A ship can only have one captain. A car can only have one driver. We can’t all just hold hands and sing Kumbaya — someone has to make a decision and take responsibility.
In the world of metaphor, centralized control always seems to make more sense.
The evidentiary world is less certain. Take, for example, a little something I like to call the “Internet.” You might have heard of it.
It works pretty well, all in all, in spite of its central control being limited to a relatively small number of standards. Beyond that, it mostly lets market forces decide whether, for example, Steve Jobs capitulates to those who want to run Flash on their iPads, or web developers the world over capitulate to Steve Jobs’ insistence that Flash will not run on anything Apple.
Speaking of Apple: Lots of people give it credit for providing a more secure computing environment than, say, Microsoft.
Which it probably does. Of course, secure is a whole lot easier when you build the only hardware that runs your operating software, and can make the use of whole development platforms a license violation.
Centralized control sure does drain a lot of the risk out of life, which is why so-called “best practice” dictates locking down desktops, administering them centrally, or even better to run them on centralized servers, safely secured in the company data center, running a fixed configuration controlled by a few authorized administrators and accessed via a Citrix client.
If risk is all that matters, it’s a wonderful solution.
The question of centralized vs decentralized control isn’t merely a technical issue. Which controls to centralize and which to decentralize … and how much … are matters of general systems theory, as important for deciding how to organize and manage a business as for how to organize and manage a network. Risk not being the only factor that matters, the right answer for specific circumstances depends on a wide variety of factors.
But as we live in an age of short attention spans, silver bullets, and a notable distaste for nuance, the purveyors of management silver bullets appear to have decided centralized control is the right answer, and never mind the question.
A universal engineering principle says that to optimize the whole you have to sub-optimize the parts. On the face of it, it’s an argument for centralized control: Any decision you delegate to the parts could result in optimization of that part at the expense of the whole.
It’s a persuasive argument, and a correct one, so far as it goes. If it’s the only argument you listen to, though, you’ll reach a conclusion based on only half the story.
Except for this situation, where it’s the entire story:
Imagine you run a perfectly siloed organization. Perfectly siloed means all responsibilities are clearly allocated to specific organizational units, each organizational unit is divided into organizational sub-units with equally clear partitioning of responsibilities, and all organizational units and sub-units have perfectly specified interfaces — ways for work to enter and exit them.
It’s the organization as machine: Each part is a well-machined gear, cam, or piston. Management? The timing chain, perhaps.
In this model, any proposed change to any unit or sub-unit can take one of two forms: Black-box changes and interface changes. Black box changes are within-silo changes. They improve how an organizational unit does its work without changing the interfaces, which mean they don’t affect any other organizational unit in any way.
Perfectly siloed organizations should encourage black-box changes, leaving them to the discretion of the organizational unit’s director, who, in fractal fashion, delegates sub-black-box improvements to the sub-black-box managers responsible for each sub-silo within the main silo.
Interface changes, in contrast, do affect how an organizational unit interacts with all the others. They are an entirely different matter, because in the organization as machine, when someone in design engineering sneezes, someone in marketing says “Gesundheit.”
Which means interface changes must be approved through a centralized governance mechanism. (So, usually, are black-box changes, because really, can we trust our silo managers to be properly responsible?)
Here’s the challenge for organizations like this: They become, over time, perfectly engineered for their purpose, which means that if the marketplace changes in any fundamental way they are immensely difficult to redirect to any other purpose. In addition to being perfectly engineered they are perfectly rigid and inflexible.
It’s what many current business thinkers now recommend as the way to run an organization.
Not that they describe it this way. They describe it in terms of efficiency and velocity, forgetting that while drag racers might also achieve high velocity, they have a serious limitation:
They don’t corner very well.
Apple’s OS might be more secure because it is more obscure. It is doubtful that it is secure by design. Considering that software testing is emphasized less these days, and security testing is a subset of software testing, we are lucky that Apple’s products aren’t exploited more. At a recent security conference, a researcher came prepared with several Apple exploits and he won the pwn2own challenge. That same researcher stated that Safari was not coded well and it had multiple flaws. Since Apple is 13% of the computing market, it’s not worth it yet for criminals to exploit because they reap more rewards exploiting Microsoft products which are the proverbial low hanging monocultural fruit of the IT ecosystem.
Pingback: When to Shift From a Shared to a Dedicated Hosting Service ( Part 2 ) | Host Rage
re: The case for centralized control
Centralized control is exactly the reason for the success of Apple; because of the inflexibility of IT – especially mainframe systems, middle managers had to go outside IT and brought Apple PCs to the office to do spreadsheets on Visicalc – things that the mainframes couldn’t support or IT wouldn’t.
As usual, your KJR was good analysis.
They don’t corner very well.
And when they do, the results are “spectacular”!
Bob,
Another great article! I love the last line…
I remember an ad for Valvoline about 15 years ago: a Nascar star,a Indy Car star and a drag racing star (Joe Amato) were comparing the difficulties of their sports… they were all boasting about their accomplishment. Amato’s comment was about going over 300 miles per hour, the others responded but you only go in a straight line, he replied, yeah, but I do it with my eyes closed…..
Pingback: The case for decentralized control | IS Survivor Publishing