Earlier this month, Congress passed an energy bill that will extend daylight-saving time by about a month, starting in 2007. Hmm. An event of possibly monumental proportions—one that could have a huge impact on the way we live and work and on the systems on which we rely? Reminds me a little of Y2K.
Organizations spent millions of dollars to make sure that Y2K didnt TKO their operations. And smart companies made smart Y2K investments, rolling in system refreshes.
With the coming of a lighter day, it will be just as easy to justify new IT spending to make sure that everything from personal calendaring systems to CRM and supply chain applications are patched to take the new daylight-saving start and stop dates into account. The trick for IT managers will be to use the opportunity to also include productivity-boosting changes in budget and project plans to bring critical systems up-to-date.
IT budgets are just as tight as ever; the old saw “do more with less” means that effective IT managers will find ways to improve network, system and application infrastructure by leveraging compulsory technology disruptions to get upgraded technology systems installed.
The daylight-saving-time change is actually just the latest—and, in many ways, likely among the most minor—of the “compulsory disruptions” that confront nearly every organization in the United States today.
The auditing, reporting and control mechanisms required by federal legislation, including Gramm-Leach-Bliley, Sarbanes-Oxley and HIPAA, should be seen by IT managers as excuses to do the right thing. Likewise, when your CRM vendor comes knocking on the door with a daylight-saving-time patch, find out how many other updated features can be rolled into the testing and deployment process. Since such a process will be required, it makes sense to roll out as many other improvements, bug fixes and even new features as possible to take advantage of the mandatory break.
Offering even greater opportunities for IT to combine updates with required changes are the auditing requirements of the federal legislation mentioned above. Many of these requirements will force organizations to show that they have a consistent process that documents who accessed what information when. IT managers can squeak by these mandates by just tracking user log-ins, but for just a bit more time and money, there could be a lot more return.
For user access systems to provide accurate audit data, and presumably to keep the CXO out of jail, organizations need a clean source of user data.
IT managers could do the bare minimum and go through existing directories and databases to delete expired accounts and solve the problem once. Similarly, in terms of daylight-saving time, applications and systems could be minimally patched to handle only the new dates.
In the case of user access controls, savvy IT managers will take advantage of the opportunity and recommend an identity management project that ensures new user data is entered correctly, that any changes are tracked accurately and that, when no longer authorized, users are barred from sensitive information while their past activity is preserved. And finally, when the law allows and business practice benefits, old user activity logs can be automatically swept out of the system.
Taking this approach solves the immediate problem of removing unusable old data, and it puts a more effective user management system in place that has a very good chance of improving not only audit compliance but also other business processes, such as user provisioning and asset management.
IT managers have until 2007 to make sure data systems can be remediated to live with the change in daylight-saving time. Those who use the time wisely have a good chance of piggybacking some really useful changes into their systems and applications.
Peter Coffee is on vacation. He will return to Epicenters Sept. 5. Technical Director Cameron Sturdevant can be reached at email@example.com.