We’ve all heard that plenty, right? “If it ain’t broke, don’t fix it.” People use it everywhere as a way to discourage improvements, modernization or refactoring. Many people say it and as with many phrases of this nature, on the surface it seems reasonable. But in application, it really is not or, at least, not as normally used because it is not well understood.
This is very similar to the concept of telling people not to put all of their eggs in one basket, where it is more often than not applied to situations where the eggs and basket analogy does not apply or is inverted from reality. But because it is a memorized phrase, they forget that there is a metaphor that needs to hold up for it to work. It can lead to horrible decisions because it invokes and irrational fear founded on nothing.
Likewise, the idea of not fixing things that are not broken comes from the theory that something that is perfectly good and functional should not be taken apart and messed with just for the sake of messing with it. This makes sense. But for some reason, this logic is almost never applies to things where it would make sense (I’m not even sure of a good example of one of these) but instead is applied to complex devices that require regular maintenance and upkeep in order to work properly.
Of course if your shoe is not broken, don’t tear it apart and attempt to glue it back together again. But your business infrastructure systems are nothing like a shoe. They are living systems with enormous levels of complexity that function in an ever changing landscape. They require constant maintenance, oversight, updating and so forth to remain healthy. Must like a car, but dramatically moreso.
You never, we hope, hear someone tell you that you don’t need to change the oil in your car until the engine has seized. Of course not, even though it is not yet broken, the point is to do maintenance to keep it from breaking. We know with a car that if we wait until it breaks, it will be really broken. Likewise we would not refuse to put air in the tires until the flat tires of ripped off of the wheels. It just makes no sense.
Telling someone not to maintain systems until it is too late is the same as telling them to break them. A properly maintained car might last hundreds of thousands of miles, maybe millions. One without oil will be lucky to make it across town. Buying a new engine every few days rather than taking care of the one that you have means you might go a lifetime without destroying an engine.
The same goes for your business infrastructure. Code ages, systems wear out, new technology emerges, new needs exist, the network interacts with the outside world, new features are needed, vulnerabilities and fragility is identified and fixed, updates come out, new attacks are developed and so forth. Even if new features never were created, systems need to be diligently managed and maintained in order to ensure safe and reliable operation – like a car but a thousand times more complex.
In terms of IT systems, broken means unnecessary exposed to hacking, data theft, data loss, downtime and inefficiencies. In the real world, we should be considering the system to be broken the moment that maintenance is needed. How much ransomware would not be a threat today if systems were simply properly maintained? As IT we need to stand up and explain that unmaintained systems are already broken, disaster just hasn’t struck yet.
If we were to follow the mantra of “if it ain’t broke, don’t fix it” in IT, we wait *until* our data was stolen to patch vulnerabilities, or wait until data was unrecoverable to see if we had working backups. Of course, that makes no sense. But this is what is often suggested when people tell you not to fix your systems until they break – they are telling you to let them break! Push back, don’t accept that kind of advice. Explain that the purpose of good IT maintenance is to avoid systems breaking whenever possible. Avoiding disaster, rather than inviting it.