Monthly Archives: June 2015

Trust or Enforcement

There are two approaches to security:

  • Enforce
  • Trust, but verify

The first places hard restrictions on what users can do. Advising development teams, I very often find that development workstations are locked down so tight that a developer can’t install a needed utility without logging a service request. The enforcement strategy always comes with a cost in lost productivity, but nobody bothers to count this cost.

The second places few restrictions on what users can do, but has a rock-solid audit function and people to actually monitor this. This approach doesn’t suffer the loss of productivity that enforcement does, but it does require you to generally trust your users to do the right thing. The problem with the trust & verify strategy occurs when organizations do not truly monitor what users do. This can allow malfeasance to go on for too long.

Make a decision which way you want to go. If you go with enforcement, make sure to calculate the cost. If you go with trust & verify, make sure you truly implement the “verify” part.

The Weight of an E-mail

What does an e-mail weigh? Nothing, you say, it’s just bits in a computer somewhere.

Wrong. Each e-mail you allow to pile up in your inbox is weighing you down. It’s another item on your to-do list, in addition to all the other to-do lists you have lying around on post-it notes and in half-heartedly maintained task management systems.

Every e-mail in your inbox is an open loop and a load on your brain. You need to establish a procedure for getting your inbox to zero every day. You don’t have to do everything, but you need to have processed everything and have placed it into a system where you are sure nothing gets lost.

Personally, I’m using SaneBox to help me keep my inbox empty, but any procedure or tool is good. Free your mind, empty your inbox.

Answer and Shut Up

I’ve noticed that too many meetings drag on and on because people don’t know when to shut up. They answer an question and then drone one with more or less relevant supplementary information.

Vendors wanting to sell their products are especially prone to this. The prospective customer asks a question like “does the product do X?”

Please consider: Sometimes, the only answer you need to make is “Yes.”