Governance-Complexity-Backlogs-Resources for me. Really, it's just governance, and I'll explain why. My network is way too flexible and there isn't enough "specific" rules set in place. I'm in the Air Force and like any federal agency we follow the rules of DISA. Now, let me start off by saying that DISA is wonderful in that they actually break everything down to be understood by a drooling high-school student (if you're willing to read pages upon pages of dry, white-and-black text-like me). However, they are handling every product out there. Of course every base, agency, department is requesting that a new product gets reviewed, but what my leadership doesn't understand is, just because DISA approves it doesn't mean that we should allow it on our network (yet). Our base isn't requesting ALL of those devices. I tell them to limit the products allowed on the network to... say... 10 variants. Once those 10 are documented and become a training standard, allow for new items. BUT make the owning squadron (department) pay for initial training that can be handed down and documented again to the newcomers.. a cycle really. I mean, we have 100s of different types of printers out there and probably around 1600 printers total (educated guess), but that is JUST printers, not to mention thousands and thousands of different types of desktops, laptops, blackberries, VOIP phones, and tablets. Basically they manage anything a customer touches. Now, I personally don't deal with printers, or anything a customer touches (well, I'm not supposed to but I do sometimes to save time) besides giving it an IP address and assistance in troubleshooting, but when the client systems shop of 15-25 people(depending on deployments) have to work on 100s of different kinds of printers and other devices, and each technician has a varying skill level and work ethic, that is kind of ridiculous. Each device having a proprietary protocol, management interface, and features. I will say that it is possible to manage all of them, but when you're handed a network that isn't documented, you put out fires and it's impossible to document ANYTHING let alone think about documenting under that kind work-load.
Since we don't manage how new devices get approved (to our network), that leads to complexity. With a complex network, there's the head-ache of identifying and patching vulnerabilities which of course leads to "un-skilled technicians" in the eyes of management.
I'm fat cause I eat... and I eat cause I'm fat. I'm in the works of trying to explain this to my supervisors, but no one really listens because of force-shaping. Everyone is worried about their job. By the way, anyone hiring?