A companion post by Josh Duncan summarizes a session at DevOps Days by Jesse Robbins, the CEO of Opscode (they make 'Chef' if you don't know). The session, which has an amazing title: , is posted below for you to view in its entirety, but I'll point out a key observation made by Robbins about how culpability at many organizations is focused on Operations, making them slow and inefficient:
Operations is penalized when things go down while development is rewarded for meeting shipment dates. Operations is held accountable for the SLAs and the cost of outages while cleaning up bugs introduced by new code... This, in essence, is at the core of the problem when it asking your IT organization to respond faster to change. For years, they have built systems and processes designed to mitigate the risk of change resulting in an organization that is designed to move slowly. --Josh Duncan
A response post by Dan Kuznetzky gives a more nuanced view of the fears that drive IT departments to be highly-regulated.
IT executives feel that it is their mandate to prevent the introduction of anything that has the potential of causing either a slow down or failure of production environments... Most of these executives have had the experience of having their feet held to the fire by higher-level executives when something unexpected occurs. --Dan Kuznetzky
Kuznetzky also thinks that more complex systems, hard to isolate failures, lower budgets, and outsourcing are also likely factors that cause the IT department to just say "NO!"