Words have meaning, even in IT

5gDedicated
Yanac

IT loves buzzwords. But it is now becoming frightfully common for analysts, vendors and even other IT specialists to take established tech phrases and assign them entirely new meanings. (And to be clear, none of these folk ever spell out that that’s what they are doing.)

Case in point: “Tech debt”. That term has meant the same thing for many years: it describes coding shortcuts (either to cut costs or to speed completion or both) that may help in the short term but will eventually catch up with you — and cost you far more money and time. 

A similar definition can be found in Wikipedia, IBM, MIT, and Carnegie-Mellon, among other places. 

And yet, I have been hearing from various trusted sources (analysts, vendors, IT pros, etc.) an entirely new definition for tech debt. They’re using it more and more to describe the painful processes for dealing with legacy systems.

I first noticed this strange definition-hijacking when talking with a top analyst from Moor Insights & Strategy about the slow move to Windows11. When talking about “the increase in the complexity of the upgrade decision, these hidden interdependencies” — a perfectly viable point — the analyst dubbed the problem as “the great reckoning of technical debt.”

Since that interview, I’ve heard various other respected analysts and industy experts using the same  definition for tech debt. 

People, as someone who makes my living through the use of English words, let me say this loud and clear: Words have meaning. You can’t take a well-known phrase and just randomly assign it a new definition.

You want to talk about legacy integration headaches with on-prem data and 18 global cloud partners? Or maybe those internal programmers creating homegrown apps — and then deliberately short-cutting or entirely ignoring proper documentation? Great. Coin a new term for the concept. Don’t jam your new definition into an existing term.

It’s not just about the phrase “tech debt.” Consider Multi-Factor Authentication (MFA). That term couldn’t be simpler. It means only one thing: that you are using more than one method to authenticate users. That’s it. And yet, I recently watched a senator ask a corporate CEO who was testifying before Congress  whether his firm used MFA. 

When the CEO said “yes, ”the senator promptly moved on to a different line of questioning.

Wait a second! That answer tells us nothing. The senator should have followed up with something like,  “Great. How many authentication methods are you using and which ones are you using?”

That would allow the senator to at least evaluate the effectiveness of those authentication methods, whether it’s robust (say, perhaps FIDO2), minimally acceptable (maybe an Authenticator app) or a gift to attackers everywhere (unencrypted SMS comes to mind).

People throw out MFA as though it means something  — and others pretend they’ve been given useful information.

I have seen vendors calling their authentication mechanism “an MFA.” No. That doesn’t work. One form of authentication is not an example of “multiple forms of authentication” (unless that approach has multiple personalities).

There’s also a form of verification called Continuous Authentication (CA), which is not to be confused with Behavioral Analytics (BA), though they both have much in common. Think of BA and CA as two different security guards in a building. CA is the one in the lobby who makes sure you’re authorized to be in the building. Once you get the the greenlight, that guard’s job is mostly done.

BA is a guard making rounds on the fourth floor, ensuring you don’t try going anywhere you’re not supposed to. Think of a supply chain analyst who’s trying to access payroll records; the BA guard sounds the alarm and gets higher authorities involved.

BA is not really about authentication; it’s about making sure you don’t break bad after the lobby guard lets you in. (Yes, I’m an enthusiastic fan of Walter White.) 

Karen Andersen,  a technical architect at IT consulting firm World Wide Technology, argues that the worlds of consulting, analysts, and vendors would implode if they were all forced to use English words and phrases properly. (She was specifically referencing tech debt.)

“If we have to use actual meaning in word choices, the whole world is going to detonate,” Andersen said, adding, “Or should I say debt-onate?” 

Rex Booth, the CISO at identify vendor SailPoint, acknowledges the loss of accuracy in language, but defends its perpetrators. 

“Tech phrases that at one point provided sufficient meaning and functionality — the classic definition” can evolve, he said. “Meaning changes over time. There can be this collision between linguistics and technical culture.”

Booth is being far too forgiving. 

Now, let me check my MFA for tech debt and make sure my BAs and CAs are all in order. Words have meaning, even in IT – ComputerworldRead More