fingers on keyboard
The KIT
Knowledge & Information Technology
No. 278 - 16 December 2020
The Essential Functions of Enterprise IT
This is going to be a longer article than usual, but we think it addresses a fundamental need of many organizations. We'd love to have your feedback, so please write back at the above address!

A current consulting project for the IT department of a large educational institution has brought to our attention, once again, the tendency to give too much importance to software development and the operation of an in-house infrastructure. The former should be de-emphasized thanks to SaaS (software as a service) or the purchase of commercial, off-the-shelf solutions. And the latter should be streamlined through hosted services and PaaS (platform as a service).

So what should an IT department really do? Here are the key functions that must be identified and staffed -- sometimes requiring only one person or a very small team, even in a large organization:

  • Information governance. Create and maintain a complete conceptual model of the information required for the enterprise to function. Identify where security and privacy risks exist. Identify master data and make sure it is managed in one place with the highest data quality.
  • Policies, procedures, and standards. They should be simple, easy to follow, and bring value, not bureaucracy. In some places, this will be part of the Enterprise Architecture function.
  • IT procurement. Be able to select suppliers of products and services based on good criteria and with a view to delivering quickly solutions that meet 80% (not 100%) of the requirements. And measure the heck out of their ongoing performance.
  • Enterprise architecture and portfolio management. Based on an EA framework, hopefully without the complexity of TOGAF, this function controls how needs are satisfied (COTS, cloud, or the occasional custom development), and ensures alignment between the various layers (infrastructure, applications, information, processes, capabilities, value chains, and strategy).
  • Security. No need to elaborate much! Why separate this from Operations? Because operations people may be the ones cutting corners, postponing patches and updates, etc., and they need the security function to keep them focused. Also, security is about people, not just technology.
  • IT Marketing and Communication. Why the italics? Because so few IT groups think that they need to "sell" themselves internally. If we got a $100 bill for every person who told us over the years, "I don't really know what IT does..."
  • Business/IT consulting. IT should be able to support the business through analysis of information needs, modeling and improvement of existing processes and workflows, and more. We used to think of "analysts" as the people who captured the requirements in view of a software development. If we de-emphasize development, the purpose is different but the need to analyze the business remains.
  • Technology watch. IT should not just be an "order taker" reacting to open tickets and project requisitions. It should be bringing to the business awareness of opportunities in IoT, cloud, data science, machine learning, mobility, automation, and whatever the next wave will be. Your users won't request it if they don't know that it is possible, so you have to inform them.
  • Projects. That's almost the least important function, because most development work can be avoided or contracted out (we're not talking about software products that some companies sell, but about software used to support its operations). In fact, the most useful resource to keep is a "rapid reaction team" that can use web. mobile, cloud and social tools to deliver prototypes or throw-away applications very quickly.
  • Operations. Another function that may be limited if most resources are hosted elsewhere and if there is a BYOB (bring your own device) practice of if work-from-home is generalized. But there will still be some equipment to manage -- and vendors to monitor.
  • Oh, and this collection of roles won't quite run itself without supervision, guidance, a budget, etc., so yes, you need a CIO to orchestrate all this, and she or he should really be recognized as Chief Information Officer, not Cheap Infrastructure Operator. Depending on the size of the organization, the CIO may have direct reports handling IT finances and personnel.
A Gallery of Rogues (Mugshots Not Included)
Who's been a bad child and won't get any Christmas presents? The organizations listed in the Enforcement Tracker database published by CMS.Law, which lists the fines levied against data controllers and data processors under the EU's General Data Protection Regulation (GDPR).

You'll find for instance that just yesterday, Twitter was fined EUR 450,000 in Ireland for "insufficient fulfilment of data breach notification obligations" under Article 33, sections 1 and 5 of the GDPR. Or that the highest fine was EUR 50 million, levied by France against Google in January 2019, for "Insufficient legal basis for data processing" under Articles 5, 6, 13, and 14.

Thanks to Paweł Mielniczek, an international legal consultant on intellectual property and data protection issues, based in Warsaw, for bringing this fascinating source of information to our attention. Paweł has a wealth of skills in this domain. Contact us if you wish to talk to him about your needs.
Have Kids? Teach Them Science the Fun Way
Thimble.io, a startup founded by Oscar Pedroso, ships age-appropriate kits to children and teenagers to teach them STEM (science, technology, engineering, mathematics) skills, and accompanies this with online classes. The students receive one kit per quarter, and the whole subscription (kits and classes) costs $50 a month (limited time offer -- the regular price is $60). The company, which is in early growth mode, already has 1100 subscribers. A typical kit may contain the parts and instructions to build a weather monitoring station, a video game controller, a wireless light switch, etc.
Next Issue

In observance of New Year's Day, The KIT No. 279 will be published on Monday, January 4th.
Seen Recently...
"Zoom was adding 5,000-6,000 servers (on AWS) a night as they scaled in the early days of the pandemic."
-- Rachel Dines of CloudHealth, via Twitter
"AI automation won't replace jobs -- it will replace processes."
-- José Rafael Giraldo Tenorio, Enterprise Architect in Bogotá, Colombia, via Twitter