Sunday, February 13, 2011
I'm horrible at this
Wednesday, May 26, 2010
Stop hitting yourself - or - Management by Exception is a Sucker's Game
It should be obvious to any reader that executives have access to high value information, are publicly identifiable and therefore targetable, and are likely to have on their devices information which is extremely sensitive. This is often compounded by the desire of IT organizations to comply with executive ease-of-access requests. Such compliance is demonstrably short sighted.
1
Problem One: Executives desire personalized products and services. Unless the IT Organization is capable of providing a concierge level of attention to the executive and their exception-based devices and services, the executive is more likely to have a more negative experience than if they were using the default options which current processes can successfully support.
Solution One: Don’t offer executives what they want. Offer them what you can best support. If they insist on having unique resources, charge the executive’s department for the increased support costs. Don’t allow your desire to meet an executive’s unique desires place the executive beyond your ability to successfully support. An executive’s time is one of your company’s most important assets. They make the big bucks because every bit of information they handle is important. Any downtime they experience is lost dollars for your company. Do not allow them to put themselves in a position where you can’t keep them up and working. Your responsibility as the steward of your company’s IT systems does not allow you to wash your hands of the results of “giving in” to executives.
Complication: Your IT management must have the courage/executive buy-in to challenge your other executives to do what is best for themselves and not what they want, or pay for the exception so they can have both at the same time.
2
Problem Two: Executives don’t want to deal with the hassles required by your security policies to access information. This is obviously counterpointed by the fact that the executive has access to more information, more sensitive information, and more regulatory and litigation relevant information than any other class of employee in your company.
Solution One: Sarbanes-Oxley. Executives who demand access to information without appropriate security barriers place themselves and the senior executives to whom they directly report at risk for Sarbanes-Oxley compliance. An executive cannot possibly state that corporate essential information is secure if they just made your IT department grant them exceptional access to that same information. The term of art to use is “compensating controls.” If executives demand easier access to a system, research ways to provide equivalent security in easier to use forms of control, and bill the executive’s department for that product, its implementation, and its ongoing management.
Complication: [It’s the same] Your IT management must have the courage/executive buy-in to challenge your other executives to do what is best for themselves and not what they want, or pay for the exception so they can have both at the same time.
3
Problem Three: Executives escalate issues via management channels, not technical channels.
Solution Three: This is a tough one. Executives think in management channels. They have a problem they go to what they know, not your helpdesk. The best thing you can do is make sure that when the issue reaches IT management, the IT manager in question immediately hand walks the issue to the appropriate normal channel. You can’t stop your SVP of HR from calling your Systems director about a SharePoint password. What you can do though is walk that issue over to your helpdesk, instead of handing it to a systems admin whose time is largely wasted and who isn’t as customer-focused as your helpdesk personnel. Your helpdesk should be the people BEST at giving a good impression of IT, not just the people who usually give the first impression of IT.
Complication: [It’s not quite the same] Your IT management must be willing to both redirect angry executives and occasionally deal with really angry executives when the normal pathway fails to resolve the problem. That’s not a reason to ignore the pathway though, it’s a reason to improve the pathway and the people in it.