20 more IT mistakes to avoid

Back in 2004, InfoWorld's then-CTO Chad Dickerson polled the best and brightest to reveal 20 IT mistakes that were surefire recipes for cost overruns, missed deadlines, and in some cases, lost jobs.

A lot has changed in the past four years, but one thing hasn't: IT's capacity to fall prey to misguided practices, given the complexity of the responsibilities involved. So in the spirit of "forewarned is forearmed," we bring you 20 brand-new mistakes that today's IT managers would do well to avoid. As before, the names have been changed to protect the guilty, but the lessons learned are plain to see.

1. Overzealous password policies
A clear and consistently enforced password policy is essential for any network. What good is a firewall when an attacker only needs to type "password" to get in?

[ Beware the original 20 IT mistakes and seven things IT should be doing but isn't. ]

But strict password security cuts both ways. If your password requirements are too complex and draconian, or if users are forced to change their passwords too often, your policy can have the opposite of its intended effect. Users pushed to the limit of remembering passwords end up writing them down -- in a drawer, on a Post-It, or on a piece of tape stuck to their laptop's keyboard. Don't undermine the ultimate aim of your password policy by insisting on unrealistic requirements.

Besides, passwords are so 2004. If you want strict access control today, think multifactor authentication.

2. Mismanaging the datacenter
Sys admins aren't exactly known for their neatness, but in the datacenter, order is essential. Spaghetti cabling, mislabeled racks, and orphaned equipment can all cause big problems. Careless provisioning can easily lead an admin to reconfigure the wrong server or reformat the wrong volume, so keep things tidy (and always double-check your log-ins).

Good systems housekeeping also means getting production servers off engineers' desks and out of their hiding places in the basement. Managing those assets is IT's job, and it should shoulder the burden with diligence and gusto. Make sure your CFO understands the importance of maintaining a datacenter that's large and well-equipped enough to grow with the business without turning into a jungle.

3. Losing control over critical IT assets
Senior management has a request: "The marketing team needs to run ad-hoc SQL queries against the production database." It's simple enough to implement, so you grudgingly make it happen and move on. Next thing you know, poorly formed queries are bringing the server to its knees before every Thursday marketing meeting. Your next assignment? "Fix the performance issue."

Backseat drivers are a hazard; handing over the keys to someone who can't drive can be fatal. The experience and judgment of IT management plays a crucial role in all decisions related to IT assets. Don't abdicate that responsibility out of a desire to avoid confrontation. A bad idea is a bad idea, even if business managers don't realize it.