We have too much tech and too much choice.
Many of tech’s challenges are in choosing the product, and only afterward realizing its limitations and the consequences of our choice.
I understood this only recently, after working in tech nearly 40 years. I don’t know why it’s taken me so long to make this brilliant deduction. I enjoy helping others make these choices. Almost every day, I’m either writing, researching or discussing tech choices for others. But just as the shoemaker’s children go barefoot, my own tech choices are often fraught with indecision, or worse, no decision.
It all rests on human foibles
Yesterday, I was on a phone call with a friend who is as technical as they come. He helped create some of the internet’s early protocols – ways transferring data between networks that more or less create the internet. We were commiserating about the quirkiness of the video conferencing application Webex when trying to support a hundred-person conference call.
It’s fine for the video conference itself. The video and audio quality are usually solid. But the ‘soft support’ rests on the foibles of how humans use tech, like holding a practice session for the conference, notifying everyone of the call and sending out the slide deck. It’s real work to explain what to do to organizers and how to create standards to make the call go smoothly.
It isn’t the tech per se – it’s how we apply it.
Learn from the 1980s’ portable PC wars
Let’s draw a dotted line back to when I worked in the bowels of the end-user IT support department of Gigantic Insurance in the early 1980s. We bought PCs by the truckload to place on the desks of thousands of IT staff who, until then, had a telephone and, if they were lucky, a mainframe terminal.
We bought IBM PCs because back then because that was the only choice for corporate USA. Then Compaq came along with something IBM didn’t yet have: a portable PC. Well, sort of portable. It was enormous. It weighed about 30 pounds (14 kilograms) and didn’t quite fit into airplane overhead lockers.
When Compaq announced their portable PC, selling for more than $5000, our executives felt conflicted. Our IBM sales reps, who had invested many years in golf games with them, were trying to convince us to wait for a year until the IBM portable PC would come to market.
But once we got our hands on the IBM prototype, we could see the Compaq was superior. It was already available. It was lighter, smaller and ran the same apps.
We recommended Compaq and started buying them in droves. That was the start of the ‘clone wars’ that unleashed a new era of technology choices on the corporate world. By the time IBM finally came out with their portable PC, Compaq had improved theirs again, so they kept ahead of IBM.
The point of this quaint history lesson? One thing hasn’t changed in nearly 40 years. Tech reviews focus on the wrong things.
It’s why we get frustrated when we finally choose our technology and then live with the consequences.
Knowing which questions to ask
How does this apply to buying business cybersecurity products? Many of us are still looking at the wrong things when deciding what to buy, or don’t know which questions to ask.
Look beyond the specs. Understand how you’re going to use the intended tech.
Know what problem you want to solve, and you’ll choose your tech differently. Here are some common examples.
Have you picked an email encryption product or VPN based on something other than ease of use? Don’t be surprised when your staff rebel against using them.
Are you running regular phishing awareness programs and cybersecurity training across your business? Phishing is one of the most destructive attacks, and getting users to understand their behavior is risky is the best prevention.
Have you recently tested your disaster recovery procedures to find out why your backups don’t protect key data elements? Don’t wait until you have a ransomware situation to find out you missed a collection of files. Spend the time now to find these and ensure they’re well protected.
Can you find out if your cloud storage is secure enough? Do you even know which clouds you’re using? Do the hard work now rather than waiting for something bad to happen.
Have you examined your whole software supply chain? It’s easy to overlook a few spots and then suffer data loss, ransomware or denial of service attacks. You might find personal Github pages, or resellers running tools whose security you can’t easily verify. The time to work this out is now.
Going beyond the specs means taking a step back and throwing out assumptions. Before you start looking at solutions, do the hard work of understanding the problem you really need to solve.
This article reflects the opinion of the author.