stty consulting › our future

Top 20 IT Mistakes to Avoid

1. Outsourcing

Outsource important function in IT just to avoid the hard work while keep the simple function that easily to be outsourced. The shift to managing the outsourced function far to often overlooked.

2. Open Source

Decision to adopt an Open Source strategy does not go through careful and rigorous analysis. If a company does not examine the possibility of using Open Source, there may be lost opportunity with regards cost reduction in software support and license management. However, Open Source can introduce a significant burden on system developers supporting the system due to its lack of stability and standards.

3. Offshoring

Not carefully conducting a detail analysis before deciding to offshore some of IT Support Jobs. Cultural Issues, management and many non-technical issues (including travelling) accounts for some un-successful offshore strategy only delivering less than 20% reduction in TCO (Total Cost of Ownership)

4. Internal Security Threats

Based on survey and study conducted by Gartner, 70% of security threats are generated by internal employees. Based on CERT and US Secret Service reports 87% of internal security checks are conducted using simple and legitimate procedures / process, but the IT department focus on external threats and forget the internal threats.

5. Security of Fluid Perimeter:

As the workforce in general move towards a mobile workforce, the IT Security perimeter extends not only cover the Company LAN / WAN, but also the 'wild-west' network arena of every Internet café in the world. In most cases IT adopt the 'mobility' strategy without preparing the security risks associated with it

6. Security for Handheld devices

Many companies embrace handheld, such as PDA and SmartPhone, as standard IT devices; however IT security policy and procedures for those devices are not properly defined and implemented. In some instances some executives, sales personal, use their PDA to store e-mails and corporate data so they can read whilst out of the office, and they forget to assign password to their PDA. Once the PDA is lost, that critical information can leaked to other parties easily.

7. Promoting Wrong People

In some businesses in order to reward a very talented technologist, they promote him/her to managerial position. So he/she shift from technology hands-on type role to people management. Not all technologist can make this shift of skill-set easily, in some cases, the technologist not doing good in managing his/her team, will not produce the results expected.

8. Change Management

The IT team sometimes are not fully aware of how things they do can impact the business significantly. In the technical sense it may be just another 'tweak' in the data entry form, but to user in the field it is big-deal because it changes the way they do their jobs. In some cases, huge amounts of time and money are spent just to mitigate system changes that are not properly analyzed and communicated.

9. People in Software Development: Quality vs. Quantity

Based on Fred Brooks' book, "Mythical Man Month" it is described that most of the time project managers in IT calculated people requirements in term of 'Man-Days', 'Man-Month', etc without carefully analysis the skill requirements. Experience teaches us, in IT project, quality of the people give more impacts to success of IT projects compared with the quantity.

10. Developers conduct QA Test

Letting IT developers doing their own QA test is basically will lead the IT department inevitable disaster. Many improperly tested applications, systems, or infrastructure updates have created major business catastrophes as a result of 'self-testing' policies.





11. Overconfidence on MS IE

Internet Explorer has been the de-facto application for Web Browser, but be aware of its security weaknesses. Make sure that all your PCs are up to date with security patches.

12. Network performance Indicator

Giving a simple report to management regarding network performance in most cases creates misunderstanding. Network performance should be measured in the various aspects such as port utilization, link utilization, and client utilization.

13. Bandwidth is not always the answer for Network problems

In most cases, if an IT Department has problems in network response the immediate solution will be to increase the bandwidth. Not in all cases will increasing the network bandwidth automatically increase your network response times. Detail analysis should be done before investing your budget on additional network bandwidth

14. Weak Password policy

Based on SANS Institute's Top 20 IT Vulnerabilities list, weak authentication and password policy is a major threat to the business. In some companies the policy regarding password and User access is not properly implemented or enforced.

15. Never sweating the small stuff

Although CIO should focus on big pictures, in some cases they also need to pay attention to small things. Take example of 'The Washington Post' domain renewal issue happened in Feb 2004, where their domain was not renewed because of somebody in IT Dept forget about it and cause e-mail knocked out for hours before it got renewed.

16. Clinging to prior solutions

For new IT management, do not force what you've done successfully in your previous place in the new place. Most of the time it does not work...

17. Coping with new technology

In these modern times where technology is far easier to implement, some users are using technology that IT Dept does not know about that it all. It is important to keep updated about the new technology outside.

18. PHP

This is a programing language for Web Application Development. Don't only focus on J2EE and .Net developing tools

19. KISS (Keep It Simple and Stupid) principle

Many IT projects resulted with products that are significantly too complex to be used by the average Users.

20. Slave to Vendors Marketing Strategy

Be careful with your IT Strategy. Make sure your IT Strategy does not simple follow your vendor's marketing strategy especially in light of a new release or their version management policy.