There has been a lot of articles and posts lately about users and the user experience and how IT interacts with users.
My “first” read on this came a few months ago in Network World, What users hate about IT pros, to which I rough-drafted a response essay I never did post on here on exactly the opposite topic, What IT pros hate about users. In the past few weeks, even more posts:
the snide IT attitude | counterproductive approaches to IT | dan morrill #1 | locutus | dan morrill #2
So who is right and who is not? Honestly, they are all right, to an extent.
There are problems with IT staff and “normal” users meeting together to work effectively and create proper solutions for a business. But the subject is far more complicated than so many writers are trying to make it out to be. In order to really look at a solution that works for a given business, the IT roles need to be better defined, the corporate culture needs to be evaluated, and then the exceptions need to be acknowledged.
IT should be sliced into smaller chunks as there are vastly different roles in an organization. What is important to, and how that employee relates to such things like users, differs even in our own field. Internal application developers will be different from those that develop applications sold to external users. IT shops that host services for external clients differ to those that just host internal infrastructure. A networker is different from a help desk jockey is different from a CIO. In fact, in each of those areas there are even still different roles that the workers and managers each fit. A help desk jockey is different from a help desk manager.
Does a backend networker need to be attentive and aligned with business needs as much as his or her manager? Or perhaps the user-facing help desk jockey? What about an application developer creating a standard application that will be used by 100,000 customers versus the internal application developer creating a system to be used by 10 people all located inside the company?
Once those chunks are defined, one can then look at a target corporate culture and managerial paradigm. Only then can real statements about IT, users, and the relationship of them be effectively made. Are the users technical in nature or not? Does the corporate culture encourage worker to worker interaction across boundaries, or does all of that occur only through manager levels? Can a beer be involved? Is it important to a business to have a customized service or a standardized product?
Lastly, look for the exceptions. It is true, sometimes customers make unrealistic demands that are a detriment to IT or even the business. When a customer gets on a metro rail system, do they expect to be allowed to guide the train and stop it at exactly where they want to get off? No, and to demand such when getting on the train is unrealistic. Likewise, users getting on the IT train need to plan and make requests properly as well, or at least be open to the possibility that their (and every other user) request may not be met. While the metro rail customer may be able to appeal to the train boards to add a new stop that happens to be closer to their home, what if every user made that request no matter what part of the city they were in and are not satisfied until the train stops within a block of their house? In that case, many someones will be disappointed in their request.
There is something to be said about being a good IT provider, but also about being a good IT customer.
But what if there are to be general, blanket comments and attitudes made? Is there some credo that all IT people can live by to do their work effectively and prosperously in the business world?
Perhaps. In the end, it is not about making a better widget, improving uptime, or meeting every customer demand both internal and external. It all gets back to the things that matter in life, the soft skills of working well with people and users and IT pros. Be respectful, professional, and honest. Work together to make great things happen in a company.
To bring this back to information security, Dan Morrill says something I think is important and cannot be said enough. If we end up being roadblocks to users, users will adapt and do things some other way which may introduce security and audit issues, widen the gulf between them and IT, and cost the business money.
The real bugbear is trying to figure out how to best work with the users in a given role with a given corporate culture and with the exceptions that will occur.