problem will be fixed *quickly* and efficiently. ===

Only the fire department and the Marine Corps keep enough people on standby to handle any problem presented to them immediately (and even the Marines are a bit tied up at the moment). Every other entity queues, prioritizes, and triages. Your IT department *could* maintain enough knowledgable experts to answer your difficult questions in depth whenever you picked up the phone - I once worked with one that did. That department lasted a little less than 2 years; once senior management figured out how much it was costing they terminated it and replaced it with an outsourcer at 1/3 the cost. 1/5 the level of service, but that was not senior management's concern (and perhaps rightly so).

sPh

Re:From the non-tech perspective

[cexshun (770970)]

As the sole IT employee in my mid-sized company, I understand your wants. However, perhaps you don't see that you're micro-managing a bit?

My bosses want to be kept informed at all times. However, trust me and let me do my job. When I fix something, don't ask me what was wrong or how I fixed it. I don't have time to explain to you what you learn in 2 semesters of network infrastructure classes. Just back off and you'll be surprised how much an IT person will get done. Sometimes you just have to accept, "It was a problem with the hosts file and it was throwing off sendmail" without probing into sendmail.mc theory. And as far as explaining it in non-techie terms, I can only dumb down SSH tunnels and the TCP/IP protocol so much before I want to jab myself in the eye with a spork. OK boss, it works likes this. A computer stands up and yells,"Hey Server!!!". All the computers here it, but only the server yells back, "Yeah, what do you want?"

As an example, my boss was on vacation in Florida. While he was gone, in 1 week, I was able to complete more projects to improve business and workflow then I previsouly had since the first of the year. You know why I was so non-productive? My bosses demanded a military-like work ethic, wanted to be constantly informed, wanted to triple check the line items on a budget request for a freakin tape drive, etc. Without him breathing over my shoulder and constantly asking me why I had a browser open(that better be work related!) and without having to explain to him why DNS is so important to an AD network, I was able to do what he was trying to 'motive' me to do, actual work!

And just because you don't see me doing anything doesn't mean I'm not busy. Sometimes I have to push myself away from my desk and 'space out' for a bit while I brainstorm what the heck is wrong with the httpd.conf file.

IT is a tough job. If people don't know you exist, that means you're doing a good job. Conversly, they get the impression that you don't do anything since you're out of sight/out of mind. And ever since I bought that Time Management for Systems Administrators(previsouly reviewed on slashdot), it seems I have become more productive while giving the illusion of doing less work.

I Love Stupid Users

[inKubus (199753)]

I come from a long helpdesk background and am now a senior developer at a mid-sized company. Unlike most of you nerds there's one thing I enjoy more than "being right" and that's "being lazy." That's why I love stupid users. I loved having a job where the biggest problem I faced in a day was telling a user to turn their monitor on. Or turn their capslock off. The worst job I EVER had was working with some very bright and very motivated individuals who were not geeks but were extremely competent in everything they did. The one thing they didn't know well was computers, and in that business you didn't need to know computers to make a crapload of money. But because they were all so brilliant, every little thing was nitpicked. Everything had to be done now now now. There were no easy problems and every day I was challenged to learn and perfectly perform something that I'd never done before with technology. There was always some shit on the line: huge fines from regulatory institutions, huge investments of money, hundreds of employees counting on your work. If the worst you have to deal with is someone dumber than you, you have it made. Make friends with your users, treat them like people, and soon you'll be in middle management, making bad decisions for a big salary.

Re:From the non-tech perspective

[Pig Hogger (10379)]

All passwords must be a minimum of 8 characters long, have at least 2 numerics, 2 symbols, 2 capital letters and 2 lower case letters. Zero repeat characters, and no character can be used in the same position more than once in 16 months. Passwords must be reset every 28 days - no exceptions.

Shhhh! Shhhh!!! Hear!

(cricket sounds)

Congratulations: this is the new empty office after everyone was fired for not being able to follow this terminally assinine password policy.

Re:how to remember a secure password?

[LordLucless (582312)]

No, the password criteria given above SUCK. 8 characters, 2 lower, 2 upper, 2 numeric, 2 symbol. There's too much information given away in the security policy about the composition of the password. Whereas a normal 8-character password would have around 90 possibilities for each letter, in this case, each character would have a maximum of around 26 possibilities - even less for some because numerics only have 10 possibilities. You really cut your password space down with overly-restrictive policies.

Of course, hard-to-crack passwords only matter in cases where it would be feasible for someone to try and brute-force the system without being detected and locked out. That's generally only possible against targets like encrypted files, not live system logins.

The only thing that is going to let people in to live targets via the normal user login (ie: Not through a bug/hole/exploit) is either easy-to-guess passwords (like spouse name, dog name, birthdate, etc - dictionary words are not necessarily easy to guess unless there would be some reason an attacker would be likely to guess the word) or through the user disclosing their password in some manner.

Of the two, user disclosure is more likely. Even with an easy-to-guess password, it's unlikely even a knowledgable attacker would be able to guess it in few enough tries not to set off any lockouts the system may have. In any case, you don't need to go to such a draconian level to prevent easy-to-guess passwords. Require two non-alphabetic characters in non-adjacent positions in the password, and you're pretty much safe.

The most likely route for password compromise is user disclosure, and there is no technical way to protect against that except for relying on additional, non-password security measures (keycards, biometrics, etc). You could try educating your users, but like that's going to work.

Re:What would you demand from your IT users?

[shokk (187512)]

Dear ZombieLine,
Maybe your company, like most others, is drastically underfunding the IT department, expecting superhuman performance on less than shoe-string budgets, while every day demanding all new buzzword compliant services and ignoring IT requests for additional warm bodies. Not to mention the fact that you are using high maintenance Microsoft Outlook type services while surfing for pr0N and jam packing your mail server full of the latest Happy Fun Tentacle Rape Party videos that everyone is mailing around.

Unacceptable server downtime? Are you clustering critical services?

Bad backups? Chances are your company is very content with single tape drives that the sysadmins can swap tapes from rather than having a good tape library with enough licenses to cover all servers with a decent retention time.

Maxed network storage? Are you paying for more RAID disk shelves? Or are you still feeling brilliant telling your IT staff all about how "you can get an IDE 200GB drive for $50 at Staples, so why can't that be plugged into the EMC or NetApp fileserver?"

My recommendation: stop demanding Five 9's of service and stop expecting services to never reboot or need maintenance if you aren't going to fund it. Stop dicking around at being a business and spend money to make money. Otherwise, save everyone time and bend over to your competition now. You can recommend all the fantastic new upgrades and services, but if your company doesn't recognize the value of improved infrastructure services, and an educated staff, you don't deserve to stay in business and sooner or later Darwin will rear his ugly head.

Get your little posse of idiots together an ask senior management why they are refusing to fund the needed changes. You might be pleasantly surprised to find out that they have no friggin clue about how to manage IT. Or maybe you haven't been paying enough attention to quarterly financial reports to realize that your company is experiencing a classic symptom of the death spiral.

Oh, BTW, you're an asshole. You and your 2Live Crew can go fuck off.
Love,
Shokk

Re:What would you demand from your IT users?

[shaitand (626655)]

"you have not seen how busy a competent IT technician is"

A competent IT technician has just enough time on his hands to learn new technology and retain sanity. A competent IT technician does not give users access to anything that could cause unpredictable consequences and makes sure that the systems they do have access to don't have problems in the first place.

An IT guy who is constantly running from place to place is the result of one (or more) of three things.

1. An understaffed department. Your IT guy is not working the floor in a retail outlet, if he's on his feet or crawled under a desk most of the day you need more IT guys.

2. An imcompetent IT guy (or IT decision maker causing IT guys to perform IT tasks incompetently). When IT is done properly there are not fires everywhere to put out.

3. Incompetent users. Incompetent users are the types who keep the IT guys busy fixing phantom problems, doing user training, or bug them with water cooler talk that fails to recognize that IT guys don't like people or talk. Your IT guy does not care to tell you about the cell phone or digital camera on the market.

Re:What would you demand from your IT users?

[rtphokie (518490)]

Horseshit! IT support IS about users and you'd better learn how to talk to them if you want to keep working in IT. RTFM as a response to stupid user questions will eventually get you your walking papers.

Wrong. Many supposed IT problems should actually be solved by HR with a good talking to about abuse of company resources and how that might limit your career.

Calling IT when you forget your password for the 5th time that month or with some dumb question because you are too lazy to crack open a manual is no better than stealing office supplies or equipment. It's all just stealing resources.

20% of the users create 80% of the work for IT.

Re:What would you demand from your IT users?

[Trigun (685027)]

My pet peeve is being told what platforms to support, training budget spent on hardware, having to support a single server that needs to have 24/7 uptime built on commodity hardware, having end users think that a 250 gig hard drive for $150 is going to cut it as enterprise grade hardware, being pestered for every little thing that remotely has to do with IT, answering the exact same question over and over, even though you spent the time to put up a FAQ on it after the same person asked you the answer every damned day. I hate the fact that end users destroy their systems, lie about what websites they go to when you know exactly where they are going, what they are doing, what link they clicked on. I hate the fact that they decide to go to your supervisor before coming to you, and you get shit on because he has to break up his day and deal with an irate phone call because when you told the user that you were aware of the problem, and were working on it, and nothing has changed in the last five minutes, that was too much for them.

The big thing that you need to have a qualified IT department is an actual department. Put training schedules in place, and anyone who isn't performing due to a lack of technical knowledge should be first retrained. Make a gameplan for your business, and ensure that you ask the IT managers to attend the planning. Keep them in the loop, and make sure that you have the equipment to make the initiative happen. Make certain that there are proper procedures in place to handle issues, and the staff and resources to fix them.

Re:What would you demand from your IT users?

[DA-MAN (17442)]

I like anyone to show me a 200gb SCSI drive for any price. The only SCSI drives I have seen recently jumped right from 146GB to 300GB flavors.

I bought 20 of these 300gb scsi monsters. At 1500 bucks a pop!

They wanted to upgrade an aging 20 node Single Athlon MP Cluster. I told em it'd be cheaper to buy new hardware than to upgrade them to 2 cpu's, quadruple the ram and add 300gb scsi hard drives.

Originally = 1xAthlon MP 1800, 1 Gig Ram, 1x76gig HD
Upgraded = 2xAthlon MP 2800, 4 Gig Ram, 1x300gig HD & 1x76gig HD

They didn't believe me. . .

When these old, out of warranty machines, started having all failures (mobo/power supply) it was my fault! Try as I could, I couldn't get replacement parts. The legacy parts, ATXGES (Non-Standard) power supply and discontinued mobo were nowhere to be found. . .

The guy who posted this "ask slashdot" probably knows more about his local IT department than I do. All I can say is that I got a reputation very similar to the posters IT dept. Incapable of keeping servers up, yadda yadda yadda, even though I had made it clear that this was NOT the way to go. Just because IT is in charge of it, doesn't mean they created the mess. . .

from personal anecdotal experience

[yagu (721525)]

Your company may have IT problems if any of the following has happened recently:

• your company has right-sized the work force (could cause loss of corporate memory since right-sizing is usually code for age discrimination
• decided to become a [insert technology here] shop by executive fiat with no input from IT staff (could de-moralize IT staff, they're not going to care much if their input isn't being counted)
• changed the review process (more de-moralization -- they're (reviews) usually not changed in a positive way)
• eliminated bonuses
• implemented mandatory overtime (I've experienced this many times -- it's the best way to instill attitude in an IT organization)
• gotten a new CEO soon to loot your company and run (I experienced this... once I experienced a half million loss in options and 401K it was hard to like what my company had become when the CEO walked away with $500M)
• frozen pension benefits (ditto)
• cut back on medical coverages (ditto)
• implemented a required "certification" process for IT staff (gag)

There are many more -- these are just a few I've experienced that exclaimed "improved [insert your favorite trait/characteristic here]" and had mostly the opposite and unexpected (to decision makers) results.

(btw, your "500" count is listed after the mention of your company, it's not clear if you're talking about a company of 500 employees or a company for which it's IT segment comprises 500 employees...)

ITIL

[Wanker (17907)]

The UK-based ITIL initiative describes in gory detail a collection of best practices that IT can follow to provide better service to their customers. They can do as much or as little of the whole program as they want, and it can even be driven from the outside by the user community if absolutely necessary. Obviously, if there's cooperation it works better, but if they roll their eyes at "another total quality management initiative" (which it's not) you can still use the terminology and methods and eventually drag them into it.

http://en.wikipedia.org/wiki/Information_Technolog y_Infrastructure_Library [wikipedia.org]
http://www.itil.co.uk/ [itil.co.uk]

Re:ITIL

[by Anonymous Coward]

I have to post this one as AC, sorry.

The UK-based ITIL initiative describes in gory detail a collection of best practices that IT can follow to provide better service to their customers. They can do as much or as little of the whole program as they want, and it can even be driven from the outside by the user community if absolutely necessary. Obviously, if there's cooperation it works better, but if they roll their eyes at "another total quality management initiative" (which it's not) you can still use the terminology and methods and eventually drag them into it.

The company I work for decided to "implement" ITIL about five years ago. It has improved nothing, and has essentially just served as a different set of buzzwords for managers to use.

What it reminds me of is an article I read about the US military and its "transformational" thing a few years ago. Everyone and their mother was scrambling to claim that their pet project was a great example of a "transformational" weapon, even though they changed nothing about it.

Have you thought about...

[tekiegreg (674773)]

Outsourcing to someone else?

Seriously, if you're going to have a department of lazy, inefficient slugs, you might as well have them for cheaper :-)

In addition, the very threat might make your IT department shape up real quick...nothing like the threat of losing your job to light a fire under your butt and get working.

By the way raymondsimms@hotmail.com I'd be careful using fullnames around stuff like that. An IT guy at your company is probably checking the company database right now for names that match that...prepare for the vengeance of an IT Guy.

Re:Have you thought about...

[B3ryllium (571199)]

Ooh! Good idea. I'll check for him tomorrow when I get in to work.

First thing to demand - an SLA

[Olmy's Jart (156233)]

You need to map out your requirements and then formulate them into an SLA, a Service Level Agreement. Then get your management to agree to it and take it to the barganing table. Make it clear that this is what they (the IT department) will be measured and evaluated against. If they can't agree to it, then get them to counterproposal. But, what ever you do, get it in writing in the form of an SLA, with the bosses on board... The particulars about what services and what responses and what responsibilities you want from them are details that go into the SLA. Once you hash out the details, get them locked into that SLA, though...

What are we starting with?

[Conception (212279)]

"Unacceptable server down time, maxed network storage, and no backups systems have hit the bottom line, and those on top are starting to notice."

I don't know your situation... but maybe more money is needed for people, equipment, etc etc. You can demand all you want, but if you don't pony up the resources... *shrugs* You get what you pay for.

No Brainer

[moehoward (668736)]

This is beyond a no-brainer. I actually doubt the authenticity of the story based on how the real world works. Or maybe the poster is really in a 25 person company or something.

Anyway, here is how it works. Your department has IT needs. These needs are written down. The IT department has guaranteed services it provides. These are written down. Your department takes a budget "hit" to pay for an internal IT department. These are the givens.

Now, if IT does not provide services you NEED/REQUIRE (like backup, duh), then you go to the whomever is above both departments (COO, VP of division, president...) and you show the mismatch. This is not a complaint, just a reason why you are increasing your budget next year to get the services you need to succeed.

Of course, you are keeping a log of all incidents that are occurring and a log of down time and a log of costs to you as a result, etc.

Look, business people are not idiots. The 3 previous paragraphs I write above are beyond no-brainers. Why is this stuff so non-obvious to today's geeks??

It sounds like your company has other issues...

[mrscott (548097)]

It sounds like your company has other issues beyond an unresponsive IT department. You indicated that IT has been unable to sell necessary changes to senior management. Are you positive that senior management agrees that changes are needed or that they actually understand the seriousness of the problem? You might find that IT feels that their hands have been tied and have nowhere else to go since senior management isn't helping them.

A group of users making "demands" of the IT department is somewhat inappropriate. Yes, the IT department exists to help users with their work, but their priorities are set by senior management. If you plan to create some kind of IT Steering Committee, I would recommend a few things: (1) Lose the attitude -- all you'll do is put the IT folks on the defensive (and remember, since you're not in their group, you may actually have NO idea what priorities have been laid out for them by senior management); (2) Get the blessing of senior management before you try this; (3) Make sure at least one or two high-level people attend your meetings and buy-in to what you talk about.

Treat the IT folks like human beings. They may have perfectly good reasons for dismissing what you consider reasonable ideas. Perhaps they're seriously understaffed so that great desktop Linux rollout one of your users is convinced is the right idea just doesn't pay off for them, for example.

This may be Senior Managements Fault

[baggins2002 (654972)]

--No Backup Systems
--No Storage Space
These sound like budget issues. Do you think that if the IT staff, just tries really hard or is competent that they can just create File Storage and Backup Systems out of thin air.

wait...

[marcello_dl (667940)]

I AM the IT department, you insensitive clod!

Knowledgeable user input? Yeah Right...

[DnemoniX (31461)]

I am the IT Director for a smaller organization, about 300 total employees. Every little complaint you have there is something that I have seen a hundred times over regardless of the firm. Let me explain where you have started to go wrong here. First mistake, assuming incompetence, instead of researching the root cause of any service problems. It is easy to just say, "Well Bob over there is an idiot". When maybe Bob is following protocol that he didn't establish. Or that the IT resources are stretched to the breaking point.

Ignoring knowledgeable user input, ok that I have a huge problem with. Everyone in the IT community, programmers come to mind the most often, seem to think because they work in front of a pc all day that they know their ass from a hole in the ground when it comes to managing a network or a server farm. Sorry but that it the absolute truth. I have interviewed countless people for jobs in IT, well over 50% of them programmers trying to get Sysadmin positions. When asked specific questions about administrative tasks the answer is almost always the same. I know something about it but I have never implimented anything like that. Everyone wants to be an expert, trust me you aren't.

Unable to sell needed changes. Have you considered that management and accounting do not see the corporate finances in the same way that you do? Some changes are simply impossible to sell. Unless your corporate focus is in technology some of the upgrades needed to improve infrastructure will always be lacking. The exceptions tend to be when the powers that be are directly inconvenienced. But the IT Dept probably caters to them quicker than any other department so they do not see the need. They pick up the phone and Bob is right there, where as you submit a trouble ticket and you are lucky to see someone in 48 hours.

Starting a revolt? Wow you guys are arrogant. Plain and simple. What makes people think that they know another departments job better than they do? Much less "demanding" services. Just astounding. You efforts would be much better spent working with the IT department to figure out ways to get management to invest in more staff, more training and equipment upgrades. That benefits everyone, and doesn't just stroke your self-important little ego.

Re:Knowledgeable user input? Yeah Right...

[xTown (94562)]

I agree. Reading the phrase "knowledgeable user input" reminded me of two things from my own work experience at a school district in the upper midwest.

1. The elementary school teacher who INSISTED that we replace all of our 100+ NetWare servers with Windows NT 3.51 because...I swear..."NT does everything that NetWare doesn't do. You can have individual user accounts with home directories!" When I pointed out to him that we had that under NetWare, that our NetWare servers were rock-solid (which they were), and that the school district wouldn't be able to afford the hardware, software, and training to make the switch, he complained to my boss that not just I, but the whole IS department was incompetent.
2. The middle school teacher who...I swear...wrote a letter to my manager saying that the school district should ditch all of its "outdated" AS/400s and replace them with Macintoshes. No, I'm not making it up. Why make the switch? "32-bit is the future of computing." I will never forget that phrase.

I wonder how the OP and these two teachers would take it if the IT guys started telling them how to do their jobs? Shoot, I've read some books about teaching, so I must know how to do it, right? I can add and subtract, and that's all you need to be an accountant, right?