A realistic approach to IT

IT should not view itself as a 'controls and standards' group that tells the business what to do. Instead, it should get others excited about using technology to drive business goals--and this requires a change of mindset and culture. At the same time, the business side should take responsibility for IT. One idea is for the business and tech sides to share a service score card, providing metrics that can be tied directly back to the IT department. That means that decisions regarding which projects should receive priority, in terms of spending, are set by the business, not by IT. And when it comes to security, instead of putting a fortress outside your firewall and not letting anyone in, IT departments should develop their application layer assuming that people are going to get inside the network. But once they are inside, make it difficult for them to access applications. Use something called the "sticky pudding approach" to help resolve the security versus open access dilemma.

To get more about a realistic approach to IT:
- read the article at IT World Canada