20 Surefire IT Mistakes

Beware these all-to-common IT blunders before they derail your career.

20 surefire IT mistakes

Cost overruns, missed deadlines, lost jobs -- we all like to think we learn from mistakes, whether our own or others’. And while the technical landscape advances quickly, one thing remains the same: IT's capacity to fall prey to misguided practices, given the complexity of the responsibilities involved.

So in the spirit of "forewarned is forearmed," we bring you 20 mistakes IT managers would do well to avoid. Names have been changed to protect the guilty, but the lessons learned are plain to see. Don’t get caught falling prey to these all-too-common blunders.

1. Botching your outsourcing strategy

Outsourcing mistakes come in two flavors. The first is the sin of commission: Outsourcing important IT functions to avoid the hard work of understanding them. Relinquishing those functions can make it hard to get simple things done. The other mistake is to hold onto functions that could easily and effectively be outsourced, especially in the era of cloud computing. IT organizations with an overt bias against outsourcing could be courting disaster. One example: Hosting mission-critical, revenue-producing apps in-house because you don’t trust third-party operations. Competitors more willing to rely on well-provisioned hosting providers will be rolling in revenue while you deal with inevitable downtime.

2. Ignoring the human element of security

Today's network admins have access to a dizzying array of security tools. But as hacker Kevin Mitnick is fond of saying, the weakest link in any network is its people. The most fortified network is still vulnerable if users can be tricked into undermining its security -- for example, by giving away passwords or other confidential data over the phone. For this reason, user education should be the cornerstone of your IT security policy. Make users aware of potential social engineering attacks, the risks involved, and how to respond. Furthermore, encourage them to report suspected violations immediately. In this era of phishing and identity theft, security is a responsibility that every employee must share.

3. Missing the mark on open source

Many IT shops are susceptible to “religious” behavior -- a blind, unyielding devotion to a particular technology or platform. Nowhere is that more true than with open source. On the one hand, the most conservative IT shops dismiss open source as a matter of policy. That’s a big mistake: Taking an indefinite wait-and-see attitude toward open source means passing up proven, stable, and scalable low-cost solutions. On the other hand, insisting on open source purity in your IT operation can delay progress, as developers are forced to cobble together solutions when more appropriate commercial software solutions may already exist. It all depends on the problem to be solved and the maturity of the solutions being considered.

4. Taking a half-baked approach to BYOD

It's easy to think of BYOD (bring your own device) as little more than allowing employees to be their own IT department, either to skimp on supporting devices directly or as a gesture of trust toward your most clued-in workers. Both ideas are misguided: Any device brought into the enterprise needs some degree of IT support, and even tech-savvy employees don't always know the full extent of the responsibilities of their BYOD privileges. Increasingly BYOD-conscious devices and solutions are coming to market all the time, enabling admins to make use of properly-designed security and management tools while keeping users happy. Get familiar with these offerings to match the right tools to your needs before signing off on your BOYD policy.

5. Promoting the wrong people

Rewarding your top technical talent with a promotion into management might seem like the right thing to do, but when that IT pro is not ready to give up constant, hands-on technology work in favor of more people-oriented management duties, it can be a mistake you’ll regret on many levels. Resentment from former peers, the challenges of new management duties, a found distaste for the new role -- all could lead to poor performance. Worse, the new manager might feel compelled to cling to the ill-fitting position because the old position might no longer be available. Management training can help avoid such disasters. But use your gut. Either the aptitude is there, or it isn’t.

6. Creating indispensible employees

As comforting as it may be to know that a single employee understands your systems inside and out, it's never in a company's best interests to let IT workers become truly indispensible. Take, for example, former City of San Francisco employee Terry Childs, who was eventually jailed for refusing to reveal key network passwords that only he knew. In addition, employees who are too valuable in specific roles can get passed up for career advancement and miss out on fresh opportunities. Rather than building specialized superstars, encourage collaboration and train your staff to work with a variety of teams and projects. A multitalented IT workforce will not only be happier, it will be better for business, too.

7. Clinging to prior solutions

A common mistake for IT managers moving into a new position at a new company is to try to force solutions and approaches that worked at a prior job into a new environment with different business and technology considerations. Part and parcel with this is holding onto technologies well past their ability to keep your company competitive just because those are the tried-and-true solutions everyone knows. The tech industry is in constant flux, and hitting the mark with the right solution as a new opportunity arises requires a unique ability to know just when to sever old ties.

8. Missing the mark on passwords

When it comes to security, new threats garner all the attention, but your biggest threat may be much more mundane: password policies. Weak or nonexistent passwords, user or admin accounts with widely known passwords, weak or well-known password-hashing algorithms -- each can sink your business. But the other side has caveats as well. Make your password requirements too complex and draconian, and your policy can have the opposite of its intended effect. Users pushed to the limit of remembering passwords end up writing them down -- in a drawer, on a Post-It, or on a piece of tape stuck to their laptop's keyboard. Don't undermine the ultimate aim of your password policy by insisting on unrealistic requirements.

9. Treating 'legacy' as a dirty word

Eager young techies may hate the idea that mission-critical processes are still running on systems their grandparents' age, but there's often good reason for IT to value age over beauty. Green screen applications might not be as sexy as the latest cutting-edge widget, but an older system that runs reliably is less risky than a brand-new unknown. Modernizing legacy systems can be expensive, too. Annual maintenance costs for new software projects often run into the millions. In these days of tightened IT budgets, don't be in too much of a hurry to make your "dinosaurs" extinct before their time.

10. Losing control over critical IT assets

Senior management has a request: "The marketing team needs to run ad-hoc SQL queries against the production database." It's simple enough to implement, so you grudgingly make it happen and move on. Next thing you know, poorly formed queries are bringing the server to its knees before every Thursday marketing meeting. Your next assignment? "Fix the performance issue." Backseat drivers are a hazard; handing over the keys to someone who can't drive can be fatal. The experience and judgment of IT management plays a crucial role in all decisions related to IT assets. Don't abdicate that responsibility out of a desire to avoid confrontation. A bad idea is a bad idea, even if business managers don't realize it.

11. Teetering on the bleeding edge

With public beta programs now commonplace, the temptation to rely on cutting-edge tools in production systems can be huge. Resist it. Enterprise IT should be about finding solutions, not keeping up with the Joneses. It's OK to be an early adopter on your desktop, but the datacenter is no place to gamble. Instead, take a measured approach. Keep abreast of the latest developments, but don't deploy new tools for production use until you've given them a thorough road test. Experiment with pilot projects at the departmental level. Also, make sure outside support is available. You don't want to be left on your own when the latest and greatest turns out to be not ready for prime time.

12. Putting too much faith in one vendor

It's easy to see why some companies keep going back to the same vendor to fulfill all manner of IT needs. Large IT vendors love to offer integrated solutions, and a support contract that promises "one throat to choke" will always be appealing to overworked admins. If that contract has you relying on immature products outside your vendor's expertise, however, you could be the one who ends up gasping for breath. Rarely is every entry in an enterprise IT product line created equal, and getting roped into a subpar solution is a mistake that can have long-term repercussions. Giving preferential consideration to existing partners makes good business sense, but remember there's nothing wrong with politely declining when the best-of-breed solution lies elsewhere.

13. Failing to virtualize

If you aren't taking advantage of virtualization, you're only making things harder on yourself. Stacking multiple VMs (virtual machines) onto a single physical machine drives up system utilization, giving you a greater return on your hardware investments. Virtualization also allows you to easily provision and de-provision new systems, and to create secure sandbox environments for testing new software and OS configurations. Some vendors may tell you that their products can't be installed in a virtualized environment. If that's the case, tell them bye-bye. This is one technology that's too good to pass up.

14. Mismanaging your cloud strategy

Cloud computing offers a powerful value proposition: The ability to increase capacity or add capabilities without investing in new infrastructure, training new personnel, or licensing new software. But jumping in blind can be much worse than missing out on the upside of the cloud. Empty promises, integration issues, and security concerns are just a few of the snafus dogging the cloud to decision, one that could mean simply upgrading to the new devil, the one you don’t know. Don’t assume you are simply relinquishing responsibility for a cranky infrastructure component or pushing a persistent headache to a cloud vendor. Far from it; when embracing the cloud, you are opening yet another avenue for blame -- one over which you may have little control. Strategize accordingly.

15. Plowing ahead with plagued projects

Not every IT initiative will succeed. Learn to recognize signs of trouble and act decisively. A project can stumble for a thousand different reasons, but continuing to invest in a failed initiative will only compound your missteps. Have an exit strategy ready for each project, and make sure you can put it in motion before a false start turns into a genuine IT disaster.

16. Mismanaging software development

In his seminal book "The Mythical Man-Month," Frederick Brooks posited that planning projects based on "man-months" ultimately does not work due to the unique nature of software development. Yet, 30 years later, many IT managers still cling to this disproved strategy, naïvely staffing projects with the right number of people for a defined amount of work when getting quality people is more important. Of course, waiting for superhuman coders to come along is a lousy staffing strategy. Rather than obsess over "10x developers," focus on building 10x teams. You'll have a much larger talent pool to choose from, meaning you will fill vacancies and your project will ship sooner. Another mistake of software development: Thinking the job is done when the software is delivered.

17. Setting unrealistic project timetables

When planning IT projects, sometimes confidence and enthusiasm can be your undoing. An early, optimistic time estimate can easily morph into a hard deliverable while your back is turned. Always leave ample time to complete project goals, even if they seem simple from the outset. It's always better to overdeliver than to overcommit. Flexibility will often be the key to project success. Make sure to identify potential risk areas long before the deadlines are set in stone, particularly if you're working with outside vendors. By setting expectations at a realistic level throughout the project lifecycle, you can avoid the trap of being forced to ship buggy or incomplete features as deadlines loom.

18. Underestimating the importance of scale

You may think you've planned for growth, but chances are your systems are rife with hidden trouble areas that will haunt you as your business builds out. Be mindful of process interdependencies. A system is only as robust as its least reliable component. Any process that requires human intervention will be a bottleneck for any automated processes that depend on it, no matter how much hardware you throw at the task. Cutting corners is another recipe for future headaches. As tempting as it may be to piggyback a departmental database onto an underutilized Web server or let an open workstation double as networked storage, resist. Today's minor project could become tomorrow's mission-critical resource, leaving you with the unenviable task of separating the conjoined twins.

19. Failing to secure a fluid perimeter

IT’s responsibility now extends to Starbucks and beyond. The increasing mobility of workers, combined with the proliferation of devices and mixed use of both business and personal technical assets in the workplace and at home, means that IT is now responsible for securing systems on networks it does not control, and for securing internal networks from devices it does not own. In a more decentralized IT environment, centralized approaches to network security are no longer sufficient. Beware the temptation to trust the security of critical assets and data using strategies that do not acknowledge the fluidity of today’s corporate perimeter.

20. Focusing on cost rather than value

It started with TCO and just kept getting worse from there: Locking down PCs, eliminating training, insisting on “plain vanilla” software implementations -- these are the easy ways to cut spending. Never mind that locking down PCs stifles innovation, that eliminating training makes employees less productive, that plain-vanilla implementations make business processes less effective. The company saved a few bucks on the IT budget, so it’s all good. Cutting IT spending to reduce the company budget is like cooling a room by blowing cold air at the thermostat: Everyone swelters, but because the only thermometer in the room is on the thermostat, the metrics improve. Instead, focus on what your company gets for what you spend on IT.