Tech Talk
How IT People Think

I recently received an email from one of this column’s readers, who wanted to better understand how information technology (IT) people think (as a basis for improving her sales and marketing approach to IT management). As I was writing my reply, it occurred to me that, since most of my readers probably aren’t IT people, it might make a useful column.

Back when I was a kid, my father was a building maintenance supervisor for Pacific Telephone. One of his favorite sayings about his job was, “They only call me when it’s broken or dirty.” IT people feel somewhat the same. Typically, IT is only noticed when it isn’t working properly. As a result, IT people think a lot about keeping things running: the phone system, desktop computers, the internal network, Internet access, email services and the company website (and, if your company derives significant revenue from e-commerce, that alone can be a full-time undertaking).

One way to keep things running is to follow the maxim, “If it ain’t broke, don’t fix it.” All change involves some sort of risk if you’re an IT professional, so the question is whether the potential of something breaking is outweighed by the value of making a change. The answer to this question depends on whether you have a good process for making changes (like testing beforehand and having an “undo” strategy in case things go wrong), and whether your change management process has a good track record.

This risk-averse tendency is one reason making technical sales can be difficult. It’s often not worth it to an IT director to save a few percent by switching to a new vendor (and, very likely, a new technology) at the risk of a failure, however slight, which would call the established credibility of the IT group into question.

IT managers always face this push-pull. On the one hand, introducing new technology (or even just new versions of an existing technology) has risk associated with it. On the other hand, failing to introduce new technology when appropriate reduces productivity and diminishes a company’s competitive advantage.

Another way to keep things running is to minimize the number of configurations to support. It’s why we like everybody in the company to have the same computer and don’t want anybody installing software on their own. Call us control freaks if you will, but it simplifies the issues of support and maintenance. On the other hand, denying people the tools they need in the name of consistency isn’t the right answer. The best IT people are capable of walking this line on a daily basis.

An important thing to realize is that an IT director (certainly in a smaller company) may have responsibility for IT functions, but not any real authority. When dealing with IT, it’s always good to understand who has the authority to make the decision (like to spend money), who will have to do the work and how much work is involved. IT departments are typically understaffed and overburdened, so adding new work involves delaying existing work, reducing the scope of existing work, or adding resources (such as hiring people).

IT directors tend to be wary of taking on new work, because delays, scope reduction and hiring are almost always unpalatable choices. A really well-managed IT department can tell you the potential impact on each existing project when a new project is being considered; this ensures the true cost is understood. A really well-managed company requires formal approval of projects that require IT work, and understanding the impact it will have before giving that approval. This ensures IT is doing what the business wants. Unfortunately, I can tell you from experience that these two things rarely happen.

Security is one of two highly visible topics that dominate an IT person’s thinking. At best, a security breach is an embarrassment. At worst, it makes the front page of the New York Times, like the theft of more that 45 million credit card numbers from TJ Maxx, resulting in a charge to earnings of more than $100 million. Substandard wireless security is thought to have been the cause. Smaller companies face the same risks, but most likely don’t have the resources to hire security expertise. Outsourcing your IT function may be one way to address the problem, but it can be difficult for a business owner or manager to assess whether his or her outsourcing firm knows its stuff.

The other topic on the mind of many IT managers is compliance. There’s a raft of laws and regulations that impact IT. Some are well-known, like Sarbanes-Oxley and HIPAA (each of which spawned an industry of IT support companies), but there are others, some of which are applicable only to a specific industry or state.

In regard to compliance, the worst thing an IT person can hear is, “Why didn’t you know about this?” Again, if, like most smaller companies, you outsource your IT management functions, be sure to check what your IT partner knows about compliance-related issues.

One last bit of IT thinking pertains to single points of failure. The idea is that the business function shouldn’t be compromised by the failure of a single piece of hardware or software. It’s more expensive to have redundant systems, of course, but if your business relies heavily on IT, it’s a requirement. So, if you’re selling to an IT person, be sure to address this concern.

One place IT sometimes has a blind spot applying “single point of failure” thinking is people. Most IT organizations have at least one person who can’t get run over by a truck. And remember, when you outsource IT, you’ve created a single point of failure (the company you’ve outsourced to).

I’ve only touched the surface of how IT thinks (I didn’t say a thing about disaster recovery or managing an IT budget!). Please feel free to send me your comments or questions.