It starts when something breaks, he says. Engineering is called in to fix it, and they find third-party apps installed on their servers. They immediately take away the developers' access rights. Management notices a drop in productivity (or gets tired of hearing complaints from the dev team) and sets up a meeting with engineering. The engineers are instructed to restore the developers' access rights. Then something breaks.
Repeat onto infinity.
"The problem is that in most cases IT departments still operate in silos," says Shalita. "There was a time when developers were asked to build an app and the company would create the infrastructure to support it, no matter what the cost. Organizations don't do that any more. So both sides have to operate more intelligently. Developers need to engineer applications to operate more efficiently in their environments, and they need real-time data from operations to tune their apps to work better."
IT turf war No. 3: Admin-on-admin violence
For every few thousand hardworking, conscientious system administrators, there's one who will abuse his awesome powers. That's why one of the biggest battles within IT departments is between the good admins and the evil ones.
The classic scenario: A sys admin departs on bad terms and decides to wreak revenge.
Solutionary's Heimerl says he worked with one high-tech company that terminated an admin for selling pirated satellite equipment via one of the company's Web servers. As he cleaned out his desk, he opened one file -- the one containing the corporate escrow key for all the encrypted files held by the company, as well as all of the employees' encryption keys -- deleted its contents, and resaved the empty file, making it unrecoverable. Roughly two dozen employees lost complete access to all of their work for the previous three years, he says.
Fortunately, Heimerl says, such admins are the exception and not the rule.
"In 25 years of doing this job, I've dealt with hundreds of companies employing millions of people," he says. "We've had to deal with admins who've abused their privileges maybe a couple of dozen times. For 99.999 percent of admins, this is never the case. But when we do hear about a rogue administrator gone wild, the danger is to say admins are going to run amok and steal things from the company. It breeds a culture of mistrust from management to security to IT. It's counterproductive. But you can't afford to be unprepared for it either, or it could cause an event that can cripple your business."
Independent technology consultant Allan Pratt says he started his tech career as a sys admin for a small newspaper back in the 1980s. The guy he replaced had taken all the system passwords with him when he left, leaving the company to start from scratch.
"I think some people you'd call bad sys admins may just be people who don't think," he says. "They aren't self-aware. They leave and they don't care about anything else. But it only hurts them in the end. Down the road someone will ask, 'Do you know so and so?' and you'll say, 'Yes, he walked out on us and took our passwords with him.' It's a small industry. The only things that have meaning in this life are your name and reputation. Lose them and you'll never get hired again."
Open-First's Shelton says bad employees are inevitable, but companies can do more to wrest some of the power from a single person's hands.
"It's the human condition," he says. "People who have a little bit of power and feel better about themselves when they exercise that power. It's as true of a guy running a parking garage as it is of a systems admin. But it's also an opportunity for organizations to look at the points of control and devolve responsibility so that multiple people are involved in all the key decisions."