I’ve always believed that the IT department’s objective is primarily to enable and enhance business operations primarily and ensuring compliance is secondary to this. Not saying that I’ve always been successful but in my previous jobs, I’ve always tried to align the objectives of my IT departments accordingly whether the end-users are accountants or software engineers. But now, I’m in operations and I’m seeing a lot of incongruence between IT and business.
For example, one initiative being undertaken at work is virtualization. But with a twist: they’re utilizing virtual machines supposedly for security. What the heck do they mean by that? Virtual machines are great for efficient provisioning (setup/configuration of machines) and efficient and effective use of hardware (e.g. consolidating servers, consolidating multiple desktops, shared desktops, etc). But there is not much additional security benefits. A virtual machine is practically the same as a physical machine sitting on your desk. Okay, maybe they’re just poor at communications and really want the provisioning, efficiency, and effectiveness benefits of virtualization.
But now they’re testing out virtual machines by deploying them to old machines whose hardware specification did not factor in virtual machines. Or did but have since been left behind by increasing requirements of newer software. There is always a performance hit from virtualization and using hardware not designed for it compounds the issue. And that has a direct performance hit on day-to-day operations.
And exactly what are they testing anyway? I was informed performance is not their concern. That it’s security. Do they have specific and measurable objectives with respect to this testing? What are the security parameters? Is this testing going to be scientific at all? Do they really believe in the supposed security benefits? I suspect that all they’re concerned about is really the provisioning benefits of virtualization. Saves them a lot of work but, again, that’s not the primary objective of IT.