Saturday, November 13, 2010

Being the Voice

I worked for a rather large consulting firm prior to my current position. I was one of a team of Engineers who went onsite to help clients, in addition to another group of remote support Engineers who helped folks out over the phone. Because we supported a broad range of businesses of varying sizes, and because of the nature of group consulting in this manner, standards were important to have and keep. We had preferred vendors and products that we used, which made it easier for us to be consistent in our ability to support our clients. You need a backup solution? Backup Exec (that is before we started rolling towards vaulting and other cloud-based solutions). Need AV? AVG is the way to go. You get the picture. There was a recommended solution for most things. In addition to the aforementioned benefit of providing a consistent message and suite of solutions to clients, it also made things easier for a newcomer to the field, which I was in a lot of ways despite having been a Network Admin for the previous 3 years. Whole different ballgame.

One of the challenges in my new position is getting myself out of that mindset. It worked well for that situation; I'm all in favor of standardization. In my new position though there are no standards, and so I am in a role of making decisions on my own (mostly) about what solutions will best suit my new company. My instinct was to go with what I knew.

For example, I was tasked with looking into implementing SSL for some of our customer websites. My first instinct was to look at Thawte because that was one of the vendors my previous company typically used for certificates. It never occurred to me to look elsewhere or do any further research until one of the developers sent me a link for a company called StartCom. I looked into their offerings and they have 2-year SSL wilcard certs, Class 2, for $99! Thawte's price for something similar was apparently so high they couldn't even list it on their site; they required that you contact them to get info (and then didn't even bother to respond to the inquiry, thank you very much). My new company is very cost-conscious.

That was a good lesson, a wake-up call in some ways. It's very easy to go with what you know, but not always the best way. It's like buying the same brand of toilet paper for your family every time you go shopping. You buy Charmin because it's what your parents bought so you were brought up knowing Charmin as the preferred toilet paper solution in your household, and never looked at the other toilet paper brands that came and went in the aisle until someone else told you, "Hey, did you know you could get 10% more toilet paper for less price? And it's just as good?"

So, I've learned to re-think everything. Just because a solution was good and even preferable in my previous environment, it's not sufficient to simply go with it. It seems easy enough to adopt this, but when a solution is hinging on you it's very tempting and reassuring to go with something you have experience with and that you know works, even if it isn't necessarily the right fit for your situation.

That being said, I won't be going with StartCom anyway. Their organization certs require you to sign off your first born! Seriously, I tried to make my way through their site which is not an easy task. The instructions for getting a cert aren't exactly clear. To their credit I did get a very fast response to my email inquiry, from the CEO himself. I had asked him to verify that my understanding of the process was correct, and he said it was. In order to get an organizational cert you first have to get an individual cert, which requires you to make a copy of a combination of documents that include the front and back of your license, the cover of your passport and the first couple of pages, and a picture of yourself. Once you've done that and gotten an individual cert you can then apply for an organizational cert which requires another round of documentation (though less). Call me paranoid, but I'm not keen on sending copies of that kind of documentation to just anyone, especially a CA. I've gotten SSL certs before and never had to send any personal information. It just doesn't seem worth it.

No comments:

Post a Comment