Is it reasonable to assume that if you’re buying a safe for all our valuables that you’d buy the one that is the best combination of security and cost. This combination of security and cost would be driven by your budget and the value (intrinsic or sentimental) of your precious items. I would guess that the same principle of budget vs. value would apply to protecting your IT environments.
So many places to look, so many holes to patch
The normal enterprise IT environment is filled with hundreds of applications. In most cases each of these applications is supported by unique design at the hardware and software level, if not also at the network layer. The fact that there is so much uniqueness about our IT environments means we expend inordinate amounts of time dealing with common problems in 100 unique ways. Maintaining these environments has become the bane of enterprise IT groups. By now, we’ve all heard the story of how keeping the lights on comprises 70-80% of the IT budget leaving only a small amount for much needed innovation.
Keeping the lights on has several meanings, including the mundane but critical “general maintenance and support” of each environment. However, keeping the lights on could also mean avoiding outages. Generically speaking, all of us in IT attempt to build and maintain environments with the highest possible availability (within budget and available resources). The problem is that we’re often spending too much time fighting fires of “maintenance & support” and not enough time solving the underlying issues that cause many of the fires or in this case cause many of the outages (same as a fire only worse). Where should IT focus its attention relative to avoiding outages and or reducing the number of fires?