And no, I’m not going to go with “because the business acts like children, always trying to tear the walls down.”
This was something that actually came to me tonight when I was making a very simple lemon pasta dish (very quick) and my two kids (5 and 2.5) were wanting to bounce their bouncers? I don’t actually even know what they’re actually called. Mine was a big, red ball with a Mickey Mouse head and handles for ears…
Anyway, they each have one, and the flow through the house is driveway -> garage (open door) -> lower kitchen (don’t ask) -> upper kitchen (where all the crystal stemware lives) -> rest of the house.
So, naturally, this makes a pretty good circuit, and since it’s towards the end of the day, they’re amusing themselves, and bouncing through the kitchen. Now, I really didn’t think too much about it – I was stirring a lemon cheese sauce that can’t boil and can’t sit, after all – until I watched my daughter have a bit of trouble as she was trying to navigate around the island. Basically, she fell off the thing a few times—mostly because she was being silly.
At which point I ask them to stop, because, well…of the aforementioned glassware, housed in a 2m (6’) glass case from Ikea that’s really pretty flimsy—and would make one helluva lotta glass shrapnel should it come crashing down, even if it missed a child.
And it hit me. Because I was thinking about what I was saying, and how I was saying it. I mean, I could’ve stopped with the pretty standard, “Don’t do that!” Or even, “Don’t bounce those inside,” or, even more specifically, “Don’t bounce those in the kitchen.”
Which all would’ve worked, but there’s some subtitles involved in what I said, because I said to them don’t do that in the kitchen because you’re too close to the glass, and there’s a lot of ways you can get hurt.
One of the stories I’m sure you’ve probably heard is about the way to cook roast in a particular family. One day, after several years, the husband (who didn’t cook) asked his wife why she always chopped the ends off the roast and threw them away. I mean, to him, it seemed like a waste of good meat (if you’re of the carnivorous persuasion, at least).
Her answer: “Well…I guess it’s because that’s the way my Mom always did it.”
Or another one that I heard recently—which was new to me at least. A mother didn’t ever let her child put a coat on a bed. It was just the rule.
Now, what’s the common thread here?
The presence or absence of the “because…” bit. It’s the rationale. It’s the explanation behind why a particular course of action was chosen over any other possible alternatives.
And it’s one of many things that people tend to leave “on the cutting room floor” of their security architectures.
But there’s a problem. You can’t do that. You need to know the why. You need to know the reason the alternatives were discarded in favor of the practice…
…so you know how to figure out when the practice should no longer apply.
In the case of the roast, it took going back to the grandmother, who laughed and said, “Honey, we didn’t have a big enough pan. And I didn’t throw them away, I kept them for something else.”
In the case of the “no coats on the bed” policy, it was again back to the grandmother, who explained that when she was a child, there was a terrible outbreak of lice at the school, so her mother didn’t want coats that might’ve been infected to be near any kind of furniture—especially where you were going to sleep.
It’s obvious, right? Blind practice…blind compliance…over rational decision-making. We’d never do that…
…right?
I know I have, and I know the psychology behind it too—but that’s deeper than we have time for today.
If you want to learn the best, fastest, most reliable and repeatable way to build security architectures that don’t ascribe to the “blind policy obedience” mantra, then you still have time to get in to the next cohort of Building Effective Security Architectures…
…at a savings of over $2,500…or 60% if you’re a percentages person, then you have until Friday the 13th of December to get registered. Details are here:
Stay safe,
ast
—
Andrew S. Townley
Archistry Chief Executive
