With great power comes great responsibility and sometimes that simply means there will be things you don’t want to hear. This is particularly evident for IT leaders who have learned to develop thick skins. Still, knowing what went wrong and why and taking accountability is not always an easy pill to swallow. Like all things related to honesty, it is what you do with the knowledge you gain that will set you apart as an IT leader. How do you react and adapt? So what kind of things will IT leaders hear that make them spit out their coffee? Let’s start with:
Your code is bad
Nobody wants to hear they cannot get the fundamentals right, but sometimes this one will come up. Indeed the bravest of the brave will point it out but when the facts start speaking for themselves in system failures, servers that fall over in a stiff breeze, and there are more holes in your code than a sieve, then it becomes hard to ignore there might be something wrong with the code. It might even be as simple as messy code by that I mean too much code that is not tight or succinct and weighs everything else down, sloppy plugged in code that does not flow with everything else, or code that assumes that the happy path will always rule. All of this will result in breakages in production and live environments. The fact is everything has a butterfly effect and the best way to avoid this is to write clean code that is not so complicated it sets everything else off in a panic. So what’s the solution? Sometimes just not being aware of a programmer’s limitations can set you down this road. A good IT leader will know what each person can do what their strengths and weaknesses are and how you use them in a place they can shine. Don’t be afraid to cherry pick and move skill sets around. What if the problem is you? You have not kept abreast of the massive numbers of advances coming down the pipeline and buzz technologies are being shoehorned in regardless of whether they are a good fit for what your business needs, It happens and more often than it should. What then? Time to brush up your skills do some reading, take some course find a new hobby learning a revised software language that was once de rigeur. If after research that golden child technology being pushed by the business still sounds good, go ahead and make it work for you. The point here is if you are not surrounded by teams that know what they are talking about, it is easy to get duped by the bright lights of a new technology. If your code talents are not what they used to be but you recognize that of your team then don’t be shy about encouraging them. If it is all bad then you need to take accountability for what you missed and why and how to fix it.
Manage your patches or else
Your software is unpatched and represents a massive security risk. Okay so you start off with great intentions then the patch pace accelerates as does the application time because the size has grown. The cost of doing this, rises considerably, I don’t refer to the financial cost as most organizations are willing to pay for the update, but the confidence in the software update. Will installing the latest patch break a critical business function? Naturally this dilemma is short lived as the update occurs and if the breakage follows a rapid scramble is set off to remedy it. This is no justification for poor patch management it just offers clarity on how lapses can happen. The fact is unpatched or lapsed patch software represents a security and compliance risk and cannot be ignored especially with the adoption of cloud applications advancing as they are. So what is the best way to deal with them knowing that software developers and therefore software vendors are constantly publishing patches with features that deliver code on time but also produce vulnerable software? It is the responsibility of the users to test them and apply them with haste given that time delays means hackers can exploit the gap left when the developer built the software. One plan of action is to keep on top of patch management another is to dump Microsoft IE for browser use and opt for Google Chrome which at least updates automatically and for platform security play it safe on an Apple Mac OS. The most dramatic course to take is be a pessimistic realist and know the software will fail but gauge your success on how you detect, react and recover.
You were hacked and you didn’t even know it
These are words no IT leader wants to hear because the implications go far beyond monetary implications. First of all it infers a lack of knowledge of your own systems and processes, not only that it suggests the basic tenets of security were not followed and you were sailing along thinking you had battened down the hatches. Secondly the reputational damage can be catastrophic especially if you have a heavy reliance on keeping data safe and unexploited. Worse still if large sums of money are involved in fields such as fintech. So in this scenario what can you do? You can’t just hike up your security with bigger better more advanced network appliances because they increase complexity and are hard to manage, and that’s the last thing you want when you have been breached. If you assume you have been compromised and you know your biggest asset the data is to be protected at all costs, then systems can be built around doing just that instead of focusing on networks for example. Seeing as more data is at risk simply because there is so much more of it in many more places, security is going to become more important. Docker based containers for cloud data can help but beware they can add a level of complexity which then too has to be secured.
Times have changed and some scary things are here to stay
This is another ouch moment because nobody wants to hear they are outdated and behind the times. The truth is even more painful when your role is to be at the helm of all IT advances and innovations. The fact is IT is moving at a dramatic pace and it will stop at nothing to feed the desire for businesses to be bigger, more dominant and aggressive when it comes to beefing up a profit margin. Competitive advantage is correlated with tech knowhow and being on the cusp of the wave that brings the next revenue hike. So the progressive IT leader cannot be dismayed by new technologies which actually coincide with the “we want everything at our fingertips now” mantra call it a ‘bespoke compartmentalizing for individual use’ movement. A good example is the smartphone, the BYOD (Bring Your Own Device) which was once the only means of subversive shadow IT an employer needed to worry about. Innocuous enough despite not being part of the organization’s IT infrastructure and considered renegade, it now has the capabilities now to do so much more and is accepted for doing it. IT applications can be set up and thus the personal compartmentalized data center is born. The forward thinking IT leader knows not to raise their eyebrows at the charge of technology because if you can think it someone at some point will be doing it. The difference being when to know if the setups coming from the shadows are nefarious or not.
Not every cloud has a silver lining
The cloud is not the panacea it has been hailed as and cloud operations are not the answer to all IT woes. First of all the financial impacts have been a lot bigger than most organizations can afford which is why it is rare to find full migration to cloud and instead a part in part out approach is adopted. Part of this could be down to taking a judicious “try before you buy,” approach after all the hype around cloud has been huge. Dipping a toe into the water is wise especially as it turns out the cloud is good for some things and not others. Yes it can offer agility, scalability can reduce your costs allowing focus elsewhere on core issues, but those who immersed themselves fully did so at a cost. Quite literally as the smaller business can find it untenable after a while, the pay per use factor can be appealing though. Other concerns come in the shape of massive security and compliance issues, data protection is king. Then there is the downtime problem since the cloud is internet based, these points alone have in effect stalled much-craved scalability. Not thinking through what an application can and can’t do is serious folly and using the cloud requires a savvy IT leader and their team to do their due diligence to see if it can support their needs. If you like to be in control of your systems and not be restricted to service provider timescales and connectivity, then the cloud is not for you.
And keep in mind that not all cloud providers are created equal. THe least expensive ones often have less features, and less stability, while the pricey big 3, have everything an IT department would need. But at a cost. And tech teams used to manage these services are becoming harder and more expensive to find and maintain.