Michael N. Dundas

I have read and been told by researchers and vendors over the years about a “best practices” for this technology or for that type of deployment.  I have discussed best practices with clients as a consultant, as a vendor promoting products to a potential customer,and as a consumer of a particular technology or design.  The ‘best practices’ concept seems to come and go over the years.   Recently, the frequency of mention of ‘best practices’ has been dramatically increasing in my world.  I am not sure if this is due to a general trend in the industry, or just myself being back in the financial services world.

I have always been very wary of ‘best practice’ when it is mentioned and when it is applied I tend to scrutinize it.  Here is why.

1. Lessens the sense of ownership. After all, you didn’t really create the solution.  You followed the ‘best practices’ for the particular solution you were deploying.  Sure, you added a few twists and exceptions, but really the bulk of it was already predefined.  If something goes wrong, it is not totally your fault.  After all you followed best practices right?

2. Stifles innovation and creativity. You don’t have to come up with a solution, create or design a system to handle a particular problem.  It is already created by ‘best practices’.  Obviously the best practices are proven and smarter people came up with them than your team.  Why re-invent the wheel?

3.  Who declared it to be best practice? I have never seen scientific reasoning for why something is considered a best practice.  Typically, the rationalization is that everyone else has done it this way, so it is the ‘best practice’.  If your competitors have all done it this way, then should you really spend the time figuring out if they have done it right?  If they all did it, then obviously it is the best way to go.

4.  Used as manipulation by vendors. Every vendor tries to manipulate ‘best practices’ to favour the particular set of technologies they are trying to sell you.   They often do this by ‘teaching’ the customer about best practices and how their product suite best fits.  It also assists them to influence your decision making process.  By touting ‘best practices’ they can elegantly neutralize employees ideas on how to solve a particular problem when their solution may not fit.  They are not personally telling you that your ideas are wrong, the best practices are.  They are just helping you understand so you don’t make a mistake.

I do believe ‘best practices’ have their place.  A project team should consider all ‘best practices’.  The ‘best practices’ provided by your current vendor, ‘best practices’ provided by your current vendors competitors.   The team should research ‘best practices’ that are not vendor related.  These should be given weight, but less weight than that of the project teams opinions.

Ideally, the team comes up with the design that meets the requirements.  Once and only once the team is comfortable with their solution, it is vetted it against the ‘best practices’.   Using this approach, the team feels a sense of ownership for the solution.  The team created something based on requirements and their skills and knowledge.  They took into consideration the many ‘best practices’ available, tweaked their solution where necessary after careful and conscious thought.  If done correctly, the end result is a solution where a sense of ownership is felt, any innovative and unique ideas were considered and incorporated, best practices were given their due consideration, and the best vendor and technologies are chosen.

photo credit

Working remotely in my opinion is great. I came across this video of an individual April Dunford who works for Nortel. She discusses working remotely and the benefits it offers. From experience, I agree with her comments. My company has a very similar view on working remotely. Personally, I find I am much more productive when I am not in the office than when I am. For me it is the interruptions, meetings, and chats that take away from my productivity. At home during the day there is just me and the Internet, so lots of time to get stuff done and if anyone really needs to get me it’s not difficult, e-mail, phone, VoIP, IM …. just choose your channel.

What actually caught my attention was her name, I knew I had seen it before but at first couldn’t recall from where or when. Then it hit me. She is a friend of a friend and was mentioned on one of his blog entries. She also has a blog.

I have been fortunate to attend Blackhat USA 2008 this year. I don’t usually pay too much attention to the vendors present as I am much more interested in the training, the researchers and their presentations and papers, but I usually peruse the vendor booths at some point during the conference.

I stopped at Splunk’s booth for two reasons. The first was that Alex Bewley mentioned them on his blog. I used to work for Alex at a previous company. Alex is a smart guy (in my opinon anyway), so the fact that he took the time to mention them in is worth noting. The second reason was I knew they had something to do with log management, analysis and forensics. Analysis and forensics is a big part of my job and a natural interest I have always had. It is why I like working in security.

One of the first things that caught me was the staff was genuinely nice. You could tell they were enjoying themselves and for the most part enjoyed their jobs and liked working for Splunk. It wasn’t just one or two of them either, it was all of them. They were all open honest people and this was readily apparent. It was like you were talking to real people, not a facade. Even the demo they gave didn’t feel like a sales presentation. It is really great when a company let’s employees be themselves and trusts they will do the right thing. This is all part of a companies corporate culture which is very important. Lately in talking to others, especially at this conference, I get the sense that corporate culture is getting worse instead of better. One of the main reasons I enjoy working at Sandvine and have been at Sandvine as long as I have is their corporate culture. I have no doubt our culture is very similar to Splunk. Alex also wrote a blog entry on corporate culture recently. If you are interested it can be found here.

The Splunk staff gave me a detailed tour of their software. In simple terms it can take anything ASCII, and index it. But it does so much more. You can search, create events, correlate different events, produce graphs, alerts. It is extremely configurable and easy to use. Anyone that has logs or events from any system that has the need to perform analysis on these forensically, proactively or any reason should give Splunk a try.

Splunk has taken a problem (log management) which has been around for a very long time and made it easy. No need to write custom code, scripts, and have people maintaining it along with changes, upgrades. My first job out of school was a firewall administrator for a large financial institution. One of my tasks was to automate the processing of the firewall logs, create alerts, automated responses etc. I used perl and did a pretty good job I think. However, I wish back then I had something like Splunk. It is a really well though out piece of software. I was impressed and I don’t impress easily.

“See what happens when you put a bunch of guys together that work hard and like what they do. Things get done.” — Mike Holmes

I honestly believe there is a direct correlation between Corporate Culture and good software.