Practically everyone agrees in principle that prevention is a good idea. Some people even agree that prevention is a realistic and attainable objective. Fewer people agree on the best way to realize that objective. But despite this mass agreement, hardly anyone is truly running their IT functions on the basis of tried and tested prevention based techniques at the moment. Even fewer support providers are actively offering and promoting prevention based services. So why is this? It’s not just that prevention is hard. Which it is. Nor is it that it requires consistent and continuous effort (which may or may not actually pay off). Which it does (And no, it might not pay off). And it isn’t because the costs of prevention are front loaded and the ROI unpredictable I.e. You need to invest in prevention before you get tangible performance improvements and increased stability (as a return).
Prevention is a more akin to a leap of faith. Does one attempt to understand the risks that one faces and then take the decision to knowingly choose to accept the odds as they are or does one do ones upmost to change the rules of the game and the prevailing odds in ones favour? Remembering that even if you do, there is no absolute guarantee that all will be well. Even the longest of shots come home ahead of the field to win occassionally. Indeed, a rival may decide to bank the “prevention cash” and may still be “lucky” enough not to suffer from business impacting failures. Is it right or fair? Of course not. Life (and more importantly probability) doesn’t work that way.
Fairness has nothing to do with anything. Probability is a cruel mistress. Sometimes it feels as if she is favouring one provider or organization over another but she isn’t. She is ruled by the odds and mercilously brings success and destruction according to the likelihood of the potential outcomes of strings of interdependent events. Fatalism would suggest that bad things happen and they cannot be avoided. I don’t buy it. If fate predetermines success and failure, why do some organizations seem to be impacted by more than their fair share of “bad luck”. Is an intergalactic karma-based force appeasing their misdeeds in a former life or parrallel universe? Maybe. But I prefer the slightly less “out there” possibility that perhaps those that don’t see their names in the press associated with this months IT “failure of the century” are doing something other than crossing their fingers and hoping for the best! Do they call what they do “prevention”? Maybe, maybe not. But they actually do stuff (sometimes unwittingly) to make bad outcomes less probable.
So why don’t we see more prevention? Is it because we lack a means of communicating and promoting its value and the route to its attainment?
Yeah, yeah, yeah… Change the record Rob. We’ve heard it all before…
OK. I admit it. I am a prevention advocate. If there was a prevention club I’d probably join it. I want to live in a world where careful planning and diligent execution make things certain. I like the idea of knowing that when I click on something it will do what it’s supposed to. IT is not a mystical force from on high. It is an immature business discipline that has yet to become all that it can be. I hope that IT will eventually learn from its mistakes just as its manufacturing cousin did previously. It took manufacturing over one hundred years from its birth during the industrial revolution to get beyond the angst of puberty and actually begin to make things certain following the quality management revolution of the 1950s. I sincerely hope that IT can remove its blinkers and expand its insular perspective to benefit from the experiences of other management disciplines. I believe that if IT looks to the manufacturing, health and safety and environmental management arenas then it will mature an awfully lot quicker than if it blunders through multiple painful iterations of goodness on its own.
Which brings me to the point of this blog post…
A colleague challenged me a few days ago, ”You’ve been banging on about prevention for ages Rob… Have you got a single slide that sums it all up that I can use?” Much to my shame I hadn’t. Sure I had slides that built to show the various forms of prevention, the hierarchy of controls, the need to consider residual risk etc. Some of you may have seen my Pillsbury Doughboy slides where the incident is detected and remedial action implemented in one scenario, the incident effects are proactively mitigated in another and then the incident itself is prevented in another. They work (ish). They tell a story and make prevention real in the eyes of the audience (hopefully). But I didn’t have the single static picture that told the end to end story. Was even such a picture possible? This got me thinking. Several hours of googling later I had nothing. Sure there are a few interesting infographics out there (See the links below for my current prevention centric faves)…
- Dodging The Fail Whale: A Downtime Survival Guide
- Benefits of Predictive Maintenance
- Beware of Data Center Downtime
- How to Cat-Proof Your Computer
- The Data Drop
- Downtime Hits Manufacturing Applications
- The Biggest Web Outages of 2011
- Website Down?!
But no single defining image that sums it all up. This surprised me. No. More than that. I was shocked. How could this be true? Surely somewhere there are dozens of fantastic prevention infographics??? Please please please let me know of any that you like.
In the absence of a plagiarism opportunity I was faced with a choice…
Admit defeat or knuckle down to it. Never one to let a challenge slip by, I set to work. What is it to prevent? What are the ingredients of the secret sauce? How can outcomes be made certain? How do the key ingredients relate to each other? What are the trade offs and how are they prioritized? How can one convey the essence of an intangible in the form of a visual? All of a sudden it became obvious why there is a dearth of prevention pictograms… The creation of said graphic is non-trivial.
About the same time, the Curiosity Rover hit the surface of Mars and the headlines. This got me thinking. And that thinking turned into the draft graphic you see below.
Do I like it? Kind of. Is it finished? No way. Is it over complicated? Maybe, yes. Perhaps it’s too complicated. But then again, prevention isn’t trivial. Far from it. If the secrets of prevention could be unlocked with a few blobs and a couple of arrows then what would the challenge be in that? Does it capture all of the moving parts? I hope so. Please feel free to let me know of any glaring omissions. I am trying to show that prevention isn’t something that can be applied after the fact to an entity. It has to be embedded and must permeate through the entire organization. From an initial back of envelope scrawl to the first iteration of a workable graphic has taken a few days. Will the analogy change? Yes, I think it probably will. Where will it go? I have no idea at present. Is it worth investing some more cycles on? Yes, I think so. What say you guys?
I hope you find it interesting (and maybe even useful) in its current incredibly rough draft. Please let me know what you think…
I’ll keep you up to date with its progress.