An IT Safety Index: Measuring Capabilities for Repeatable Builds and Remediation

Sep 19, 2001

Abstract

There is no doubt that IT is in a tremendous amount of pain lately. A good indication is that when things go wrong in a computing environment, what is blamed is usually the closest piece of IT (e.g., "I can't reach the web -- it's the network." Or, firewall, mail server, etc.). A question that many people have created their careers around is asking, "How did we get here, and how are we going to find our way out?"

In this presentation, I'm going to present the absurdities that dominate modern IT environments, and propose some answers on how we might solve these problems. While some believe that our world is filled with new computer threats, others believe that we are merely paying the price of having lost virtually all operational control of the computing environment during the last 20 years. Furthermore, much of the solution will be found not in exotic technologies, but in the more mundane areas of infrastructure and production controls, providing the most basic of capabilities.

I personally believe that some of the most fascinating (and commercially viable) technologies are around addressing very basic capabilities, indeed. These include repeatability, inventory, and measurement. In this presentation, I'll paint the case for an IT Safety Index that measures how well an organization can recover from service outages and security breaches.

In this presentation, I'll also hypothesize on how we came to this miserable state of affairs, painting the various technology, business, and macroeconomic forces that are at work. And what might be the surprisingly simple (but not necessarily easy) ways that we'll create safety in computing environments.