Better is the enemy of good enough
"Better is the enemy of good enough!" was the cry of a systems architect I used to work with. When we were working on a large complicated project with an unmissable deadline it was his way of ensuring we focussed on what was important. We'd produced the core working functionality of one part of a system - now it was time to move on to the next part. The bells and whistles could be added later.
I suppose this was the pre-cursor to Minimum Viable Product or Minimum Shippable Product or Minimum Viable Experience or whatever other way the original, simple concept has been bastardized to make a similar point. I wonder if the InfoSec bods have crow-barred the word security into a version of this? Yep: MVSP!
The truth is, what was "good enough" twenty years ago does not represent what's good enough today. The minimum in "minimum viable product" is a lot higher than the minimum of yesteryear. Customer expectations of technology are greater than ever before. Cybercriminals are much more sophisticated. Privacy laws have evolved. Standards are higher. If a company is ever faced with litigation it needs to be able to show it has followed all due diligence in the run up to the event that triggered it. This is why we're governed by more policies and processes than ever before.
However, the rule still stands if you don't want the production line to grind to a halt. Better is still the enemy of good enough. We need to apply this thinking to all aspects of the job - including those policies and procedures.
- Previous: We must raise a change request because we're heavily audited
- Next: Policies, processes and procedures
