Have your say at computerweekly.com
On finding the impetus to start training
In response to Antony Savvas' article (Computer Weekly, 15 June) where he reported on a survey which found that the number of job adverts asking for Linux has risen by 50%
Your article on the demand for Linux jobs prompted me to enquire about training.
Being a SuSE user, Red Hat training seemed off-target, so I rang the SuSE UK training centre and a member of staff talked me through finding the appropriate website. He also told me the training included the LPI exams mentioned in your article, so funding is my next quest.
Your article inspired my positive move. For others who are interested, check out www.novell.com/training
On getting the business to IT training ratio right
In response to Nick Huber's article, which stated that UKIT managers receive the lowest rate of career development in Europe (Computer Weekly, 8 June)
According to a survey by IT Skills Research in April, UK companies allocated the majority of their IT training budget to technical training for IT professionals.
Firms are also recognising that it is essential for IT staff to have management skills - with companies spending 52% of their 2003 IT training budget on business skills for IT staff.
So although spending might not be as lavish as it is in the rest of Europe, it is promising to see that UK firms are spending their training budgets to ensure their IT professionals have the right mix of IT and management skills.
Steve Spensley, Thomson NETg
On building a basis for trust other than an SLA
In response to Philip Yarnall, who said that service level agreements should be business-led, rather than technology-led (Computer Weekly, 15 June)
I read with interest the news that 21% of businesses do not use service level agreements and I share the view that SLAs should not be led by technology.
However, I feel Yarnall neglected to mention the most important issue when building a successful supplier-customer relationship. The foundations of successful IT do not lie in the minutiae of an SLA, but in the development of an open partnership built on trust and shared objectives.
In the past, IT suppliers have focused efforts on meeting the terms laid out in an SLA, but a more intelligent approach would be to focus on working together to achieve the customer's business goals, not just following an SLA to the letter.
A metrics-based SLA is an integral part of a contract, but for an IT undertaking to be successful, it must be underpinned by a partnership and a will to make it work - and no written contract can instill those values.
Jan Woolf, director of transportation services, ITNet
On e-government and the data silo approach
In response to David Roberts (Computer Weekly, 8 June) whose verdict on e-government was that public sector departments should combat the silo mentality
Many of the challenges associated with creating joined-up government can be traced to the information silo problem.
Most government bodies are insular and will approach their online efforts incrementally. Individual projects will be designed to meet specific needs, allocating budget and resources for each project and making technical decisions based on that project's needs schedule.
As security and user administration are necessary parts of any online application, their requirements are often specified in and limited to the project definition phase. They are then implemented by embedding business logic, access rights and user administration.
Although this approach may meet short-term goals, it also creates complicated silos, with many different technologies at each layer and many different identities for the same user. This results in higher administrative costs, poor usability and no centralised security.
Federation allows government bodies to standardise identity sharing within their own boundaries as well as with other government bodies. The benefits of this, such as for the police, are immense.
Without federation, users have to employ many passwords to gain access to information across different bodies - time, usability and resources are lost and administration costs are high.
Richard Mardling, strategic business director, Enline
Innovative outsourcing does not suit suppliers
In response to the story about innovative outsourcing models failing to take off (Computer Weekly, 15 June), as a service recipient I have an extremely simple view on Forrester's findings.
From any supplier's point of view, consistent service within a defined unchanging scope is cheaper to provide than an innovative and changing service which generates more internal cost. With such a cost focus suppliers find it very difficult to innovate in terms of delivery and risk-reward activities.
John Creber, contract manager (managed services), Gallaher
IT staff must own control of patching
Mike Fenton's suggestion that suppliers should update software patches remotely is utopian and unrealistic (Computer Weekly, 15 June).
We cannot expect software suppliers to understand the nuances and intricacies of every network and its applications. Informed IT organisations understand the necessity of testing patches, automating delivery across diverse connections and having a remediation strategy for patch-induced conflicts.
The only secure way of updating patches is for the IT staff to manage the process through the use of an end-to-end, integrated patch management system. The patching process is far too critical to simply relinquish control to multiple software suppliers and end-users who just want IT to work and are not concerned with security.
But truly integrated and robust patch management software also includes some pre-flight analysis in addition to roll-back or remediation capabilities if the patch causes software conflict.
If you allow suppliers to patch their own software and have direct access to end-users, it is likely you will lose control of your network altogether.
Volker Wiora, vice-president of information systems, Altiris
Fixing the holes does not have to be hellish
Mike Fenton suggested that patch management is ultimately the responsibility of software suppliers (Computer Weekly, 15 June), but this view is somewhat "blue-sky" and would prove unworkable in reality.
Businesses are highly sensitive about opening up their IT systems to a third party. Giving suppliers complete freedom to remotely install new code would send a shiver down the spine of even the most hardened IT manager. Who would carry the can when things go wrong?
IT departments are suffering from a lack of resources because of budget cuts and are struggling to cope with the continuous stream of patches and updates from software suppliers.
Deploying patches to hundreds of PCs across multiple sites can be costly, time-consuming and vulnerable to manual error - but it doesn't need to be. There are "click and patch" systems management server tools on the market that can automate the entire process from start to finish.
Asking software suppliers to manage patches remotely is like asking the brass section of a band to conduct the orchestra. IT manager should remain the conductors, especially when the tools to help them orchestrate patch management are readily available.
Sumir Karayi, founder and director, 1E
NHS data requires committed cleansing
I was pleased to read the letter from Adrian McKeon of Infoshare (Letters, 15 June) highlighting the serious challenge faced by the NHS in cleansing and migrating patient data to new systems, including the national data spine.
Trust chief information officers, national plan management and local service providers are becoming increasingly aware of the enormous task that lies ahead in cleaning patient data and providing processes to attach a unique NHS number to these records. This requirement becomes crucial in the process of issuing compliant data records to the national spine.
Unlike industry and other public sector applicationsthat merely merge records together into a "consolidated view", the cleansing of patient data also requires a commitment of trust resources in all disciplines (IT, medical records and clinical staff) to assess those records which cannot be cleaned automatically, and the physical amalgamation of the patient's case notes where necessary.
NHS data is complex and involves a dataset considerably larger than what is found almost anywhere else. As McKeon rightly identified, the quality of delivery within the NHS and therefore its ability to support enhanced patient care will be severely undermined if trusts do not take this opportunity to cleanse and validate patient data before migration to the new applications and to the national spine.
Ali McGuckin, professional services director, Stalis
Overseas data stores will always be at risk
As a BS7799-accredited, UK-based provider of managed services, I would naturally agree with Kerry Davies' argument (Computer Weekly, 15 June).
There is a clearly a risk to confidentiality, integrity and availability from processing information in countries which could become hostile. Note I use the word risk advisedly in the true meaning of a possible outcome where probability and impact must be assessed (in true BS7799 fashion).
If the risk has been adequately assessed and appropriate mitigation put in place, it may still make sense for taxpayer value to use offshore providers.
Davies' argument is weakened by a lack of examples. Which government departments are processing UK-critical data in foreign territories today, or are planning to in the near future? What standard of risk assessment is being carried out?
I would agree that ISO17799/BS7799 should be a prerequisite for any information processing, but even this would become inadequate if a foreign provider became hostile.
Stuart Bonell, director of products, Attenda