What do you cite as the top IT lessons you learned 2011? I am talking about the hard lessons learned in IT management, administration, budgeting, buying, planning architecting and deployment last year? Based on those lessons what will you carry through 2012 and perhaps longer?

Let me share some thoughts on what I have seen in 2011:

1. Do you due diligence when outsourcing the crown jewels of your company’s information – Cloud computing is not the complete panacea it first appears to be. Abdication of IT management responsibilities is not a feature of the cloud of which many are quickly enlightened. Most find out there are still plenty of issues, mostly new ones, to deal with when operating out of the cloud.

  • Many learned learn that with no Internet they have no IT. Cloud computing is absolutely dependent upon a reliable and robust Internet connection. When that goes down your users can do nothing.
  • To top it off, the refunds from Service Level Agreement do not come anywhere close to covering your down time costs. What that means is that if the cloud provider themselves goes down or loses data you are on your own until they come back online. Every single one of the service agreements is so soft on penalties for failure to stay up and running as to be meaningless. There is not really much worry or disincentive for them from a penalty perspective. This turned out to be a real problem for many who use cloud services from Microsoft 365, Intermedia, Salesforce.com and many others.
  • I even know a group of clients for whom their whole application was shut down and no response. A trip down to the facilities found the place vacated. That begs the question, “Where is your data?” and “How are you protected and indemnified if something bad happens?”

2. Good security practices are just as easy to implement before a costly breach as compared to after the breach. – Some are calling 2011 is the Year of the Breach. Labels aside, employees and former employees remain the biggest threat to security and privacy. The failure in security with former employees only works because of poor IT administrative processes to lock-out users. I have seen a number of cases where former employees were still accessing the system. Most were doing so with malicious intent and outcomes. Some were even gathering data related to employment litigation with their former employer. In other cases users downloaded trade secret information and used it for inappropriate purposes.

3. VDI is not ready for prime time – Virtualization on the server is amazing. In the datacenter it must be on top of the list for the best Return on Investment I have seen in 10 years. VMware ESX, Microsoft Hyper-V, Citrix XEN Server and Oracle/Sun XvM are all now really mature and effective solutions for getting the most out of your server assets. But virtualization at the desktop or VDI seems to be another matter. While is seems to hold all the promise and potential of its older sibling Server Virtualization, it has been a sad disappointment. VDI is still immature and prone to getting into trouble. I still hold out hope for this new kid on the block, but some big failures on some significant projects are leaving me doubtful at this time. Even with key hardware and software vendor co-engineering on design and deployment, I have seen two projects fail recently leading the parties down the litigation path. Fortunately Alvaka Networks was not involved in any of these debacles. I think some smaller deployments and pilot programs are the order of the day for the more adventurous in this realm. Citrix ICA or Citrix with Microsoft RDP is the safer bet over VMware VDI in my opinion.

Am I off my rocker on these three lessons from 2011? What would you add to this list? Enlighten me with some good additions or be controversial and refute my opinions.