Re: From Decentralized to Centralized

["Bowden, Zeb" <zbowden () VT EDU>]

To expound on your issue #1 - I think changing the funding source is an
excellent idea and it would be great to hear from any other universities
that have tried that. A good compromise or baby step may be to
centralize IT at the college and/or institute level first; let's call
this pseudo-centralized because we don't use the word pseudo enough
anymore. That may allow for enough localized support of IT folks
familiar enough with the business processes of the existing departments
within the college. It would also jumpstart the necessary knowledge
transfer between the few IT people in the department to the "few + more"
at the college level. This process would hopefully give upper management
enough information and background to make an informed decision on
whether or not to continue the centralization process for a given
college/institute. Additionally, it gets a more diverse group of people
thinking about business processes outside of their little area/dept. --
thinking optimistically, some commonalities would be identified and with
support of central IT at the university level there may be some large
efficiency and standardization gains here. 

The knowledge transfer (from the few to more) is a critical reason for
going to the centralized (or pseudo-centralized) model. Without it,
we're getting killed by the costs associated with an IT person leaving
in these smaller IT departments. Even in today's job market, you're
probably talking a minimum of 2 months to replace a person and then
another 2-3 months for the replacement to become productive. In a
department with an IT staff of 2 - that's a 20+% reduction in work, and
I that's almost a best case scenario. I don't have any numbers to back
this up, but I think we see a pretty high turnover in our
de-central/departmental IT staff that makes this problem much more
costly than most realize.

I think you're absolutely right on point #4 about forcing cookie-cutter
systems on people -- so when I said "standardization" above I was that
was directed more at processes than systems. Eventually that could carry
over to systems and/or applications but there's never going to be a one
size fits all that works for everyone, and we can't ignore those people.


Zeb Bowden
IT Production Lead
Virginia Bioinformatics Institute






-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of randy marchany
Sent: Thursday, March 19, 2009 3:39 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] From Decentralized to Centralized

I haven't seen anyone suggest the following in their comments on this
thread about "centralizing IT". I assume current action plans addresses
these issues.


1. Leave the current IT positions at the depts but the funding for their
positions comes from the central IT group. This solves a support problem
that central IT has always had: no knowledge of how the individual
business processes actually work. 

2. Desktop mgt costs. Unless there's a massive replacement of PC,
laptops and desktop servers with "thin" clients (whatever that is),
there's still the question of managing the things. While Active
Directory style mgt is nice and addresses this mgt problem, it's not
applicable in all university settings. Central IT staff will have to
support those outliers. This is particularly true in teaching and
research labs where there are specialized computers that control lab
equipment.

3. Virtualization plans. I'm sure current computer capacity at the
central sites is not enough to support the added functions coming in
from depts. Virtualization seems to be a way to provide this extra
capacity at a reasonable cost. The market is somewhat young at the
moment if not in the software technology then in the experience of the
system administrators. The greyhairs who cut their teeth on old
mainframe technology will now by back in demand. IBM VM system
programmers, unite! You'll need a number of virtual host systems since
you never want to put all critical functions on a single host system.

4. Security issues. It's easy to say that centralizing IT processes will
increase security. However, point #1 shows that central IT doesn't know
how the myriad departmental business processes work and that they will
decide on one-size-fits-all approach that will be "efficient" from a
management view but  cumbersome in the office environment. Cumbersome
procedures mean that people will circumvent them and that leads to a
decrease in security. Yet, in order to get a good idea of how business
processes actually DO their business requires a lot of time and $$ and
most central IT orgs won't do that. So, we have an overall decrease in
security.

I'm not opposed to centralizing IT but there were valid reasons why
decentralization happened. Things like not providing timely service, not
being responsive to rapid changes, etc. forced the migration in the
first place.

-Randy