About a year ago I took the opportunity to completely outsource my network function to a partner organization.
Why? Well to paraphrase the great Peter Drucker:
"...maintaining within an organization an activity that is used only intermittently guarantees incompetence."
Basically we weren't using our networking skills enough to keep it in-house and our network isn't large/complex enough to warrant a full-time headcount, so when we did make changes it took us a long time and the results could not be guaranteed, now I wouldn't say we were incompetent but I definitely would not go as far as saying we were networking experts either.
My deal on these kinds of situations is to take a cold hard look at what we are doing and ask ourselves the following questions:
Does it add to our competitive advantage?
Are we the best people to be doing this?
Can this be done better by someone else?
Does this process add value?
If you can't answer yes to all these questions then you should really take a look at outsourcing.
In the last 12 months my company has been busy and I "really" mean busy!
We moved our 2 largest corporate offices, merged one branch office, acquired 4 companies in 3 different countries, all while implementing a Global Disaster Recovery project and during those periods the war cry was "Zero downtime, faster integration and on target delivery!"
A mentor once taught me that there is opportunity in chaos, it would have been easy with all this change going on to simply run into a corner and hide but it was also an amazing opportunity to re-architect our core network infrastructure.
Well I'm not one for hiding so I with the help of my team and some trusted partners we set about the task of redesigning our core network infrastructure in order to make it easier to understand and secondly a scalable and re-usable template.
A Re-usable Template? What's that you may say!
We'll here's the thing, linking up and architecting networks for future growth can be a tad difficult. However if you have a standard template in place you can easily replicate the network design somewhere else making it:
Faster and easier to deploy (I already know what it's going to look like before I've started or been engaged);
Faster to document (search and replace anyone?) and;
Requiring minimal knowledge overhead i.e. If I know the Storage Area Network details on one site, I instantly know that it's going to be in a similar range and have the same configuration on another site.
I also know exactly how much a acquisition of a new site will typically cost, the estimated lead time of equipment and resources needed, I and my vendors call this the standard acquisition kit and I can give my vendors the heads up that we'll need one ahead of schedule as soon as we've completed the IT assessment.
With this template we have lowered our integration implementation time of new acquisitions to sub 72 hours and we hope to reduce this down to less than 24 hours in the future, so if your organisation is big into mergers and acquisitions it may be time to breakout the cookie cutter!
I often get vendors and colleagues coming to me and asking why I standardise my networks on Cisco from the front to the back end.
I hear:
But "Brand X with added secret sauce" switch is cheaper!
I don't need all that power;
What the hell is a VLAN?
Have I got a deal for you!
Psst! It's end of quarter and I'll throw these in for you;
Hey look what I found in the stockroom! A XYZ switch let's plug that in!
Cisco doesn't have that killer app, whiz bang, disruptive technology feature that you'll kick yourself in ten years time if you don't have it now.
However in the face of this questioning and persistence, I hang on like a old dog with a new bone and summarise my reasoning in this one sentence:
"If I throw a brick out the window odds on it's going to hit someone who knows Cisco"
The pool of candidates and suppliers is large enough that the skill set is a non scarce commodity, I will always be able to find someone who has Cisco skills and because of the extra functionality they will be able to maintain them from anywhere in the world.
I also won't have to find the all singing, all dancing network superstar with the brain the size of a planet who can understand the nuances of how multiple vendors kit can play well together.
I can enable the common specialist and allow them to produce uncommon results with greater speed and efficiency at a lower cost.
In a down market I can switch to second-user Cisco gear from authorised dealers and that typically saves me a 3rd off the list price while still maintaining this strategy.
So if your going to make that next big purchase ask yourself,
"If I throw a brick out the window, what are the odds on it's going to hit someone with skill XYZ ?" You could save yourself a lot of time, effort and money.
Like most IT organisations, mine has a shadow, an underground IT department that is the first to find and try out new gadgets, identify just the right products that make their business units operate more effectively and implement solutions so fast it'll make your head spin.
They are quick, they are nimble, they are smart and guess what they are as well? They are willing to come to you and discuss what they are trying to do to ensure it is right for the business, as long as you have an open door and are willing to give them a fair hearing.
This partnership does not happen overnight though it takes and will continue to take a lot of work but here are some tips to keep all parties on an even keel.
Don't ignore what's going on It's good to talk, ask them what they are doing and how you can make it good for both them and the business as a whole, remember the old adage "Think Globally Act Locally" well you can bring the big picture to their ideas and help them flesh them out out more fully.
Help navigate them though dangerous waters These systems may well grow faster than anyone had planned or quickly become insecure Heath Robinson contraptions that are doomed to be abandoned sooner rather than later, so help develop a "Support Ecosystem" for them to ensure their long term viability.
Refuse no reasonable request Don't be known as Dr No, fully qualify why the solution is not viable and together with your Shadow IT representative find one that is. Remember "Collaboration" is the watch word of the day not "Command and Control" Treat them as an extension to your team not separate from it Share your detailed strategy, goals and thoughts with them this can help both you and them for a number of reasons including:
They may be able to help you implement some the technology by being advocates, champions or consultants;
They will appreciate knowing what you are working on and may even save time and energy in case they were planning at looking at the same problem;
They will tell you if your completely way of base! They may well be a lot closer to the business process in question than you are and will correct you if your assumptions or data is wrong;
They will help you identify solutions to problems you can't figure out yourself.
Remember they may know than you do Working in an IT Department does not mean you know everything, your Shadow IT counterpart's expertise in the technology domain being looked at may diminish your own. Be humble and defer to their knowledge you may just learn something!
Know when to call in SWAT If your both out of your depth you may need to bring in the consultants, try not to let pride and ego get in the way.
Treat policies as guidelines not as hard and fast rules Sometimes there's something really comforting about a document saying you can't do something, even when it is outdated and makes absolutely no sense in the current climate. Periodically look at your policies with a critical eye and challenge the areas that don't make sense and adapt them accordingly.
Go Skunk! Sometimes it will be better to just let them run with the concept alone and see what they come back with as a proof of concept. In these cases treat them like a Skunk works, give them resources, autonomy and a date to synch back up and share their findings and results.
Information Technology is moving at a rapid pace, appreciate and leverage the resources around you don't alienate them.
Since the iPhone came out last year there has been many disputes as to it's viability in the enterprise.
Key issues raised against it was it's inability to easily connect to Microsoft Exchange and lack of remote push and wipe features, well looks like that's all a changing.
Apple has opened up it's iPhone Enterprise Beta Program with a bunch of features clearly targeted at Business including:
Push email
Push contacts
Push calendar
Global Address List
Certificates and Identities
WPA2/802.1x
Enforced security policies
More VPN protocols
Device configuration
Remote wipe
Microsoft Exchange ActiveSync Support
Now I could just stop right there but there's another bit of good news coming down the pipeline and that's with Apple's recent release of their SDK.
Truphone a UK VoIP company who wants to abolish roaming charges by routing your calls via the Internet rather than over the normal mobile networks announced on their blog that they are currently looking at the iPhone SDK and hopefully this will allow them to get their software fully integrated with the iPhone soon.
If these two technologies arrive soon they have the ability in my opinion to place the iPhone as the Numero Uno phone to have, it will work with the number one corporate email server and also allow you to travel across continents without having to pay any roaming charges.
If you're anything like me, you will be always on the lookout for ways to drive down operational costs while enabling business to operate more efficiently so here's hoping in 6 months these two products will be on the market.
In a world where the rules of engagement are constantly changing and the boundaries are constantly in flux it's sometimes easier to hang steadfastly on to what we've done in the past.
In this new world we believe we are right because we "know better" that is in the past this was bad and therefore now it must still be bad right? I remember aeons ago one of my previous bosses demonising email access unless you had a VPN, a work supplied laptop and a work supplied router.
After I took over his role I considered his resistance and I couldn't find any reason to maintain it. Why? Well consider the following:
Does easier access to email systems enable the flow of information, enhance communication and collaboration? Yes
Are the rewards greater than the risk? Most likely
What is the risk of someone actively targeting our company that they would tail our staff around in the hope that they would go to an internet cafe , log into our networks, not log out and give away some critical piece of information? With Educated users? Pretty low I'd say
Now this may appear as blasé but I've worked in the security game in the past and know that to penetrate someone's systems this way takes 3 things, persistence, skill with a mixture of luck and bloody mindedness, it's not like in the movies because your average high level Executive's password is not the name of his favourite pet.
Today I was challenged by one of my guys that we should restrict a method of access to systems to other employees because it was classified as an exception to our security policy, it bypassed our standard method of access and even though it was audit-able would not be initially tracked in our currently run of VPN metrics.
Now I admit I felt a little pressured, I initially thought well I don't have a problem with this, what is it that makes it's so wrong? Is the world going to end if I do this? What is so wrong since another member of staff (including myself has this access).
Now I initially paused to reflect and assess if what was being asked of me was such a bad thing. The only think I could come up with was this decision was motivated by fear, fear of lack of control, have we got to the stage that we do not trust our colleagues so much that we think that giving them additional control will cause our companies to come down in flames?
Be free! Fly away birdy! Yesterday I set my Wi-Fi network free, I removed the password policy on the router and allowed anyone within range to access the Internet without having to log in, give me their network card address, or throw the voodoo bones on the table.
Now now before you all go crazy and lose your minds citing security, hacking, fire and brimstone, dogs and cats sleeping together and general total anarchy, I'll explain my reasoning here.
One of the Globally Nomadic Execs at my company got themselves an iPhone (*I WANT ONE*) and it is truly one of the coolest, easiest to use devices on the planet, he can use it for almost everything "except" in order to use it effectively he had to come to my team to get a password on the captive portal, log into the captive portal, authenticate and then after all that he can get in and do some productive work.
Does that make sense? Doesn't that seems to be a lot of hoops to jump through in order for a colleague or business partner to get access to the Internet on link that is totally isolated from our internal network for the sake of security?
I thought what are we afraid of? So I told my guys to set the Wi-Fi bird free from it's cage, they looked at me aghast and promptly went to closet where we keep the the straitjackets, luckily before they managed to secure, gag and call for the men in white coats for me they came up with their core issue "But someone will still steal our Wi-Fi!"
So that was the trade off, Ease of use vs. Fear of someone getting a freebie on Wi-Fi access!
Today guys, I chose to set my Wi-Fi bird free.
See Bruce Schneier Security Matters Commentary on Wired - Steal This Wi-Fi
My Mama's favourite saying to me as I was growing up was "Common sense ain't all that common" so I figure uncommon sense must be abundant right!?!
So I'm starting this blog as of now to show that my own particular brand of uncommon sense in the IT world can help myself and others to learn that just because that's the ways it's always been doesn't mean it always has to be done that way!
