Why IT Managers Burn Out

This July 28, spare a thought for the person taking care of your employees' computing problems. It's Systems Administrator Appreciation Day, which is about the closest we get to a global day for IT managers. As someone who has been looking after corporate systems and fending off cyber attackers for years, I'm here to tell you that these tech pros are an underappreciated group who need a little love - and a few extra resources.

Burnout is an industry-wide problem for technology workers. Wellness company Yerbo published a report, The State of Burnout in Tech, based on input from over 32,000 IT professionals. Almost two-thirds of them felt drained as they struggled to meet rising user support and cybersecurity challenges. Forty-two percent of workers are considering quitting their jobs in the next six months. It is not just rank-and-file professionals feeling the stress. According to a Gartner prediction, by 2025 half of cybersecurity leaders will change jobs.

Too few tools for too many requests

Where does this pressure come from? An IT manager is often the linchpin holding up an entire company's infrastructure, single-handedly supporting hundreds of users and their devices. When you're in this environment, most of your day is spent putting out fires rather than fireproofing your systems and other IT assets. Treating symptoms instead of root causes merely delays the inevitable.

While no IT department is one-size-fits-all, the general rule of thumb for many companies is one full-time IT manager for every 100 people. It’s common for many IT departments to have only one or two full-time people. I’ve experienced it myself. When only one person handles everything, all the support tickets end up on their desk. They're bogged down with the broadest range of requests from educating users on how to use Outlook to salvaging complete system failures.

The average one-person IT department spends at least half of their time managing help tickets like these. They divide the rest of their day between progressing longer-term IT projects and trying to deal with security risks. The latter is a challenge. Without the right tools, threat tracking and mitigation is like bringing a fishing rod to a deer hunt.

Good IT administration tools can help increase visibility into endpoint status, helping IT managers handle these queries more quickly. However, small organizations often haven't had the time or ability to think strategically about their IT tool portfolio. Even if they do have that intent, they often don't have the money to invest in the proper solutions.

A lack of strategic investment leaves IT managers swimming in different tools procured by their predecessors. These tools often don't provide enough endpoint visibility, and if they do, they often don't enable IT managers to take effective remote action.

Complex security management challenges

That remote action is the key challenge to securing modern IT environments. IT managers must deal with an increasingly dynamic user base. The days when every employee stayed on the LAN are long gone, and the traditional network perimeter is a thing of the past. From salespeople in the field to marketing and accounting people working from home, more and more people are routinely out of the office.

This new normal makes endpoint security updates more challenging than ever. I've been in situations where a first run at applying a patch to endpoint equipment via Windows Group Policy would only hit 50% of endpoints, leaving me with dozens of laptops that still needed patches.

In an ideal world, I could simply try to reapply the patch automatically. I did write scripts to try that, but many users were busy and saw patching processes as a disruption. So, they would just dismiss these automatic updates.

User resistance prompted a lot of manual cleanups, forcing me to contact each employee with an outstanding patch and persuade them to let me initiate the update manually over a remote connection. I would usually have to schedule these patches around busy user schedules, often leaving a very small window in which to apply the patch.

The inconvenience that this slow patching process causes an IT manager is like a snowball rolling down the hill. It will inevitably become a lot bigger. The compounding problem to the business, beyond employee burnout and retention, is increased cyber risk. It would take me days to push through patches to all the endpoints in the company. This delay increased the window of opportunity that an attacker had to compromise our laptop devices - and therefore our network. This increased my stress level tenfold.

Drowning in a rising tide of work

A good IT manager loves automating tasks to become more productive and responsive. However, this constant flow of urgent manual work and a lack of quality joined-up administrative tooling to deal with it leaves overworked IT pros scrambling to keep up. Many fall behind and this workload bleeds over into their personal time, stretching the typical 40-hour work week to 60 hours or more.

Efficiency is the first casualty. The burnout report found a full third of all technology workers worried that they are inefficient at their jobs, often resorting to short-term workarounds just to get things done.

Morale suffers next, creating a vicious cycle of poor productivity. Those who don't quit outright might quiet-quit and let things slip. The tech burnout survey identified this as a growing problem, with 43% of technology professionals feeling disengaged from their work.

The effects of burnout on the business

Burnout is a recipe for disaster when protecting IT systems and endpoint devices against a rising tide of cyber risk. When the last line of defense against cyber-attacks fails, it doesn't take long for digital toxins to seep in. Attackers are constantly rattling the doors of your network. Even with the best intentions, an employee whose computer wasn’t patched because they were too busy to start the process becomes compromised. Without a diligent person forcing through security updates, it won't take long for one of those attacks to work, gaining control over a PC and using it to infiltrate the rest of the network.

When a hacker inevitably strikes, you'll need backups to recover from the attack. Without a well-resourced IT manager with the time to keep an eye on administrative tasks like making and validating backups, you might not have them. That could be a catastrophic problem for your company.

Such threats make an ineffectual IT manager more than just a human resource issue; it's a compliance risk for companies. A compromised network could have incurred data breach disclosure rules, regulatory penalties, and reputational damage, not to mention the internal cost of catching, containing, and recovering from the event.

Empowerment through tooling

Things drastically improved in my career and professional life when I started to use more advanced administrative tooling. This empowered me to do what every good IT manager longs for: automate the repetitive parts of my job. This afforded me space to constantly optimize IT operations and improve my own skill set. Now, I can manage and update devices easily, wherever they are and at a scale that was impossible before.

Devices in my infrastructure now update each other on a peer-to-peer basis using an edge cloud platform. This much faster and more efficient patching process is a welcome alternative to the traditional hub-and-spoke model that many IT managers are forced to use, in which they are the single point of failure and carry all the pressure.

In our environment, the software agents on each endpoint handle the patches in the background, minimizing disruption for the user, who no longer sees IT as an inconvenience. Because the agents automatically check to see when devices are available, these patches happen as soon as endpoints come online, slashing the time that it takes to update the endpoint fleet and minimizing attackers' window of opportunity.

Advanced integrated tooling also gives me more visibility into the endpoint fleet. Now, I simply monitor the ongoing job and see immediately when a device has been updated. I can also see when every endpoint was last rebooted (meaning that I no longer must ask the age-old question, "Did you turn it off and on again?")

These enhancements have enabled me to become more proactive to anticipate and prevent problems before they happen. I no longer get calls and emails from employees angry that their work has been disrupted by a malfunctioning laptop. Instead, I get to take care of issues automatically before users are even aware of them, creating a happier, more productive workforce.

Automated and fully autonomous tools with better visibility into endpoint security and more control also enable me to support a more policy-based approach to IT management, helping me to pass IT security audits each year as part of our ISO certification. That turns IT into an ally for compliance and legal problems, rather than a concern.

In short, these tools enable IT managers to support companies as they always wanted to, while reducing professional stress and introducing more work-life balance. It turns IT from a problem and cost center into a strategic asset, giving them an equal seat at the table among other business departments.

Tech admins always need skill, dedication, and aptitude to do a good job, but the right tooling can make all the difference. It can help them to manage chaotic, fast-moving infrastructure, transforming an IT manager who is doing their best into a lean, organized management machine.