For IT, deny-by-default is standard operating procedure. Aimed at minimizing risk, this policy has IT's hand up to prevent end-users from installing any and all nonstandard software. From an IT security perspective, deny-by-default is sound practice. For fostering innovation? Not so much.
Nowhere is this more evident than with the tablet revolution taking place in today's enterprise. The iPad and Apple's curated App Store underscore IT's need to move beyond its deny-by-default history, embrace risk, and evolve its position with respect to the business.
[ Also on InfoWorld.com: Get Bob Lewis's continuing IT management wisdom in his Advice Line blog and newsletter. | Find out why running IT as a business is a train wreck waiting to happen. ]
Everything you've heard about running IT is wrong
"IT/business alignment" is a frequently used buzzword (FUB) meant to encapsulate effective IT strategy. But for the most part, this FUB, if you're of the acronym persuasion, is a poor choice of words and an even worse way of running IT. On a fundamental level, the notion of "alignment" separates IT from the rest of the business. And if alignment with the business is the best you can aspire to, you'll soon be toast in this rapidly evolving IT landscape.
As I pointed out (ahem) more than a year ago, everything about "running IT as a business" is dead wrong. Today's IT needs to make a double leap to get to the future. Mere alignment isn't going to do the job.
To succeed going forward, IT must become a successful steward, rather than owner, of technology. It must encourage innovation at every level, right down to the end-user. It must support "single-actor practices" rather than simply enacting global policies. And to do so, you're going to need IT/business integration, not alignment. Becoming an integral part of the enterprise, and not just a service provider to it, is essential, because nothing IT does from now on stands on its own. Everything -- people, processes, tools, and technology -- will be wired together to reinforce each other in service of the business mission.
Risk management: The IT philosophy that has become its ball and chain
There is one place where "alignment" is the right topic, right answer, and right vocabulary, and that's the choice of priorities.
The most basic fact of business is that there are only three bottom-line priorities: revenue, cost, and risk. No matter what anyone at your company does, in the end it must tie back to making revenue grow, keeping costs under control, or managing risks more effectively.
The way it generally shakes out is this: Small companies, startups, Apple, and -- sad to say -- a small minority of other large companies rank revenue first, with cost coming in second and risk a distant last. Most large enterprises, having fallen into the play-it-safe trap, rank cost first, with cost coming in a close second and, in third place, cost. They've given up on their ability to influence revenue, and as they can't measure whether their risk management efforts have any impact, they tend not to think of risk as a bottom-line value at all.
It's safe to say that, with the exception of industries in which lives are at stake (health care, nuclear power, offshore drilling), most businesses rank either revenue or cost as their top priority. Risk management just has to be good enough. After all, few actually face the threat of a long vacation in a government-run facility should events go awry.
For IT, the priorities are different, with the most common ranking being Risk, Cost, and What Was That You Said?