Alex Barnett blog

Stuff

IT Jujitsu- how to kill an app (or retire early)

Nick Malik has written up a cheerful post providing advice on how to kill an app. The context is within the Enterprise, where 'app fights' between IT departments and business units happen all the time, often resulting in maimed, if not mortally wounded, egos, bits and projects.

Nick provides the following line of attack as an example of a Jujitsu-esque maneuver designed to stun the opposition into submission:

"...I'd consider things like: scalability against maximum, throughput against maximum, downtime inside SLA, downtime outside SLA, and Number of people-hours needed for each function point of change request submitted in the past two years as a measure of maintenance costs."

The most savage example I've seen of IT shinnanigans in the real-world is the 'security and compliance audit' play - an ambitious, yet highly effective ruse that's very hard to combat once momentum is achieved. Note: the following is overkill if you are only trying to kill off a single competing business application / effort.

It goes roughly like this:

  1. Provide a senior exec with proof points showing that without an overly-centralized app development and IT management organization you should expect the development of 'insecure and non-compliant' IT applications
  2. Remind exec that the 'current lack of control' of IT chaos across their org presents unknown and unacceptable business risks to the said organization and that its their *** on the line if anything goes wrong, anywhere.
  3. Develop your own made-for-purpose-definitions of 'insecure and uncompliant' IT applications that would ensure that no system known to mankind could possibly pass using your audit
  4. Propose to lead a project (and receive funding for) an audit of all IT applications across the whole organization - don't forget to ask for explicit senior executive mandate (otherwise know as 'carte blanche')
  5. Present early results back to the senior executive team. Show that your audit has already turned up a number of IT applications (any two apps will do - shoot at will) that have been proven to be highly 'insecure and non-compliant' (according to your definitions - but don't remind them of that), and that these apps alone present unknown and unacceptable business risks (i.e. the execs' arses)
  6. Write your own check and plan early retirement
  7. Choke company to death with IT centralization, then leave

Posted: Sep 06 2006, 09:20 PM by admin | with 1 comment(s)
Filed under: