IT pros do battle every day -- with cyber attackers, stubborn hardware, buggy software, clueless users, and the endless demands of other departments within their organization. But few can compare to the conflicts raging within IT itself.
Programmers wage war with infrastructure geeks. IT staff butts heads with IT management. System admins battle for dominance. And everybody wishes security would just leave them alone.
[ Also on InfoWorld.com: Learn how to avoid IT's biggest money wasters -- and how to assemble your crackerjack A-Team for IT special ops. | Get sage advice on IT careers and management from Bob Lewis in InfoWorld's Advice Line newsletter. ]
"One of the iconic examples of IT conflict is operations versus software development," says Mark White, CTO of Deloitte Consulting's Technology practice. "The software dev people build something and throw it over the wall into production, and operations is expected to make it work 24/7. Or the apps developers versus the database managers. App dev wants a high level of abstraction, but the database admins need well-conceived calling patterns to get the performance they need. And the security people, well, it's sometimes said they put the 'no' in 'innovation'."
Are you at war with other members of your IT staff? Read on to see if these stories sound familiar and to find out how to transform tension into productivity for all.
IT turf war No. 1: Security vs. the rest of IT
When Jon Heimerl worked at the CIA, his job was to ensure that data passed securely between the overseas sources who gathered it and the stateside analysts who parsed it. Trained as a systems engineer, Heimerl regularly worked with one of Langley's many security departments. On the wall, next to the door leading to this security department, was a sign that read, "The answer is no."
"When someone comes to the security people and says, 'I want to do this,' security's default answer is to say no," says Heimerl, who's now director of strategic security for managed security services firm Solutionary. "It's not that they want to keep people from doing anything. They just want you to think about it first so that you can do it more securely. But the perception becomes that security just says no."
It's a classic IT conflict. The security wonks believe users can't be trusted. The techs can't get any projects off the ground because security has tied their hands. Both sides circle each other warily. Worst-case scenario: Employees decide to bypass the House of No entirely and do things on their own.
Heimerl says Solutionary was once called in to work with a Fortune 100 retailer whose marketing department had decided, on its own, to build a public-facing website without informing IT security. The site was outside the company's firewall and employed default user names and passwords. It was only discovered after Solutionary did a routine sweep of the company network.
"From the time we started pen testing it until the time we had administrative privileges was about 17 minutes," he says. "From there, we had a free pipeline into the corporate network. Within about 30 minutes we were able to log on and change prices for items on the websites of individual stores."