How to thwart the high priests of IT

There are a lot of good IT pros who earnestly want to help their employer do well by providing and maintaining the technology systems that conduct so much of business today. Then there are those who are the company’s enemies, whether they realize it or not.

IT has had a history as a high priesthood, dealing with arcane matters beyond the ken of mere mortals. In the 1940s through the 1970s — the age of the first computers, then the mainframes — IT was in fact a superspecialized skill, akin to medicine or law. But as has happened in so many areas of society and business, technology has become democratized, and today many business users are not only comfortable in some technology domains but actually quite adept. That’s now called the consumerization of IT.

But as in matters of religion, law, and medicine, there are IT practitioners who don’t want democratization or, to use the religious phrase, ecumenicism. They want control, and users who want to choose their technology tools are apostates to be crushed.

The less savvy IT enemies will pooh-pooh the “toys” businesspeople want to bring in. When someone in IT calls the tools you want to use “toys,” that’s a clear indication of an enemy. After all, the chances the IT person knows how to do your job and what tool works best for you is close to nil. He or she has no basis for disparaging your tools in that way.

When you come across an IT pro stupid enough to use the “toys” epithet, complain to your CIO. Send the IT person back and ask for someone who actually respects you. Marginalize and isolate these IT staffers before they do it to you. A savvy CIO won’t want such employees, as they alienate the business, increase costs through excessive systems, and waste precious IT time and head count resources.

These days, it’s politically incorrect for IT to explicitly dismiss business needs and wants, but beyond those in IT who say the T-word to your face are those who think it. Instead, you hear the code phrases, involving “security,” “governance,” “compliance,” “risk,” and “efficiency.” These code phrases (the middle three are often referred to as a group via the acronym “GCR”) boil down to “if you do it, it will be bad; if we do it, it will be good.”

This is where it gets tricky. GCR, security, and efficiency are all good, necessary attributes, and IT has long been charged with ensuring them. Also, IT is the group that gets the blame — and loses the jobs — when these attributes aren’t maintained. There’s legitimate fear that users acting individually will unknowingly and inadvertently threaten these criteria. IT is supposed to be worried about these issues, so you can’t use the code phrases to automatically detect IT enemies.

But the use of these code phrases lets you figure out where to dig deeper. An IT enemy will have a never-ending list of gotchas, risks, and issues, most of which equate to no, albeit behind a smoke screen. Here’s an easy test: Is the standard proposed by IT higher for what you want than for what IT provisions? Take mobile — if encryption or app revocation is required on smartphones, it should also be required on laptops that hold much more sensitive information. An honest requirement should be enforced equitably.

You’ll find that IT enemies try to sandbag user-generated technology, often with the help of vendors all too willing to sell to their fears or craven desire for control. Take mobile again: One of the biggest mobile device management vendors promotes its ability to prevent users from copying text from emails on their smartphones and tablets, thus rendering these mobile devices ineffectual for real business use. However, the companies that hamper employees this way don’t do the same for email on laptops and home PCs. The true goal here is not security but quashing user-driven technology.

By contrast, an IT ally will work with you to meet the legitimate GCR, security, and efficiency requirements within the context of your needs as a user or business unit. That doesn’t mean a blank check for users, but it does mean a constructive engagement where IT educates you on the risks, helps you overcome them, and lets the business leadership ultimately decide if IT’s approaches are more restrictive (or not) than necessary.

That last point is important: IT may be responsible for the technical deployment and maintenance of systems designed to meet GCR, security, and efficiency goals, but it’s not IT’s job to decide acceptable levels for GCR, security, and efficiency. That’s a business decision. It’s true that many leadership teams have punted on these decisions, requiring maximum levels to deflect their own responsibility and dumping the problem into IT’s hands. But in this era of IT consumerization, such poor management is quickly exposed as employee technology demands force the risk questions into the open. From there, a savvy CIO can pass the buck back where it belongs.

However, many in IT have taken it upon themselves to dictate the standards for GCR, security, and efficiency, and they don’t want to give it back. Some do so for the power, some for job security, and some to satisfy a “rescuer” impulse.

When you hear the code phrases, explore the motivation behind them. Your IT allies are motivated by positive reasons and want positive outcomes, with win-wins wherever possible. You’ll know when you deal with these people: They look to satisfy your wants and desires but draw the limit at clear, reasonable lines of risk that they willingly explain.

Conversely, you may have IT allies who don’t know how to partner with you and provide canned or knee-jerk responses, but they would cooperate if you reach out and build the mutual trusting relationship in steps. IT allies aren’t yes-men, but they start with the premise of “let’s see how close we can get to what you want or need.”

The IT enemies are those who always have a reason to say no, who use FUD (fear, uncertainty, and doubt) scare tactics to bully you away from your wants and needs, and who say yes but never deliver. They act like they know your job better than you do, and they decide how the business should operate and what risks are acceptable. A smart CIO will get rid of these people when proof is available (so complain!). A dumb CIO will expose himself or herself by doing nothing, for which the board has a simple solution: replace that CIO.

When you eliminate the enemies in IT, you should end up with colleagues who know their stuff, respect that you know your stuff, and constructively collaborate with you. Of course, you need to reciprocate not only with IT but with other departments in the business as well. And you do, right? If not, your IT enemies may not be your biggest problem.

This article, “How to thwart the high priests of IT,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Smart User blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.