I read this article by Robert Capps a while back and it seemed to stick with me. I’ve seen the concept picked up and related to other pieces of technology quite aptly.
However, I think this can be applied, in a broader sense, to your entire security program. It doesn’t need to be perfect, it just needs to be good enough.
What Robert highlights is that how making something inexpensive and easy to operate can make the product more successful in overall adoption. While I can’t see a security vendor coming in and telling me that their product is only 80% effective, I can (I believe confidently) ascertain that most products are not deployed and configured to the point that they provide near the level of effectiveness they are designed for.
So you have two options, bring in additional experts on each of the products you’ve deployed so they they can be fully implemented or make sure you understand your environment and products well enough that you can make each deployment good enough to be effective.
More to come…