A couple of years ago, a piece in the Wall Street Journal declared “It’s Time to Get Rid of the IT Department”. Challenging all known definitions, the author proposed the classic IT departments were “from a bygone era”, sowing the seeds of change in an operation that seemed to be at a stalemate.
And IT, from an organizational point of view, hasn’t changed much. But the article fails to convey the dramatic change in their services and responsibilities, especially in the last few years.
The always-growing importance of cybersecurity cannot be denied. The soft skills of personnel in direct contact with people are tested daily. And the business environment of today has been the hardest rock to climb: post-pandemic, remote work-forged teams have learned a lot.
And the idea of outsourcing IT teams through alternatives such as MSPs has been gaining traction, especially in infrastructure, service desk, and provisioning. But maybe you only have seen IT from an “IT support” point of view. So, what’s the deal with IT departments? Why are they so important (even if the WSJ says they aren’t) and how do they fit into your business needs?
Let’s get into it.
Why do we need an IT department?
Information Technology (IT) has been growing alongside the field of computing for quite a while. Transistors and processors were on a journey to shrink and become microprocessors, and computers the size of a room became PCs in the span of 20 years. Suddenly, every industry was interested in how to apply technology to their processes, and the ICT field (that’s information and communications technology, a much bigger umbrella term) was skyrocketing.
As computing and information became ubiquitous concepts in every organization, the IT department became a staple for the business process. Usually falling under the scope of the Operations team, the IT department is in charge of maintaining standards of information handling, equipment administration, infrastructure administration & programming, and technical support.
IT departments aren’t just service providers, they are business enablers.
The service IT frameworks
As a critical part of business, IT practices have been condensed into several frameworks through the years. The majority of these frameworks aren’t just for IT service management. Some frameworks are strictly focused on best practices for operations and/or security, and have ties with other frameworks for entirely different purposes (such as fraud detection, for example).
The most relevant frameworks for IT operations —the ones that define critical aspects of how IT departments work— are:
- ITIL, developed by the UK government’s Central Computer and Telecommunications Agency (CCTA) in 1989, and now a private certification
- COBIT, developed in 1996 by ISACA, an international organization created to regulate IT governance
- ISO/IEC 20000, the international standard for IT management, developed by ISO/IEC Joint Technical Committee 1 in 2005
- MOF (Microsoft Operations Framework), developed in 2008 by Microsoft
Most organizations around the world have shaped their IT department —or at least their organizational structure— around these frameworks.
The IT department's responsibilities
As we discussed earlier, the IT department handles way more than your malware-infested computer. Besides maintaining standards in critical areas and assuring business continuity, IT staff is the engine & transmission driving the efficiency of any organization that requires technology (nowadays, most of them).
The IT department's responsibilities can be summarized in three broad groups:
No computing device in an organization exists on its own. Networks, endpoints, and servers: all of them subsist on a complex mesh of layers, hardware, and protocols. That mesh is usually a blueprint (or a set of blueprints) that IT architecture is tasked to design.
Usually, a “strong” architecture is defined as a cohesive structure governing all areas of tech, from planning to acquiring, and finally to building and implementing systems.
IT professionals responsible for architecture exist all across the spectrum. Domain architects, for example, are experts in designing infrastructure, applications, and information exchange; while security architects develop protective barriers (physical or otherwise) so the entire organization can be shielded from malicious actors.
The enterprise world, like our society, needs rules & goals to maintain its sustenance and boundaries. Without a set of rules, there would be no control and no accountability. And with no control, issues would immediately arise. That’s where governance comes in. The main purpose behind IT governance is to establish processes that manage IT resources in a transparent and efficient way, to help the entire organization to achieve its goals collectively.
IT governance can be broken into five domains, defined by the IT Governance Institute (a division of ISACA):
- Value delivery: To categorize and demonstrate the value of the IT department, often foreshadowed by not being directly aligned with the business goals. The lack of value delivery causes a “black hole” effect, where IT costs are perceived as lost.
- Strategic alignment: To support the business through TI and how the department objectives are aligned with the organization.
- Performance management: To track implementation, resource usage & service delivery, and maximize budget.
- Resource management: To optimize and monitor critical IT infrastructure (through asset management, for example) and to deal with third-party providers.
- Risk management: To assure operations continuity and information integrity through risk mitigation.
Of course, the most common way in which we look at IT is in its functional responsibilities. IT support, help desk, network administration... the list goes on. From crimping an RJ45 connector into a cable to massive provisioning of devices, the scenarios that IT departments face almost always are operational in nature.
IT department structure
To efficiently distribute the responsibilities of an IT team, it’s a very common practice to use well-known methodologies to assign and coordinate tasks within the department. With organizations of different sizes, objectives, and budgets, IT teams can choose one or several organizational structures.
A functional structure organizes its members into groups, based on their responsibilities and seniority within the IT team. Functional teams of IT technicians, who carry out functional responsibilities, are usually led by senior members (IT administrators or managers). Project management is absolutely centralized.
In medium and large companies, these teams can assume defined roles (such as engineering, cybersecurity, service, etc.). This group structure is the most widely adopted within IT teams.
Independent service line structure
This is where the concept of "IT service line" appears: that is, an independent entity within the IT department, which works in a decentralized manner to satisfy the needs of the organization. This is in contrast to the functional structure, based on a strong hierarchy.
This decentralization manifests in total control of what happens within the service line: that is, each line has independent governance and manages its resources independently. In practice, this means that each IT service line functions as a small IT department within the organization, and deals with specific projects directly with the rest of the areas.
This type of structure favors direct service and agility within the teams, in addition to facilitating accountability processes for the areas of operations, which leads to a more cost-effective department.
When IT service lines receive assistance from a service provider in different areas of support and administration, it is known as a leveraged structure. This type of structure is common in small IT departments or startups, which sometimes need expert assistance in specific areas or additional resources to meet the needs of the entire organization.
In most cases, service-level agreements are signed to assure a certain level of quality, and to favor accountability.
Unlike a leveraged structure, a hybrid model is one where a third-party provider takes full ownership of one or more IT service lines. These professionals go beyond being just independent contractors and form an integral part of the organization's processes, maintaining their status as independent companies or providers.
IT department roles
The majority of roles inside a typical in-house IT department are defined by the size/scope of the organization, the priority when fulfilling the responsibilities mentioned above, and the frameworks adopted.
Nevertheless, there are roles that are broadly accepted as important or relevant to have in your organizational structure. This is especially true if following a functional model that requires a structured approach to fulfill operations and business functions.
CIO: Chief Information Officer
The CIO is the business leader behind and above the IT department, with the primary objective of translating business objectives and key stakeholder needs, sometimes across the organization, to the IT strategy. Consequently, the CIO is in charge of managing all organization-facing technology.
As a C-level manager, a CIO has several executive responsibilities, such as (among many others):
- Leading the IT team, in-house or external (through an MSP)
- Choosing information technology frameworks to apply and leverage, and create & implement IT policies
- Setting appropriate controls and budgets for all processes (infrastructure, cybersecurity, operations)
- Defining and overseeing accountability for all tech-related processes
- Overview of the recruitment for the IT department
The CIO should not be confused with the CTO (Chief Technology Officer), a similar C-level executive that usually deals with customer-facing technology.
Operations: the role of Sysadmin
Operations is a broad term that includes various positions that provide the functional responsibilities of the IT team. Most of these responsibilities include technical support, troubleshooting, installation & provisioning, and a ton of network tasks around all OSI layers.
Commonly called system administrators (or Sysadmin, for short), the professionals who deal with these issues are problem solvers in nature. Experts in multitasking, sysadmins must be proficient in computer science as well as other skills: hardware, software, networks (physical and virtual), databases, web, and even security.
Their level of specialization depends on the complexity of the system itself; small organizations may need a Jack-of-all-trades to deal with the day-to-day, while the enterprise world usually has teams of sysadmins dedicated to all areas.
Nevertheless, one thing is certain: almost all organizations require a sysadmin, in-house or otherwise.
The infrastructure team is responsible for maintaining and managing the technology infrastructure (the hardware, software, and network that supports the delivery of services) of an organization. For that reason, the infrastructure roles are usually the most committed to the business goals, especially in organizations that produce or sell technology products; therefore, an infrastructure team can have goals set by the CIO and the CTO.
The main role of this team is to ensure that the systems supporting that tech is reliable, secure, and scalable. As such, infrastructure engineers are experts in installing and configuring servers, storage systems, network devices, and other technology components, as well as maintaining and updating existing systems.
The information security (Infosec) team protects an organization's information assets and systems from unauthorized access, disruption, disclosure, or destruction at all costs. This involves implementing and maintaining a comprehensive set of IT security measures and controls to ensure the confidentiality, integrity, and availability of information. Infosec engineers, whether it’s networks or device security, are the bouncers of this party; they know very well who can come in, and usually who needs to be stopped or kicked out.
Infosec is a broad field with close ties to security, therefore the team can be managed by other C-level executives as well, which may or may not be dependent on the CIO: the CSO (Chief Security Officer) & CISO (Chief Information Security Officer).
The Infosec team is tasked with conducting security assessments and audits, implementing and managing cybersecurity software, performing risk assessments, developing security policies and procedures, and responding to incidents.
Outsourcing the IT department
One of the most recent trends in business is the outsourcing of some or most of the IT services to external providers. The most known player in this team is the MSP, or “managed service provider”. But why IT outsourcing?
The fact is that many teams are struggling to meet demand in IT. As you may already tell by reading this article, the nuance and complexity of building an IT team are sometimes too much to handle. IT requires a great amount of accountability and the multiple skill sets required to achieve that expertise are huge. Sometimes your team is just not enough: it starts with a couple of employees who can’t be serviced, then long downtimes in servers. And when people can’t work, the entire organization starts to lose money.
That’s where alternatives like an MSP, or MSSP, come in handy. Through leveraged or hybrid structures, these external vendors can improve the quality of IT solutions while maintaining high levels of responsibility and accountability. They can even bring new technologies and solutions to the table!
Benefits of outsourcing the IT department
- Cost savings. Outsourcing through an MSP can often be more cost-effective than hiring and maintaining an in-house IT team.
- Access to specialized skills. IT service providers have a pool of skilled technicians with a range of expertise, which can be beneficial for companies that have specific IT needs (such as cybersecurity, compliance, etc).
- Increased efficiency. MSPs and other service providers often use more streamlined and efficient processes, leading to faster problem resolution and improved IT performance.
- Improved security. security-based service providers (such as MSSPs) often have more resources and experience in implementing and maintaining robust security measures.
- Scalability. Outsourcing allows companies to quickly add or reduce IT support as needed, without having to hire or lay off employees.
Drawbacks of outsourcing the IT department
- Lack of control. Outsourcing can result in a loss of control over the IT processes and systems, making it difficult to make quick decisions or changes. This is especially true without responsible managers inside the organization.
- Quality of service. The quality of service provided by IT service providers can vary. A service that is not up to standard may cause issues with accountability or responsiveness, which in turn may lead to misunderstandings and delays in resolving problems.
- Dependence. In certain cases, the company becomes dependent on the IT service provider, and a change in provider or a disruption in service can have significant impacts.
- Cost increases. Outsourcing costs can increase over time as the IT service provider raises its prices.
- Data privacy and security. Outsourcing can raise concerns about data privacy and security, as sensitive information is handled by a third-party provider.
In the natural growth process of companies, information technologies play a fundamental role. IT departments have changed, and with the addition of external teams capable of supplying technical and operational deficiencies, it is natural that they evolve towards new relationship structures and methods.
We hope this guide will serve as a starting point to better understand the inner workings of an IT team. We understand that some positions and responsibilities may have been left out. The field of information technology evolves every day, and the structures that support it are in constant mutation, according to the needs of each particular business.