The so called Pareto Principle originated in business in the 1940s, and at its simplest it states that 80% worth of effect typically come from 20% of cause. “The rule of the vital few and the insignificant many.”
· 20% of your customers account for 80% of your sales.
· But 20% of your customers also account for 80% of your complaints.
(The Pareto Principle will not tell you whether it’s the same 20%)
In my experience working in Cybersecurity I have loosely translated it to that I can generate an 80% solution in 20% of the time it would take me to create a “perfect” solution (up to my own personal haughty standards). In my last position we used it often as a reminder: One of us would start to slide down one rabbit hole or another, and another of us would say “Remember, 80/20”.
We noticed that we failed on promised deliveries because we strived for the 100% solution, when it in fact turned out that our 80% was still above what the customers could have generated themselves, and they were still very appreciative. And we made our deadlines.
It's “Good Enough”, quite simply. And though that expression oftentimes is used to express a basic lack of trying, in its purest sense it can also be quite correct. “Good enough” is sometimes exactly that.
“Low hanging fruit” is another way we sometimes say it. Does anyone want to guess whether it would take 20% of the time to pick the 80% of the apples that can be reached from the ground?
In Cybersecurity it can help us focus. Maybe we find that we can roll out anti-malware on 80% of our asset inventory in the first 20% of the project, or we manage 80% of our access profiles with a simple solution that cost 20% of the fancy one that would cover every eventuality.
Our goal should eventually be 100%, in due time … but we should be careful so that we don’t avoid taking those short first steps that have such big impact just because we don’t have the 100% solution yet.
That's 80/20 Cybersecurity.
80/20 Cybersecurity
Copyright © 2023 80/20 Cybersecurity
Powered by GoDaddy