Reading this article (Protocol Passionistas) on ViewYonder it prompted me to write up this article which, I believe, are of the same mindset.
Hearing the phrase ‘Best Practice’ without including discussion around shaping the solution to be ‘fit for purpose’ induces concern within me.
There is a myriad of white papers and best practices on the internet ready for download from vendors & suppliers, all of which contain invaluable information on how to configure their products. But it requires an open minded approach to review their recommendations and consider what is actually relevant and suitable for the task in hand.
In a site visit earlier this year my friend, and business colleague, attended to investigate why an application would no longer communicate to key components of a multi-tiered e-commerce application. It transpired that new network hardware had been introduced and followed a best practice document for security hardening. This was all well and good but no investigation has been completed as to what this actually meant to the existing infrastructure. The end result? The application ceased working causing loss of service to business and their customers. Not a good way to make a name for yourself and using the excuse “I followed best practise” doesn’t carry much clout.
It’s examples like this where solutions are provided using Best Practice documents in place of installation & configuration instructions whereas they should be used in conjunction with installation & configuration instructions.
Best Practice is not the answer. Common sense, practical approach and understanding what is fit for purpose with risk mitigation, is the answer.
