Tuesday, January 28, 2014

thinking about it ops: paying dues

There are some familiar dues when you take shortcuts in IT. I'll try to add to them as time passes.

1) not patching, not being on top of patching

lots of vulnerabilities show up when performing it sec scans
no knowledge of acceptable downtime when you need to patch
increased risk to new viruses and exploits
if you are under a time constraint to patch, you made the list much longer than if you were actively patching

2) not documenting, or not documenting properly

if something you own goes down when on vacation, expect to be called
when time passes, expect to spend time relearning what was done
no one else can learn and assist unless you dedicate a lot of time to tribal knowledge

3) not training others

you either will never stop owning a platform, or still be called once you have moved to another position
when considering who to promote from a team, the fierce owner will be less likely to be promoted, since there is no one to fill the gap

4) not managing the server lifecycle

no one knows when the server was bought, by who, for what
any specific info regarding the server is lost with time
unclear who manages or who it's downtime affects
unclear what needs to be backed up, what can be deleted when space is filled
unclear what servers and services it affects if decomissioned
no trail on how the server and it's data was disposed

No comments:

Post a Comment