Many times you face down a big project and the old elephant analogy comes into play… “How do you eat an elephant? One bite at a time!” Referring of course to the fact that the way to get really big, overwhelming things done is to break them into smaller pieces (bites) and then work from there. True of any large project, and certainly how you can keep track of critical path elements and all of that.
Another approach is a time-box. Basically, you have a box with a specific capacity. You can put things in until that box is full, but not overfill it. If you need to add something more and the box is full, you have to first take something out. It’s a good scoping tool, again for larger projects or for cases that are budget-bound.
With the many moving parts of a data system, it’s easy for pieces to get taken out of those models for later consideration. “We’ll finish up this portion of the project and then come back and address the interface security once they’re up and running.” It makes the overall project a bit easier to swallow time- and effort-wise.
A very significant risk of this, though, is that you never return to the pieces you set aside. And, since it’s easy to focus on functional elements rather than “doing it right” elements in the heat of the moment as you’re building out the project initially, it’s quite possible that security (in all of its parts) and controls on the data in your systems, along with compliance things… all are candidates for set-aside types of attention.
We’ve been stumbling into increasing numbers of situations where exactly this has happened, but with external resources (consultants, developers, etc.). This seems to magnify the extraordinary risk of this approach. The magnification comes from the fact that, many times, that consultant or developer is done when the initial project is done. Many times management or the powers that be will decide to hold further development while the system settles in and they find out what’s missing or may need to be moved up the priority list based on actual usage. All of a sudden, those “doing it right” pieces are a lower priority and may even be set aside entirely going forward.
If you’re consulting or hiring a consultant or any combination of these, it’s important to size your projects to take into account the messy underpinnings part of the mix. The security, the controls, the things that are required to address compliance – those pieces no one really wants to incorporate early on, but that simply must be there and must be addressed as you go through the project.
As you lay out your project plans, make sure those planning points are part of your template. Even if you’re able to say they don’t apply, make sure you’re considering protection and management of your data, even from those external interfaces (or TO them) and that you’re accounting for the fences and walls around your information that are critical with information systems. Don’t plan to return to them as your sole goal for getting them done. Make sure the final picture for each phase includes all of the bits and pieces you need to have a complete, well-managed system, even if that system scope needs to decrease.
Or the budget needs to increase.