No lab? You still must test

The enterprise test lab is rapidly becoming history. Standalone labs, and the staffs that operate them, are seen by many managers as an expensive luxury that can be trimmed. Unfortunately, the perception of labs as a luxury is belied by the ever-growing need to ensure that everything from new products to upgrades to changes that affect the enterprise won’t degrade the security and operation of that enterprise. Here are some ways to make sure necessary testing actually gets done, despite the demise of your lab.

– Change the name of the lab to something else. It’s hard to argue against a group that performs security certification, for example, or against a group that ensures all products work well with the existing network operating environment.

– Integrate the lab staff into the greater IT staff. Let’s face it, it’s already impossible to get all of the experienced staffers you need. The lab staff is probably the cream of your crop, and working with the rest of the IT staff will not only help keep them on board, it’ll help everyone in IT.

– Implement policies that require certification and verification before anything is made part of your enterprise network. You probably should be doing this anyway, but now is a good time to start. Once it’s required, you have all products, custom code, infrastructure, and hardware submitted to the IT department for verification and certification. You will actually know what’s on your network and know it will cause no harm. It also gives you a reason to unplug — without ceremony — anything that employees bring in from home.

– Set up a detailed verification and certification procedure so other departments know what’s required before they attempt to have products tested. While you’re at it, publish a list of acceptable products. Once the procedure is in place, insist that it’s followed step by step.

– Involve as many IT employees in testing as possible. Not only does this help spread greater knowledge, it also keeps your testing staff from looking like a separate lab. A broad-based testing program will also help make the process more popular since the rest of the IT staff won’t feel like the requirement is being imposed on them.

Remember, testing isn’t just limited to the random wireless access point someone bought at CompUSA. It should apply to products purchased through your company’s normal procurement process, upgrades that have been downloaded from manufacturers, custom software, security appliances, and everything that touches your enterprise network. All it takes is one serious incompatibility to take you down, and nobody, including your ax-wielding CFO, wants that.