Rasanya sudah lama saya tidak melihat artikel tentang IT di mailing list migas kita. Ini coba saya kirimkan rangkuman (versi saya) dari artikel menarik di Majalah InforWorld edisi November 2004 tentang 20 kesalahan umum di bidang IT yg paling banyak dilakukan.

Rasanya sudah lama saya tidak melihat artikel tentang IT di mailing list migas
kita. Ini coba saya kirimkan rangkuman (versi saya) dari artikel menarik di Majalah
InforWorld edisi November 2004 tentang 20 kesalahan umum di bidang IT yg paling
banyak dilakukan.

Beberapa diantaranya memang umumnya terjadi di US atau di Europe, tapi beberapa
lainnya lazim terjadi di mana saja di dunia (termasuk Indonesia)

Saya coba sarikan dan rangkumkan dalam bahasa Inggris supaya tidak kehilangan
nilai rasanya. Mudah-mudahan ada manfaatnya..dan menstimulasi diskusi tentang
IT di mailing list ini, karena kita semua tahu peran IT di Oil & Gas Industry
sangat penting.

Top 20 IT Mistakes to Avoid:
1. Outsourcing:
Outsource important function in IT just to avoid the hardwork while keep the
simple function that easily to be outsourced

2. OpenSource:
Decision to adopt OpenSource strategy in the system does not go through carefull
analysis. If a company does not exercise the possibility of utilizing OpenSource,
there will be loss of opportunity in cost reduction for system support and license
management, however OpenSource will create significant burden for system developers
in supporting the system due to its lack of stability

3. Offshoring:
Not carefully conduct detail analysis before deciding to offshore some of IT
Support Jobs (in India in particular). Cultural Issues, many non-technical issues
(including travelling) shows for some un-succesful offshore strategy only create
less than 20% in TCO (Total Cost of Ownership)

4. Internal Security Threats:
Based on survey and study conducted by Gartner, 70% of security threats are
generated by internal employees
Based on CERT and US Secret Service: 87% of insider security conducted using
simple and legitimate procedures / process
IT focus on external threats and forget the internal threats.

5. Security of Fluid Perimeter:
As our workforce move towards mobile workforce, the IT Security perimeter increase
not only cover the Company LAN / WAN but also the ‘wild-west’ network arena
from any internat café in the world. In most cases IT adopt the ‘mobility’
strategy without preparing the security risks associated with it

6. Security for Handheld devices
Many companies embrace handheld, such as PDA and SmartPhone, as their IT devices,
however IT security policy and procedures for those devices are note properly
defined and implemented. In some instances some executives, sales person, using
PDA to store any e-mails that they can read anywhere they want, and they forget
to assign password to their PDA. Once the PDA is lost, those critical information
can leak to other parties easily.

7. Promoting Wrong People
In some IT department in a company, to reward a very talented technologiest,
they promote him/her to managerial position. So he/she shifts from technology
hands-on type of job to people management type of job. Not all technologiest
can shift their skill easily, in some cases, the technologiest not doing good
in managing his/her members therefore the results expected from the team does
not meet the initial expectation

8. Change Management
IT Profesional sometimes is not fully aware of things they did will impacts
business siginificantly. In the technical sides it may be just another ‘tweak’
in the data entry form, but to user in the field it is big-deal because it changes
the way they do their jobs. In some cases, many dollars and time is spent just
to mitigate system change that are not properly analyzed and communciated

9. People in Software Development: Quality vs Quantity
Based on Fred Brooks’ book, "Mythical ManMonth" it is described that
most of the time project managers in IT calculated people requirements in term
of mandays, manmonth etc without carefully analyze the skill requirements. Experience
teaches us, in IT project, quality of the people give more impacts to success
of IT projects compared with the quantity

10. Developers conduct QA Test
Letting IT developers doing their own QA test is basically will bring your IT
department into disaster. Many unproperly tested applciation, system, or infrastructure
updates create business catasthropes because of this issue.

11. Overconfidence on Ms IE
Ms Internet Explorer has been the de-facto application for Web Browser, but
be aware of its security weaknesses.

12. Network performance Indicator
Giving simple / one report to management regarding network peformance in most
cases create miss-understanding. Network performance should be measured in the
various aspects such as port utilization, link utilization, and client utilization.

13. Bandwidth is not always the answer for Network problems
In most cases, if an IT Department has problems in network response the immediate
solution will be to increase the bandwidth. Not in all cases increasing the
network bandwidth will automatically increase your network response. Detail
analysis should be done before investing $$ to additional network bandwidth

14. Weak Password policy
Based on SANS Institute’a Top 20 IT Vulnerabilities list, weak authentication
and password policy.
In some company policy regarding with password and user access is not properly
implemented

15. Never Sweating the small stuff
Although CIO should focus on big pictures, in some cases they also need to pay
attention to small things. Take example of ‘The Washington Post’ domain renewal
issue happened in Feb 2004, where their domain was not renewed because of somebody
in IT Dept forget about it and cause e-mail knocked out for hours before it got
renewed.

16. Clinging to prior solutions
For new IT management, do not force what you’ve done succefully in your previous
place in the new place. Most of the it does not work…

17. Cope with new technology
In the newdays where technology is easier to implement, some users utilize technology
which IT Dept does not know about that it all. It is important to keep updated
about the new tehcnology outside.

18. PHP
This is for Web Application Development. Don’t only focus on J2EE and .Net developing
tools

19. KISS principle
Many IT projects resulted with products that significantly complex to be used
for users.

20. Slave to Vendors Marketting Strategy
Be carefull with your IT Strategy. Make sure your IT Strategy does not fall
into Vendor Marketting Strategy especially in ther of release or version management.

15. Never Sweating the small stuff
Although CIO should focus on big pictures, in some cases they also need to pay
attention to small things. Take example of ‘The Washington Post’ domain renewal
issue happened in Feb 2004, where their domain was not renewed because of somebody
in IT Dept forget about it and cause e-mail knocked out for hours before it got
renewed.

16. Clinging to prior solutions
For new IT management, do not force what you’ve done succefully in your previous
place in the new place. Most of the it does not work…

17. Cope with new technology
In the newdays where technology is easier to implement, some users utilize technology
which IT Dept does not know about that it all. It is important to keep updated
about the new tehcnology outside.

18. PHP
This is for Web Application Development. Don’t only focus on J2EE and .Net developing
tools

19. KISS principle
Many IT projects resulted with products that significantly complex to be used
for users.

20. Slave to Vendors Marketting Strategy
Be carefull with your IT Strategy. Make sure your IT Strategy does not fall
into Vendor Marketting Strategy especially in ther of release or version management.