We’ve been having many conversations lately with colleagues across the industry and there is a common theme we keep hearing when decisions are being made around choosing solutions to problems. They say, “We chose this solution because it’s ‘good enough.'”
When did “good enough” become the key criteria to making decisions in business? We don’t accept “good enough” when we hire a home improvement contractor to update our kitchen or add a bathroom; or we don’t accept “good enough” when our kids bring home test grades when we know they could have done better. So why is it acceptable to use this criteria in business situations?
We know threats from bad actors are on the rise. At the 2018 Winter Olympics in Pyeongchang, a targeted attack against the computing infrastructure supporting the games was initiated. The attack was not launched for typical ransomware reasons of collecting data and holding it hostage for a cryptocurrency payment, but instead to purely and simply disrupt the event. The recent breach of personal information from a credit reporting agency last year is another example of the continuing threat. If your personal information was put at risk by that breach, how would you react if you learned “good enough” was the criteria used to gauge the effectiveness of the security implemented?
Being involved with Commvault Endpoint Solutions leads us to be involved in a number of recent discussions with customers and colleagues. These conversations have focused on the premise that using file sync/sharing/collaboration solutions like Microsoft OneDrive for Business, Dropbox for Business and Box are “good enough” for protecting user data that lives on endpoints like laptops and desktops.
While this may be true in a perfect world where nothing unexpected happens such as technical glitches, malicious actions or human error, the reality is that Murphy’s Law is sometimes the de facto standard when it comes to protecting endpoint data. I’m reminded of the nuclear missile alert sent out by error in January of this year in Hawaii. The initial explanation from the Hawaii Emergency Management Agency was that someone clicked the wrong thing on the computer, which was later expanded to expose a higher level of miscommunication and poor judgement.
When using products like Microsoft OneDrive, DropBox, etc., for the jobs they were designed for, such as collaboration and sharing information, jointly creating and reviewing content, speeding up the delivery and improving the quality of projects, and making access to important content across the enterprise seamless, you can expect excellent results. However, these tools were simply not designed for endpoint backup. Using them for this purpose will needlessly increase your risk of data loss, downtime and lost productivity. When a product is available and designed to provide the exact function you need, why is using something that may be “good enough” even a choice?
When ‘good enough’ isn’t good enough
The world is not immune to technical glitches, human error or even malicious actions by disgruntled employees or bad actors. When you use products to provide capabilities that they weren’t specifically designed for, but might be “good enough” in certain situations, you increase risk to your business. If something does happen, are you prepared to answer the inevitable questions from your manager, executives, shareholders, board of directors or even in some cases testify in front of a Congressional committee or other regulatory body? If it’s even remotely possible that the event could have been lessened or avoided completely if you were running a solution purpose built for the task – instead of just “good enough” – I hope you have the detailed evaluation documenting the selection process at the ready.
And we hope it really is good enough.