But I really think we are missing the fundamental point entirely. My favourite phrase is 'Complexity is the Enemy', especially as it relates to fast paced ever changing environments. 'Change Control' , 'Change Management' or 'Release Management' is great.. but I have never seen it done really effectively. Even in one of the best networking companies in the world, it is still a form of controlled chaos! As best effort / guestimate work is done in identifying host dependencies in downstream networks or similar service dependencies in downstream / upstream applications or code. ( Let alone full appreciation for business and supporting processes... ). Who _are_ these guardians of 'Change Control' who _really_ understand the _Infrastructure_ in all its glorius levels and depths... -----> 'techno-demigods' I think they would be called :)
"Well, that's the security guys / operations manager's role... oh, well then, it's the um administrators or engineering, or implementations guys....", I hear you all say in tandem.... well perhaps, but do they really know what's going on? Who actually did what, when, where and why? And could you really tell what was done and how?
Who are the implementors? Are they insourced, outsourced or was the update or change performed by some 'fly-by-night' technorati....? Relax my friends, it's all ok you uber-geeks, we all know the CIO knows exactly what's happening and is responsible for the whole shebang!
Take for example a business with a large dependency on IT ( any medium to large business, desperate to bring an IT based service or product to market
Remember that millions of lines of code are wrapped around all Operating Systems and Applications or Services, whether in supporting the business or tied up in the business' delivery of products and services to its customers... then introduce the standard network users - driving the equivalent of virtual computer tanks and nuclear warheads with no proof of 'licensed to operate' or without the requisite training and experience. Mix this with network and system administrators, developers and database administrators with about as much scientific appreciation of computational logic and determinism ( in so far as _computer-systems_ are deterministic :) as the Incas had in believing in Sun Gods and that engaging in human sacrifice and voodoo like 'hibbidy-gibbidy', would appease said Gods of the time. Add to this a light sprinkling of 'management' who now find themselves in some _key_ technically related role, who have about as much experience with technology as those assembling their first 'Kinder Egg' with similar measures of people management skills, akin if you will to the atypical high school gym 'last pick' ability to inspire confidence, lead a team or score goals.
You are now ready to bake in the binary oven of success or failure, wait 30 minutes at 'Homeland Security' defcon 4 for the inevitable results.
'Baked Alaska' is not something you can get right with beginners luck...
So back the key theme, that with such complexity and general lack of appreciation of said complexity.. it actually needs to be reduced to faciliate some form of control. Most solutions these days actually _increase_ the complexity to try and control the complexity! (which doesn't really work without the correct resourcing, comprehension and mangement!)
Let's take a step back and focus on the basics. Let's cut out the fluff and focus on solid and secure systems and services that allow us to work on the real 'add-value' to the business or customers. Why is it we require an army of incompetents who create their own microcosms of increased complexity, entropy and cost, when computers are supposed to save us time so we can get on with what we're actually really good at?