IT and the Corporate Immune Mechanism – the "Mother Hen" reflex

Recently, I came across the blog of Dux Raymond, a Project Manager, forthcoming author and trainer who looks at SharePoint from a project management perspective. Being rather interested in that area myself, I read his "Empowered by SharePoint" post.

He wrote about the theme of user empowerment that SharePoint provides and made this quote:

Typically, if a project manager wanted a collaborative platform (other than email) to facilitate sharing of project documents, schedule, contacts, and status updates, he or she would need the IT/IS department’s intervention and assistance to set it up. In addition to this, IT/IS would need to define the appropriate access privileges to limit who has access to these project information. Now, realistically, do you think IT/IS will get it done ASAP?

Dux went on to describe the features of SharePoint that can be used to empower users to be more efficient and productive.

The problem with this ideal (which I wholeheartedly agree with by the way) is that there is the problem of the corporate immune mechanism that likes to get in the way of any ideal that disagrees with its own. I wrote about the corporate immune mechanism in my kung-fu themed "You’re not ready" post (check the cool youtube clips of Jackie Chan, Jet Li and Tony Jaa 🙂 ). In that post, I defined the corporate immune mechanism as "the living embodiment of human nature’s resistance to change".

Now you might rightly ask me, "What the hell are you talking about? Why would users resist being empowered?"

The answer is that they are not! In fact, the users are not the problem. Sorry to disappoint you nerds reading this post. The corporate immune mechanism, in many cases, is the very department likely to be pushing the business down the SharePoint path in the first place… 

(cue the suspense music from the movie Jaws)

It is the IT Department!!! Nooooooo! How can these sweet, innocent looking people below be perpetrators of the corporate immune mechanism?

Shocked? Appalled at my statement? I can hear the indignant comments now…

• "What! Us? We are the ones who understand technology" (Luddite IT Manager)
• "What pills are you taking? – We are the innovators" (VB6 Developer)
• "Use linux ‘cos Microsoft suck" (Technical Geek)
• "Shut up and reboot" (Helpdesk Guy)
• "No, you can’t do that because it’s insecure and I said so" (Security Guy)
• "Users simply cannot be trusted" (System Administrator downloading mp3s on emule)

20 Years of users

Like everything else in this world, IT departments are a product of the experience of the team members and the culture of the organisation. Dealing with users is sometimes not fun. IT pretty much sees the user population as a bunch of rebellious, yet naive teenagers. Leave them alone and they will soon run amok and someone will get hurt. If it happens often enough, the teenagers are grounded and not allowed out of the house, except in controlled circumstances.

So, imagine dealing with rebellious teenagers for 20 years. Is it any wonder IT people are a little messed-up? 🙂

If the information worker revolution and the empowerment that comes with it means the IT administrators are out of the loop, then many IT administrators will push back to ensure that they are in the loop. They can’t help this because it has become a control reflex that I call it the "Mother Hen" reflex.

The mother hen reflex should be understood and not ridiculed, as it is often the user’s past actions that has created the reflex. But once ingrained, the reflex can start to stifle productivity in many different ways. For example, for an employee not being able to operate at full efficiency because they are waiting 2 days for a helpdesk request to be actioned is simply not smart business.

Worse still, a vicious circle emerges. Frustrated with a lack of response, the user will take matters into their own hands to improve their efficiency. But this simply plays into the hands of the mother hen reflex and for IT this reinforces the reason why such controls are needed. You just can’t trust those dog-gone users! More controls required!

So, if you think SharePoint is going to empower you, then you either ensure that the business takes ownership of it, with a sponsor senior enough to take on IT, or you had better start getting really friendly with your IT administrators. Many IT departments would positively have a heart attack, allowing end users the ability to say, modify the look and feel of a SharePoint site, use SharePoint Designer to create a workflow, modify permissions on items in a library, create a sub-site, create lists, modify lists with additional columns and the like.

I think it is a fully justifiable point of view when IT is looked at in isolation to the rest of the gears and pulleys that make up the organisational "machine". In IT’s mind, they are doing the right thing, yet they may very well be doing the organisation and SharePoint a disservice. They are scared that users are going to screw it all up and they will be left with picking up the pieces. But does the cost of IT’s compensation measures justify the real risk in terms of dollars and cents?

A recent example of the mother hen reflex completely going off the rails where inefficiency turned into real-life risk occurred in San Francisco with complete lockout of a fibre optic network by one rogue Cisco administrator. http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/08/07/18/30FE-sf-network-lockout_1.html. This is an example where in the administrator’s mind, he is being security-conscious, yet ultimately he was the biggest security risk of all.

Closer to SharePoint home, there was a thread on a SharePoint mailing list a month or so ago about managing SharePoint security groups, and the general consensus was that the groups should be set up and managed in Active Directory and then added into SharePoint. I am of the opinion that it is not as clear cut as this. IT generally controls Active Directory so group membership changes would remain in the perpetual 2 day turnaround that is typical of helpdesk SLA for the enterprise organisation.

But consider this. If for example, a project team has a project administrator who is trusted to manage access to all paper records, HR and payroll systems, then I have no problem delegating them the rights to manage a project sub-site or add/remove visitors to the site without having to wait 2 days for the request to get through IT’s helpdesk system. SharePoint provides the necessary audit trails, versioning and recycle bin recovery and the accountability can be pushed out to the project team. A win-win in my book.

Out of rehab

I’ll admit, a few years back I had a scary mother hen reflex. But later I realised that while I did a lot of security policy and compliance work, I was accountable for the IT service, not the information assets provided by that service. If I kept the service running, backed up and provided assurance as to the recoverability, then accountability for the information lay elsewhere.

Sadly, SharePoint does not make any of this easy. Complexity breeds confusion and it is exceptionally difficult to know *everything*. Fear of the unknown also breeds the mother hen reflex too. So, for that reason I am completely sympathetic to why IT departments tend to be very controlling, yet I recognise that it is too inward facing and can actually be damaging to organisational productivity and innovation too.

Unfortunately I don’t have any answers on where the line should be drawn either. That’s a function of many factors. However, what I can tell you is that empowerment is not always guaranteed.

Thanks for reading

Paul