Don’t Underestimate The Stress Of Change

Don't Underestimate The Stress Of Change

Regularly in IT, we field new technologies and systems.

Often, we don’t pay enough attention to the details of change management and what that means to our users.

A great article in Government Executive Magazine by Dr. Victoria Grady really hits this right on.

Grady points out something that is often overlooked: people have an instinctual predisposition to attach to/lean on objects and intangibles–including things like office spaces, systems, business processes, organizational structures, leaderships styles, and so on.

If you take that away–excuse the simile, but it is like taking candy away from a baby–you are going to get a lot of (often understandable) whining, crying, and resistance.

The key is understand that people in a sense really all have a kid inside them, and they need to be listened to, understood, empathized with, and cared for.

Changing out IT systems, restructuring the office, or doing a reorganization (as much as they may be needed) can cause people huge amounts of stress and the organization productivity losses, if not done right.

Remember, you are changing up people’s status quo, what they know, their security blanket, and you need to be mindful of and implement a robust communication and change management strategy.

What I have found is that one thing that raises the stress tempo is when people don’t have enough information on the change that is coming, how that impacts them, and how “everything will be okay.”

The more unknowns, the more stress.

While you cannot share information you don’t yet have or perhaps that is not yet baked, you can be honest and tell people what you do know, what you are still investigating, perhaps what some of the options are, timeframes, and of course, solicit their input.

To the extent that people are kept in the loop and can influence the process–the more control they have–the better they can cope and adjust.

Not that adults are children, but the analogy still holds, when you take away a bottle from a infant, you better have a pacifier to keep them happy–in this case, the pacifier is the replacement thing that people need to attach to/lean on to feel secure in their jobs.

If you are changing out systems, make sure the new system is well vetted, tested, and trained with the end-users, so they know and feel comfortable with the change–and they have the confidence in you and your team, the new system, and in themselves to handle it.

Same goes for other changes in the organization–you can mitigate stress through communication, collaboration, testing, training, and other confidence building measures.

Adults and babies are a lot happier and better able to deal with change, when they are taken care of properly.

We are all somewhat change adverse and that is a basic survival instinct, so we sometimes need to take baby steps, walk before we run, and work together to change as a group and ensure that the “new” is indeed better than the “old.” 😉

(Source Photo: Andy Blumenthal)

>Staying Open to Open Source


I don’t know about you, but I have always been a pretty big believer that you get what you pay for.

That is until everything Internet came along and upended the payment model with so many freebies including news and information, email and productivity tools, social networking, videos, games, and so much more.

So when it comes to something like open source (“free”) software, is this something to really take seriously for enterprise use?

According to a cover story in ComputerWorld, 10 May 2010, called “Hidden Snags In Open Source” 61% say “open source has become more acceptable in enterprises over the past few years.” And 80% cited cost-savings as the driving factor or “No. 1 benefit of open-source software.”

However, many companies do not want to take the risk of relying on community support and so “opt to purchase a license for the software rather than using the free-of-charge community version…to get access to the vendor’s support team or to extra features and extensions to the core software, such as management tools.”

To some degree then, the license costs negates open source from being a complete freebie to the enterprise (even if it is cheaper than buying commercial software).

The other major benefit called out from open source is its flexibility—you’ve got the source code and can modify as you like—you can “take a standard install and rip out the guts and do all kinds of weird stuff and make it fit the environment.”

The article notes a word of caution on using open source from Gartner analyst Mark Driver: “The key to minimizing the potential downside and minimizing the upside is governance. Without that you’re shooting in the dark.”

I think that really hits the target on this issue, because to take open source code and make that work in a organization, you have got to have mature processes (such as governance and system development life cycle, SDLC) in place for working with that code, modifying it, and ensuring that it meets the enterprise requirements, integrates well, tests out, complies with security, privacy and other policies, and can be adequately supported over its useful life.

If you can’t do all that, then the open source software savings ultimately won’t pan out and you really will have gotten what you paid for.

In short, open source is fine, but make sure you’ve got good governance and strong SDLC processes; otherwise you may find that the cowboys have taken over the Wild West.

>What’s Lurking In The Update?


In defense, it is a well-known principle that you determine your critical infrastructure, and then harden those defenses—to protect it.

This is also called risk-based management, because you determine your high impact assets and the probability that they will be “hit” and deem those the high risks ones that need to be most protected.

In buttressing the defenses of our critical infrastructure, we make sure to only let in trusted agents. That’s what firewalls, anti-virus, spyware, and intrusion prevention systems are all about.

In so-called “social engineering” scams, we have become familiar with phony e-mails that contain links to devastating computer viruses. And we are on the lookout for whether these e-mails are coming from trusted agents or people we don’t know and are just trying to scam us.

What happens though when like the Trojan Horse in Greek times, the malware comes in from one of the very trusted agents that you know and rely on, for example, like from a software vendor sending you updates for your regular operating system or antivirus software?

ComputerWorld, 10 May 2010, reports that a “faulty update, released on April 21, [by McAfee] had corporate IT administrators scrambling when the new signatures [from a faulty antivirus update] quarantined a critical Windows systems file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.”

While this particular flawed security file wasn’t the result of an action by a cyber-criminal, terrorist or hostile nation state, but rather a “failure of their quality control process,” it begs the question what if it was malicious rather than accidental?

The ultimate Trojan Horse for our corporate and personal computer systems are the regular updates we get from the vendors to “patch” or upgrade or systems. The doors of our systems are flung open to these updates. And the strategic placement of a virus into these updates that have open rein to our core systems could cause unbelievable havoc.

Statistics show that the greatest vulnerability to systems is by the “insider threat”—a disgruntled employee, a disturbed worker, or perhaps someone unscrupulous that has somehow circumvented or deceived their way past the security clearance process (or not) on employees and contractors and now has access from the inside.

Any well-placed “insider” in any of our major software providers could potentially place that Trojan Horse in the very updates that we embrace to keep our organizations secure.

Amrit Williams, the CTO of BIGFIX Inc. stated with regards to the faulty McAfee update last month, “You’re not talking about some obscure file from a random third party; you’re talking about a critical Windows file. The fact that it wasn’t found is extremely troubling.”

I too find this scenario unnerving and believe that our trusted software vendors must increase their quality assurance and security controls to ensure that we are not laid bare like the ancient city of Troy.

Additionally, we assume that the profit motive of our software vendors themselves will keep them as organizations “honest” and collaborative, but what if the “payoff” from crippling our systems is somehow greater than our annual license fees to them (e.g., terrorism)?

For those familiar with the science fiction television series BattleStar Galactica, what if there is a “Baltar” out there ready and willing to bring down our defenses to some lurking computer virus—whether for some distorted ideological reason, a fanatical drive to revenge, or a belief in some magnanimous payoff.

“Trust but verify” seems the operative principle for us all when it comes to the safety and security of our people, country and way of life—and this applies even to our software vendors who send us the updates we rely on.

Ideally, we need to get to the point where we have the time and resources to test the updates that we get prior to deploying them throughout our organizations.

>Architecting Smart Kids and Enterprise Architecture


We’ve been hearing for years about our poor elementary and high school educational system in this country. For years, test scores have trailed our competitors in other countries across the globe. This has been especially true in science and math and has affected the number of qualified engineers we are producing as a nation. These are often the people who would take us into the future from an innovation standpoint.

The Wall Street Journal, 29 February 2008, asks “What Makes Finnish Kids So Smart?”

“By one international measure, Finnish teenagers are among the smartest in the world. They earned some of the top scores by 15-year old students who were tested in 57 countries.”

By contrast, “American teens finished among the world’s C students even as educators piled on more homework, standards, and rules.”

So is it something in the Finnish drinking water or some magic vitamin that makes them outdo us academically?

“High school students here rarely get more than a half-hour of homework a night. They have no school uniforms, no honor societies, no valedictorians, no tardy bells and no classes for the gifted. There is little standardized testing, few parents agonize over college and kids don’t start school until age 7.”

“Finnish youth, like their U.S. counterparts, also waste hours online. They dye their hair, love sarcasm, and listen to rap and heavy metal. But by ninth grade they’re way ahead in math, science, and reading—on track to keeping Finns among the world’s most productive workers.”

On the most recent test sponsored by the Organization for Economic Cooperation and Development, “Finland’s students placed first in science, and near the top in reading and math…[and] in first place overall….the U.S. placed in the middle of the pack.

So here’s the magic elixir—2 things:

  1. Reading—Remember the commercial here in the states that said “reading is fun-damental”? Well in Finland reading really is. Finns love reading. “Parents of newborns receive a government-paid gift pack that includes a picture book. Some libraries are attached to shopping malls, and a book bus travels to more remote neighborhoods like a Good Humor truck.”
  2. Self-reliance—While in the U.S., teens and even people well into their 20’s and even 30’s are hopelessly dependent on mommy and daddy and have been moving back home and throwing their dirty socks in the corner of their rooms, Finns are self-reliant from an early age.

“The Finns enjoy one of the highest standards of living in the world, but they too worry about falling behind in the shifting global marketplace.” Based on their relative educational success, it is us Americans that should be doing more worrying.

If we are to architect success in our students’ educational scores and futures, it will not be by driving them into early adulthood through the paranoid assignment of an avalanche of nightly homework. Our children are ridden with test scores and admission anxiety, even as they continue to flunk by international standards.

Using enterprise architecture as our guide, we need to teach not to grow up faster, but to enjoy being a creative, questioning child. We need to inspire children not with fear for their future, but rather with a sincere love of learning (and of reading, and exploring, and of trying new things). We must not hold our children’s hands forever in paranoid fear, but rather teach them to be confident, self-reliant, innovative, and adventurous. We must not push our children to be “doctors, lawyers, or accountants”—to make lots of money—but rather must encourage them to go after their dreams and passions. These are strengths that education alone will not provide for our children’s future.

>The "Right" Way to Introduce New Technology and Enterprise Architecture

> I came across some interesting lessons learned on rolling out new technology (from the perspective of franchisers/franchisees) that apply nicely to user-centric enterprise architects (adapted from The Wall Street Journal, 26 November 2007):

1) Partner with the user–“if you can get a franchisee really excited about the new technology, it’s a lot simpler to get it rolled out…if I can convince you, and you can see the difference, you will be my best spokesman.”

2) Testing it first–“finding a guinea pig…we have a lot of people telling us they have great concepts. We want to see that it works with our customer base, our menu, our procedures first.”

3) Show the cost-benefit–“an enhancement may look promising, but if its payback is years away, the investment may not compute.” Why fix it, if it ain’t broke.

4) Keep it simple–“most franchisees are focused on their business, not technology…so they’re not looking for something to complicate their lives.” Also, focus the solution on the operators in the field and not on the headquarters staff, who may not be completely in tune with the realities on the front lines with the customers.