A lament for prudence in IT

Innovation! Passion! You can't form a complete sentence in an IT discussion anymore without invoking those two words. Did we just start innovating? Did we just wake up and find passion? What were we doing before? Now armed with innovation and passion we are the new IT! Do you remember the days in IT when we used terms like standards, controls, judgement and prudence? Innovation and passion were in there as well, but perhaps not in bold letters or neon. Was that the old IT? It was only a few short years ago, but somehow it feels like a lifetime.

Do you remember how we got here? We were barely finished reeling from the affects of the financial crisis when that very palpable feeling emerged that something was different. We were being asked for devices that didn’t conform to our standards. The constraints and limitations of corporate standards was held out as recognition of our competitive insufficiency. Where did that come from?

We had undergone a culture change almost unnoticeably. It was a culture change that favored device freedom, individual empowerment, convenience and choice over standards and controls. It was encouraged by the proliferation of new technologies, social media and communities and emerging paradigms for mobility, productivity and collaboration. Traditional technologies and support models were straining to remain relevant in the push for open smart phones and tablets, cloud applications, demand for device agnosticism and BYOD.   

Bambi Meets Godzilla and other images that come to mind

I am often reminded of a cartoon from the 1970’s that you can find posted on You Tube called Bambi Meets Godzilla by Marv Newland.

To a backdrop of soft, peaceful wooden flute tones and a simple melody, Bambi, a sweet and precious baby deer is in a beautiful field nibbling flowers, surrounded by butterflies, bunnies and squirrels, sipping cool water from the brook, looking up at the sun, sipping from the brook, nibbling more flowers when down comes this giant dinosaur foot … and the cartoon ends.

So here we find ourselves … grazing amidst a field of thousands of apps, watching the daily emerging clouds promising every conceivable function, need or service we can dream of, as we shake, poke and stretch our newest, latest and greatest device du jour, comfortably oblivious and totally absent awareness, concern or any sense of regard for source, credentials, stability, quality, privacy or security. How many of us could almost feel the stomp of that giant foot?

I like this image because it so graphically depicts the enamored and empowered consumer we have become, enthralled by mobility, BYOD and cloud as enablers of a new freedom, but absent any sense of implications or consequences.

Thinning Walls

And there are consequences. The very walls of our businesses are being redefined, stretched and virtualized, extending outward as far as the mobility and portability of devices, apps and data will take us and that seems almost infinite. And as the walls are stretched further it brings to mind a paraphrase from Tolkien’s Fellowship of The Ring where Bilbo Baggins says “I am feeling thin,… like too little butter scraped over too much bread”. Our reach is greater and our opportunities are endless, but our walls are stretched porous like a sieve and threats are everywhere. Our perimeter now reaches out into the cloud. How do you defend that which you cannot see?

Was It a Meteor

In a blog I did recently for CIO Talk Radio called 'Was It a Meteor’ I tried to put this change of culture in the context of IT as a profession.  I discussed a tool that I use for establishing a framework for prudent governance, leveraged experience and shared vocabulary that I call the 'House Rules'. Looking back that blog was also an alarm raised to the limited vantage and short term perspective of the pursuit of immediacy that defines us today and a lament for the diminished priority of caution and prudence.

Prudence would even sound like an old concept if brought up in a conversation today - conjuring images of antiquity and obcalescense. It is however one on which we as a profession have always been grounded and by which judgments made were measured and businesses protected. To some it seems prudence is a constraint, an anchor, a concept dating to the time of the dinosaurs, and similarly and perhaps along with its advocates, is or should be at risk of extinction, a barrier to the newly defined physics of innovation.

Innovation however, as in vogue as it is to invoke as if a new mantra, is not new. We have been innovating for a very long time. From mainframes, PCs, distributed networks, browsers and the internet - that is how we got here. What is new perhaps is the pace of change and the focus on the immediate in reward, means and message. I buy it. Innovation is critical if we are to embrace all of the opportunities of individualization and community in this very fast paced world of instant participation. It is however a very busy street and the traffic is moving very fast. Sometimes, because we can, doesn't mean we should, and it is best to look both ways before crossing. 

Culture Change meets Climate Shift

I don't want to leave the impression that I am not excited about the prospects, potential and incredible reach of digital communities, mobility, cloud and BYOD. Culture change is exciting and invigorating. It spawns new ideas, directions and possibilities. It is also clear that budget and staffing pressures and the need to stay competitive and to innovate compels exploration and new approaches; but with care. To paraphrase once again from the Lord of the Rings "the eye of Sauron is upon us". There are virulent dynamics emerging to which we need to pay attention.

We are in a dangerous climate shift and it is being fueled and amplified by the speed, immaturity, openness and limitless choice of the consumer driven culture that has taken hold. We need to proceed with measured steps. 

  1. Cybercrime and malware  is increasing in sophistication and frequency and threats are growing and emerging at an alarming rate. Our exposure is unprecedented and we are inadequately prepared.
  2. Compromise of privacy, data loss and theft of intellectual property has increased exponentially. It has become far too easy to carelessly or maliciously move valuable, sensitive or compliance regulated data outside of our secured perimeters and into the obscurity of the cloud.
  3. Regulators and legislators in an attempt to protect consumer privacy and safety of identity are responding often with knee jerk regulation to which it is difficult to conform. New laws for breach are increasing our accountability and imposing egregious penalties for exposing data that we are expected to effectively steward and protect.
  4. We are obligated to assure compliance to all governing law for data protection yet there is a lack of definition as to what constitutes exposure and a lack of clarity in how to conform to the rules as they are defined or evolving. Differing data privacy and breach reporting rules state to state, mandates for specific industries, federal policy, and for those operating globally, international laws, makes conformance near impossible. In some cases governing law with regard to privacy may follow the citizenship of individuals regardless of where they work. The cost of data protection, threat mitigation and security has been driven to levels we have not seen before.
  5. Traditional defenses are insufficient to address the evolving threat environment. New mitigating technologies have emerged. These new defenses are technically specialized, complicated, expensive and still unfortunately only partially effective. All are proprietary, few address all platforms, file or data types and most don't work together well.
  6. Specialized knowledge is needed and the expertise and experience to protect us is in short supply. The need to understand a wide range of defensive systems and tools, stay aware of regulatory policy and perform forensics is beyond the abilities of many companies staffed to manage conventional IT functions. Success will require continued investment in specialized training or engagement of outside expertise or service providers. Continual evolution of both threats and the systems required to control them demand that specialist skill investment be considered strategic and ongoing and be given executive focus.

So where are we?

Our risk is rising, our accountability and the cost of failure is rising. Our scope of responsibility is increasing to include a virtual perimeter of uncontrolled cloud and a diversity of mobile devices far beyond our reach and ability to manage. All of this as our defenses thin and confidence in our ability to mitigate our risks fails to keep pace.

Dear Prudence,

We need you like never before.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.