Friday,30 October, 2020

Subscribe to Newsletter

  Knowledge Center
Knowledge Center

Advices For IT Organizations
Listed below is a list of the mistakes in which wrong decisions can lead to costly project overruns, business disasters, and in the worst cases, lost jobs. Read on, takes notes and avoid.

Botching your outsourcing strategy. There are two different flavors. The first is the sin of commission: outsourcing important IT functions to avoid the hard work of understanding them. Relinquishing those functions can make it hard to get simple things done. The other mistake is to hold on to functions that could easily and effectively be outsourced, such as running your own messaging environment.
Dismissing open source. On one hand, the most conservative IT shops dismiss open source solutions as a matter of policy. That’s a big mistake: Taking an indefinite wait-and-see attitude toward open source means passing up proven, stable and scalable low-cost solutions such as Linux, Apache, MySQL and PHP. On the other hand, insisting on open source purity in your IT operation can delay progress, as developers are forced to cobble together inferior or unwieldy open source solutions when more appropriate commercial software solutions already exist.

Discounting internal security threats. IT managers focusing on external threats can easily lull themselves into a sense of false security. According to Gartner, 70 percent of security incidents that incur actual losses are inside jobs, making the insider threat arguably the most critical one facing the enterprise.

Failing to secure a fluid perimeter. IT’s responsibility now extends to Starbucks and beyond. The increasing mobility of workers, combined with the proliferation of public wireless hotspots and broadband in the home, means that IT is now responsible for securing systems on networks it does not control. In this environment, solid security means implementing host-based firewalls that will provide some level of protection on an unsecured broadband connection at home or at sites with public Wi-Fi access. You better protect your network from insider threats and from intruders who might have hopped onto your network via rogue wireless access points.

Ignoring security for handhelds. most IT shops seem to be in a “wild West” phase when it comes to handheld devices; they don't recognize the need for username/password authentication on network resources and desktop and laptop PCs. Ignoring the security of easily lost devices, particularly those belonging to key executives that traffic in confidential information, is a recipe for disaster.
Promoting the wrong people. When doing so, the promoted employee could be resented by former peers and might not like the new management duties, which could lead to poor performance. Even worse, the new manager might feel compelled to cling to the ill-fitting position because the old position might no longer be available. Management training can help avoid such disasters.
Mishandling change management. It might happen that a talented systems administrator decides to make seemingly simple changes to a set of critical servers during routine maintenance. This might result in all DNS functions failure. Reversing the “one small change” will take hours, and millions of dollars in revenue are likely to be lost as a result. The lesson is that even talented employees can cause major problems when they don’t follow change management procedures.

Mismanaging software development. Even if the building of software could be broken into easily managed, interchangeable time units, the vast productivity difference between the best coders and merely average ones means IT managers might get their best work out of fewer but, more talented, programmers doing their work in less time. IT managers should devote most of their free time to [finding] the best people. Almost nothing else matters.

Letting engineers do their own QA. Allowing engineers to perform their own QA is similar to allowing defendants to be the judges and juries for their own trials. Not allowing engineers to do their own QA is an axiom of software development.
Developing Web apps for IE only. Despite the fact that mission-critical applications continue their march onto the Web browser and that Windows continues to dominate the corporate desktop, Web developers should avoid the temptation to develop applications only for bug-ridden IE. IT shops that insist on using IE for Web applications should be prepared to deal with malicious code attacks such as JS.Scob. This code redirects customers of compromised sites to sites controlled by a Russian hacking group where unwitting IE users download a Trojan horse program that captures keystrokes and personal data.

Relying on a single network performance. When it comes to network performance, there’s no single metric by which to judge network health. It’s a mistake to think that network utilization can be quantified in a single way. Certain aspects of a network, such as port utilization, link utilization and client utilization, can and should be measured. In any scenario, successful network analysis means taking a step back and looking at the data in the context of your enterprise.
Throwing bandwidth at a network problem. If the network is running slower than normal. The knee-jerk reaction is to add more capacity. This is the right solution in some cases but dead wrong in others. Without the proper analysis, upgrading capacity can be a costly, unwise decision. Capacity aside, common root causes of slowdowns include unwanted traffic broadcasting over the network from old systems or apps, such as IPX traffic, or misconfigured or inefficient applications that spew streams of packets onto the network at inconvenient times.
Weak authentication or bad passwords. Avoiding the weak authentication mistake boils down to simple IT blocking and tackling -- a clear, detailed and consistently enforced password policy that proactively deals with the most exploited authentication weaknesses detailed in the SANS report.

Clinging to prior solutions. A common mistake for IT managers moving into a new position at a new company is to try to force solutions and approaches that worked at a prior job into a new environment with different business and technology considerations. Otherwise, IT managers should always have new different solutions for every business environment.

Falling behind on emerging technologies. Staying current can prevent a disaster. For instance, the emergence of inexpensive consumer wireless access points during the past few years has meant that anyone can create a wireless network -- a real problem for any reasonably structured corporate IT environment. Fortunately, the IT staff had implemented ways to check for rogue access points, and a WLAN channel scan. In this case, the IT staff recognized an emerging technology that might be stealthily introduced by employees and developed procedures to inventory the threat, thereby controlling it.

Underestimating PHP. This scripting language has been around for a decade now, and millions of Yahoo pages are served by PHP each day. Rasmus Lerdorf, inventor of PHP, explained the architectural secret of PHP’s capability of scaling: “Scalability is gained by using a shared-nothing architecture where you can scale horizontally infinitely.” This “shared-nothing” means that each request is handled independently of all others and simple horizontal scaling means adding more boxes. Any bottlenecks are limited to scaling a back-end database.
Violating the KISS principle. This violation of the KISS principle directly contributes to many instances of project failures, high IT costs, unmaintainable systems and bloated, low-quality or insecure software.

Never sweating the small stuff. Never ignore the basic tactical issues as this can lead to simple but extremely costly mistakes.

Rate This:

Posted by ROOT Technologies

What is your favourite search engine?

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution

  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam

  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email

  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy

  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains

  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments

  Rackspace Wins 2017 Red Hat Innovator of the Year Award

  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work

  4 Tech Hacks to Faster Customer Onboarding

  New Mimecast Report Detects 400% Increase in Impersonation Attacks