Friday, April 28, 2017

Raising the bar on technology

I wanted to expand from my article this week about how technology should contribute to an organization. Technology systems can be a boon to organizations, when leveraged effectively.

But we also need to manage that technology effectively, too. Too often, I have observed IT organizations fail at systems management. "Information Technology" is more than setting up a few servers. You can actually put your organization at risk if you don't put in place certain safeguards to keep systems available to your end-users.

I have worked in technology for over twenty years. Much of that time was spent in infrastructure and operations, including leading the enterprise infrastructure and operations teams at the University of Minnesota: my teams supported over 1,100 servers at the university, running critical systems for over 65,000 students and delivering over 33,000 paychecks every two weeks.

In that role, I was frequently audited by our internal auditors, on average a little over once a year. Not because I was the subject of an audit; my department was audited about once every five years. Rather, because if the auditors examined another department, eventually they would review the servers that support them, and that meant me.

So through my own experience, I have developed a (growing) list of best practices to manage technology, at a level that satisfied our auditors. Here are a few highlights from that list:
  1. Redundancy in data center
  2. Architecture review
  3. Application management lifecycle
  4. Backup validation
  5. Disaster recovery planning
  6. Risk analysis
  7. Business value mapping
  8. Configuration management database
  9. Job automation
  10. Isolated file transfer
As I review this list, I think the data center (the first item in the list) is falling in importance. Most organizations are moving to Cloud, and I think that makes sense for many applications. Certainly we will always have some applications hosted locally, but it's not hard to predict that local data centers will be minimized, running only those systems that must connect to local devices (such as research, or managing IOT) or cannot be migrated to the Cloud for other reasons.

How does this compare to your environment? What would you add to this list?

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.