SBA

Why is IT so primitive?

Computing is wonderful, possibly the most wonderful thing to happen to humanity in the past couple of centuries, certainly it rates up there with the exploration of Space, the Automobile, Air Travel, Broadcasting, Telephony, Photography and the other major transformational influences of our age. We can communicate instantly with people all over the world, create art from our photographs and videos with an ease and sophistication that would challenge any darkroom technician only twenty years ago, share our knowledge and passions, and learn from the knowledge of countless others who have similarly shared their insights online. As a force for good Computing is unrivalled in exposing injustice, helping farmers across the globe to grow more and better crops to feed the world, sharing medical knowledge ….

So why, when Computing is bringing such advances to the world, is the company IT so Primitive? Why do I have to use this antiquated black box which is so unfriendly and counter-intuitive? Why can’t I use any computer anywhere? Why can’t I use the software that works for me? Why can’t I take my work home unless I take a clunky and heavy company laptop with a pathetic battery? Why can’t I communicate with my customers via Facebook? … and so on.

It sometimes seems as if Corporate IT doesn’t live in the real world, instead it exists in a parallel universe run by mad authoritarian dictators intent on holding back progress and making our jobs harder. However we characterise the IT Manager there are good reasons for this apparently regressive behaviour, and please believe me when I tell you that most IT Managers go home to the same sexy tech toys that you enjoy.

Change Management in IT refers to the problems we face when we change or upgrade the company’s IT systems. It is sometimes about the technology itself, but it’s much more often about the way we use it. ICT has become embedded in our business processes, very often if we want to change business process we must modify the IT, and if we change the IT we risk forcing a change of business process. It is not a career enhancing move to be the IT manager who has to report to the directors that the upgrade to the Order Processing system was successful but unfortunately due to an incompatibility the sales team will have to retype every Internet order into the new system until we develop a new £80,000 interface in four months time. Change needs to be considered carefully, taking into account many factors to avoid mishaps, it is often necessarily a lengthy and expensive process. Very often the adage “if it ain’t broke don’t fix it” is sound advice.

IT manufacturers would of course like us to upgrade to the latest and greatest new product as soon as it’s released. Windows 10 is a prime example, it was launched on July 29th and only one week later Microsoft supplied a huge update of bugfixes and tweaks. Over the coming months there will be many more such updates as real users discover the problems the new software brings, and Microsoft runs around in circles trying to fix them. Experienced IT managers will quietly ignore the latest and greatest until it has been on the market for 18 months before deciding whether it is fit to roll out to the business - or not. Sometimes the latest and greatest is a lemon, a Ford Edsel like Windows Vista, best avoided altogether. Given the choice between old but reliable or buying new things and having the helpdesk swamped with users problems is a bit of a no-brainer for the IT manager, the mature model is very appealing.

Both of the above examples show the IT manager being focused on one thing - risk. The IT manager is in his heart a risk manager. Innovation and potential productivity enhancements are nice, but having the business running smoothly and reliably is nicer. Risk is a theme running through all of the IT manager’s thinking and determines pretty much all the restrictions you find in using your company’s IT  ….

If the company supplies your software then it knows that it has a licence and can’t be prosecuted for software theft, that the software will generally work OK, that the helpdesk will probably know how to answer your technical queries, that it doesn’t contain a virus which will infect other computers - there are a myriad good reasons for the company to dictate and supply the software used for the job.

Social media is wonderful at many things, including getting people to visit dodgy websites and download amusing but dodgy games which contain malware that steals personal information. There are several ways for IT managers to combat this threat, but all of them cost money and time except the simplest option of blocking access to social media and other risky websites.

Similarly the limiting of access rights so that you can’t install that really useful bit of software which would help you in your current project also protects the company against the use of unlicensed software and the risk of loading a virus onto the network.

These dodgy bits of software might steal your data, but they might also steal the company’s trade secrets, or data about its customers or employees, breaching the Data Protection Act and leaving the company open to significant reputational damage and even prosecution.

This risk of data theft is also behind the company’s insistence that you may only use company-provided and managed computers and smartphones, and that you can’t access the company network without awesomely painful levels of security which mean you have to save your work and log in again every 30 minutes or whatever. Current estimations show that the value of a company’s data is about half the value of the company; the responsibility for keeping that safe can be a heavy burden to the IT manager.

So it’s pretty simple really, your IT systems at work are staid, boring, outdated, restrictive etc. because the IT manager is controlling risk - on the one hand he has to provide tools that will enable the company to work, and on the other he has to prevent the company from being ruined by the failure or accidental misuse of those tools. But is that risk real, or is the IT manager paranoid?

New technology has always brought with it new problems, and by definition in being new the nature and significance of these problems are unknown; it has always been necessary to mitigate against this and not only in corporate IT. During the Cold War it was common for military technology to be built using old-fashioned techniques so they would be less vulnerable to the shock of atomic bombs.

Despite our best attempts to mitigate against the problems introduced by new technology, serious failures still occur even in “mission critical” systems. The infamous Chinook helicopter crash in the mid 90’s which killed several high-ranking UK intelligence officers was caused by new software in the Chinook’s engine controller. More recently there have been several major recalls of cars because software vulnerabilities in their control systems enabling hackers to take control of the engine or brakes - there are many examples of new technology risks occurring even when the developers of those technologies believe they have made failure impossible.

The reality is that new technology is risky. The risk appetite of each company is a matter for the board of that company and most boards will prefer safe over sorry. The attitude of the IT manager to risk will depend upon both the company’s approach to risk, and the manager’s seniority and personal risk appetite - it is much easier for a director to accept risk on behalf of the company than for a middle manager, hence companies with IT Directors tend to be more adventurous in their adoption of new technology than those whose IT is run by a middle manager who eventually reports in to the CFO or COO.

In the final analysis the modernity of corporate IT is all about risk, about preventing technology failures which would be an inconvenience for a domestic user but a catastrophe for a corporation. Finding the right balance is difficult and is different for each company. Ultimately Corporate IT is inherently conservative, and in some ways it needs to be because of the responsibility it bears, but there is a difference between being conservative and being stuck in the mud!