IT departments are little short of a ponzi scheme – discuss

I agree that the cloud is not right in every instance, nor indeed is PHP. What I do believe those is that very many IT depts in this country – particularly those wedded to MS and .Net – are severely lacking in any useful user focus or progressive thought.

Some of the worst systems I’ve worked on have been written in PHP, the language/platform/implementation/deployment method is pretty much irrelevant really.

One of the best systems I’ve worked on was a financial system using Microsoft Access as a front end to a massive SQL server database. Old school in implementation, but an Incredible bit of design, and the users loved it because it streamlined their workload so much compared to their old system.

Sorry if I’m teaching granny to suck eggs here 🙂

Sounds to me like the OP read Linux Weekly and got some ideas above his station, was bitchslapped by IT and now is just venting here about it. Don’t worry too much about it OP, when you finish school you might not take it so personally. If the OP isn’t an angry pus-faced teen I apologise and at the same time sympathise. Your poor colleagues 🙁

Perhaps OP is a troll? Sadly I fear not – see this unremitted wankery from a previous post:

‘m having a website built (not off-shored to India) and I’d welcome any bright ideas that you might have. It’s for a small, boutique management consultancy, with a growing amount of marketing and social media related projects. So it needs to be sharp, and it needs to look expensive to appeal to corporates.

*puke*

Duckers – have I touched a raw nerve? That’s a bit of a low blow to suggest that I don’t ride a bike just because I’m having a teeny wee pop at IT types. Shame on you!

No, just putting you straight on your #### talking.

Better edit that before I get banned, wouldnt have anything to do in my IT job all day then 😉

Not really

In other words bullseye – raw nerve ahead. Did she dump you for a Mac fanboi?

😆

Good call!

Nice edit Random – loving the venom!

Attention IT people.
Don’t forget now.
At the end of the day you’re JUST support.

Attention non-IT people.
Don’t forget now.
At the end of the day we can JUST withdraw support.

Oh, and terminate your service. And read your emails. And review your proxy log. And have an accident with your QoS settings. And route your connection via Abu Dhabi.

You know how it’s a good idea not to insult restaurant staff until after you’ve got your food?

IT people can be very creative. But, that’s another thread. Not that I’d ever be malicious of course, but you never know who you’re dealing with.

This might make an interesting read for some on here. Or then again, maybe not.

NY Times piece on the consumerization of IT

Quite interesting. Happy workers are probably more productive workers, but the downsides might not make it worth the hassle.

“You shouldn’t reject things that make employees more productive, and if those things happen to be consumer technologies, so be it,”

That guy summed it up pretty well.

Cougar – you’re still JUST support though. 😉

This might make an interesting read for some on here

TL;DR but,

My gut feeling is that a ‘use your own kit’ policy isn’t a best fit for every organisation.

For a start, it raises big support issues. IT are expected to support any old random piece of crap they’ve never seen before and somehow make it work with the existing infrastructure. Now, for large organisations this probably isn’t a huge problem as they’ve got a larger IT resource to deal with it (and by definition, a broader pool of knowledge); but for smaller places, it’s a complete nightmare.

For context, In the past I’ve been the only member of IT supporting maybe 400 staff in one organisation, and one of four supporting a thousand in another. And by “member of IT” I don’t mean “support desk staff,” that includes infrastructure, IT management, everything.

Then you’ve got security to deal with. There are ways to deal with this (such as endpoint analysis) but having uncontrolled devices plugged into your LAN behind the firewall immediately presents you with a risk that can potentially wreak havoc.

And that’s the tip of the iceberg, I could go on. Point is, there’s a reason IT departments roll out standardised kit. It’s so that it works, and they can keep it working. “Choose your own” can work, but it’s a big ask.

Cougar – you’re still JUST support though.

Well, that’s not strictly true.

Cracking item on the Amazon failure and how some didn’t and some did survive at http://www.jorditorres.org/news/wp-content/uploads/2011/06/nt_rutherford-falling_skies_and_stormy_teacups.pdf

Also http://techblog.netflix.com/2010/12/5-lessons-weve-learned-using-aws.html

There are ways to deal with this (such as endpoint analysis) but having uncontrolled devices plugged into your LAN behind the firewall immediately presents you with a risk that can potentially wreak havoc.

been there seen that, oh how we laughed as it was the md. surely though as long as its BF3 compatible that what matters !

Don’t you love how everyone is an IT expert ‘cos they got their home WiFi to work 🙂

And the ‘Cloud’, operates much like the computer bureau (anyone else work in MIPS selling?) I worked for in the early 80’s, except there at least you knew where your data was and the controls protecting it…

This might make an interesting read for some on here. Or then again, maybe not.

NY Times piece on the consumerization of IT

You know what? As IT (just) support, this is awesome. Long may it continue.

Let people go out and buy their own devices, we’ll provide lightweight access to corporate resources. You get a window onto the systems you need to access and that’s it. ZEN, citrix, web apps, no problem. We can do that easy.

You know why it’s good? Because as soon as users stop accessing all the corporate systems direct, they’ll stop going wrong. Then we’ll only have experts touching them and we can manage that.

What’s that? Your laptop has broke? There’s an apple store in the trafford centre, good luck!

We’re beginning this work in ernest now in our business and it can’t happen soon enough for me. My costs will drop dramatically, I’ll have a hugely more stable environment and I can stop listening to whining users. 😉

Enterprise IT is hard work, but usually a lot harder than it needs to be, and usually because of a good number of factors not least under/inappropriate investment.

Using some cloud service is great, but where do you get your competitive advantage from when you don’t have control of your systems?

Remember that Enterprise IT is a very different beast to home computing with wildly different requirements that a person not involved with the process is unlikely to grasp quickly.

Lastly, .net is actually very good, but can still be used to produce a rubbish product just as with php.

God, I’m getting excited just thinking about it now….

Unified environments, no software clients, all access comes through hardened portals. DC Bandwidth will drop off the scale. I can audit and control all access simply and effectively. I can force preferred software revisions across the estate. No AV and endpoint control, dual factor authentication for everything, firewalled DC’s… The list goes on and on.

And if your MAC doesn’t work, well, you should have bought something that’s enterprise ready instead of something that looks nice.

It consumerisation sounds great on the face of it, but what are the practical implications? What do we actually say to a user who’s device isn’t working? Go waste a day of company time trying to get help from a Dixons monkey?

The actual implication for the most part is that it departments will still need to support this kit but it just got a whole lot more diverse. Oh, and if it’s connected to the corporate network it still needs to be patched, service packed and running approved AV, firewall and data loss protections.

Sounds like a nightmare to me.

Nope. Nothing gets stored on the device, the only access they have to corporate infrastructure is lightweight. They can never download stuff to their own device. All they get is a browser or maybe ICA connection.

I’m not supporting something a user bought, god knows what they get up to with it. They’ll visit dodgy sites and install dodgy software, within weeks they’ll be passing their credit card details onto the Russian mafia. And I don’t care really. Here’s what you need to connect to us, if your device doesn’t support it…oops.

Years and years of abuse are about to end. Just like the OP states, we’ve had control for too long. It’s time for the users to take control of their own destiny. IT is piss easy, they can do it themselves.

You obviously work in a very different organisation to me.

Chromebook anyone? Samuri?

Attention IT people.
Don’t forget now.
At the end of the day you’re JUST support.

I’m not support.

I’m still not getting sucked in. I work in the IT(development) team of an e-retailer. We are here to support the business, but we have to work with the business to ensure our products meet requirements, so we need to be involved in decisions they make.

Any decent piece of software will provide API’s or interfaces for communicating with other systems, whether bought in or written in house. There are a number of common data interchange formats that I’m sure you are aware of. Anyway to sum up it’s not the IT departments that are the problem – it’s the person managing them 🙂

Have a fun day out there everyone in IT doing everything they can to provide the business support and to keep things going.

let me know if you need help developing your strategy, gingerss.

consumerisation works for everyone. The business sees massive savings, our workload becomes much more coherent and predictable, everything becomes far more secure overnight (which is where it works for me), dixons get lots of business and the users get what they want.

Obviously the users lose the protection that I provide to them but they all hate that. Half of them think I’m a facist. Take the OP for example, he thinks I’m just making work for myself. Nah, it’s alright mate, you can have my 60-70 hour weeks for which I don’t get paid overtime, you can have my unpaid on call and callout, you can have the directors bitching at me, you can have the ever-present danger that I could lose my job or even go to prison if I don’t provide sufficient due diligence. Here you go, here’s your shiny airbook and your cool iPad, fill your boots.

I’m not supporting something a user bought, god knows what they get up to with it

wish I could say that

Lol @ the use your own kit stuff – sure some SME’s may go that way but most companies won’t want anything to do with the additional security and support headaches it will cause.

As for the general theme of the thread – sure a lot of old school IT has had it’s day. I started in IT just as the good old ivory towers were coming down, then 5 years ago they had the audacity to move us into the open plan area (out of our nice separate little office where I had two desks…) :p Nowadays though we very much serve the business, although we also generate our own revenue as we do hosting/consultancy to. We’re about to start doing chargeback within the business and at that point I’m sure we’ll get dragged into the external cloud vs internal IT argument. My own view is most mid-large companies should be looking at building internal or hosted private clouds – that way you get a lot of the benefits but without the worry of who has access to your data. If you’re using Amazon etc. for your critical company data then you need to be aware of just how easy it is for several US agencies to get access to it, you also basically have no meaningful SLA and a host of other issues.

I’m not anti-cloud, far from it as part of my role is working on cloud stuff, but clueless business execs that sign-up for an external commodity cloud without understanding all the GRC issues really aren’t doing themselves any favours and if someone from IT points out issues then they’d do well to listen (although it should actually be driven by their legal counsel…).

wish I could say that

Precisely, you can;t be an expert in everything, supported user endpoints costs the business a huge amount of money.. If you can provide lightweight, DC-centric portals you don;t have to do that any more. You support the infrastructure, users sort out their own kit. And there are lots of options. You can provide Citrix front ends, SSL VPN web applications, you can give the users an operating system on a USB stick so when they want to connect they boot from that. All data in is your warehouses, or the cloud, whatever works best for you (although it’s really the same thing nowadays). You can easily offshore or onshore the data. You can drop a dual boot system on there with a windows 7 enrterprise desktop.

The user experience is great because it always looks the same whether they’re using a corporate device, a home PC or their iPad.

I’m going to start offering consultancy. Grand a day. Who’s first?

Lol @ the use your own kit stuff – sure some SME’s may go that way but most companies won’t want anything to do with the additional security and support headaches it will cause.

THERE WILL BE LESS SECURITY AND SUPPORT. Stop thinking as the client as something that needs to be secured. If you private or public cloud your services, the client is merely a window into those services. Access to business apps requires nothing more than a browser and maybe some Java. It can have every peice of malware on it that has ever existed and your business will never get harmed by it.

IT people can be very creative

lol. snorted macchiato froth over my macbookpro.

Well my company handed me a two grand laptop with a factory Windows 7 install and have basically let me get on with it. We have a portal from which we can download whatever software we need (that they supply). The portal installs a utility that also scans your computer and makes sure it has AV installed and a few other security measures.

I’ll shortly conduct an experiment to see if it lets me install legit games, cos it’s a kick-ass machine.

That’s a good start but it’s still an inherently flawed model.
It’s still permitting a heavy mobile client (your two grand laptop), which is controlled by an unreliable and unpredictable individual (you), full network access to the crown IT jewels of your company. It’s insane that we’ve carried on for so long like this.

An acquaintance works for Citrix and they’ve pretty much stopped issuing or supporting end-user devices entirely. They do it much the same way as car allowance works – here’s £x per year, go off and buy whatever you want that’s suitable to do your job – that goes for computers, phones, mobile broadband, the lot. Any issues with it are the employee’s problem. Employees generally very happy – some cheerfully make do with something basic and pocket the difference, some get the company to subsidise their new Macbook Air every year.

As you’d expect, they do have the kind of infrastructure that makes doing that very easy, and they don’t have to pay a big licencing bill to do it. Their office networks are effectively untrusted public access – all the infrastructure is heavily firewalled off.

It’s an interesting shift though – just in the last decade or so we’ve come from having environments where a big box on an office desk was the norm, and laptop users very rare exceptions who’d dial in as needed. These days most places I go to are mostly laptops, users have expectations of being able to work from home at least some of the time, and/or to get to various services (webmail, timesheet, etc) from anywhere. The kinds of people who’d do field-based work and come back to the office to tap it all in just do it wherever they are. The whole idea of having an internal network that is “trusted” and everything inside it managed and secure and which never leaves the building, just isn’t the case any more. Organisations can either dig their heels in and say “no” to everything, or spend the money on securing their stuff so that it doesn’t matter what device you connect in with, or where from. Happier users, happier IT.

Samuri – yes, it is a bit bonkers to be fair. Ok so I’m a skilled IT person and they trust me with more than my laptop security, but still. Lots of other non consultants on the other side of the business were also using their own Macs and whatnot on the company intranet. I think the intranet’s run more like the internet, to be honest – it must be.

EDIT this isn’t cloud computing either. There’s client code and documents on here. Nothing sensitive though.

That’s a good start but it’s still an inherently flawed model.
It’s still permitting a heavy mobile client (your two grand laptop), which is controlled by an unreliable and unpredictable individual (you), full network access to the crown IT jewels of your company. It’s insane that we’ve carried on for so long like this.

‘s pretty much where I was going.

Samuri’s right, of course, though it’s not an ideal solution for everyone (yet). With the ‘thin client’ model, you immediately remove a lot of end-user issues(*), but that’s offset by an increased demand on the back end resources (both people and kit). I’d hazard that there’s a tipping point on company size where it starts to become viable (and another where it starts to become essential). Re: Simon’s point above; is Citrix themselves can’t do it, we’ve got problems.

Setting up this sort of infrastructure isn’t all that hard in and of itself. Setting it up well, however, is another matter. Security, performance, accessibility are all primary concerns and the line of attack is completely different from a traditional fat client / server model.

(* – but not all of them. Printing becomes a major PITA, for a start.)

I can’t get around network access being a major issue for this cloud business though.

Samuri’s dream will be brilliant when it happens though I do think we’re a little way off just yet having been looking at our corporate strategy to implement exactly that.

Major headaches though are export controls (and US export tainting of non-US data) in particular – that’s where the legistlation isn’t up to speed with the technology (quite possibly deliberately in order to make it easier to claim jursidiction).

The whole idea of having an internal network that is “trusted” and everything inside it managed and secure and which never leaves the building, just isn’t the case any more. Organisations can either dig their heels in and say “no” to everything, or spend the money on securing their stuff so that it doesn’t matter what device you connect in with, or where from. Happier users, happier IT.

As above, it’s not quite so simple when you go beyond ‘normal’ business and into some fairly significant areas of international/global trade.

And this is my last word on the subject for the time being. 😉

We have implemented some of these technologies already. Not necessarily all of them in production but they’re in pilot at least. I never take my laptop home with me any more. I hit our web application portal using my home PC or my iPad/iPhone, once the screen is populated I have all my office apps right there, they look exactly the same as the fat apps on my laptop with the added security benefit that I’m accessing nothing directly, I’m using very little bandwidth because it’s technically a low cost webpage (it works fine over 3G), all the grunt is in our DC’s.

I can do this from Windows, any flavour of linux, a MAC, IOS, BEOS, you name it. It looks identical no matter which one I use from my old Ubuntu laptop to my monster Winows 7 desktop.

Molgrips, you don’t need that much in the way of access though. Some of this stuff will work over low bandwidth links, and if there is genuinely a reason that you can’t get to your company over a link somewhere, then you could always go for some sort of cached data solution.

Of course, your cloud apps would not work, but then this would have to be factored into the assessment for the user. You could always go for a local hypervisor-based solution and then pipe down a managed client image to the end-point. Offline, user can work as normal in that. When it has connectivity, image updates in line with the GPO or other policies. Look up XenClient and XenDesktop.

I tell you, it’s a brave new world out there.

Simon_g… who’s your mate, I might know him.