These outdated IT best practices must die — and you must stop relying on them

Many IT best practices have become well entrenched in the industry over decades. But while many are still a good roadmap to follow, some have lost their effectiveness. Let us take a look at some outdated IT best practices you should reconsider, reassess, and reinvent.

Following only ISO standards

Outdated IT Best Practices

ISO standards are general industry standards that have been in vogue for a long time. ISO standards definitely still have value in the IT context, but they have been superseded by other standards that are more specific to the software industry like CMM.

ISO has recommendations for quality and process that are applicable in a generic sense to almost all industries. However, ISO does not talk about process and quality in a manner specific to software and IT.

Standards like CMM, on the other hand, are specific to software and hence they are more directly applicable to the IT context. The best practice is to align yourself to such standards apart from ISO, which should be considered but only as a minimum requirement.

Following only the waterfall model

Among the process models used in IT, waterfall remains one of the most popular, kind of like how “Transformers” and the new “Star Trek” movies are so popular because they are so consistent. But the waterfall model is also among the oldest, and therefore prone to being among the outdated IT best practices. The waterfall model of the SDLC states that software development proceeds across linear phases with work proceeding in a unidirectional manner.

outdated IT best practices

There is no scope in the waterfall model for iterative development whereby phases succeed each other in a circular manner. For many software development projects, the waterfall model has become outdated. There are models like Agile that are more modern in their handling of iterative development.

Using manual, Excel sheet-based defect tracking

Excel-based defect tracking remains very popular in projects across the globe. What happens in this is that defect information is entered into Excel and the status is tracked right there. All the comprehensive defect-related information may be found in the Excel sheet, which serves as the single point of reference for defects.

This is now outdated because of the availability of portal-based tracking for defects. Most organizations now focus on building portals where defects can be entered and tracked to closure. This is the most modern way. The problem with Excel-based tracking is that errors can easily occur and there is a lot of effort invested in manual updates, which are error prone.

Using programs like older versions of Lotus Notes

There are many programs that retain significant influence and popularity in the IT industry. One such program is the older versions of Lotus Notes. While in days gone by, Lotus Notes was a single-point program including email and server hosting, it has been superseded by a number of other programs including Outlook and Gmail.

outdated IT best practices
Given the fact that Lotus Notes still retains sticky popularity due to reasons of being able to support scalability requirements, it can be a difficult job to convince people to migrate away from the program. However, given the performance available among other programs, there is no reason to stick with the older versions of Lotus Notes.

Using discussion forums and newsgroups

Another popular medium of yesteryear are the discussion forums and newsgroups. These are generally used to serve as a portal where questions are raised from the team and answers are provided. These are in the conventional question-and-answer format as seen in the discussion forums of yesteryear. However, with the arrival of social media, this is another of the outdated IT best practices.

Social media and Facebook work pages can be a significantly better alternative to conventional discussion forums. The question-and-answer format is far more intuitive and user friendly with social media pages than with conventional discussion forums. Also, multiple answers can be handled easily with social media pages.

Depending on mainframe and CICS-based UIs

Outdated IT best practices
U.S. Navy

There are still a number of applications that depend on mainframe and CICS-based UIs. These UIs are quite primitive and are acceptable only for use at the server end. However, there are still several client-side applications that depend on mainframe CICS-based UI’s (green screens). With the arrival of Java and .Net-based applications, there is no real reason to persist with having to just depend on green screens.

The conventional reason for not migrating from green screens is owing to the costs involved. However, it would be advisable to initiate efforts toward migrating such applications towards Java or .Net/HTML-based front-end software, even if the costs are significant. Modern frontend software is much more user friendly, elegant, and maintainable.

Lack of emphasis on domain expertise

It has been a popular trend for long that techie programmers are encouraged to be super-specialized in programming with no emphasis on acquiring domain expertise. However, for the times that we live in, techies are being called upon to possess a significant amount of domain expertise.

True, they may not be domain experts — that is a job best left to domain consultants and MBAs. However, they are supposed to have a sound basic understanding of the domain. For far too long, techies have not been directed in that manner. Cultivating some amount of domain expertise helps in improving the quality of code and produces value-added code.

Relying on in-house server hosting

With the arrival of the cloud, it has almost become passé to emphasize building and maintaining servers in-house. While some servers will still be required to be maintained in-house, a significant number of server requirements can be met by contracting with a vendor that would take the responsibility for hosting and maintaining the server-side hardware and software.

Most cloud vendors are able to provide public, private, or hybrid cloud hosting based on the requirement. With such extensive cloud capability, there is no reason anymore to rely heavily on in-house server hosting.

Not encouraging BYOD

For too long, IT departments and management at many companies have not been encouraging — and actually been banning — BYOD due to fears associated with data leaks and hacking. However, with newer more powerful encryption standards in place and the ubiquity of smartphones, it does not make any sense to do so any more, and this has become perhaps the most common of all the outdated IT best practices. It is highly recommended that smartphones be embraced wholeheartedly and enabled to access server-side resources.

Photo credit: Shutterstock

About The Author

23 thoughts on “These outdated IT best practices must die — and you must stop relying on them”

  1. I personally feel that a good portion of these are inaccurate and off the mark.
    Some seem to be vendor influenced. With the Wi-Fi hack recently, the BYOD chapter is no less then a DANGEROUS recommendation, but then it was before resent events too. BYOD devices are no less then a complete security breach and should best left at home or on the street with the other toys that grip less then educated users to spend money they don’t have. I would not risk mine or other’s job, so some can play with new toys at work.
    The rest of these, I will leave as the gibberish of a school kid bragging about new Christmas gifts.

    1. Ever heard of mobile device management? How about Access Control Policies and Rights Management Services?
      BYOD can be bad it not done correctly, but there are enough resources available that make BYOD work well in your organization.
      Plus the new wireless exploit will still affect company owned devices and your users will still try and find ways to work around your policies and procedures. These aren’t unique to BYOD.

    2. Benjamin Roussey

      Hello Kendo,

      Let me see if I can address some of the concerns you’ve raised (thank you for your comment).

      Firstly, you have my full assurance that not one of my opinions and/or assertions is vendor backed or sponsored.

      Particularly for BYOD, the kind of progress being done in the cellular communications space, app-ification of business tools, and an underlying focus on enterprise mobility – they are too big for any enterprise to continue on their no-mobile device policies for too much longer.

      More than letting risks influence the buy/don’t buy decision, I’d say it’s more about understanding BYOD security state-of-the-art.

      Again, thanks for your comment, it helps. I hope your weekend is fantastic.

  2. agree with earlier comments
    especially byod
    also the author’s enthusiasm for so-called ‘social media’ betrays a lack of understanding about enterprise needs for stability and security

    looking at the author’s background, i dont’ see a lot of real experience

  3. Thomas Guertler

    The other comments above are on the mark. BYOD can be done well. It is a combination of good network structure, approproate use of MDM and firewall policies that reinforce the hardening of the network structure.

    Like anything else, you have to actively plan and manage the access that you allow, foreseeing the dangers and minimizing the risks.

    1. The 5th Horseman

      I agree with your comments, but would offer one other insight; given the need to constantly monitor these devices, and defend your infrastructure from them as an ongoing cost, is it really beneficial to allow this in the first place? This is like inviting a burglar into your home… you could do it, and it may make employees happy, but how long can you keep your eye on the burglar? Is that what you really want to do with your time? and what happens when the burglar finally gives you the slip and makes off with your safe? Just saying that sometimes the risk over time does not justify taking the risk at all.

      1. Benjamin Roussey

        I am not sure I really understand that. I do not think any burglar should be let in. Cyber criminals should be punished more as well. They should not be let in or accommodated.

  4. This article reads like someone who’s never worked in a large corporate environment. The suggestion to quit the forum format and rely on social media platforms is laughable.

    1. Benjamin Roussey

      Hey Madmonk,

      Thanks for your comment. Let me offer my take, particularly on the forums versus social debate.

      The average attention span of humans is spiraling down; social media accommodates this behavior, whereas forums are more for sticky audiences, which are hard to find. In regards to the former comment, Sean Parker recently said they made Facebook to be addictive and now there is data out that says the more young people spend on social media the more depressed they get.

      Some even believe that social media is the extension of forums. I believe it. The truth is that social media platforms are mobile-ready, whereas forums are clunky for mobile experiences.

      That said, I understand how enterprises stick to their forums, purely because the data-gold is already stacked in there. Social media, however, is here to stay. Certainly Twitter.

      Have a stellar weekend. I hope all is well.

      1. If I’ve learned anything while working in IT it’s that nothing is here to stay. Some new format will come along in the future and wipe out the social media format we all know now.

        That being said, I like to keep my work life separate from my home life and don’t really want to maintain 2 Facebook accounts, 2 Twitter accounts, etc. Nor do I want to give anyone beyond close family and friends access to those accounts. I doubt I’m the only one that feels that way. That’s why the forums are a great place.

        It’s also easy to search for articles matching a similar issue. Facebook and Twitter don’t offer that functionality. I wouldn’t say forums for IT items are going away anytime soon.

  5. I think the issue here is that the article discusses a few points briefly that could, on the their own, each warrant a complete discussion. In essence, the concepts have been too simplified.

    Commenting on a few concerns above, I think everyone in the industry can agree that manual non-cloud based processes should be phased out for more collaborative processes – even if it’s on a private-cloud platform rather than a public cloud as suggested.

    The author makes the point that following certain Standards may be out of date. I would argue that the angle should have been that each business needs to adopt and compile a subset of standards that work for their industry/company.

    As for the BYOD, there are arguments both ways. At the essence, if a mobile device contains critical or top-sensitive information, BYOD is a good way to ensure private corporate information gets into hands it does not belong in.

    Even with MDM and other management, there are legal implications when it comes to forcing a personal device to conform to business requirements. Some of the MDM is simply not enforceable depending on the device or even legally (the last point is not emphasized enough these days).

    The point with BYOD is to lighten the capital expenditure where a personal device does not compromise the integrity of the business but can help the productivity of the individual. Any BYOD device is still an untrusted device and must still be treated as such regardless of what MDM solution is in place.

    However, with all things considered, the idea is that a policy and security is only as strong as the weakest link. Information will flow out. The idea is to make this increasingly more difficult depending on the risk associated with that information, BYOD or otherwise.

  6. These are good general guidelines – not absolutes. One item missing is the practice of only updating software and firmware when something is broken. In today’s world, it is imperative that we understand that fixes must be applied proactively – security is one area where we cannot afford to wait for months to apply a patch. This is true for other application software as well – someone needs to pay attention to the fixes coming out and be in a position to apply them.

  7. Thanks for the feedback Susan. I really enjoy Twitter since it is outstanding for putting out information. I believe Facebook is more for socializing and young people and it also biased against conservatives so I really use FB – only for social media purposes. Twitter can be for both and is much better to me for professional reasons.

    Merry Christmas.

  8. The 5th Horseman

    Unfortunately, I have to agree with some of the other commentators; Most of your recommendations are not made with information security or virus/malware requirements in mind. Social media is NOT a good replacement for dedicated chat/support systems. Most IT professionals can write you a book on how many ways social media is a security threat. If that is not enough for you, it is also the ultimate distraction for employees whom are supposed to be working… not playing with Facebook and Twitter. As an employer, I am NOT paying you for that.

    The concept of BYOD looks good on paper… but in a place I call REALITY… it is the biggest problem you can create for yourself in a business. Because these are personally owned devices, you have NO control over what software is installed, including social media, games, viruses, trojans, malware, etc. Even with MDM, which comes at a very significant cost, allowing employees to BYOD is to allow all their personal distractions to be right in front of them all day long. This is another idea that had merit to reduce costs associated with desktop hardware purchases for employees, but the reality is that the management requirements, and their associated costs, including security professionals to manage it, in my experience, outweighs the benefits. Indeed, if you research security trends in industry, a common practice that is emerging is that you have to drop off your cell phone at the front door and pick it up when you leave. This emerging trend is the industry response to the screen door security provided by ANY cell phone. Cell phone + Facebook = ZERO SECURITY.

    Regarding in house server hosting; you may want to research this more thoroughly. Although most cloud providers offer a great service that allows you to adapt very quickly to bursty needs for compute power, there is a great cost associated with it. Most of the tech bloggers I see evangelizing these services throw out numbers that make this seem like a no brainer…. jump into the cloud… but on closer examination, their numbers are inevitably for single site hosting, don’t account for training your systems admins, and assume that you are going to manage your cloud server environment optimally. The truth is that most people do NOT monitor their servers well enough to shut down unnecessary instances, make sure dev servers are off when not actually developing, or manage their traffic well enough to avoid cost overages. In fact, if you dig for trends, again, many early adopters are jumping out of the cloud after being handed their bill. The reality of data center redundancy and their organizations inability to manage their instances well enough to enjoy all those cost savings translates into enormous bills that leave them questioning their cloud first choice. Some providers now offer “Automated” tools to help manage your instances, but that is definitely not cheap either. My experience is that cloud services provide you flexibility you would not otherwise have, but a hybrid approach is best. Take advantage of cloud for flexibility and speed of deployment, but maintain some physical infrastructure for consistency and fallback. The all in approach is dangerous because of unpredictable costs and leaves you at the whim of the provider. Finally, if you fall out of love with your provider, getting out or moving to another provider… NOT easy. This is an area that is definitely not spoken of enough, and there are plenty of horror stories out there to learn from.

    No offense intended, but your recommendations illustrate a lack of experience. There is no substitute for the school of hard knocks…

    1. Benjamin Roussey

      Everyone has their own opinion on BYOD. You are entitled to yours. No one wants their employees spending time on social media. Facebook puts out fake news anyway. There are rumors that government employees contribute heavily to the porn industry while at work. Now that would certainly not be tolerated in the private sector.

      There is lots of advantages of allowing your employees to use their own devices. If they get the job done why micromanage them? Every organization is different. Employees in many cases are going to use their own smart phones for work related tasks right? Is that not inevitable?

  9. This does sound like it was written by someone who has never worked in a large corporate or government environment. BYOD is never really necessary in larger environments as all devices used would be owned by the company, and personal devices do not need access to corporate data (a guest wifi network would suffice), forums are essential not sure how an IT professional could think otherwise. Cloud (The Internet) is great apart from continuing costs, your data is stored at a physical location that you merely assume/hope is safe, not to mention losing the Internet cripples your business. Also the fact the author seems to believe that IT Support people are somehow always programmers would imply they have not worked in many different environments, outside of the tech industry IT Support is focused on supporting business totally different skill and mind set to developing, and finally green screens are used because they work, I imagine the author is a keen mac fan and probably values form over function. A wheel is still round because that’s the best shape for a wheel.

    1. Benjamin Roussey

      Glad you wrote, disagreement is good.

      I would not deny the reason in each statement you make. The spectrum across which today’s IT works is so wide and expansive that clinging on to absolutes will never work, neither for me, nor for anybody on the other side.

      I am sure if I do another piece on BYOD 3 years down the line, it will touch upon entirely different aspects.

      The cloud (Internet) – like it, hate it, it’s there, and it’s big business.

      And, I am not a Mac user, though I don’t hold anything against the product (though I am not a big Apple fan for other reasons), nor am I keen on generalizing the millions of users into a single community of ‘form over function’.

      Have a stellar rest of the week.

  10. A couple of lulz here…1. Relying on in-house server hosting. Who the F wants to pay a monthly fee to have someone else’s computer to host your crap? We’re supposed to be IT guys, not lazy bums. The Cloud can die.


    “I really enjoy Twitter since it is outstanding for putting out information. I believe Facebook is more for socializing and young people and it also biased against conservatives so I really use FB – only for social media purposes. Twitter can be for both and is much better to me for professional reasons.

    Merry Christmas.”

    How about you and your GOP buds start your own Facebook? Maybe Alex Jones and Sir Trump will sign up. Keep you fools away from the sane humans.

    1. Benjamin Roussey

      The cloud has its advantages. Everyone has their own proclivities.

      Start a new Facebook? We started America, we are good with that.

      And Facebook has serious problems right now but nonetheless, I still like Facebook. Though I use Twitter more.

      3% GDP and 300,000+ jobs in February – awesome!

  11. Who said that from “The Cloud”? (I will be getting slaughtered here but I do not care)
    There are a lot of companies out there who still want to be “in charge”. Or have a need of hosting inside due to a lack of reliable Internet Connections.
    I have worked in so many Companys now, all went to “The Cloud” because “Subscription Models are the future”…. But they paid double in the end.
    The Subscription Model is just made for the “Big Five” to earn money. nothing more.
    But the companies have a need of reliable services. without proper Internet Connections and a proper Network onsite, there is no way of implementing a good and reliable Cloud Model.

    Outdated: “The Cloud”

    Up-to-date: “Hybrid”
    Why? Because Services like email are naturally “Cloud-based” Services like Databases I do never want to be outside the House.
    But having tested O365 (Hybrid and OnPremise and Cloud only) and the G-Suite…. I still prefer an Installation without being forced to update.
    I buy my Products, then I decide whether I want to update this or that feature. This doesn’t include security patches.
    And short before EOL I decide again.

    But I (and the companies I have worked for) prefer to decide, not “to be decided”

    1. Benjamin Roussey

      Hey Sebestian,

      Appreciate the insight, particularly sharing how you’ve seen these purchase decisions undergo the complete lifecycle in the corporate context.

      Slaughtering aside, I strongly (and politely) disagree with your idea of the cloud being a scam for the Big 5 to make more money.

      The way cloud (yeah, basically subscription model) has leveled the playing field (a 5 employee business can essentially use the same powerful tech toys that the big boys have), that’s unprecedented. That’s a flatter world – that’s why the Internet has leveled the playing field in many ways.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top