Finding The Hidden InfoSec Story

How Does Your Garden Grow?

Photo Credit: emmacraig2 Flickr via Compfight cc
Photo Credit: emmacraig2 Flickr via Compfight cc

As a non-gardener, we are approaching the time of the year I enjoy most. Within a month or so, I can do my last stint outside in the knowledge that it will remain by and large how I leave it for the next four months or so.

As you might have guessed gardening is not my thing. Whilst I am the first to appreciate manicured lawns, weed-free flowerbeds, symmetrically aligned vegetables patches and lush shrubberies, achieving this horticultural nirvana is way beyond me. I cut the lawn most weekends but this is little more than an excuse to listen to a match commentary without interruption. The end result, as akin to a bad haircut, but hey, it’s a bit neater than it was before.

The problem I have with gardening is that no matter how much you put in on any given weekend, by the following weekend it’ll need a bit more work and if you leave it more than a fortnight you are heading back towards square one.

I learned this lesson when I moved into my first house with a garden.  A modest affair that was no doubt the pride and joy of the previous occupants, it quickly took on the appearance of an unexplored rainforest. A friend suggested that I might want to enlist the help of his occasional gardener.

The fellow duly arrived and within a day there was some semblance of order. His parting words were, “You’re obviously a busy guy, do you want me to pop over once a month to keep on top of things for you?” As I handed over the cash, I smiled and said confidently that now it was back in order I’d be able to keep on top of things myself.

You’ve guessed it: two months later, I was begging him to pop over again. The catch was that when he came first time it was early spring. Since then sunshine and showers had encouraged explosive growth of bindweed, brambles and all the other stuff that is hard to clear. This time around he charged me for two man-day’s effort. I duly paid up and made a similar excuse re employing him on an ongoing basis. I had learnt my lesson and really would commit to keeping it in order this time around.

And you’ve guessed it, the whole sorry saga continued until the day I moved out a few years later.  The problem was my gardener got busier and busier, it became more and more difficult to find someone to help and those who did pitch up were typically expensive and unreliable.

When I look at the gardens of those with whom I socialise there are a few lucky ones who retain the services of a gardener. There is one early retiree who has too much time on his hands and also happens to enjoy gardening. And finally there are the consciously incompetent like myself, those with other priorities and a lack of skill and motivation to do the job properly on an ongoing basis.

Gardening is a sort of metaphor for cyber security. If you don’t keep at it, it will quickly deteriorate. Some know what they are doing, the majority probably don’t. Some love it, some loathe it, some let others do it for them, some just leave it, calling in help when a crisis hits.

Some large enterprises are like the stately homes and mansions that employ full-time gardeners. They are on top of everything, continuously tending and improving the garden, not a leaf out of place. An occasional infestation of pests or other diseases are dealt with quickly and efficiently with the appropriate products. Everything is watered, fertilised and pruned to maximise its contribution to the overall spectacle that is the garden.

Medium enterprises will probably retain the services of a ‘gardener’, they’ll do so some stuff themselves, but by and large they know their ‘service provider’ is on top of things and that if there is a problem they will be looked after, even if it requires a few extra day’s effort.

The rest include those, like my early retiree friend. who are competent and have the time and the knowledge to deal with things and are prepared to ‘tinker’ to get it right, but they are most certainly in the minority.

The majority, dare I say, fall into the DIY brigade, who at a push may retain the services of a third party to keep on top of things. However more than likely they will try to do it themselves on the premise that it really shouldn’t be that difficult, and anyway why waste the cash when it could be being put to good use elsewhere?

From a cyber-security perspective, my approach may have got businesses so far, but things are fast becoming overgrown. Unlike a garden, cyber security is sadly not seasonal, we don’t have the luxury of knowing that whatever happens for three quarters of the year, problems will die back in the winter giving us the chance to get on top of things again in the spring.

And as a parting analogy could I suggest that all those unpatched systems are the equivalent of ‘bindweed’ that if left too long can end up strangling the life out of all the good that was done in the first place?

Author: Richard Jones

Share This Post On