Sign up to our newsletter
While I’ve never had the pleasure of being part of an IT team at any of the companies I’ve worked for, I’ve always been very close to them, because for the security department they are our closest allies when it comes to installing the control measures that the company needs. And having worked so closely with them, I’ve had plenty of opportunity to think about some of the issues that often turn problematic, which, if companies paid them a little more attention and helped resolve them, would lighten the IT team’s workload.
Perhaps one of the biggest difficulties that IT teams in companies have to face is the large quantity of tasks that have to be done manually: software installations, updates, corrections and enhancements, just to name a few, all of which take up valuable time for the people responsible for managing the technology.
Thinking about implementing tools and solutions that assimilate these tasks is one of the best alternatives, and of course once they’ve been implemented, they need to be used appropriately.
How much of the time spent on dealing with incidents could be saved if our users were adequately educated?
Anyone whose day-to-day work is in IT must surely feel that a lot of their time is wasted on handling requests that, if the user was a little more aware of what they were doing, could be prevented.
Perhaps the best solution would be to think about investing more time and resources into educating users and bringing their knowledge up to date with regular, scheduled conferences, rather than wasting valuable minutes every day in dealing with a large quantity of small requests that could be easily prevented.
Here, we find ourselves facing the eternal problem whereby all too often urgent issues take precedence over what’s actually important. Unfortunately, IT teams often become the “firefighters” of the company, putting out any “fires” that might spring up on a day-to-day basis.
Naturally, unexpected events are always going to arise, but the main effort should be focused on reducing the occurrence of such incidents rather than on tackling them. Changing focus like this will inevitably have a cost to begin with, but in the medium term the results will speak for themselves.
With the increasing volumes of data we find ourselves having to manage, keeping information centralized and organized can be a real headache. Unfortunately, what often happens is that each user develops their own systems for storing things on their own devices, with reports containing sensitive data ending up off of the company’s official storage drives. This is all very well for the user who wants to improve the way they work, but it creates predicaments for IT teams in terms of how to guarantee the availability and integrity of data.
Being able to correctly identify information assets is the starting point towards achieving the necessary order to enable adequate management; perhaps users therefore possess the key to finding the best way to do things, rather than IT teams as is often believed.
Given how readily available IT teams are, and their curiosity and talent for resolving incidents, they often wind up resolving problems that fall outside the scope of their duty, which keeps them away from the tasks that should really be occupying them.
Guidance from the department’s coordinators therefore becomes very important so that tasks are clearly defined and so that this does not lead to a reduction in the level of management that the team should be focused on.
This point is closely related to the previous one, due to the lack of documentation and poor definition of procedures in order to be able to get on with both day-to-day tasks and more specific or contingency tasks. Naturally, it’s important to be able to improvise and this is an important part of an IT team’s skill set, but improvisation shouldn’t be the general rule.
Documenting tasks and procedures is the best way to be prepared for dealing with incidents, staff rotation and for the continual improvement of tasks dealt with on a regular basis.
Having systems that generate apparently infinite lists of events is not going to help much in improving the way IT tasks are managed, unless we have the necessary tools to process all those data and convert them into truly essential reports with just the right amount of information that the business needs.
By focusing our efforts on processing only those logs of real interest to us, we can achieve the results we are hoping for and not waste resources on collating, storing and processing more data than is necessary.
These are the issues that seem most relevant to me, based on what I’ve come across in my experience, but for sure there will be others.
Can you think of anything else that’s a waste of valuable time for IT teams in companies?Image credits: ©Hartwig HKD/Flickr
Author Camilo Gutiérrez Amaya, ESET