As companies and organizations grow in size, departments internally supporting the business grow as well. IT of course is one that must scale to accommodate business needs. If your department is small, it’s very likely that you know how all the components in your IT infrastructure are configured, what they are, what they do, and so forth. You know not only which servers host what resources, but know about the configuration of users in Active Directory, you may be responsible for provisioning those users, and for setting them up with VPN access, server access, and other actions unrelated to configuring the user in Exchange or giving them a mailbox as well as a login. You may be thinking, “Of course, Clemmer, but doesn’t everyone know about all the elements in a network and how the interrelate with email?”

Well, in larger organizations both operational responsibilities and security policies make the separation of duties for IT staff a reality. What does this mean? Well, the person who manages the firewalls and configures rules to allow email traffic between company sites or business units is very likely not the same email admin who is going to configure the SMTP connector or inter-site replication. The staff member that gets information from human resources and provisions accounts is likely not the same staff member that builds out hardware for servers, or configures desktops or notebooks for the new users. The security staff that manage proxies, load balancers, network anti-virus solutions and other security solutions are not the ones that will perform tuning and regular maintenance to your email servers, in most all cases. If you have backup and storage managed by a separate group in the IT staff, they may or may not know the specifics of backing up an Exchange database or server.

What will all the results of this separation of duties be? Will things work better or more poorly? Are you already in this sort of situation and frustrated that nothing seems to get done and that things take many times longer than they used to or seem that they should?

If you are a growing organization and thinking of separating duties and responsibilities because of workload, security, expertise, or all three, consider carefully what the impact will be. When one group does not know what another is doing, when, or why, it can make otherwise simple changes into boondoggles. Scheduling with clear communication between groups of planned outage times, priorities, and potential risks of course are important. Clear communication sounds easy, but when everyone is busy with their own work sometimes we forget that not everyone knows what we are doing and that everyone else may not have read every single email before they left work for the weekend, especially if the email was about another group’s project. When things do go wrong and problems erupt, affecting systems unexpectedly, is there a well-understood escalation process and means of contacting the staff needed to troubleshoot and resolve things? Monitoring systems and automatic email or text alerts are great as long as those systems can function properly and they have a connection outbound to the Internet and from there to you when the crisis happens.

Recently we discovered at one location that backups for some systems had not been running for a long time. No alerts or warning about that, because the backups weren’t configured in the first place. A few days later we discovered that some of the systems were not being monitored for performance at all, although there was monitoring software available and a plan was in place, it just wasn’t happening. These things went unnoticed by the staff directly administering and supporting those systems, because they did not have administrative or even read-only access to the backup technology or the monitoring solution. The staff did not have the means to even look and see if these important functions were active and operating as assumed. The problems have been corrected, and going forward, the staff has been granted access to check that the backups and monitoring are operating. This is an example of where separation of duties was problematic. The lessons learned were that we can’t assume that others know what we want, and that we should verify things. Just trusting someone in another area’s word that something is true isn’t enough–”show me” works better.

Organizations can be and will be so large that any one IT staffer simply can’t know everything about everything. The field is becoming complex enough that this is no longer possible. For large organizations, it’s not possible to have the same group manage every IT service. Since this is the reality, we are left with the task of ensuring that the different IT roles can and do work best together. As an email admin you may discover that you know more and more about less and less of the whole IT infrastructure. Just don’t take it to the point where you know everything about nothing!