For those of you that are parents, have you ever considered how keeping our networks secure is a lot like trying to provide tough love to our children? When we are raising our kids, knowing when to say no is one of the hardest things we have to do. We also have to let our kids make their own mistakes, and when they do how they have to face the consequences. Finally, blended families through remarriage have their own special issues. (My thanks to my friend Carol for the original idea.)
Now, let’s consider what this means for us as network and IT professionals. Learning how to say no is understanding how to block the wrong kinds of traffic entering our networks, such as malware and viruses. And today’s threats are also coming over Instant Messaging and peer-to-peer connections, so there is that to consider. It is always tough to say no to your kids, and your users, and even harder when your users always want to hear yes when we are saying no, too.
Learning from our users mistakes is also particularly difficult. We have to review our firewall and access logs and make sure that network exploits haven’t happened on our watch. Part of this is also understanding when we don’t have sufficient resources for this kind of monitoring and being able to make a case to outsource this function so that we can spend our time elsewhere.
Part of tough love parenting is teaching our kids how to face consequences of their actions, and part of our jobs as networking professionals is showing our management the consequences of their actions too. If our firewalls and other protective gear is outdated, that decision will have certain consequences. If our desktops are more than five years old and haven’t been patched with the latest protection, that will have consequences too. If we have deployed virtualization without careful analysis, that will ripple across the data center when there are problems.
Finally, there are the special issues that blended families and step-children bring to the table, and that has its analogs with how mergers and acquisitions play out in the corporate world. What if my newly acquired subsidiary is running Juniper and I am a Cisco shop? Or if they outsource all their Web servers and I still run them inside my data center? Or if I have been using a smaller vendor that is now bought by HP or Cisco or Oracle, just to name a few companies that have been on buying binges as of late?
How does this translate for our daily interactions with our users? Part of being a great parent is being able to listen to the subtext, and understand what your kids are really saying to you when they ask you questions. The same can be said for our users. I remember one of mine from the middle 1980s who didn’t like any of my suggestions for how to use his PC. What he really was telling me is that he wanted to make his own mistakes, and learn from the experience. Of course, he formatted his disk and wiped out his data along the way to learning how not to do that, and I had to hold my tongue.
Another facet of IT-by-parenting is understanding that security-by-obscurity is not going to work. On the Internet, especially today’s Facebook-Twitter-always-in-your-face Web 2.0 version, everyone knows your business, and even your personal life too. You need a plan, and you need to protect your networks accordingly.
Yes, being able to provide tough love is, well, tough. If you want to hear more about this, it coincidentally is the topic of a speech that I am giving on Thursday at the Sonicwall sales conference in San Francisco. If you can’t make it, I can bring this talk to your meeting and customize it for your audience, too.
From one reader:
At times I think one of the greatest skills a person can possess (and one I try to impart to newer gen IT’ers specifically) is to have the humility and self-control to witness someone acting like a “child” while somehow not treating them as one.
The problem is there is no love of the individuals present in many cases and so in its place has to be substituted a love of the profession and a passion for doing things that make a difference. At times it is akin to meeting an amazing woman later in life that has two older children of her own while having two of your own. Until you gain the trust and respect such that “her” children are actually “your” children and vice-versa, it is nearly impossible to make sustainable headway. It is an issue of first of all “will you do what is in their best interest” and “do they actually trust you to do as such”.
In the above case the “children” are the initiatives of the business and IT etc. which unfortunately are often looked at as completely different when they should be one in the same. Once the business sees you doing what is in “their” best interest without empire building or old school IT as the modus operandi then some really interesting paradigm shifts can occur.