Businesses, like individuals, often make poor decisions when they’re under-resourced. This, in turn, leads to preventable vulnerabilities that threaten a business’s security posture. Sure, in an ideal world, we would all make dispassionately, purely rational decisions driven by data and focused on the long term. We’re obviously not living in an ideal world as evidenced by <gestures at the botched global response to COVID-19>.
Let me illustrate this idea with a few (in hindsight) embarrassingly funny stories about cars instead of enterprise information systems.
After I got married, our first major family purchase was a new car for my darling bride. Her used Toyota subcompact was wearing out and she had a long commute. We didn’t do nearly enough research, which led to us getting entranced by a third-generation Volkswagen Jetta. It was a nice car (for the early 90s). It was also so poorly built that it had to be repaired with parts scavenged off of other new cars on the lot before the dealership could deliver it to us.
Fast forward to our time at Wright-Patterson AFB. Our temperamental Jetta was constantly in need of minor repairs … until the day its transmission incinerated on an icy motorway offramp in an ice storm while driving to the garage for service. I skidded into a ditch and had to hike up a snow-covered hill to the garage to explain why I was (a) late for my appointment and (b) short one car. The mechanics thought my predicament was hilarious. In retrospect, sure. At the time …
Our repair bill for the transmission was high enough to pay for a brand-new Hyundai. We found ourselves desperate to unload the Jetta, only to learn that no self-respecting car dealer would touch it. Every place I tried knew about the third generation’s dismal reputation. I finally cut a deal with a used car chain called CarMax: if they paid me at least half it’s Kelly Blue Book value, I’d buy something on their lot that day. They accepted my terms.
That turned out to be a very bad idea. Again, without knowing nearly enough about car brands and reliability figures, I left CarMax that day with a dirt-cheap five-year-old BMW 318i. The little red sedan had 80k miles on the odometer and was … let’s say “worn” to be charitable. It drove well, sure, but it was a maintenance hog. Had I done any research, I would’ve known that BMWs of the era were only reliable to about 50k miles and cost a fortune to maintain. I didn’t.
I somehow got 50,000 more miles out of the little BMW despite nearly every part in and on it either breaking or falling off. It finally gave up the ghost during my morning commute … atop a mix-master flyover … at rush hour … when the timing belt disintegrated, the engine fused, the rear axle locked, and I careened sideways into the concrete wall that stops motorists from plummeting to their deaths on the railroad tracks five storeys below. A spectacular end to fun little sedan.
Suddenly I found myself desperately in need of a car … again … to stay employed. This time, I knew that I needed a reliable car rather than a fun one, so I did my research. Given everything going on in our lives, my wife and I knew we needed an appliance car. Something like a mass-market Honda. Trouble was, we couldn’t afford a new car. So, when a friend-of-a-friend offered to sell me his wife’s ten-year-old Accord sedan for next to nothing, I couldn’t say no.
You can imagine what happened next: the old Accord was hopelessly worn out by the time it became my daily driver. Fortunately, it was a Honda. Despite it having survived over 100k miles on Dallas highways, I still managed to patch it up and get another 50k out of it before it died … on the freeway … at night … in a driving rainstorm. I didn’t crash, despite losing all of the lights, the windshield wipers, and the aircon all at once. I (somehow) managed to reach South Arlington while driving with my head stuck out the driver’s window in a the rain like an idiot hound.
This time, though, we knew a lot more about which brands, models, and statistics mattered and understood the value proposition of low-mileage cars. I replaced my necromantically reanimated Accord with a new one that was on clearance. We later bought my wife an Odyssey minivan that had the exact same power train. Sure, both Hondas had their automatic transmissions burn up at the 45k mile mark, but this time the manufacturer paid for 100% of the repairs – not us. Very nice change of pace! It was disruptive, but we didn’t have to shell out the $10k it took to return the Hondas to service!
So, why tell all these ridiculous car stories? Because cars are a big deal in American life. For many young adults, transportation is the largest and most troublesome financial burden they have to deal with. Yes, student loans are often enormous, however they’re designed to keep the borrower steadily in debt for a decade or more. Buying a house used to be the latest single purchase any American adult would ever make (in our parents’ day), but the markets changed. Working twenty-somethings can’t find affordable houses anymore, and many have forever sworn off becoming homeowners. Someunlucky young adults have massive medical expenses to contend with, but everyone has to manage with transportation to and from work. Public transportation isn’t an option in most of the U.S.A., so for 90% of working adults that meant owning a car.
Most everyone who failed to arrange having wealthy parents has to buy cheap … even though both older used cars and lost-cost economy cars quickly turn into massive financial burdens as they fall apart. The few young adults that I knew who overleveraged themselves buying a high-priced economy car were always one job setback away from being unable to pay off their note. Omnipresent was the threat that “no car” meant “no job” … there was no “remote work” option until recently, so you either saddled yourself with debt over your car or you lost your job … and then your flat, your credit rating, and your chance to compete for another job.
Meanwhile, cars got progressively larger, heavier, more complicated, and more expensive. I kept my ’94 Jetta and ’90 Accord running for cheap by doing most of my own maintenance in the driveway. I couldn’t do that anymore once we got the ’03 Accord and ’04 Odyssey. I was at the garage’s mercy and they treated me as a profit centre, not a “valued customer.”
In retrospect, I learned a lot about major capital investments from our family history with passenger cars. All well and good, but what does that have to do with a business-focused column?
I submit that the lessons I learned (and, to be fair, that most Americans learn while trying to navigate young adulthood) apply directly to capital investments and IT systems maintenance in the working world. Even though the types of machines are wildly different, the principles of acquisition, maintenance, and disposal are much the same.
Making the best of a limited budget and a bleak economic outlook meant buying shrewdly, maintaining aggressively, and – most importantly – knowing when to abandon a hopeless machine. Long term success requires monitoring your equipment, predicting when it will shift from cost-effective to repair to cost-ineffective, knowing what to buy as a replacement when your current ride became a liability, and knowing where to buy it to ensure the lowest drama possible. I applied the same acquisition rules I’d learned from car buying to the major purchases I made as head of IT:
1. Know what you need (and what you don’t care about) before you’re forced to make a major purchase. Consult with experts while there’s still time to ask questions.
2. Know your brands and models, specifically in terms of reliability and service. Sustainability trumps cool features every time. Read, read, read. Then test drive (literally or metaphorically) the kit you’re considering before you commit to it (and before you’re under pressure).
3. Have a solid relationship with your vendors before you need them. When the time comes for an emergency purchase, you want all the boxes checked and the players eager to help.
4. Get the best version of whatever you need that you can afford. Quality pays for itself over time … assuming you can safely manage the overall cost. Don’t buy more than you can sustain no matter how shiny it is.
5. Don’t get sentimental: get rid of your old kit before it becomes too expensive to maintain. It’s better to replace crucial kit on your terms before you’re required to than after your critical whatsit has set off the fire alarms.
6. Have critical spares standing by for problems that you can address yourself and have a good contact for all the maintenance that’s beyond your ability. Know when your skills aren’t up to the task and swallow your pride. Let the pros do their thing.
I put all of those aphorisms to the test as head of IT for a small 1,300 user organisation and they paid off over time. We methodically replaced our old servers, switches, and desktops with modern, sustainable gear. All our servers shared common hot-swappable components. We kept spares of everything in the server room, inventories, tested, and ready to use. We submitted business cases to replace the oldest machines before they went out of service. All told, the team was able to keep the organisation running 24X7 without a single hiccup that could be traced back to the server room (everyone understood we took no responsibility for Windows Vista).
So, whether you’re talking cars, computers, or cookery, there are rules for how best to acquire, maintain, and replace your essential gear. If you’re very lucky, someone teaches you these things before you enter the workplace. The rest of us have to learn by trial and error. Mostly error.
Pop Culture Allusion: none this week