While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Given the choice of "just getting stuff done" versus "documenting a process for getting stuff done that involves stakeholders," my guess is that the sane among us choose the former 10 times out of 10. That's why an old boss of mine would pair his requests for documentation with the rhetorical question: "What if you get hit by a bus tomorrow — what then?"
As much as I understood his reasoning, it also made me a bit paranoid that his bus analogy was really a euphemism for a pink slip. Yet, his logic is sound: Organizations can't grow if processes and best practices exist only in one person's head. In that scenario, a single person or department can bring an organization to a standstill by holding, or withholding, crucial knowledge.
This isn't a novel idea. In fact, it's one of the driving principles behind the Information Technology Infrastructure Library (ITIL). Never heard of it? Join the crowd — albeit one that proponents say will keep getting smaller and smaller. ITIL addresses a number of ills that plague organizations with complex IT infrastructures, things such as maintaining service levels, resolving problems and identifying weaknesses. Turn to "Smart Support" to learn more about ITIL.
If you’re already on the ITIL bandwagon, keep a few things in mind.
First, like any best-practices approach, it has advantages and drawbacks. If you move to adopt ITIL, your IT troops won't necessarily want to follow. Chances are that they'll view it as just the latest management edict. To get them onboard, you'll need to convince them that it has broad management support and won't go away despite their best attempts to thwart adoption. For the troops, such programs rarely pass the WIIFM, or what's-in-it-for-me, test.
Besides, modeling processes such as ITIL often go against the instincts of strong IT practitioners, who are typically champions of the "just get stuff done" approach. Interestingly, that in a nutshell is what ITIL does. It helps organizations reduce risk by focusing on processes. It lets IT and management figure out the root causes of problems, which sometimes require ignoring quick fixes.
To use ITIL successfully, you'll have to start by slowing your people down and beating the drum for documentation, documentation and more documentation. Luckily, it's flexible and iterative and can be adapted to most organizations' priorities.
An import from Great Britain, ITIL has been around since the 1980s. It grew out of the frustration that many U.K. organizations had as they saw IT costs escalate but returns diminish. Its nascent popularity in the United States can be attributed to the growth in outsourcing of IT services and the current regulatory climate (e.g., the Sarbanes-Oxley and the Health Insurance Portability and Accountability acts). Although ITIL adds a layer of work for the hands-on IT staff, it also adds a measure of oversight for managers. Data and documented processes are needed to maintain service levels within cost — both for internal organizations and outside providers of services such as help desks.
Simply put, ITIL can give the management team better insight not only into what is being done but also what's not — and where opportunities lie for automating services.
Editor in Chief