Good Work Finally Gets Its Payoff
Opinion: Rising consequences of IT error boost risk-reduction readiness and resources.Theres a poster in the gallery of the infamous Despair Inc. whose caption reads, "Hard work often pays off after time, but laziness always pays off now." Much of the mail that Ive gotten from IT pros in the last few years has reported that gloomy motto being borne out in the real world: They feel that theyre not rewarded for urging appropriate investment in sound IT practice, but that people would rather they just kept quiet and let things be done cheaply now -- and fixed, if necessary, later. I felt as if the time for the payoff of hard IT work might finally be arriving when I saw this weeks eWEEK case study of IT risk management at mission-critical IT sites. The story reports, for example, that "security and IT risk management, rather than system maintenance, consumes at least 10 percent" of the daily attention of Richard Reeder, CIO of the State University of New Yorks Stony Brook campus. Thats probably a growing percentage, and its certainly consistent with my experience at -- for example -- Exxon, where safety was always given a high priority in terms of both anticipating problems and ensuring that unforeseen accidents did not recur.
It would be nice if people got even more on board with this idea in response to debacles like the Windows MetaFile rendering vulnerability. As I pointed out last week on the eWEEK Labs blog, this wasnt a quality problem: This was a defective quick-fix design that enabled user convenience by being outrageously indifferent to foreseeable security problems. Thats not mere Monday-morning quarterbacking, either: We warned people 12 years ago that things like this would happen if the possibility was not designed out of the system up front.