Ted Demopoulos    Demopoulos Associates
keynote speeches
Security, IT, Business Consulting
securITy newsletter

Ted Demopoulos’ securITy

The free newsletter of Demopoulos Associates, www.demop.com

We NEVER rent, sell, or share email addresses.

Please forward this newsletter to anyone you know who might enjoy it!

Why doesn't IT get along with everyone else? - And how to fix this.

An Interview with Dr. Jeffrey Stanton, Syracuse University

Prelude: I have known Dr. Jeffrey Stanton for over 25 years and he is one of the brightest people I know. He has always done things I couldn't understand, yet 5-10 years later they make perfect sense to me.  When he decided to leave IT to pursue an advanced degree in Organizational Psychology, claiming "IT isn't working as well as it should - the business promises are not being remotely fully realized and I'm going to research why and figure out how to fix it" (I paraphrase – it has been over a decade since we had this conversation, although I do remember it well). I'll admit I didn't understand. I caught up with Dr. Stanton for this interview recently and was absolutely fascinated when I found out about his research, and especially the results! And let me state right now, Jeffrey is no ivory tower academic. He has spent over a decade in IT, both in technical and management roles, and is very active consulting with impressive, bottom line oriented results.

Ted Demopoulos: Dr. Stanton, tell me about your work examining the relationship of IT and business.

Jeffrey Stanton: I fell into it pretty much by accident. My early research looked at performance monitoring of employees. Because this activity is increasingly accomplished with networking and computers, I also began to look at things like employee satisfaction and technology use and how organizations absorb and adapt to new IT. I was lucky enough to get a research grant to support work in this area, and that led to a number of different studies where we went into an organization, looked at the people and the technology over time, and began to form some conclusions about how things went right and how they went wrong. 

Ted Demopoulos: Based on the title of this interview, and what seems to constitute large amounts of empirical data, do you agree that the disconnect between IT and everyone else is as significant as I'm led to believe?

Jeffrey Stanton: I think a lot depends on the size and culture of the business.

In small businesses, the IT team tends to have a very tactical function focused on support. This focus, along with the small size, means that most employees and managers feel personally connected with the IT staff. This is not to say that there can't be dysfunction in small businesses - there sometimes is. But in firms larger than 500 employees, IT tends to get big enough that it exists as an independent entity and may serve a number of strategic functions for the business. In these cases, unless there is cooperative and competent leadership in IT, HR, Engineering, Marketing and so forth you definitely can get some major disconnects.

In most cases, competent IT leadership means having senior staff in IT who can really talk the language of the other folks and understand their perspectives. When we've found big problems in our research it has often seemed to result from a kind of cultural divide between the IT people and other areas.

Ted Demopoulos: Are the problems more common as companies get larger? And can you elaborate on the cultural divide between the IT people and others.

Jeffrey Stanton: These problems emerge as companies get larger because the IT function naturally takes on a life of its own. As the domain of IT responsibilities grows, the staffing, budgets, and bureaucracy of the IT function grow along with it. Once IT gets large enough to have its own distinct and persistent culture within the firm, that's when it is not unusual to find these cultural divides. 

The cultural issues that we have seen in our research seem to have arisen because IT has become more and more of an identifiable and coherent profession. For a parallel, take nurses. There are lots of different kinds of nurses, with different specialties, levels of responsibility, compensation, work settings, and so forth. But most would agree that nurses have a unique occupational identity that sets nurses apart from, say, doctors, or airline mechanics. With that identity comes a particular vocabulary, outlook, rules, practices, a system of credentialing, ways of letting people into the profession, and ways of kicking them out. All of this stuff together might be considered the  "occupational subculture" of nurses. What we found is that IT people have an occupational subculture as well. When the language, beliefs, rules, and practices of that subculture come into conflict with other groups in the organization (e.g., executive managers), that's when big problems may arise.

Ted Demopoulos: How do these problems manifest themselves?

Jeffrey Stanton: The two biggies: 1) An IT adoption failure; 2) A catastrophic information security breach.

In the first case what happens is that a series of missteps between IT and executive management, along with substantial ignoring of the user community from both of these parties ends up with the implementation of a project which is technically operational, but so bad from a user standpoint that it gets scrapped.

In the second case you start with similar miscommunications between IT and executive management, particularly about priorities for business continuity. Then what generally happens is a major hole develops in security as a result of some behavior that either system administrators or users are supposed to be doing but are not doing (often because they don't have the right tools or training!). The hole is not visible to management because they don't have the capabilities or expertise to look into the technical domain.

The hole remains unseen by IT staff because they are stretched too thin, under-resourced, or their attention lies elsewhere. The hole is then exploited to the detriment of the firm by a malicious insider or the usual cast of external malware, hackers, and script kiddies.

Ted Demopoulos:

How can organizations tell if they have these types of potential problems?

Jeffrey Stanton: The front line folks will tell you readily, if you're a neutral party (i.e., not the boss). One company my research team worked with recently had a VP of IT who said something like, "We're just one big happy family here and we all get along great," while the front line IT people, as well as folks from other departments were saying that they fought with each other like cats and dogs. The IT folks said that the people from other departments were always undermining them, not following rules, ignoring policies, screwing up their PCs and so forth.

At the same time, the folks from the other departments were saying that IT security always gets in their way, stops them from getting things done, causes machines to slow down and crash, etc.

Being a neutral party is one advantage of playing the role of consultant, organizational development specialist, or organizational researcher. People may have a greater degree of comfort telling the truth about what is going on if they feel confident it will not cost them their jobs. Similar benefits can be realized from a purely internal operation, however only if the organization can do a good, anonymous internal survey. Surveys can be great for keeping managerial fingers on the pulse of the company, although there is also a danger that if people bring up problems and they are not addressed in a timely and effective way, both the survey process and the managers that requested it can lose credibility.

Ted Demopoulos: When you find this type of dysfunction between IT and the rest of the organization, how do you "fix it?"

Jeffrey Stanton: If you buy into the whole culture clash idea that I have, it suggests at least one way of working that should have applicability in a number of different organizations. What I recommend is a kind of "cross-cultural" employee swap. Few small or medium-sized companies are rich enough that they can let an employee simply disappear into another department for three months. On the other hand, it may be more feasible to send Joe from IT over into the finance department for six weeks and Mary from finance into the IT department for the same amount of time.

Somewhere between 6-12 weeks of total immersion in a department gives one a strong sense of the culture, norms, and language of that department. Then, when one returns to the home department, one has a much stronger sense of how things work "back over there." That understanding may then radiate out from the swapped employee to his or her coworkers, employees, and supervisors. Further, the swapped employee returns home with personal connections into the other department and this enhances the informal communication channels between the two departments immensely. This idea basically works the same way as study abroad programs in high schools and colleges: The individual learns and grows through immersion in the foreign culture and returns as a person who can build bridges and readily cross the cultural divide.

Ted Demopoulos: Personally, I have seen this culture clash numerous times as have many of my colleagues. I wondered if I just had bad luck or if it was pervasive, as have many of my colleagues.

What about less invasive techniques than "total immersion"? For instance sending

Mary and Joe to each other's respective department one day a week for a few months, or somehow setting things up so that IT and other employees naturally interact? Perhaps things as simple as having them eat in the same cafeteria, or having them take (perhaps unrelated) training classes where they are required to interact? Is there any value in these techniques??

Jeffrey Stanton: All of these suggestions are potentially workable, but very much untested (as is the total immersion idea). The critical question, as I see it, is how do you help Joe, Mary, and the rest of their departments become effectively bicultural, so that they can bridge the gaps in language, outlook, problem solving approach, and so forth that got the departments at odds with each other in the first place? The shorter their experience with the "other" the less likely it is to work. On the other hand, your instinct to want to get them to "naturally interact" on an ongoing basis is right on the money. There are several studies of environmental design showing that the relations between two departments in an organization depends in part on whether the architecture of the building they inhabit promotes frequent, informal interaction. Which also reminds me that most "cube farms" tend to discourage this kind of interaction because all of the space is cut up into little private plots. Another thing that can bring people together naturally is the so-called foxhole effect: Send Mary and Joe to training together, have the training be very difficult like boot camp, and make sure that Mary and Joe need to rely on each other to succeed at the training. When they come back they will have a social bond that will help enhance communication between the two departments.

Ted Demopoulos: It seems like there are a lot of potential solutions, but not much guidance as to how to implement them. Any final thoughts about this?

Jeffrey Stanton: As a researcher, my stump speech always includes a plea for research access. Companies have to be willing to experiment with this kind of stuff to find out what works. But they also have to be willing to share their successes with the larger community so that we can build a better understanding about how this stuff works. Academic researchers from psychology departments, business schools, and information schools provide the perfect medium for this, because academics don't have a product to promote or sell, and they can provide a veil of anonymity if the company decides it doesn't want its name associated with the research results. So my last word would be a standing request for companies that are doing major technology projects to open their doors to qualified academic research teams. Although the interviews and such that academics do are a small tax on productivity, the payoff can be much better feedback and honest progress reports that can help a company's IT folks develop better rapport and coordination with the rest of the firm.

Ted Demopoulos: Thank you very much Jeffrey! We wish you great success in your research, and the enormous promise it holds. And hopefully some readers will be able to provide you with appropriate research access!


The free newsletter of Demopoulos Associates, www.demop.com

This newsletter is Copyright © 2004 by Demopoulos Associates, Durham, New Hampshire, USA.  All rights are reserved, except that it may be freely redistributed if unmodified.

Sharing securITy is encouraged if the copyright and attribution are included.

Subscribe to the securITy newsletter


We NEVER rent, sell, or share email addresses.

Please forward this newsletter to anyone you know who  might enjoy it!

© Copyright 2002-2015, Demopoulos Associates