Here’s a great article from Ramon Padilla of TechRepublic on central vs. decentralized IT models with a theme on security breaches. Who runs (controls, manages, governs etc) IT in your organization?
There is a lot of real world experience in this article but what I really liked was this:
The laissez-faire model can work to deliver IT services. Sometimes well, sometimes not so well…Often staffed by people that are wearing an IT hat in addition to their “real” job and view IT as a hobby, a right, or a requirement … IT is not their profession… they have neither the time nor the resources to run IT like a business or a profession.
IT run by “amateurs” and I am not saying that in a derogatory way, have and continue to deliver necessary services but they cannot keep up with the level of sophistication that the “bad guys” have evolved to nor the responsibilities and liabilities that come with IT in this day and age. Once upon a time an organization could do mediocre IT and only be a danger to itself – now it is a danger to others.
Think about it – would you trust your personal information in the hands of that guy over in shipping who built a data base over the weekend on the same computer his kids use to download music from a peer-to-peer bit torrent based network?