Educause Security Discussion mailing list archives
Re: Centralized vs. Decentralized IT
From: Adam Stone <adstone () LBL GOV>
Date: Thu, 7 Aug 2008 13:20:08 -0700
Megan has it right, but I would take it one step further. If the community's use of computers is predictable, normal, and stable - it makes sense to centralize. If it's not, which it most certainly isn't in a big research institution, then some kinds of centralization are not only wasteful, they can be destructive to the actual research and teaching mission. That destruction isn't just from slowing or stopping the experimentation of your professional/academic staff, but from the disconnect between the free exchange of information and expectations for academic freedom, and an overly authoritative central IT group. Don't underestimate the destruction that an overactive IT group can do to the actual work of a research/education institution in the name of efficiency. Of course, there may be such a thing as benign centralization, but in my experience, a centralized management structure almost always tends to optimize its work around predictability, not customization (which makes sense from the group's perspective, but not necessarily from the institution's perspective). That said, it seems to me that a common failing of our community is to fail to distinguish between predictable administrative work which *may* be appropriately centralized, and the work where centralization gets in the way and harms the missions of the organization. as ------------------------------------------------------------- Adam Stone Policy, Assurance, and Risk Management, Office of the CIO Berkeley Lab, University of California 510.486.4650(o) 510.593.7507(c) http://www.lbl.gov/CIO/Policy/ On Thu, Aug 7, 2008 at 1:02 PM, Megan Carney <carn0048 () umn edu> wrote:
Decentralized isn't necessarily bad. If you have a wide array of interests within a particular college (which most do), it would be difficult to craft one department which would be able to do everything everyone needed to do. That being said, it may make sense have centralized control of sensitive systems, since there are standards that shoudl be strictly enforced. On Thursday 07 August 2008 02:56:01 pm Stephen John Smoogen wrote:On Thu, Aug 7, 2008 at 1:27 PM, Sarazen, Daniel <dsarazen () umassp edu> wrote:Hi All, Do you have any leanings between Centralized IT networks (Main IT group responsible for IT services); vs. decentralized IT networks (Each department is responsible for their own apps, servers and security (Intrusion detection/prevention) with their own IT staff? Has anyone looked at their campus and formed an opinion on the IT governance configuration?In most places you are dealing with the feudal system that most Universities have in place. Centralized systems require a strong 'king' who can take money away if the 'lords' rebel and don't want to follow the rules. However, most Uni's do not have a strong 'king' since the money usually comes from grants etc. This leads to the decentralized system where every lord sets their own rules, and follows what the King says when it suits them (well if we follow that we won't be eligible for this grant... etc).Any feedback you can provide is appreciated. Thanks, :: Daniel Sarazen, CISA, Information Technology Auditor :: University Internal Audit :: University of Massachusetts President's Office :: :: 508-856-2443 :: :: 781-724-3377 Cell :: 508-856-8824 Fax :: Dsarazen () umassp edu University of Massachusetts : 333 South St. : Suite 450 : Shrewsbury, MA 01545 : www.massachusetts.edu-- Megan Carney Security Coordinator OIT Security and Assurance 612-625-3858 carn0048 () umn edu "There has grown up in the minds of certain groups in this country the notion that because a man or corporation has made a profit out of the public for a number of years, the government and the courts are charged with the duty of guarunteeing such profit in the future, even in the face of changing circumstances and contrary public interest. This strange doctrine is not supported by statute nor common law. Neither individuals nor corporations have any right to come into court and ask that the clock of history be stopped, or turned back, for their private benefit. That is all." Life-Line, Robert Heinlein
-- Note: In support of the Paperwork Reduction Act, LBL now only fills out forms which have an OMB Control Number on them. :) ------------------------------------------------------------- Adam Stone Policy, Assurance, and Risk Management, Office of the CIO Berkeley Lab, University of California 510.486.4650(o) 510.593.7507(c) http://www.lbl.gov/CIO/Policy/
Current thread:
- Centralized vs. Decentralized IT Sarazen, Daniel (Aug 07)
- <Possible follow-ups>
- Re: Centralized vs. Decentralized IT Greg Schaffer (Aug 07)
- Re: Centralized vs. Decentralized IT Stephen John Smoogen (Aug 07)
- Re: Centralized vs. Decentralized IT Megan Carney (Aug 07)
- Re: Centralized vs. Decentralized IT Georgios Mousouros (Aug 07)
- Re: Centralized vs. Decentralized IT Adam Stone (Aug 07)
- Re: Centralized vs. Decentralized IT Stephen John Smoogen (Aug 07)
- Re: Centralized vs. Decentralized IT Russell Fulton (Aug 07)
- Re: Centralized vs. Decentralized IT Jim Dillon (Aug 08)
- Re: Centralized vs. Decentralized IT Sarazen, Daniel (Aug 08)
- Re: Centralized vs. Decentralized IT Christopher Jones (Aug 08)
- Re: Centralized vs. Decentralized IT Bob Bayn (Aug 08)
- Re: Centralized vs. Decentralized IT Jim Dillon (Aug 08)
- Re: Centralized vs. Decentralized IT Cal Frye (Aug 10)
- Re: Centralized vs. Decentralized IT Basgen, Brian (Aug 11)
- Re: Centralized vs. Decentralized IT Stublefield, Matthew (Aug 19)