When startups attempt to mature beyond bad habits, management has a hard time discontinuing slurping bad practice’s teat. Does “We didn’t have to do this at Employer X. At Employer X, we had root so we could respond quickly to down time incidents.” sound familiar to you? Unfortunately, too many I.T. / I. S. executives do not understand the business concepts behind change management and how it relates to Operations. Thankfully, they understand it in their political battles. Executives understand “high velocity management.” Commonly, this is referred to as running fast and loose. It is an optimistic approach. Unfortunately, optimism breeds outages. Principle of Least Privileges does not jive well with running fast and loose. Management views this principle perpendicular to their financial budget and head count. Management does not understand bleeding edge change management concepts push least privileges into a process, instead of the traditional function and role / job responsibilities. Bleeding change management concepts spawned out of the idea of entities automating themselves out of a job. Change Management personnel desire less redundant overhead, lean business processes, and ensuing streamlined policies and processes. Typically, service oriented architected institutions have processes put into place which take ideals, concepts, and provides a service. In many service-oriented organization’s operations, change management tools would be delegated with administrative privileges. As a result, one would apply built-in gating processes to provide checks and balances. If Alice can push a change to QA without QA’s approval, then one has bigger issues than a least privileges violation. One should look their miscommunication(s.)
Happily, as a result of maturing change management, communication improves. From conception to end of life, diverse teams with vastly different objectives work together to achieve the same goal: deliver business requirements as rapidly as possible and make money. Every resource is driving towards that goal. If every process is not driving towards that goal, watch teams bounce into each other like drunks in a bar. These drunken teams will go through the motions and the organization’s business side will not see any value in employing these teams. Ask a prominent cloud billing service about why they closed their China office. Change control endows organizations to become reactive to fluctuating market forces in order to be as aggressive as possible, and outpace competition. Organizations desire to have this in place moving deftly and systematically as possible to ensure that they stay in business. Beware, organizational structure and poor management may lead to delays, duplication of effort, and disrupt objectives / progress.
Don’t worry; vendors have the latest Silicon Valley buzzword tool to mitigate any negative outcome. If you aren’t sure, head to RSA-SF and walk Exhibit Hall. Do not believe sales account executives. They are incentivized to provide for their family, and grow revenue. Tools will never be your Holy Grail. “My cloud DLP solution will solve all of your data exfiltration threats. All you have to do is setup a Narus sniffer, log events to Arc Sight and spend $60,000 on professional services.” With that being said, pick the right tool(s) for the job. Properly utilized tools will enable an organization’s processes to become more effective, reliable, and agile. Be careful of a common process pitfall; when tools do not work with each other, they remain tools, outside a process. One’s mileage will vary.
One last item: Many times, I see deployed tools support previous organization’s bad habits and broken processes. The architects and implementers forget it is the goal of business processes, which reinforces and specifies the reasons for and how to best use the tool. Change management is really simple, do not make it harder than what it needs to achieve: simplicity, automation, delivering, and empiricism