Skip to content

March 21, 2012

1

Deployment Blocker No. 1: Silo your talent

by Shelly Bird

Silos that organizations commonly have, and which can deeply hurt the speed and success of the deployment:

Active Directory Administrators, who often control (but not always) the

Group Policy Administrators, who rarely talk to the

Desktop Administrators, who might participate in planning or more likely outsource image work to

Image Developers, who usually do not consult with the

Help Desk Technicians, who are painfully aware of but often cannot control the behavior of

Local Administrators, who are just trying to get the real work of the organization moving along

 And all of the above hate the Security team

Actually, there are good reasons for many of these silos.  Local Administrators out in field offices frequently
regale me with war stories which prove if they didn’t operate as independently as possible everything would go down.  I am sympathetic to their plight, and wary of wading in and changing things too
quickly on that front.

However, leaving the situation as is won’t improve matters and is a major blocker to any deployment.
These silos are simply not conducive to rapid and effective deployments.  They are as un-cloud-like as you can get, structurally hostile to collaboration and enterprise services.  The only thing that alleviates the  problem is when personal relationships exist between the silos.

Security teams who are earnestly trying to do their job are often the most divisive of all, despite the fact they have the best of intentions and the most to lose should the environment get compromised.  The problem seems to be one of two (and sometimes both) in my experience:  either the Security team has all the responsibility and none of the control (purportedly they have control, but not truly), or they have a really hard time keeping track of what the other groups are doing to these systems, because the tools
are complicated and spread out.

As a result security teams often become marginalized and scared, or control freaks deploying intrusive scanning systems on every corner of the network.  The best security teams strike a balance and work hard to communicate with the other groups—but this is a rare and beautiful thing.

The Better Way:  I’ve learned over time that it is absolutely essential to get operations, security, and support staff in the same room as early as possible to hash out all the decisions in one pass prior to building the master image.  Often that is the first time they really sat down with one another.  Not enough, but it’s a start.

Getting a meeting like that is challenge enough, but beyond it, think about how to re-organize these silos so the right communications continue to pass back and forth between people? It has been different for each customer, since any personal relationships that already exist between the groups are where we usually have to begin this process of change.  There is plenty of turf protection, constant alarms over territory that might be lost, which everyone has to get through for the greater good.

I often tell customers that wherever they end up with their re-organization of IT staff, make sure there are checks and balances in the end state.  A natural tension should exist between operations and security—they have to balance each other out.  Help desk ought to have enough power to call out problems and force
Operations to deal with the root source of the problem—but rarely does.

This is part of a ten part series of blogs “Top Ten Deployment Blockers”

Advertisements
Read more from Uncategorized
1 Comment Post a comment
  1. Nat
    Jun 25 2012

    Thanks a lot !

    As a young admin who looks towards becoming an architect one day, this is great info – i’ve only seen the technical side of the job so far, and not the political one.

    Keep up the good work !

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: