We've all heard the stories about complex systems being defeated or subverted by simple expedients - like utilizing an old phone line with just-too-little power to mark it as a call, but enough to actually use the phone, or security auditors tailgating their way into a building. I've lived through a couple of those audits, and frankly, they're astounding. When your security systems are up to snuff, yet you're defeated by simple things like a little-known vulnerability in a web server or someone bluffing their way into the building - one auditor got half-way to the door at the end of the day with his escort, smacked his head and went "Oh! I forgot my computer in the conference room, be right back." leaving one escort having to decide which person to stay with, the one going back or the one who was still headed for the door. While away, the auditor lifted keyboards and looked on monitors until he had a few passwords, then grabbed his laptop and left, logging in half an hour later from a remote location with the help of the friendly employees that had left sticky-notes of passwords all over their cubicles. Thank goodness I wasn't the responsible manager through any of these ordeals.

The point is that these organizations all suffer from a similar problem - one most of us suffer from - over-complexifying (is too a word) topics that could be easy, or losing sight of the simplest solution to a problem. Sometimes it's the human element - like the sticky-notes, sometimes it's the technical element - like the analog phone line using power level for two different uses. But in all of these cases, no one seems to have sat down and said "what's the simplest solution to the problem of getting around this?" except the hackers/phreakers.

What's that got to do with you or DevCentral? The same thing is going on all over your enterprise, I guarantee it. People forget to look at problems from unique perspectives. People who are highly technical are more likely, in my opinion, to do so because systems tend to follow certain immutable rules. But a network or a Web 2.0 application is not a system, it is a complex network of inter-related parts that are more than the sum. And passingly more difficult to manage than the parts.

As I mentioned yesterday, we (the DevCentral Staff) are working on ways here to help you do more and be more adaptable, but looking about your workplace and the systems/network/applications you are responsible for from a different perspective can't hurt either. Yes, I do know that you're busy, but solving problems in unique ways takes more knowledge and insight than is gained by checking the server logs yet again. Take a look at your network holistically, where do all those connections go, what servers actually are carrying the brunt of the workload, and is there an inventive way (such as SOA) to offload some of it? Are the bottlenecks really necessary, or could you get around them by looking at the problem differently?

One auditor I worked with smiled at me and said "Yeah, the door is locked and the lock plate is reinforced steel... But the ceiling is a drop ceiling, want to bet whether I can get into the data center without opening the door? Or even if the wall goes all the way up, do you think it's made of anything that a utility knife can't cut?"

The door was not an obstacle to him because he looked for seriously off-the-beaten-path alternatives - stuff most people wouldn't have considered. In other words, there is no spoon.

That's the type of thinking we need every day in the enterprise if we're going to do more with less. Take a few minutes each day and ponder it, chances are that it will be well worth the investment.

 

Don.

/imbibing: Mountain Dew

/reading: Service Oriented Modeling by Michael Bell