Every type of work involves some showcase projects and tasks and some sluggish tasks, which most of the time fall victim to procrastination. Being sluggish does not mean that they can be done some undetermined future time nor they are less important than the showcase ones. Let’s see what they are and how can we stay on top of them.
In today’s threat landscape, it is best to start with endpoint management. I cannot count the number of unmanaged, abandoned but still active endpoint devices. IT departments have to make sure that these endpoints are either secured like the other active devices or they are turned off. Endpoint management is especially important because of the rising number of mobile devices, and even more important in companies where Bring Your Own Device (BYOD) is present.
Similarly, end user devices should be properly updated. Many IT departments are moving to centralized update management but there are still a considerable number of IT departments who prefer to deploy updates by visiting the devices in place or calling them to their shops. Although in place updates give IT pros a considerable sense of control, devices present in the remote locations could not be updated as regularly as the central locations. For IT departments who do not have the funds to deploy a centralized patch management, I would definitely recommend implementing a Windows Server Update Services (WSUS) or Linux local repository server.
Speaking about updates, we cannot skip procedure updates. Without doubt, IT is overloaded with work every single day. On the other hand when the documents and procedures are not updated, people lose control of what they have done before and sometimes what to do next. This state of “being lost” results in inconsistencies at best and error at worst. These results further invite more work and causes a downward spiral that burdens every employee in the IT department. I agree that it is not likely that the key players can always follow the documentation updates but at least temporary outside help can be sought.
As with the documentation, job descriptions should be visited from time to time. Technology brings in new trends and new, previously unknown challenges to be managed: consider big data and Internet of Things to the very least. It is not a good idea to throw the new workload on someone and expect him to deal with it. It is best to see the current workload, speak with the staff and then revisit the job descriptions with the Human Resources department.
When evaluating the current and anticipated workloads, it is also mandatory to have an inventory of the assets: both in terms of what is running and how much is utilized. Although asset inventory applications are around for about/more than 10 years, I still see IT staff who are not able to tell how many servers are humming in the racks, how many of them underutilized and to what degree. An asset inventory will identify all these points and then see if they need to be kept as is, consolidated or phased out.
One issue that is “preferably untouched” is the accumulated end user requests. Over time end user requests pile up. Some of them are solved with the introduction of new systems, new applications, new procedures, some of them are in the pipeline, some of them are simply out of focus of the company. Whatever the state of the requests is, they should be reviewed regularly, purged when necessary, decided which ones to stay open and the users have to be informed accordingly.
Another “preferably untouched” area is the IT depot. Over time storerooms accumulate such things as spare parts, old but functioning equipment, broken down equipment, printer cartridges (ink most probably dried) etc.. The companies keep them to extract functioning parts or accumulate to sell for their junk value. Often the utility of keeping items for so long exceed the expected benefits: in 2015 what are the expectations in keeping dial-up 33600 modems? IT departments should visit their storerooms at least once a year and perform thorough housekeeping to keep the pile under control.
We are in 2015 and I am pretty much confident to say a majority of the companies have not implemented a disaster recovery plan, and from the ones who did, the majority of them have not tested it. The same goes for the plans that will be carried out in case of a data breach. IT departments need to test run their plans, see the plans’ shortcomings, plug any holes and make sure that they are ready when the disaster strikes.
Here is my list of items which, we all agree that, are essential to the functions that the IT department performs. But almost all of us will also agree that these tasks are often undone with the belief that sometime in the future they will be taken care of. Do you have any tasks that continuously pushed down in your task list? Let’s hear them in the comments!
Image credit: http://virelin.com/