The Challenge (and Opportunity) of Iteration

Almost everything we do is iterative.

In the worlds of business and IT completely new is rare.

According to Merriam-Webster, this is the definition of iterative:

involving repetition: such as

a : expressing repetition of a verbal action

b : utilizing the repetition of a sequence of operations or procedures

As entrepreneurs we have to try new things and then refine them according to what works, what doesn't and then once that go/no go is established, what works well, better, best.

It's one of the things that creates separation among competitors. One delivers a minimally viable product and others refine their products to become better over time. The challenge in this is to know when to throw out a product or service for something different or to refine the product or service to make it better.

We recently had to tackle this very question in the area of cybersecurity and delivery of IT services.

Insurance carriers have taken a beating in the last two years with claims for incidents and breaches and losing appeals in courts where they had denied claims but ultimately will have to pay them.

We assist clients with their commercial insurance renewal questionnaires and over the last year have seen a major increase in the level of savvy and sophistication in the questions asked. This includes the listing of vendors, services and tools that the carriers consider are in the category of the part of the security support stack they are asking about.

Every company that makes even slightly security-related software seems to be touting their skills and what category they're in. The issue with this is that when you look into it, often the product or service is incomplete, immature or simply a rebranding of something that is unchanged and not actually the type of software or service in anything but the broadest of interpretations.

In the unfortunate event of a cyber incident, forensics post-event have determined that some tools simply don't work as advertised or that the tools weren't fully or properly implemented. I can't tell you the number of times we find firewalls with lapsed or disabled security services or even simple things like MFA not being mandatory or enabled for a whole host of services.

We had to take a hard look at the tools and services we were using and switch to ones that either had taken care of legacy software issues or were designed with security as a first thought not an add-on or afterthought as some companies treat it. A few years back legacy cybersecurity holes and deficiencies that had not been addressed led to dozens of IT companies and all of their clients getting breached by the very support tools they used. We were determined to not have that be our story or that of our clients.

What did we do? Took a hard look at the tools we use, the product development roadmaps they publish, the opinion of the cybersecurity insurance carriers (as stated in their renewal or application questionnaires) and at what enterprise businesses are using that have thousands and in some cases tens of thousands of endpoints that they manage.

This creates a lot of pain as we had to evaluate and test these new tools, then once selected, train our staff on new tools, switch processes and procedures, then begin the move to update client environments.

Can the clients see these changes?

Do they benefit?

Not really and not in an obvious way.

So why make the change?

1. Nothing stands still. Everything changes so we must adapt, pivot, refine and iterate.
2. We have to plan for the worst possible outcomes, not the pie in the sky, everything is sunshine Pollyanna approach.
3. Cybersecurity has to be preeminent. IT support and IT security simply are not the same thing.

I practice the philosophy of ATGATT when I ride my street bike. All The Gear, All The Time. I plan for the crash while I enjoy the ride. Healing is painful and slow and sometimes you don't.

It's critical that we think of what can go wrong and have a plan to mitigate risk. Riding a motorcycle is inherently risky. I simply make choices to mitigate the risks. I don't drink and ride, I wear protective gear and I keep my bike and myself in good mechanical shape to perform well under pressure. I update my gear too. Everything has a useful service life. Don't exceed it.

The same goes for our businesses. The world has dramatically changed over the last 5 years. If your IT support hasn't then it's time to check yourself and your business to see what your needs are today. Refine what can be refined and throw out what can't be or isn't worth it. That may include finding a new IT partner too in some cases. In others, it's just engaging in the right conversations to see what they are doing now and what's different from what they do for you.

The opportunity of iteration is this: we are now better equipped to serve any industry with a unified stack that is extremely capable and solid. Our team has less to be good at so they can be better at fewer things increasing their level of expertise and speed. That makes us more competitive and efficient.

It means we'll win more deals and be able to serve more clients better.

Where do you iterate in your business? What can you refine?

What should you abandon, replace and embrace?

Dedicated to your success,

Stuart