CXO

The "Can't Do" IT shop

Patrick Gray discusses why IT has to let go of the attitude of "it just can't be done."

There was an interesting response to my last column suggesting that one of the CIO's biggest challenges in the coming years will be supporting employees who want to "bring their own technology" into the workplace. If you work in a company with remotely trend-sensitive or tech-savvy leaders you most likely have already seen this phenomenon firsthand, with the CEO or CFO poking his head into the CIO's office, holding the iPhone in his hand, and demanding "make this work with our e-mail!"

Most of the comments pointed out that there are legitimate security and management concerns for employee-selected technology, but when your competitors and customers are using these devices, the benefits rapidly begin to outweigh IT-centric drawbacks. Despite this, the preponderance of comments to the last article concluded that this "just can't be done." If you have been dealing with corporate IT for a couple of decades, the arguments might have sounded vaguely familiar; these were the same cries and doomsday predictions that rallied against giving the unwashed corporate masses Internet access, e-mail, and even the now-ubiquitous personal computer. When a legitimate business case was presented for each, that chorus of "can't do" reached a fever pitch, often until IT was bullied into joining the party, or merely ignored and bypassed.

Even for less dramatic changes, in far too many IT shops, "can't do" becomes a knee-jerk reaction. From the junior programmer fighting a minor change request, to the IT executive providing pages of reasons why something can't be done rather than exploring the request in any detail, "can't do" at its worst becomes an institutional policy and the sound one hears right before IT ceases to expend the mental energy to look for solutions, options, or alternatives.

I am certainly not suggesting IT should be a cadre of order takers, ready to unquestioningly leap toward anyone's merest whim. What I'm saying is that in too many IT organizations, the pendulum has swung too far in the direction of "can't do." All the well-intentioned management-speak about business alignment, focused execution, and strategic partnering immediately goes out the window when your standard operating procedure is "can't do." How can I be "aligned" with you when I immediately match any request with a reflexive "can't do"?

Expunging "can't do" from your IT organization's vocabulary will not only polish up a potentially tarnished image but also allow you to better grasp business or strategic trends affecting the organization and capture rough ideas and suggestions that can later be refined into a gem of an idea. If nothing else, allowing legitimate requests to be aired and responding in a thoughtful and transparent manner make the requestor feel far better about their interaction with IT, even if in the end the request is denied.

In many areas, the old standbys of security and cost no longer outweigh potential business benefits, and when IT comes aboard as a partner in figuring out how to best deploy these technologies it will likely result in far less heartache than being forced along, kicking and screaming, to comply with a corporate fiat.

Patrick Gray is the founder and president of Prevoyance Group and the author of Breakthrough IT: Supercharging Organizational Value through Technology. Prevoyance Group provides strategy consulting services to Fortune 500 and 1000 companies. Patrick can be reached at patrick.gray@prevoyancegroup.com, and you can follow his blog at www.itbswatch.com.

About

Patrick Gray works for a global Fortune 500 consulting and IT services company and is the author of Breakthrough IT: Supercharging Organizational Value through Technology as well as the companion e-book The Breakthrough CIO's Companion. He has spent ...

53 comments
jobej
jobej

Sorry so late to the discussion; just saw post. 1. IT "professionals" & "experts" are not (at least SHOULD NOT be) paid bobble-head dolls -- we are expected & depended upon to explore the length, depth, & breadth of any or all worst-case scenarios we can concoct in our own quite fertile imaginations or of which we can locate anecdotal evidence of occurrence 2. We are expected & depended upon to weigh consequences of what can go suddenly, horribly, catastrophically WRONG with the possible benefits to the organization, business, agency 3. We are expected & depended upon to deliver concise, understandable reports of our analysis, assessment, results, & recommendation to management for consideration 4. Regardless of the direction of management's decision, we are expected & depended upon to "make it so" Just 'cause it's new & shiny, has fun noises, & incurs a collective "I want it!" from the crowd who firmly believes s/he who has the most toys 'wins' doesn't necessarily mean "it" is worth the cost in hardware, software, or time to incorporate "it" into the business. One of the things I've noticed is the majority of the "I want it!" folks are usually the loudest boo-hooers & whiners when they don't get their collective way in something, which is where a sizeable proportion of the myth of the "Can't Do" IT shop originates. IT CAN do it & DOES do it every single day! What we try NOT to specialize in is mindless slavery to fads, recommending the business spend money just to satisfy the irresponsible acquisitiveness of the "I want it!" children to own every new electronic plaything on the planet, & careless disregard of network & data security. Sorry if that irks you, Mr. Gray, but we're actually earning our wages.

The 'G-Man.'
The 'G-Man.'

Just sign this legal disclaimer telling you that 'you are on your own' should you lose the device and data fall in to the wrong hands.

dcollins
dcollins

A word of caution about jumping on the latest gadget bandwagons. Once you set this up, your staff will be forced to support it - are you prepared to support every variety of gadget out there? This can become a huge time sink for a staff that, if like most, is already stretched thin. Another cause for concern is that if you don't know anything about this device, and attach it to your network, do you really know how secure you are?

efehling57
efehling57

You should never say "it can't be done" without first offering to look over the request and make sure it doesn't present any policy conflicts. "It can't be done" can soon become "sorry, but your employment here is terminated."

entnow
entnow

I have worked in it environments that have a bring your tech to work approach.Its a goddamn nightmare

gcrain
gcrain

I find this article rather disingenuous. If IT has become reticent to accede to requests to expand their responsibilities it's because they have realized that when budget time comes around nobody wants to pay for it.

Ken Cameron
Ken Cameron

IMHO, it is NOT "can't do", it is "won't do" or "shouldn't do". The real problem is IT's lack of ability to say no in a way that non-IT people understand. If you show the CEO a draft of the legal document he/she would have to sign before he/she could use their personal device for business, this problem would disappear in a nanosecond. Interestingly, this personal device freight train is most likely going to pull out of a number of stations before the lawyers get those documents in place, and we will all read about it in the WSJ, and in various possible scenarios: CEO caught having an affair when his iPhone was confiscated for eDiscovery. -or- Highly confidential and secret merger talks disclosed by thief who stole CEO's iPhone. A few people brought up cost. IT groups have now been living in then world of "more with less" for years, but 2008-2009 were back-breakers, and I doubt if support of personal devices will be probable cause for hiring new support staff. At a time when companies should be narrowing the choice of user devices, allowing personal devices would be a joke.

Englebert
Englebert

Even though it may not be feasible or possible, just listen to what they're saying. Every suggestion is an idea and although not possible now, may be possible in the future. If it cannot be done now, just give them the reasons logically and in language they'll understand. Never be an instant head-shaker. Say ' Ill look into it and get back to you ' . Then discuss it with your Sr. Analysts and present a suitable response. Ideas and logic over negativity and emotion.

GSG
GSG

I have to ensure that we adhere to HIPAA and HITECH regulations, which means that we have to have complete control over the hardware that accesses our systems, the people who access our systems, and the information they look at. I have to be able to produce an audit that says this user was in this system, and looked at these things, and printed to this printer. If we allow people to randomly bring in their own devices, we lose all control over our information and we'll be getting some seriously huge fines when someone loses their device and patient information gets out. In addition, we could lose FDA approval on some of our systems. Our systems meet FDA approval if they run on specified hardware. If we run it on a different hardware, even just one user, and it's a clinical system, we lose FDA approval. Then if a patient has an adverse event, and it's found that we didn't use the approved hardware, then we're in trouble.

TGGIII
TGGIII

Sure "it" can be done - opportunity cost for the time and money to make "it" happen are the issue. What wil yeid the greatest benefit to the customers, invesotrs and employees. THis is a simultaneous equiation - lose at one, you losse at all eventally. Yes is the answer but are we asking the right question.

andrejs.berzins
andrejs.berzins

Barring legal or contractual barriers, the spectrum of what's available and what is truly beneficial diverge greatly. Not every gizmo has real benefit for a broad audience, often punishing or criminalizing certain behaviour is not beneficial or possible. On the other hand, when 2nd tier managers flaunt new gizmos that are outside the menu and the CIO looks the other way... its over. If you have a good robust service catalog, make such devices are both expensive and limited in scope/timeliness/quality (make sure you catch that cost center) but everything is possible when someone is willing to pay. Subcontract the service out and make sure you recover 100%. If the CEO approves, obviously you have good cards for the next budget round when you come with something with real value.

Oldmanmike
Oldmanmike

Is it just me, or are you noticing a lot of recent articles proposing ill-advised policies or activities? Is TR trolling for comments? Let's see....... Recent articles asked if we should just let people bring in their own laptops, if it's time to eliminate the password, and now, we in IT should not say no. At least this article wasn't a video podcast without transcript, but it's really lacking substance. Assuming that there are organizations out there just saying no without backup, how does the author propose to fix the problem? Could the author discuss how to create a collaborative environment? A place where the users can identify needs, and the IT department can come up with a solution? Not a situation where users come up with solutions instead of letting the experts find solutions that don't create more problems.

zd
zd

I worked at an organisation that has three types of users. Let's call them: 1. Regular Users 2. Elite Users 3. Associate Users With regular users, they perform organisational duties and can be forced to use institutional tools. Should they bring their playstation on the institution network? Nope. For this type of user: "Can't do". For Elite users, they bring in big money and prestige. They want to bring their latest toys, we needed to have a can-do attitude. For Associate users, they supply their own devices and even *live* at the institution. For these users, you need to provide what they want and deal with the issues some other ways. They want to plug in a Playstation? Can do. If you haven't figured out the type of organisation I'm talking about, it's not made up - it's real. And some of these are BIG. The point is that there isn't a one size fits all. The author's opinion in a military contractor environment would be a disaster if a poorly informed senior manager "fell on his sword" to implement what he is suggesting. But, the point that is being missed here is that it's easy for IT to say no. IT has become as predictable as government in having "no" at the tip of our tongues. Personally, there's always a "yes" ... at a cost. That cost can be financial or operational.

LocoLobo
LocoLobo

If I say "Can't Do!", you as the President will fire me and hire the CFO's kid who is a real whiz and "Can Do". Maybe. You're seeing this from the desk of the "pointy haired manager" of a consulting firm. For me it's not so much Can Do, Can't Do but Will Try. But I have another job to do. PC tech, Network Admin, Exchange Admin, DBA, & IT Security. There are no funds for training, new software, hardware etc. So be patient on my Will Try. If I don't get back to you... well, you figure it out.

Kris.J
Kris.J

Here's the mission statement I've adopted in our department, and drill into all IT employees: The IT Department exists to empower the end-user. Our mission is to empower end-users with technology resources that help them do their job, while keeping the security, efficiency, and core principles of the organization as a whole in mind.

fgranier
fgranier

Patrick, you are persistent in your ideas, but short on how to solve the issues. Even worst, you try to minimize the problems. Have you already solved them and do not want to share? Being short on how to solve the issues, is why IT can't do, not because IT enjoys upseting their clients and benefactors. Please enlight us.

altug.gur
altug.gur

provided that planned resources, training, expertise and budget are given. Most of the "can't do" approach stems from expecting IT to do everything without providing the things above. Give them what they need and suddenly you'll see a smiling, more positive IT. As the old adage goes "something for nothing is a big utopia"

Stephen Mason
Stephen Mason

It looks like the comments/replies in the earlier blog have bee ignored or passed over. People outside 'IT' struggle to understand/explain what 'IT' actually is, and therfore can't assimilate the problems connected with it. The notion that anything can be done if requested rather should it be done is so silly the writer should be given a verbal warning or better still fired! The guy is quite dangerous!The last few years in the UK has seen too many instances of this sillyness with sensitive data being 'lost' or 'found'. People like the blogger should go back to what they do, and not tread on our patch. I suppose we could start a new business explaining to Corperate Bosses that it's dangerous to NOT listen to IT specialists?

BigIve
BigIve

Firstly lets get the main point out of the way - yes many time IT can be very negative to end users. There are many reasons for this; some of which are borne out of experience and some out of prejudice. The annoying thing about articles like this is that they hash up impractical ideals which have little or no basis in modern corporate life. The rest of us have to deliver daily to corporate co-workers who are focussed on making and selling products and services. The corporate world has to follow rules - including legal compliance, industrial standard compliance, safety compliance whilst managing environmental and mroal concerns as well as protecting intellectual propery. Users with their own equipment are dumb, lazy criminals. Ok I am overstating for effect but, left their own devices (pun intended), users will run amok. IT also has to have a calming effect - we need to temper the users desire for sexy tech with practicalities of running a business. For example "Technology leaders" get tumescent about using iPhones for email when better results can be achieved using Blackberry or other smartphone - often for less money and effort. Also - and this is a big mental leap for many IT guys - most users don't care about technology. They want to do their job. New tech just makes their life more difficult. We take a hit in productivity every time we introduce a new tech. Production rates go down every time the manufacturing software gets an upgrade. IT does have a responsibility to work as part of the business to bring in appropriate technology in a timely manner to a budget. I know this is a bit of flame, but it annoys me when a journalist (or consultant) who works in a rarefied environment gushes about some "new" concept which has little or no basis in reality. I'm off to explain to a PhD why he can't store his mp3 collection on the server. ;-)

lars.aarby
lars.aarby

I use to call this "the gun to the head" principle because there not much you can do when you get the reply "can't do". I always ask (my)people not to reply in such a way but rather tell what they can do: Sure, It might not be all that was requested and at the desired time but at least the dialoge is open and we're trying to fullfill the request. The point is that the customer feels that they now get a choice and they all react posetive!

vickaprili
vickaprili

Many computer shops cry "can't do it" and rely on the format and reinstall the O/S option extensively. Very little concern is paid to saving customer data. "its your data" being another cry of the industry. Too inwardly focused for my liking.

Deadly Ernest
Deadly Ernest

legal advisers and review all contracts and laws before you even look at allowing significant changes to IT policies that restrict what is and isn't allowed. Some years back I got paid some significant money to make a five minute presentation to a company board and the company senior management, after doing two days research about the company's operations. I got called in as a consultant by one of the division heads who knew me personally. They had a major issue that was splitting the senior managers and it was IT related - it was all about the use of portable computers by senior staff and what could be on them. Existing IT policy was extremely tight about not adding any software, not internet access, no wireless access, etc. My simple presentation consisted of explaining that what the new General Manager and a few of the senior staff wanted was technically feasible and did not breach any of the laws related to the industry, one of the points being pushed by the IT section being compliance with industry and privacy security laws. I ended it by simply stating the only reason they would NOT wish to do what they wanted was it was in direct violation of the section on security with one of the their major government contracts and they would loose over forty million dollars revenue per year the moment the agency found out about the change in policy. Suddenly the wanted change wasn't such a good idea. It's these sort of issues that the IT area is more likely to be aware of than senior managers not directly involved with that account. Too often I've seen major screw ups occur because senior managers will NOT listen closely to the people working on the coal face because they are not getting and immediate 'Yes, sir, three bags full, sir' answer in response to their wants. And often, it's the companies run by these managers that have difficulties a few years later, due to lost clients and revenue because of such attitudes.

NotSoChiGuy
NotSoChiGuy

If the loss of productivity & knowledge capital along with increased security risks are only viewed as "IT-centric drawbacks", I'd argue that the firm is in a lot more trouble than trying to integrate iPhones into the mail environment. As Palmetto has pointed out, many of the arguments, while not put as delicately as someone in a leather chair may want to hear, are based on precedence. However, I will agree that IT should at least consider a (reasonable) request or recommendation before outright rejecting it; providing workable solutions whenever possible.

CharlieSpencer
CharlieSpencer

It's not 'can't do', it's 'shouldn't do'. We can do it, but it's part of our job to state why we think it isn't a good idea. As to the lost fights against Internet access and e-mail, time has shown many fears have been realized. The problems with wasted time, strained resources, and various malware have all come true, and for the same reason many of us oppose personal hardware on company network: businesses want the benefits of these technologies but don't perform the user training necessary to minimize the liabilities. Then IT is held responsible for the misuses, non-uses, and abuses. And I'm still waiting for someone to explain what an employee is supposed to use when his personally-owned system has a problem.

Chris_Muncy
Chris_Muncy

The only problem I have with using personal devices in my infrastructure is that of IP. Most of our employees are sales related. If for some reason they leave, or get fired, I want all of that data on their device. Having the device owned by the company makes this a little bit easier.

Editor's Picks