Why automation may be the best thing for IT professionals
Early in 2019, a data breach at the University of Washington saw information of nearly one million patients exposed or put at risk.
“UW Medicine became aware of a vulnerability on a website server that made protected internal files available and visible via a search on the internet on Dec. 4, 2018,” spokeswoman Susan Gregg said in a statement. “The files contained protected health information (PHI) about reporting that UW Medicine is legally required to track, such as reporting to various regulatory bodies in compliance with Washington state reporting requirements.”
In recent years, large-scale data breaches have almost ceased to make news on their own due to their commonplace nature. But is there any way to change this new reality? We asked Robert Reeves, co-founder and CTO of Datical.
“When you accelerate application deployment with automation, you need to do the same thing with the database,” he summarized.
Datical is Reeves’ second company after founding Phurnace Software in 2005, and invented and created the flagship product, Phurnace Deliver, which provides middleware infrastructure management to multiple Fortune 500 companies. When BMC Software acquired Phurnace in 2009, Reeves served as Chief Architect and lead worldwide technology evangelism.
“My approach,” he explained, “has always been to automate myself out of a job.”
At times, Reeves’ self-deprecating nature can seem as if he’s joking or setting up a punchline—but rest assured, he’s quite serious and has ideas that could help your company from experiencing the next data breach.
“Listen, I don’t trust myself,” he admitted. “I’m a very lazy person by nature. Laziness and impatience are virtues in software engineering.
“We make mistakes, and we like to get home at a reasonable hour, spend time with our families—we’re humans. So removing humans from the process greatly decreases the opportunity for error.”
Reeves takes a bird’s-eye view of the problem. Human evolution has led to a propensity for distraction, and a desire for satisfaction in the quickest means possible. “That is the exact opposite of what we need for computer systems,” he continued. “Rote, repetitive tasks are required, and humans are very bad at those. All sorts of things can prevent us from completing such tasks.”
DIstractions, of course, are good for the human mind, because it leads to new ideas and concepts. But it’s the enemy of consistency, never a hallmark of humans but the most essential element in keeping these systems running like a finely tuned machine.
“Say you get a sternly worded email from management or your boss telling you ‘always do this’ or ‘no matter what, follow this procedure.’ Well, that’s great, but there’s no enforcement. I’m just one human relying on another human’s ability to follow that order. That’s no good,” said Reeves. “If you look at the stock market, we’re catching people doing the wrong things, doing things that are illegal. We’re catching them because the computers are looking for (wrongdoing). If we had humans in charge of that task? We’d never find anything.”
In the University of Washington example, a new database went online, but the operators weren’t entirely familiar with it. Thus, they made the error of leaving it accessible. “These labs get a grant, they set this up,” explained Reeves. “But they don’t have a central security system—they have to procure their own equipment and bring in people on their own. They have more of a medical slant to their background, and while they’re hiring software engineers… but the best of the best are working for Microsoft or Amazon—especially in the state of Washington.”
The biases, tendency to buy into narrative fallacies, and reliance upon incomplete data makes humans ill-equipped to handle rote, repetitive tasks, and in Reeves’ opinion these data breaches and other database issues won’t be solved until we learn to automate all such tasks.
“The term I use is résumé-driven development,” said Reeves, “where you’re using a technology to get your next job or promotion. They’re making bad choices. Management makes decisions, not realizing their people don’t have the tools to get the job done. And then they act like there’s nothing they could have done.”
Once a breach occurs, the operating belief is that at the time of an incident, everyone did the best they could with the knowledge and resources at their discretion. Therefore, the issue is those resources and those knowledge. Playing the blame game solves nothing—the goal is to never fail in the same manner twice.
“It’s the old Samuel Beckett quote—’ever try, ever fail. No matter Try again, fail again, fail better,’ said Reeves. “That’s why these companies improve. Every failure is an opportunity to learn, and they don’t make the same mistake twice.”
Of course, Reeves’ blunt honesty about ‘working to put himself out of a job’ won’t work for the IT professionals who need to put food on the table. In our next installment, we look at Reeves’ view for the future of IT in a world where more and more processes are automated.