Are your IT systems complicated like an aeroplane, or complex like a flock of birds? Now that users send work emails from their own mobile phone, manage their own identity with self-service, and become more and more in control of their own IT work it is believed that IT systems are now in an age of complexity.
In some IT organisations there are bottlenecks in the form of people who attempt to keep everything in their heads and manually control IT systems. Today’s complex IT systems can’t live inside the head of one human, and it’s not enough to use an Excel spreadsheet to track users, passwords, assets and everything else in IT: changes happen too often and these days things can change without IT’s knowledge.
How do you know if you’ve got a human bottleneck in your IT, and what can you do about it?
According to the NIST and Forrester, in approximately 80% of all breaches IT security is the last one to know and they are often informed of the breach by third parties. The “trust but verify” model has broken down and a new model of “never trust, always verify”, or Zero Trust IT, has emerged.
So how do you move to a Zero Trust IT model?
Introducing Bottleneck Brent
The seminal book on IT systems, The Pheonix Project, identified this human bottleneck as a fictional character called Brent. He was a good member of staff but the way that Brent worked cause system problems that damaged the business. The problems were:
Most of the system documentation was between his well-meaning ears.
A lot of work had to go through him so he was a bottleneck to getting stuff done.
Whenever a crisis happened, Brent was the first port of call so he got even less work done, becoming even more of a bottleneck.
Well-intentioned Brent’s occur all over the IT industry and there are some useful actions to take to make these characters less of a bottleneck.
Five Ways to Take The Load Off Bottleneck Brent
Even with an eidetic memory humans shouldn’t be used as an information store because then other people will constantly interrupt them for information.
In IT systems it’s important to put the documentation into the system and make it available to the right users to relieve some of the load from the IT bottlenecks:
Use Asset Management software and allow users to access their own information, sharing as applicable to stop IT being interrupted for basic queries.
Give curious users, such as Auditors, access to generate their own reports based upon their own queries.
Give users access to system performance by linking monitoring and help desk systems and using dashboards.
Encourage users to self-support through internal, online communities such as wikis and messaging systems.
Use remote execution control systems and train more staff than Brent so no time is wasted on the phone or walking to user locations.
It is important for the IT manager to balance user access and self-management with access to critical data and systems. For example, it would be wrong to let all users see a map of all IT systems, without any controls. But it’s a simple fact that the more tools that provide automated and real-time visibility and control to more than one user will improve IT performance.