From Chapter Three: The Windows Culture

Management and Controls

The PC phenomenon is primarily social, not technical: people believe and believers demand that their beliefs be ratified. Thus the management bottom line on what is nominally a Windows client-server environment is simply that user expectations cannot be met with the available technology, and that all Windows management must therefore be focused on keeping discontent down to acceptable levels.

For small business this is easy because the personal interactions between the IT person and users smoothes out the bumps; but as organizations get bigger so does the role of formal frameworks and processes and these often remove the human lubricants needed for success. The comments below, therefore, apply on a sliding scale: from not at all for companies employing one or two IT people to pretty much guaranteed for organizations employing more than a thousand IT people.

Technology aside, however, IT management's most basic job is managing the IT infrastructure and investment - meaning that the CoBit Framework's four major four governance domains:

• Planning and Organization;
• Acquisition and Implementation;
• Delivery and support; and,
• Monitoring

are headings labeling concerns that must be addressed whether the specific control objectives listed under those headings apply or not.

The result is usually conflict - and, in large organizations, that process now usually results in IT becoming a brake on business change as data processing's commitment to long term planning, service level agreements, annual budgeting, and multiple supervisory committees virtually stops IT adaptation to business change.

Managers charged with running a Windows client-server environment face a unique challenge in physically managing the resource. In other environments information systems management has physical control of the hardware and software in use but, in the Windows world, most larger organizations do not know how many servers they have, where they are, what their license status is, or how many desktops connect to them.

As a result the primary control document is not the data processing culture's service level agreement, but the inventory of organizational hardware, software, support personnel, and related liabilities.

Consider, for example, this statement from a few years ago by Steve Ditto, vice president of the network integration services practice for First Consulting Group, Long Beach, California, on work done for a large health care group:

Our experience shows that most hospitals underestimate by at least 30 percent the actual number of PCs, printers and network ports they have. One First Consulting client thought it had about 450 PCs, while an inventory turned up 1,450 computers. (Healthcare Informatics, May 1998)

That was 1998, today (early 2008) the situation has both improved, and gotten worse.

On the plus side, Microsoft has produced a range of server and desktop management and operations software whose effects have been to centralize control of acknowledged PC assets - and this in turn has helped along the widespread adoption, particularly in larger organizations, of the ideas and technologies preferred by the predecessor data processing culture.

At the same time, however, the IT group's inability to meet user expectations (set mainly by advertising, not experience) coupled with the increasing rigidity associated with the data processing influence on the culture, has led to increasingly subtle, and increasingly effective user resistance.

The most damaging, and common, form this takes is passive: users simply give up, acquiesce in the organizational return to the distributed terminal architecture introduced with the IBM 3174 in 1972, and come to see the desktop computer as a minor evil - and IT as the enemy.

The result is often an escalating spiral in which IT imposes increasingly onerous requirements and users react by subtly sabotaging IT's ability to contribute positively to the company - meaning, among other things, that passive resistance spills over into isolated pockets of overt resistance. Such resistance can take many shapes - for example:

1. user actions can create hidden corporate liabilities for Microsoft and other licensing on undocumented servers and related PC equipment;

2. user managers often expense things like license renewals and local support outside the usual budgetary channels;

3. the use of unauthorized equipment or applications to store or massage corporate data can expose the business to invisible, and thus unknown, risks;

4. user management can enter into unauthorized, and undocumented, usage of public infrastructure like google mail or "cloud" computing - for business critical data, processing, or remote information distribution.

5. the business can easily become unable to fully and authoritatively account for email and other electronic documents; and/or,

6. user management sometimes quietly supports users who do things like secretly bringing back discontinued client software (or former IT employees) and thus produce "unexplained" failures, mysterious data losses and unrecoverable table corruptions for IT to deal with.

Some notes:

1. These excerpts don't (usually) include footnotes and most illustrations have been dropped as simply too hard to insert correctly. (The wordpress html "editor" as used here enables a limited html subset and is implemented to force frustrations like the CPM line delimiters from MS-DOS).

2. The feedback I'm looking for is what you guys do best: call me on mistakes, add thoughts/corrections on stuff I've missed or gotten wrong, and generally help make the thing better.

   Notice that getting the facts right is particularly important for BIT - and that the length of the thing plus the complexity of the terminology and ideas introduced suggest that any explanatory anecdotes anyone may want to contribute could be valuable.

3. When I make changes suggested in the comments, I make those changes only in the original, not in the excerpts reproduced here.