After the upheaval of 2020, are you cultivating employee loyalty? Baking security in from the start? CIOs leading digital transformation in 2021 face new risks and opportunities.
Spring cleaning in IT: 12 tech professionals share best practices
After the cold months of winter pass, spring is the time to throw open the windows, sweep away the cobwebs, and start anew. While most IT leaders would agree that keeping the IT house in order is a year-round effort, spring brings a reminder to pull out the white gloves and take a closer look for any technical debt, cyber risks, or outdated processes hiding in the dusty corners of the datacenter.
Roll up your sleeves: 12 IT professionals and leaders share their best tips for getting to work.
Reevaluate processes and procedures
Mike Feld, CEO, VertitechIT: “Spring is the perfect time for reviewing processes and procedures. We put them in place (no one quite remembers when), because someone wanted a new type of report, a filter to keep out that ‘virus of the day,’ or a custom workflow to make it easier to put a new server online. However, once that new process, procedure, or deliverable is adopted, most IT departments rarely look back, moving on to the next task or crisis at hand.
As the years go by, the old processes/procedures are carried forward even if doing so requires a large amount of work, major upgrades, or more money to support. No one goes back and examines these things until a high threshold pain point or sentinel event occurs (e.g. the process is no longer supported by a major upgrade of a product, a merger causes reevaluation of a technology, etc.). When this happens, we're often surprised to find that what we may have been doing for the last few years is either no longer necessary, is very inefficient, or isn't useful to anyone.”
Michael Gaffney, CEO, Leonovus: "The poet Virgil wrote a message to CIOs over two thousand years ago: 'Persevere and preserve yourselves for better circumstances.' The preservation of corporate data is difficult. In this new world of hacking, phishing, whaling, and ransomware, the CIO must embrace perseverance by consistently backing up files on the cloud and ensuring that this data is secure. With World Backup Day on March 31, spring is a great reminder to do so. Think of it as a data center spring cleaning behavior to roust out of its winter hibernation."
Don't put it off
George Papayiannis, co-founder and CTO, Vena Solutions: “The very notion of spring cleaning in a cloud business actually worries me. By its very nature, it implies that there are things that can be put off – or even forgotten – for another year. I encourage everyone to resist that notion. It is important to make sure processes are always in place to test for disaster recovery, responding to service outages and more, all with a pre-defined cadence.”
Develop a disaster recovery plan
Brady Keller, digital manager, Atlantic.Net: “When it comes to ‘spring cleaning,’ IT organizations should have a disaster recovery plan ready to go in the event of a cyber security threat, natural disaster, or other significant loss. If all of your business's data is stored with a cloud service provider, have autonomous and complete backups of that data somewhere else. These backups and the corresponding recovery plan should be tested thoroughly in disaster simulation exercises. Be wary of configuration drift. Backups get configured properly once, but when new data or software gets added, the backup setup may not get adjusted, and the resulting backup is useless when the time comes and you actually need it.”
Make it a habit
Martin Pronk, CTO, Queue-it: "Instead of spring cleaning, we opt for keeping our house as tidy as possible throughout the year. Our concern for those leaving this to review once a year is that you might not catch everything when you consider the amount of code you've written over the course of 12 months. We have found that continuously cleaning up our technical debt is really best practice for us, as it contributes to us writing better, cleaner code overall. Developing this habit, we also find that we spend less time having to review old code and more time on writing new code."
Carefully clean file share
Kon Leong, President, CEO and co-founder, ZL Technologies: "Spring cleaning is right around the corner and many enterprises may be considering cleaning up their file share. However, deleting data can be complicated. Knowing what to archive and what to eliminate is not necessarily a simple manner. For many organizations, file analysis is treated as a one-time project. However, unless something is done with the analyzed content, it becomes necessary to eventually repeat the effort. There are constantly new items, changes, and revisions. If file analysis is used as the first step in a one-time cleanup approach, it’s akin to doing spring cleaning … and then no more cleaning for the rest of the year.”
Pay attention to PII
Ryan Kennedy, principal architect, Kickdrum: “Clean up your logging act. For systems that handle users' personal information (PII) or personal health information (PHI), double check that your log files don't unintentionally contain sensitive details. It's not just social security numbers – even a user's name, email address, or phone number in an unencrypted log file can reveal too much and cause a breach. Take special care if you use a log aggregation service like Loggly or LogEntries to make sure you're not shipping personal details outside your walls unknowingly.”
Know your risks
Guy Caspi, CEO, Deep Instinct: “Freshen up your cybersecurity knowledge base. Employees who lack cybersecurity awareness may open the door for cyber criminals, resulting in data breaches and ransomware attacks. Every password can use some polishing. Be sure to invest in password managers and two-step verification. Set up a password policy in order to ensure that your employees change default passwords, use different passwords for different platforms, change their passwords periodically, and store their passwords in a safe place. Additionally, have the C-Suite brush up on risks. Your organization’s cybersecurity ‘health’ is no longer confined to IT. Hacks have financial, legal, reputational, and operational implications. As a result, cybersecurity has also become a matter of concern for senior management and the board.”
Clean up your data
Graeme Thompson, CIO, Informatica: “Good data fuels all of the business benefits that the digital transformation presents to enterprises – ranging from streamlining internal processes, to improving customer service through customer analytics, to dramatically increasing revenue and bottom line. However, on the flip side – bad, incomplete, and poorly formatted data can sabotage this all. Data factors strongly into the success of every initiative, and, as a result, it is essential for organizations to give their data a thorough “spring cleaning.”
As a CIO, you must be committed to integrating your company’s business solution infrastructures in order to help your IT teams drive real, enterprise-wide data excellence and successfully execute IT and digital transformation. Effective CIOs focus on secure access to all enterprise data – no matter where it sits – and ensure it’s not only high quality, but also reliable, trusted, and in a format that can be used and reused.”
Audit cloud solutions
Gursharanjit Syan, security systems administrator, Softchoice: "Spring is a great time to audit various cloud solutions such as software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS). Reevaluate and scale down the solutions that may have been increased earlier to meet the demands of a busy time of year, like finishing Q4 projects or meeting holiday season demand. This will help control costs, clean out unnecessary data, and ensure that existing data is handled in accordance with applicable laws and policies. Spring is also a good opportunity to review identity and access reviews and clean up who has access to company information. In all, regular data backups are healthy and should be part of an ongoing risk-management process."
A set of recurring tasks
Michael Ferraro, director of IT, UpGuard: “The term ‘spring cleaning’ as applied to IT should really be a set of tasks scheduled multiple times each calendar year – not just in spring! Examples of these recurring tasks include: reviewing firewall rules (temporary access allowances are still there?!); test-restoring backups (tape and cloud); reconciling active user accounts in the primary user directory against HR records; reconciling accounts in hosted services against active users in the user directory; and rotating passwords for wireless networks that don’t use 802.1x authentication.
It is also essential to have documented DR (disaster recovery) processes and to test them during off hours. A drill might involve simulating an outage of your primary Internet connection to ensure that the secondary connection automatically services network traffic. Depending on the organization and industry, it may also be necessary to perform penetration testing one or more times each year.”
Five actionable tips for IT leaders
Nic Grange, CTO, Retriever Communications: “While I don’t call ‘spring cleaning,’ there are many things that need to be done once in a while. Usually, these get done when there is a bit of downtime, often around holiday periods when things slow down and you have time to reflect. Here are five tips:
- Clear out issue backlogs - There is no point in keeping old issues open for months or even years. If they haven’t been looked at in three months, then it is unlikely that they will get addressed any time soon. You are better off closing these issues and if they are truly important then they will get raised again.
- Delete unused code - Over time most code bases accumulate code that is no longer required or used, and it is healthy to regularly delete this code. If you don’t do this, then it will get harder and harder to maintain and enhance over time. Deleting old code should be celebrated.
- Turn off unused systems - Check the usage of all your systems. Most IT departments have several servers or services that rarely get used. Find these, turn them off, and see if anyone complains. You can always turn it back on if someone genuinely needs it. This helps to cut out waste that builds up over time.
- Ask staff what their biggest pains are - Sometimes bottlenecks are so ingrained that people stop complaining to you about them and just put up with things. Take the opportunity during quiet times to talk to staff and see if there are any glaring obvious bottlenecks that you might be able to remove or help alleviate.
- Move desks around- While people can get attached to where they sit, especially those with window seats, I find that it is good to freshen things up by moving desks around every six or 12 months. It allows new bonds and communication channels to form between employees. It is also an opportunity to clean out desks. People tend to accumulate things over time and it feels liberating to throw things out.