Temporary Workarounds Shouldn’t Last Longer Than Permanent Solutions

“The only difference between a caprice and a lifelong passion is that the caprice lasts a little longer.”
- Oscar Wilde

How to get into technical debt

I think Wilde was on to something when it comes to the kludges, bodges and late night fixes that seem to rule our lives.
Rule our lives, you ask? How familiar is this story?  
  
“Our core system/application/ is bespoke/an older version of X. We modified it in the past to meet some specific needs. We’d like to move away from it or upgrade it, but we can’t.”  
  
Can’t patch because of that customization. Can’t migrate to another platform without a bunch of data cleaning. Can’t add new modules because they’re not compatible with the old base. 
  
You’ve got frustrated users, availability and confidentiality issues. All from a temporary workaround that wasn’t fixed when it was relatively easier. 
Welcome to technical debt and the interest is accruing. Where non-kludged systems can be patched and upgraded within regular service windows without the entire IT department on call, fixing this monster will require serious planning.  
 
Or you can continue living with it.  .

Paying the past-due bill

Until it’s too late. The system goes down and only one or two people know how to make it work. Or it gets breached due to a nine year old vulnerability.   
  
How do you prevent this? One method I learned many years ago was to set a date when the temporary fix had to go away. I had to sign my name and put a date in the calendar. If I missed that date, I had to buy lunch for the IT department.  
  
That was incentive enough. 
Nowadays, you can select all kinds of ways to remind you of the things you should fix before you forget to fix them or how to fix them. We have no excuse to forget about it. 
  
And it prevents buying lunch for your co-workers or some stranger on the Internet. 

Relying on the kindness of strangers

If it's too difficult to bring up internally, let an outsider do it. Customers, auditors or consultants can be talked into nudging a reluctant organization into action

Previous
Previous

A Minimum Viable Risk Management Program

Next
Next

WannaCry as the Regulatory Brown M&M