As automation touches more of your organization, security will be far from automatic. Bots’ privileges need close scrutiny, for example.
4 ways IT teams waste time: Practical fixes
Are status reports stealing too much time from your team? How about manual security tasks? Analyze, automate, and get back to top priorities
When your personal calendar and to-do list spiral out of control, you can make some key changes to improve personal productivity. But IT leaders can also identify and address insidious time wasters lurking in IT organizations that are draining their teams – of both time and morale.
Let’s explore some clear “IT, heal thyself” opportunities to apply critical analysis and automation to reduce or eliminate these time-sucking tasks.
If you surveyed your team, would any of these items inspire nods, or even groans, of recognition? Be honest. On that note, when was the last time you asked your team what was wasting their time – and what items could be streamlined to give them more time to work on top priorities?
Let’s look at four common areas that can rob IT teams of time – and patience:
1. Unplanned work and heroics
Anything that takes away from an IT team member’s ability to deliver business value during a project is a huge time-wasting culprit, says Justin Rodenbostel, vice president of delivery for digital transformation agency SPR. “Work like this can be a slow bleed on time, as it usually comes without much visibility in the form of small requests to specific members of the team,” he says.
“It can also come as part of ‘heroics,’ or recovering from a failed deployment or implementing a bug fix.” The key is prevention. Implementing automation to take care of the type of unplanned work that comes up again and again helps. IT leaders should also make sure that key tasks always take priority and put in place processes that ensure that any work is known and appropriately prioritized.
2. Meeting creep
Meetings can be a critical component to the work of an IT organization. But more often than not, there are a whole host of meetings that serve as nothing more than a waste of everyone’s time. “This meeting creep tends to happen to people staffed on multiple projects,” says Laura Vanderkam, bestselling author of Off the Clock: Feel Less Busy While Getting More Done and What the Most Successful People Do Before Breakfast, “so it’s important to watch for.”
What’s more, an hour-long meeting takes up more than 60 minutes of an IT professional’s time. People stop doing deep work at least 15 minutes before a meeting to shift modes, and afterward (if they don’t have another meeting) they cycle through email checks, headline reading, or social media, which can easily eat another 15 minutes.
The best way for IT leaders to combat this insidious issues is to be more judicious when scheduling meetings. Vanderkam suggests asking a few questions: Will anything in our world change as a result of this meeting? (If the answer is no, cancel it.) Who absolutely has to be at this meeting? (Invite only those people.) Could this meeting take a different form? (Phone and video conferences can be more efficient.) Could this meeting take less time? (It is possible to meet for 20 minutes, say, or 45.)
CIOs can also rein in recurring meetings. “Recurring meetings happen without people thinking about them. This might be good for coaching sessions, or one-on-one direct-report feedback. It’s not so great if you’re just checking that everyone is still doing his or her job,” says Vanderkam. “From time to time, have everyone audit the number of recurring meetings they are booked in.”
[ To make necessary meetings better, check out our related article: How to run meetings that hurt less. ]
3. Status report emails
These regular reports are often absolutely necessary. “Depending on the cadence, some status report emails can be a helpful tool to increase communication without the need for a meeting,” says Lena Licata, consulting services group manager in accounting firm EisnerAmper’s Process, Risk, and Technology Solutions (PRTS) group. “However, depending on the template, some status reports can take excessive time to create and send to team members.”
The status report email process often involves some manual collection of data elsewhere, with perhaps some tracking down of people or information for further clarification. This is another great area to explore the automation possibilities, with any number of tools offering a potential solution. Licata likes using a business intelligence and visualization tool like Tableau that can automatically craft charts and tables that can be emailed on a pre-specified schedule to team members.
4. Manual security tasks
Many cybersecurity tasks, while important, take up an inordinate amount of time. Demisto’s 2018 report on the state of incident response, for example, found that cybersecurity teams review on average 12,000 alerts per week, leading to an average resolution time of 4.35 days. Among the manual tasks involved are setting alert severity, sending emails to affected end users, detonating files in malware analysis tools, managing tickets, and collating documentation. That can lead to “alert fatigue” and results from “security analysts struggling to coordinate actions across a range of products – both security and non-security – while executing incident response,” says DeMisto co-founder Rishi Bhargava.
There similar dynamics at play when managing email phishing attempts, which, in highly targeted industries can come at a rate of 1,500 a day, according to Eyal Benishti, founder and CEO of Ironscales, who adds that analysts typically spend anywhere from two minutes to six hours conducting forensics on each message to determine maliciousness and to prompt remediation if necessary. “Such time allocation represents a huge burden for IT when considering all of their other job responsibilities and the fact that roughly 80 percent of suspicious messages turn out to be spam or false positives,” Benishti says.
Likewise, using spreadsheets to manage security certificates is a recipe for disaster, particularly in a high-availability environment. “It’s an extremely manual-intensive method that fails to account for a variety of circumstances that can arise. For one, unless the spreadsheet has a countdown timer which calls IT admins when it’s time to update the cert, you are at the mercy of checking the spreadsheet every day,” says Dean Coclin, senior director of business development at DigiCert. “Imagine a high-transaction environment with hundreds of web servers that cannot afford downtime. If a cert expires, that web server will be offline until a renewal is installed.”
IT and security leaders can chip away at these time wasters by taking a step back to categorize which tasks should be performed by a human and which might be allocated to an AI-enabled or otherwise automated system.
[ Can't find a good work-life balance? Read also: Blended, not balanced: 8 ways to reclaim sanity at work and home. ]