Is Consensus Decision-making the only method you use? It’s easy to fall into this trap. We are taught early and often to involve all members of the group in decision-making. The idea is that a better decision comes from gathering everyone’s input.
However, consensus decision-making really just makes the acceptance of the decision easier since everyone involved had a voice. It doesn’t necessarily make it the best decision or the right decision. It also has the unique property of insulating the decision from its maker and removing the accountability.
Organizations spend a lot of time, money, and frustration in meetings organized around consensus decision-making every single day without understanding any of the alternatives. I’m not advocating so-called “Effective Meeting” training which simply reinforces the consensus model. Instead, Stanford’s course on Strategic Decision and Risk Management is a better investment if you wish to truly develop decision-making as a core skill within your organization.
Assessments, General, Lessons Learned
GoDaddy’s 52 second action has many saying they will switch their domain registrar away from GoDaddy. One site where you can research your choices is RegistrarSTATS.com . Here’s a recent graphic from them that illustrates the dominance of GoDaddy.
Assessments, General, Technology
Alan Shimel, the Chief Strategy Office at StillSecure, exposes a questionable practice at a Trade Press Magazine. The problem, however, is that this isn’t limited to the security vendor space. Alan is right in that vendors and readers alike need to stop supporting the Trade Press that engage in mis-leading practices. But if vendors don’t speak up (like Alan did), how are readers to tell the difference? How many vendors benefit from paying for their news coverage in the Trade Press?
Assessments, General
Ed Kohler’s insight on technology advisors goes beyond gadget recommendations or upgrading an out-of-date computer.
When making major technology decisions, who are your technology advisors?
Examples of major projects include SANs (Storage Area Networks) and VoIP (Voice over IP).
Do you rely on Google, the vendor who is selling you the solution, or your over-worked IT (Information Technology) staff?
Most organizations don’t look beyond their own walls when evaluating complex projects and Vendors know this. Introducing a trusted technology advisor could help you make a smarter decision or even avoid a potential disaster.
Assessments, DataCenters, Networks
One of Dave Taylor’s best posts on business blogging can’t be found on his main blog. Explode your Business via Blogging, describing a teleseminar he is offering, contains some real nuggets including:
- Why conventional wisdom (i.e. more traffic = sales) is wrong
- Why you should think in terms of findability
- Why content matters more than parlour tricks
Businesses are already spending a significant amount of time and effort to improve their online positions. However, most are flying blind and have no idea how their online activities affect their offline results. Too much is written about secrets to drive traffic and not enough about visitor conversion.
Are you flying blind? Do you know which analytics matter? Do you have a strategy to convert visitors into customers?
I’m looking forward to Dave’s insight on some of these topics.
Assessments, General, Lessons Learned
In my Illusions of Information Security white paper, I make the point that if you wanted to protect something really important (like your data), you’d want the perimeter fence (the firewall) AND the alarm system (the Intrusion Detection System). You’ve run out of excuses for failing to act.
StillSecure announced a freeware IDS. We’ll be tossing it in our test lab to determine the suitability for our customers.
The move by StillSecure should serve to increase the visibility of this Colorado-based company while raising the awareness of the importance of information security.
It’s an uphill battle. I still believe the adage that most organizations spend more on their coffee service than their information security. Does that sound like your company?
If you don’t even have a firewall, don’t let that stop you from dowloading their IDS. Wake up and smell the intrusions.
Anti-Threat, Assessments, Lessons Learned, Networks
There’s a useful methodology called root cause analysis (or shoot the innocents from the perspective of most IT staffs) that is supposed to determine three things regarding an event of interest (typically an outage):
1. What actually happened?
2. How did it happen?
3. Why did it happen?
Lots of things get in the way of root cause analysis including a lack of full disclosure by the IT staff involved in the event and failures by executive management to demand excellence from their IT Management and staff including consequences for what I term “self-inflicted gunshot wounds”.
The truly tragic outcome is that even after the “Lessons Learned” documents and e-mails are generated, they rarely result in “Lessons Remembered”.
I was reminded of this after participating in a Root Cause Analysis of a major systems failure for a customer several months ago that took days to bring back online. You would think this would leave an indelible mark or perhaps even an ugly scar as a reminder in the organization? (Hint: You’d be wrong.)
Fixing it the second time took only a few minutes. However, it was still a preventable outage that will happen again because organizations lack the management discipline to convert a lesson learned into a lesson remembered.
Assessments, General, Lessons Learned
Since my post on Downtime Unaccepted, several of you have e-mailed me with your “funny” (or painfull) stories on your own self-inflicted downtime blunders.
Let’s tackle some low hanging fruit first. Subsequent posts will address increasingly complex issues.
Here are some simple things you can do to save some future embarrassment:
- Replace those “inexpensive” ethernet switches (they’re already costing you money)
Reason? Those $79 switches you bought don’t have enough backplane capacity and are often oversubscribed (meaning dropped packets under load) when your servers need to do sustained data transfers.
- Stop making your own ethernet cables
These cables have a higher failure rate and will produce troubling intermittent symptoms that you’re likely blaming on something else. Everyone assumes their cables are good (bad assumption).
- Distribute your DNS (Domain Name Service)
Simply make sure that DNS queries for your domain can be answered from more than one machine and along more than one path. If you host your own DNS, make sure you have a secondary DNS server that does not depend on your primary Internet connection.
- Understand and use RAID (redundant array of independent disks) technology
If you’re an executive and you’ve lost data…chances are that your IT staff either isn’t using RAID or hasn’t deployed it properly. No excuses anymore for losing data. If this keeps happening, audit your IT practices.
- Why isn’t your e-mail system either distributed or clustered or both?
E-mail is a critical service for most organizations. Make sure your system doesn’t have a single point of failure.
- Why haven’t you tested restoring from your backups? (You are backing up your data, right?)
A rhetorical question, but don’t assume restore tests are being done. Backup is one of those custodial tasks that most IT staff detest. Make sure your organization has regularly scheduled restore tests.
Tags: downtime redundancy
Assessments, DataCenters, General, Lessons Learned, Networks
Brad Feld, a Colorado-based VC, wrote an insightful piece on acceptable downtime for rapidly growing companies. It’s rarely the case, however, that executive management gets full disclosure on what root causes are responsible for the embarrasing downtime they’ve just experienced.
Will your IT Director disclose that he bent the SCSI cable bringing down the entire company’s SAN (Storage Area Network), or will he provide a slide or two on N+1 full redunancy with a capex budget increase to “fix” the problem once and for all?
Did you know that most readily-available network failover elements are not implemented because your IT staff doesn’t understand them in the first place? At the application level, how long has clustering been available and yet your company still hasn’t clustered its e-mail servers? And DNS still hasn’t been distributed, and backups and restores have never been tested.
The list is long, tiring, and boring…until your company falls flat. And maybe Brad is right. Maybe you will get a free pass. If you’re lucky, you’ve got a 2X capex budget to play with and your management team will swallow your power point slide explaining the unfortunate circumstance (without revealing the real root cause).
A data point of one
That’s really what you base your management decisions on when you accept chronic and embarassing downtime — a data point of one. Your IT staff’s assessment of what when wrong in their backyard.
By all means, seek out at least a second opinion. You will be surprised to learn that not all redundant system fixes require the brute force 2X spending to stop the bleeding.
Tags: downtime
Assessments, General, Networks
