Keeping it simple

A recent study by the Computing Technology Industry Association states that 92 percent of security breaches are caused by "human error" — only 8 percent are caused by technical failure. Reports from the study didn't delve into the details of what constitutes human error, but I'm guessing that the usual suspects applied: misconfiguredACLs (access control lists), ports open in the firewall for just-this-once events that were never closed, and terminated employees who maintained access to critical internal resources due to a lack of clear communication between HR and IT departments.

Technically, blame can be placed on incidents of human error, but I have to look lower down on the food chain and examine practices in product marketing that lead IT down the wrong path — the wrong path being the implementation of systems with unnecessary features that result in "human error" later. To be fair, IT executives deserve a large portion of the blame for enthusiastically — and rashly — taking the marketing bait, in many cases. It's a common problem, but a problem nonetheless.

One approach to reducing the "human error" component in IT is to implement simple systems that people in your organization understand. Admittedly, this is difficult at times when product marketers (with rare exceptions) obsessively focus on feature-richness. Most marketing pitches rest on a long litany of features, and it's easy to be seduced. Many meetings I have with vendors remind me of the old Ronco pasta-maker commercials. The pitch: It makes 18 kinds of pasta! But in most cases, all I'm looking for is run-of-the-mill spaghetti and maybe the occasional angel hair. The other 16 options are potentially just 16 more ways to create a disappointing pasta experience.

When you're looking at IT products, ignore the pitch for features you know are not essential for your environment and focus on the features you need to solve your problem — the spaghetti and the angel hair, if you will. If you think you're going to be making bow tie pasta any time soon, make sure that the product will do that or will upgrade easily to perform that function.

On this point, my message to vendors is simple and perhaps obvious: Listen to your customers. They will tell you what they need, and, although you should certainly set forth the product's the long-term vision with clear explanations of why new features might be useful to your customer, don't assume that the customer inherently cares about your favorite feature. It might not matter.

IT executives are certainly not blameless. When I was a new manager at one company, I inherited an IT group that spent loads of money on a clustering solution for Windows NT machines. As you can imagine, the clustering solution on top of the OS introduced considerable cost and additional complexity. The clustering software came from a reputable vendor, and I'm sure that it worked well in a properly configured and administered environment. Its marketing materials promised high-availability and zero downtime, and my staff was clearly seduced by the prospect of 100 percent uptime — the holy grail of IT.

The problem is that we never actually implemented the solution due to lack of time, resources, and training. Also, clustering of the systems in questions wasn't all that critical anyway. We wasted IT time and money investigating a solution we didn't really require in our environment. Had we implemented it, we likely would have increased the chances for "human error" by adding yet another layer of complexity to the plate of an already-strained IT staff.

Simplicity and sticking to what you need lead to fewer mistakes. Don't let vendors lead you astray.