Network security is a lot like tough love

For those of you that are parents, have you ever considered how keeping our networks secure is a lot like trying to provide tough love to our children? When we are raising our kids, knowing when to say no is one of the hardest things we have to do. We also have to let our kids make their own mistakes, and when they do how they have to face the consequences. Finally, blended families through remarriage have their own special issues. (My thanks to my friend Carol for the original idea.)

Now, let’s consider what this means for us as network and IT professionals. Learning how to say no is understanding how to block the wrong kinds of traffic entering our networks, such as malware and viruses. And today’s threats are also coming over Instant Messaging and peer-to-peer connections, so there is that to consider. It is always tough to say no to your kids, and your users, and even harder when your users always want to hear yes when we are saying no, too.

Learning from our users mistakes is also particularly difficult. We have to review our firewall and access logs and make sure that network exploits haven’t happened on our watch. Part of this is also understanding when we don’t have sufficient resources for this kind of monitoring and being able to make a case to outsource this function so that we can spend our time elsewhere.

Part of tough love parenting is teaching our kids how to face consequences of their actions, and part of our jobs as networking professionals is showing our management the consequences of their actions too. If our firewalls and other protective gear is outdated, that decision will have certain consequences. If our desktops are more than five years old and haven’t been patched with the latest protection, that will have consequences too. If we have deployed virtualization without careful analysis, that will ripple across the data center when there are problems.

Finally, there are the special issues that blended families and step-children bring to the table, and that has its analogs with how mergers and acquisitions play out in the corporate world. What if my newly acquired subsidiary is running Juniper and I am a Cisco shop? Or if they outsource all their Web servers and I still run them inside my data center? Or if I have been using a smaller vendor that is now bought by HP or Cisco or Oracle, just to name a few companies that have been on buying binges as of late?

How does this translate for our daily interactions with our users? Part of being a great parent is being able to listen to the subtext, and understand what your kids are really saying to you when they ask you questions. The same can be said for our users. I remember one of mine from the middle 1980s who didn't like any of my suggestions for how to use his PC. What he really was telling me is that he wanted to make his own mistakes, and learn from the experience. Of course, he formatted his disk and wiped out his data along the way to learning how not to do that, and I had to hold my tongue.

Another facet of IT-by-parenting is understanding that security-by-obscurity is not going to work. On the Internet, especially today's Facebook-Twitter-always-in-your-face Web 2.0 version, everyone knows your business, and even your personal life too. You need a plan, and you need to protect your networks accordingly.

Yes, being able to provide tough love is, well, tough. If you want to hear more about this, it coincidentally is the topic of a speech that I am giving on Thursday at the Sonicwall sales conference in San Francisco. If you can’t make it, I can bring this talk to your meeting and customize it for your audience, too.