The world of IT is no different. Companies spend an enormous amount of time and resources defending against a handful of overhyped, but statistically improbable "sharks," while the more likely threats slip by unnoticed. Disgruntled employees destroy more data than hackers. Poorly written software causes more data loss than viruses. State-of-the-art data centers are compromised by poorly maintained electrical or plumbing systems. These...
are the "dogs, pigs and deer" in your environment. It's not the big, bad, mythical threats that undermine our networks. It is the familiar day-to-day things that companies take for granted.
For example, consider the last 10 "disasters" that occurred in your enterprise. Were they preventable incidents? Were there warning signs that you ignored? Has anyone taken steps to ensure a similar incident doesn't happen? What were the lessons learned? How has that knowledge been communicated to others? Are the policies you put in place being followed?
Last summer, I was working in a client's server room when someone noticed a strange straining and popping noise coming from an air conditioning vent directly above a server cluster. While waiting for someone from facilities maintenance to arrive, something inside the vent ruptured and brown-colored water started spilling out all over the top of the rack and the servers within it. Miraculously, the servers survived, but a 12-hour outage brought business to a grinding halt.
It didn't take maintenance long to find the reason for the rupture. It turns out the housekeeping night shift was using the server room as a break room. The staff was storing beer and soda in the air conditioning vent to keep them cold. When several of the cans froze overnight, they ruptured and spilled their contents over thousands of dollars of mission critical hardware.
An isolated event? Probably. But the damage was certainly preventable, given existing company policies restricting access and prohibiting food and beverages in the server room. The real culprit is that metaphorical "deer" roaming around all that expensive equipment. And the real solution to the problem is how you respond to the question: "How can we keep a situation like this from happening again?"
The answer, in most cases, will require just a few additional, common sense steps. In this case, my client immediately tightened access policies, installed cameras in the server room and placed large plastic tarps nearby in the event of a future water leak. (The tarps came in handy several months later when water pipes froze and ruptured in an empty office two floors above the server room.)
Although it is important to pay attention to the high profile threats, companies need to keep a realistic perspective and think about what is probable, not just what is possible. Endless fear and reactionary panic is useless. Companies cannot defend their infrastructure against every conceivable threat. But they can and should take a second look at the everyday things they take for granted, and make sure the things they "trust" work the way they should. Let's worry less about the sharks and more about the dogs, pigs and deer.
Bernie Klinder is the founder and former editor of LabMice.net, a comprehensive resource index for IT professionals who support enterprise Windows and BackOffice products. For his contributions to the technical community, he was reselected as an MVP (Most Valuable Professional) by Microsoft in 2004.