In-Depth

Consultant, Author, Microsoft Certified Trainer: 'My 10 Wishes for Technology'

Don't you sometimes just wish this amazing information technology business we're in was just a little different? That tech just worked? That there was one standard instead of eight? That security wasn't an afterthought. And that all apps weren't tested in production under the guise of DevOps?

In this article, I'll go through my wish list (I know I'm a month late for Santa, but frankly, I don't expect him, even if he's got a sledgehammer, or anyone else to fulfil anything on this list).

Quick background so you understand where my particular wishes (requests? dmands?) come from -- I've been in IT since the mid 1990s, running my own IT consultancy since 1998 (it's turning 25 at the end of this year). I'm a Microsoft Certified Trainer and I divide my time between looking after the cloud and IT needs of a few clients, and delivering training, primarily to Microsoft partner organizations. And I write about technology for various sites and have been doing that since 2009.

Cloud Speed
One of my first articles about cloud computing (around 2011?) was very disparaging. (I can't link to it as it was published in a print magazine -- remember those?). I was bemoaning the lack of control, the security problem of concentrating the data of many businesses in one place, and the risk that IT professionals would soon be out of a job as the cloud was going to be so easy that we wouldn't be needed. Boy, was I wrong 😉.

The cloud has brought along with it a seismic shift in how we "do IT" with far reaching consequences for skilling, security, agility and expectations.

Skilling has changed dramatically. When it was all on-premises, we knew which version of Windows Server or SQL Server we had, what its features were and how it interacted with other applications. Upgrades were projects, only undertaken every 4-8 years. Now, every service in Azure, and Microsoft 365 (my beat), changes on a daily basis and there's nothing you can do about it. Occasionally you get a knob to delay a particular feature for a while, but very rarely can you turn something off permanently, should you wish to. Training, and the expectation of the skills of IT pros, is thus changing dramatically, from "here's a week's course on the new version we're releasing next month," to "you must learn ALL THE TIME." I don't mind; I love learning about new tech and as I'm my own boss, I set aside time for upskilling every day.

Here's my first wish -- all organizations should understand this fundamental change and build a day a month (half a day a week?) into their culture for all IT staff (all employees really -- everyone needs to absorb new features in Office/third-party apps for example) to learn and grow. This is not optional for organizations anymore.

My second wish is that it would all slow down a bit though, trying to cover Microsoft 365, Azure, Azure Stack, security and so on sometimes makes me feel like Bilbo in the "Lord of the Rings" -- "thin, like butter that's smeared on too much bread."

The second area that "the cloud" has impacted is security. Don't get me wrong, I think most IT people understand that the cloud is more secure than on-premises infrastructure. And the Shared Responsibility Model helps, allowing us to outsource responsibilities such as datacenter access, network controls and so on.

The Shared Responsibility Model
[Click on image for larger view.] The Shared Responsibility Model (source: Microsoft).

But the cloud also brings more complexity, and complexity is the enemy of security. The more complex a system is, the more likely it is that attackers will find an unexpected dependency between different components to insert their wedge. Don't believe me -- read the daily news. Misconfigurations of controls and supply chain attacks lead to many, many breaches.

That's complexity for you: The software your business runs on isn't built by the vendor that sold it to you, rather it's built by the vendor plus 20 different open source projects, which in turn rely on other projects and so forth. So my third wish is "simple" -- all cloud vendors, configure good security by default -- make it harder for time pressed IT pros to shoot themselves in the foot. Don't rely on us knowing which knobs to turn to which values to start off secure. Do it for us and force us to change it only if we have a specific business need. Case in point: AWS is just now starting to set S3 buckets to not have public sharing on by default, which should have been the default for the last decade.

My fourth wish is for cloud vendors to have to publish CVEs for their software bugs. Today, when there's a bug in a Cisco router, or Exchange Server, or a Linux app, discovered by some security researcher doing (often) thankless work, it's assigned a CVE ("tracking number") and a CVSS ("how easy it is to exploit"). Not so for the internal software that runs GCP, AWS, M365 and Azure.

The cloud also brought incredible agility. Trying new Software-as-a-Service (SaaS) services, or building your own in Platform-as-a-Service (PaaS) or Infrastructure-as-a--Service (IaaS) is incredibly easy. The problem, as per usual, is that someone "playing around" turns into a proof of concept (PoC), turns into production and all of a sudden you have security holes big enough to drive a Borg cube through, without even scraping the sides. Fifth wish -- cloud vendors, build governance and policy in, don't make it something we consultants have to teach our clients about as an "optional" extra -- turn it on by default. "No, you can't just enable public access for these Kubernetes containers, no matter how much you tell me it's just a test -- you must have an ingress controller in place first".

Home Tech
What about the tech in our homes? When I started out in IT, I thrived on malfunctioning computers, after all, figuring out which DIP switch to change to set the right IRQ level on the NIC was good learning. (If you're under 30 and have no idea what that sentence means, see here and here). However, now I just want tech to work. I want the tech I deploy to my clients to be as close to zero maintenance as possible, and the same for anything I use at home.

This is why I haven't gone down the path of home automation. I hear the stories of fellow techies, spending hours and hours making sure the automation sets the lights at just the right hue when they tell it to, or troubleshooting why all but three connected lightbulbs turn off at the right time. This is another area of overlapping standards -- you must buy into a "family" of gear that'll interoperate, but won't talk to anything else, without extensive work on your part. No thank you -- I'll wait until it just works. Sixth wish -- home automation that takes 15 minutes to set up and just works, with any other home automation tech I choose to plug in.

But I do have a dryer and washing machine (non-Wi-Fi) that do make my life easier with auto programs, and a two-person mini dishwasher that works a treat. Alexa? Not so much. Half the time she doesn't understand what I'm saying (it's probably the mix of Aussie and Swedish accents). The other half she can't actually help me with my query. My Fitbit is helpful, but some of the reports are just weird -- take a 15-minute stroll -- congratulations you've burned 125 calories. Go for a 45-minute run, mostly uphill -- congrats, that'll be 490 calories. I'm sure there's a setting buried somewhere that can explain that, but that's the thing about modern tech: It never just works 100 percent, there's always something not working the way it should. Seventh wish -- tech companies (of all stripes, this wish goes for OSes, cloud platforms, apps and home tech), spend 10 percent more time fixing the old features so they actually work, and 10 percent less on releasing new, half-finished features. I like tech that actually helps us, rather than making our lives even more complicated.

Last note on personal tech: Can the U.S. please fix surveillance capitalism? It'd be great if you realized that you need a federal law for organizations to protect your personally identifiable information and not just sell it to whomever, whenever they feel like it. Because so much tech comes out of the U.S., what you do affects everyone. So, wish number eight, GDPR for the U.S. (and thus nearly everyone else), please.

The Future
You've probably noticed a theme here, most of these wishes are unlikely to ever be fulfilled. So, while I'm dreaming (ninth wish), I'd like tech to be more like Star Trek's TNG -- "run a level five diagnostics and fix the issue automatically," rather than endlessly trawling Reddit and forums trying to find someone else who's run into the same issue and actually fixed it. Come on, we now have AI misidentifying people on surveillance cameras regularly, can't we have it built in to fix the tech automatically when it doesn't behave?

Final wish -- transporters. If I had the ability to beam people from one location to another at will, I'd identify the top 500 criminals responsible for the ransomware scourge in Russia, China and North Korea and beam them directly to a prison in the U.S. And I'd send Putin and a few other nutcases there at the same time. I can but dream....

What's your wish for technology? Let me know @paulschnack or on Mastodon.

About the Author

Paul Schnackenburg has been working in IT for nearly 30 years and has been teaching for over 20 years. He runs Expert IT Solutions, an IT consultancy in Australia. Paul focuses on cloud technologies such as Azure and Microsoft 365 and how to secure IT, whether in the cloud or on-premises. He's a frequent speaker at conferences and writes for several sites, including virtualizationreview.com. Find him at @paulschnack on Twitter or on his blog at TellITasITis.com.au.

Featured

Subscribe on YouTube