Photo Credit: disneymike via Compfight cc
As anyone with small kids will know, eating dinner with the whole family can get quite messy. Penne with ketchup can be flung heavenward, leaving a blood-like trail on the white painted walls and the floor looking like a minor guerilla war took place within the premises. Despite the colourful painting and redecoration of the room, this dinner experience can be essentially life-reaffirming in its beauty, but at other times it can be a frustrating experience that ends up in crying kids and screaming parents. Similarly the 3 star Michelin cuisine with a world class chef and the 500 person royal dinner party can both be both good or less so, possibly even verging on a stiff, rigid experience.
A lot of factors are involved in determining both objective and subjective experience. Many of these are often taken as a given and not noticed as such in daily life, such as having a table available for dining on. Take away a table and the whole dinner experience sort of collapses, the central foundation that everything leans on taken away, no matter if it’s a good table, a bad table, a used table or a brand new shiny table. Thus the analogy moves into IT – imagine the table as the enterprise firewall. Take away the firewall and you can have a smooth well-oiled, perfectly built enterprise defensive architecture such as a defense-in-depth that implodes. Defending enterprises from threats, a losing proposition in an asymmetric conflict as it is, is a puzzle of independent pieces that each, good or bad as they may be, stack like LEGO; the same way knife, fork, plate, table, spoon, glass, chair etc. makes up the pieces required to have dinner. Some of these pieces are essential while others are nice to have – a napkin to wipe your mouth is useful, but hardly a cornerstone. Some pieces are more important for the subjective success of the meal than others, and the goal you want is to avoid making a mess and have hygiene under control (get it? Being hacked/having your data dumped on pastebin…).
Similarly you may have a waiter serving upon your table or you may choose to do all of the cooking and serving in-house. Experiences outside your own house can have cooks and waiters both come of different sizes and quality/price-tags, so choose wisely (outsourcing…). Many restaurants these display a public hygiene rating certification, and in outsourcing being able to test and certify your “restaurant” gives better chances of a good experience. Ask your friends about the quality of the place, of the staff and do your research so that you don’t go into a fish restaurant and order chicken, yea?
A well-planned and well-executed meal is usually a lot more satisfactory than a haphazard meal and if you have a dishwasher at home (Splunk?) to automate the clean-up then you may not end up with ceiling-high stacks of unwashed (un-inspected logfiles/traffic) dishes.
The royal dinner party or the 3-star Michelin restaurant experience can be good, even fantastic, experiences, and hopefully these places can avoid making a MESS publicly – but what if these become expense-in-depth solutions (Thanks @rickhholland) and simply just hide their messes in the kitchens and back-areas? At home or eating out, does it matter that it LOOKS shiny and that you have 3 forks and knives if it still all ends up as a mess? Eating spaghetti and ketchup at home with the kids and watching them make a bit of a mess on the floor can be very comfortable, and it’s a mess you know how to clean up, if you’re just a bit lucky. Can’t the mess you know how to clean up be better than the mess you don’t even know about? If I go out, I look for the hygiene ratings because I really don’t want to eat 5-years old prawns or the like. And I make sure there’s tables.
For very important occasions, I’d probably choose say, a Michelin restaurant that both has the star of quality (certification) and that my peers recommend. Making the actual choice of where to go, what to eat, you know, all these little choices, the choices actually matter quite a bit in security, because if you buy the wrong thing from the wrong vendor, or do the wrong things, or just do things wrong, then no amount of money can make you any safer.