The IT world is changing. Organisations are increasingly threatened with hacking and viruses such as Heartbleed. A wider-than-ever skillset is needed. Can your internal IT team cover all the bases?
Right-size the Department
'Right-sizing' every department of an organisation is every organisational leader's aim. Too many staff are a drain on resources and hinder the work by creating extra layers of management. Too few and work is delayed or not done.
Right-sizing an IT department is like the team sport manager's skill of 'running a bench'. No one wants their star players sitting on the bench, they want them involved in the game, winning matches. But when things go wrong, it's no good having an empty bench or a line of second-division players not up to the challenge.
In team sports, the manager makes sure the whole squad trains together. Come match day, if the game’s a ‘friendly’, less-experienced players are tried out in the starting lineup. In a big match, they’re brought on near the end once the result is not in doubt. However, a CIO has a lot less wiggle room than a sports manager. Every day is a big-game day and the opportunity to move staff around is severely limited.
For many, the answer is to right-size the IT department to cover normal operations – to have skilled people doing all the key jobs and just enough slack to cover holidays and unexpected absence. But this often means that IT staff have little experience of dealing with rare events, especially security issues.
It also means that there simply aren't enough bodies to handle big but short-term projects, such as major infrastructure or software/operating system changes. In either event a well-designed managed service agreement with an IT consultancy is essential.
Project or Flex?
Depending on the size of an organisation and the skill set of its IT team, a Managed Service Provider (MSP) can be deployed in two ways:
If you are confident your IT staff can deal with any likely crisis, then you may only need an MSP occasionally – to oversee a short-term project then walk away once it is completed.
A flexible SLA is more common; it gives the organisation confidence that there is someone ready and able to step in in a crisis without running up unnecessary costs when things are operating smoothly.
A good MSP is looking for a long-term relationship with its customers. It will appreciate that the relationship needs to evolve as an organisation's infrastructure and their business evolves. Organisations should beware of MSPs that don't want to have that type of relationship.
Over time, in-house staff working alongside consultants will learn new skills, and this can reduce the need for MSP involvement – that's part of the evolution, organisations should not be locked in to a relationship with any particular provider.
As Linux is ubiquitous, it is a target for people who write malware or seek to penetrate systems. Although Linux security is extremely good, there is a complex stack of software on most systems and there is always a chance that someone will discover a weakness somewhere.
Heartbleed, which was in the news in 2014, exploited a vulnerability in SSL, the security protocol used on many servers. In that case, a security fix was released quickly, but checking every server and patching each can be a time-consuming task for any department that is 'right-sized' for everyday work. A good MSP will know exactly what is running on each of your machines and be able to patch them without interrupting your normal workload.
Planning and negotiating the right SLA for your organisation is essential. An empty 'bench' is a major risk, but no one wants expensive consultants sitting out the big match day after day.
Simon Mitchell is CEO of LinuxIT.