Photo Credit: shaggy359 via Compfight cc
“Rotten…, beyond repair”, he shouted from the top of the ladder, while I was contemplating the nearing deadline of April the 8th. “It should have been replaced a long time ago”…
It’s early March 2014 and excellent weather outside. The paintwork of my house is however long overdue. I have asked a house painter to come over and provide me with an estimate to redo the painting of our beloved home.
“Thank you for this great analogy!”, I replied, as my latest submission was due. “What are you jabbering about?”, he asked. “That it’s rotten. That it can’t be patched”, I replied. “It’s happening in IT too you know.”
“What do you mean?” he asked while stepping off the ladder.
“Old software, like Windows XP, it’s like rotten wood. It can no longer provide the proper protection against the latest security threats. Patching, adding a ‘coat’ of security, it really doesn’t solve the underlying problem.”
But just like a real business, I was not ready for this unbudgeted cost. I asked him if he could not use some magic putty to have it last an extra couple of seasons. “The putty won’t hold”, he replied. “It will appear to be good as new, when I am finished, but it will fall apart sooner than later. You have no choice but to replace that sill”.
We went inside and reviewed his estimate: two coats of paint for the back of the house. Three for the front. “The front is in worse shape, it has taken a bigger beating from the elements: the wind, sun and rain”. “Brilliant!” I replied cynically, yet grinning as I had been given another great analogy for hostile environments some IT systems reside in.
“Why are you quoting me for that amount of sanding paper? It appears as if you plan to sand away your initial base coat.” “It ensures proper adhesion of the next coat and provides longevity and a nice gloss finish. The top coat will be tough as glass and last for a couple of years.”
“Just like layered security”, I thought while signing the order form.
My final resistance was broken when he asked if I wanted to consider his touch up service. “I’ll come by in early spring and autumn and repair small flaws and cracks.” Patch and Vulnerability Management is all I could think of, while placing my signature.
Maybe I should consider recharging The Analogies Project for the final invoice as it was a costly exercise to research a new analogy this time around.
In summary, IT and Information Security are like a good paint job: it protects the more expensive pieces of your property and so does security for your corporate information.
It also requires a level of trust in the people who are responsible for applying and maintaining your assets. Finally this story shows that, in the end, everyone performs some level of risk management in their everyday life.