Executive Suite: Let's examine three IT myths
- By Mimi Browning
- May 29, 2003
The quest for reliable, secure, and easy-to-use systems and infostructures remains a daunting one. It is made even more difficult because we can still be vulnerable to three IT myths. These myths plus suggested remedies are worth considering.
The first myth is centralization. Debate has raged for decades over whether IT resources'networks, processing centers, databases, funding and personnel'should be controlled centrally or locally. In large, complex government agencies, it is impossible and impractical to foster policies that mandate absolute control over these resources.
Interestingly, IT resources are not singular technology items wired together by even more technological wizardry. They are dynamic packages with internal and external constituencies, relationships, conditions, histories and aspirations. The savvy CIO weaves governance into the technology equation to move forward and accomplish the agency's mission and IT responsibilities.
For the single-network, single-database concept to become a reality, the CIO has to negotiate the standards and rules for federated networks, systems and databases. Improving agency missions and using resources wisely are more important than who owns what.
How can agencies remedy the problems they have with IT centralization?Educate and select CIOs and executive staffs about their IT governance competencies as well as their technical abilitiesRecognize and reward IT diplomats for their successes.
The second myth concerns security. Information security is not solely about technology. No matter how many firewalls, intrusion detection systems and encryption devices are deployed to enforce security, there will always be hackers and crackers, because we are human beings'and most Americans are trusting souls.
Too often, CIOs focus on the technology aspects of security, which are very glamorous and chic. They steer clear of the mundane and hard-to-regulate social engineering aspects of security breaches. Social engineering is the art of using influence, persuasion and manipulation to obtain information. Con artist scams and disgruntled insider attacks can defeat very sophisticated security devices.
To remedy these security problems:Revamp agency security awareness programs to target the human behavior and social engineering aspects of security violationsRaise the security accountability bar to include not only members of the IT community but all individuals in the agency.
Myths also surround the nature of logic in IT systems. Because of the inherently logical construction of computers, many people assume that logic prevails for solving IT problems. This is only partially true.
Wise denizens of the IT world recognize that technology problems are overcome by combinations of logic and systems wisdom. For example, assigning more people to a software project does not shorten its completion time because of the management and communications burdens they add.
Historical examples abound of the futility of using logic alone to solve IT problems, such as efforts in the 1980s to determine the ideal ratio of users to a desktop computer (was it 2.7?).
To remedy logic problems:Make sure the mental game for solving IT problems includes players with many talents and perspectivesRequire IT workers who receive paid training to take one course in systems thinking and philosophy for every three technical courses.Mimi Browning is a former Army senior executive who is now a principal at Booz Allen Hamilton Inc. of McLean, Va. Reach her at [email protected].
Browning is a former Army senior executives and former Booz Allen Hamilton principal who now leads Browning Consultants.