Back To Top

Investing in Dinner Parties and IT

detech-investingBy: Laura A. Combs, CISSP

Recently, while preparing for an extended family dinner, I found myself doing what I routinely do during the prep phase for that type of thing. That would be talking myself out of going way overboard in order to ensure all contingencies are accounted for and that everyone has a phenomenal time. Usually that looks like restraining myself from purchasing a back patio in order to make a summer cook out flow just the way it should or buying a new couch to make sure there is just enough seating for everyone to be comfortable during the party. You get the picture, those things aren’t necessary for success, but I fall into the trap of believing that they are essential. Thinking about that, though, segued into thinking about a similar conversation I had recently with an IT manager at a conference. Granted, that conversation had nothing to do with parties, but it had everything to do with going overboard.

The conversation began as a discussion on the need for backing up network data and the different levels of backups needed based on the size of the organization and the nature of the data being backed up. He proceeded to tell me about how his organization handled disaster recovery and backups. The organization had a small number of servers, and the information stored on those servers was not actually essential to the overall operation of the organization. However, the IT vendor contracted to support the IT manager had recommended a pretty sophisticated backup setup for the organization’s servers. This setup consisted of replicating all data files on the servers to the vendor’s data center and included a mirrored drive on a separate server at the vendor site used to store a second instance of the same information.

Once I heard about the cost associated with the backup service, the only thought I had was that the service was too pricey and too complicated for an organization whose data was not essential to the operation of the organization itself. I’m not saying organizations should disregard expensive or sophisticated services because they don’t want to spend prohibitively on technology, but I am saying that buying the wrong technology or too much technology for their specific circumstance isn’t wise. Over-buying for the organization’s needs could mean the technology or service could become an unwieldy white elephant that isn’t used in the way it was intended and won’t actually benefit the organization in the long-run. Overly complex systems also tend to have a higher rate of failure due to the fact that smaller organizations may not have the full number of resources needed to fully support those complex systems, and those resources may not have enough training on the system they’re asked to support.

It’s often hard to make the decision to buy less than the best, but just as buying a new patio is not going to improve a cookout, over-buying technology or services will not necessarily make a network more secure. The old adage saying, “One man’s trash is another man’s treasure,” can always be applied in the opposite direction meaning, “One man’s treasure is another man’s trash.”


Laura is a Manager at YHB and serves on the Risk Advisory Services Team. Laura focuses on assisting organizations in a variety of industries with IT-related audit and consulting services.