In my last article, I spoke of systems security from a longevity perspective:
How long will the system serve? What are its prospects for ready adaptability to new platforms, interface with future technologies, it’s scalability, it’s capacity for “maximization of use”?
When engaging new vendors and associated products, ask them about their forward view – and do your own independent analysis: How well have their core products and services kept up? Do they lag then lurch forward? Look for efficient tracking with real world demands. Further, if by chance you’re going for leading edge stuff, because you must be on a leading edge, then it’s very critical to know how efficiently vendors lead, and twist with, change.
I also mentioned that an occasional complete change of systems was inevitable. (Read the initial article here if you haven’t seen it). Therefore, if nothing else, how readily can the organization transition to a new system? In the case of mission-critical applications, how readily can you prune, migrate and transfer content from an area of growing obsolescence to a new system?
Whatever you do, do not follow the Social Security Administration’s (SSA) example. According to their own Inspector General (IG), the SSA’s present National Computer Center is approaching collapse, a situation exacerbated by delays in readying and transitioning to a new data center.
The IG has identified several critical ongoing lags:
1. A slowdown in application modernization – whatever that is. Is that purposeful? An oversight of some sort? Akin to ignoring an elephant in the room – how do you not track applications and their suitability in a changing world?
2. An expanding workload that has apparently gotten ahead of planning and readying of the new center – the present center may be so strained so as not to be able to function by 2012. The new center’s readiness? Maybe 2015. Oops.
3. Lag in transitioning to web interface with customers. Hey SSA: It’s 2011.
4. Ongoing problems with VoIP system: Poor sound, dropped calls, long wait times. Fix ‘em; other agencies and organizations manage quite nicely.
My father use to tell me that you can learn something from everyone: From some folks, what to do; from others, what not to do.
You really have to wonder if these folks have any plans and policies that lead, with actual tethers to reality, in evaluating empirical and measurable things, for best progressions in just keeping up.
Especially for my small and medium business readers (SMB); start writing plans and policies according to best practices and standards. Frequently in smaller environments, business governance will take an informal approach to upgrades and progressions. Don’t be lazy and fall into that trap. Even if you write plans that sit in your drawer, get practiced in documenting and planning change – and take that facility with you when you move on and up in your career where that ability will be crucial to best protections and progressions.
Not too long ago, I wrote about an IT leader at an organization’s branch who had me write an Acceptable Use policy – even though higher headquarters had an umbrella policy. He felt it inadequate. He was smart to create a stronger, local, one – and even if not approved for use by HQ, he could at least wave it were there a subsequent breach or bad outcome: “Here’s what I wanted to do…”.
Spec yourself up – don’t wait.
As to the SSA – there is no adequate excuse. But there’s a nice lesson here – for those willing to learn…
NP: In a Sentimental Mood, John Coltrane, Jazz24.org. I love Coltrane.