Jul 09
Whose best practices are they anyway?
We all hear the term “best practices” thrown around in the technology world, but what really does “best practices” mean? All too often vendors throw it around as if their product defined the “industry accepted best practice”. Additionally, some experts get idealistic about the best practices they put forth. For example, security specialists/experts routinely define security best practices which can be incredibly difficult to implement or follow without great expense, time, and complexity. Likewise, identity management specialists/experts (such as myself) sometimes get too hung up on idealistic concepts like “every ID must represent a person” and others.
Best practice definitions should be tempered with a dose of corporate reality so they include budgets, time, and experience. Best practices should also have a solid foundation in experienced results rather than some idealistic reality.
Too many times specific approaches are referred to as best practices when there is no clear reason as to why it is best. In many cases the term “best practice” is used when the terms “good idea” or “preferred method” is more applicable.
Best practices, just like the plethora of motivational, self-help, and personal guidance books out there, should be referenced for guidance and good ideas, and shouldn’t be taken as gospel.