“It’s a business management problem! Management’s goal should be to figure out a way to facilitate data access. They want to brag when the company comes up with something really innovative, but they want to protect their rears if we have given the wrong level of access to the wrong people. The key is timeliness. By the time someone who needs data gets approvals of the … gatekeepers, we’ve lost the ability to move quickly. Our approval cycles squash great ideas. We kill with kindness and best intentions.” Howard Anderson, “The CIO Vs. The Information Access Mafia,” Informationweek.com, Aug 15, 2011.
I love data. I hate it when it is controlled by folks with no scheme or strategy for how to allow access to data. I’ve spent many midnight hours screen scraping and mashing up data that then showed better how the organization or project was performing then any official “approved” view of the data. Having to find and access data in this way was always so silly, but often the only way to get the complete and accurate information needed to manage our projects to success.
I was in charge of computer security on a classified military worldwide networked system that existed even before the Internet was opened up for general use by everyone. People hated me because I required them to justify access to information that was contained on the classified network. I was reminded more than once that operations came first and then security: we always had to first do the mission, no matter how secure it was. I reminded them in turn that the security precautions were pretty simple (memorize your complex randomly generated password, don’t write it down; maintain a list of the minimum number of folks who truly needed access to classified information, etc.). It was a constant struggle between security and effective operations. It was the least satisfying job I did in my over twenty years in the Air Force.
So I’ve seen both sides of the keep our data safe vs make our data available balancing act. In the Air Force we tried to have a very simple set of security precautions and a reason behind each one. In the corporate world I more often saw what Howard refers to above. A lot of data was kept and controlled in large part to keep the data safe from being seen by outsiders. But often these outsiders were just other colleagues who wanted the data to better understand how things were going and to update their own planning. (Holding back or releasing limited data was also sometimes a leverage used by managers to exercise power and influence decisions.)
Along these same lines, I don’t know how many times a project manager told me that she couldn’t show me her project plan, because it was not yet complete, or being revised or not yet approved by more senior management. I would ask how she could get a plan completed or approved by management before the plan was reviewed by those folks who had to commit to and carry out the plan? Too many project managers were just overly reluctant to share data and plans that were not yet “perfect” or not first reviewed and blessed by a higher authority.
Instead, I always kept my developing project plan on-line and I let everyone know where it was (the same was true for tracking, status and monitoring data). I would sometimes get criticism (including from my bosses) saying that I should only show folks completed plans (completed tracking data, etc.). By the same token, I would always try to ensure my plans were complete, with whatever information I had at the time. This way I could always say that the “current plan” was available so everyone could do their own planning. I did find it a bit frustrating how many people only wanted to see a final and approved plan before they did their own planning. While there is some intuitive appeal to this approach, it seems to ignore the fact that planning normally requires feedback, with some give and take that evolves over the life of the project. Making plans and data readily available (where they had not been in the past) noticeably helped my teams improve their performance especially in worldwide organizations that spanned multiple timezones, languages and cultures.
Making data available to as many folks as possible can enhance data integrity and innovation using that data. While security is a real concern, in my experience most operational data (e.g. business intelligence data) usually doesn’t need strong access controls. In fact, such business data often needs technology, such as web services and service oriented architectures, to help it be available to as many people as needed. For me, data and information is the life blood and primary tool of the project manager and should be made as available as reasonable security permits.
Can you and your teams get the information and data needed to manage and carry out your projects?