I was out for a walk this morning, and, possibly due to the fog and below freezing temperatures last night, everywhere was incredibly slippery. At the same time, I did find some places where the homeowners had been actively shoveling their sidewalks, and keeping quite a wide path free down the center of the sidewalk, but not quite cleared to the edges of the sidewalk. Therefore, it seems to be time, once again, for "security is like shoveling sidewalks."
When you are shoveling sidewalks, or driveways, it is important to complete the job. This means clearing the sidewalk, or driveway, right to the edge, preferably clearing just slightly Beyond the edge of the pavement, so that the lawn, dirt, or gravel at the edge of the pavement is slightly exposed. If you don't clear right to the edge of the sidewalk, then, when slightly warmer temperatures come, and the snow starts to melt at the edges, the runoff water will run off onto the sidewalk or driveway. At night, when the temperatures fall, this water freezes into black ice. This is even more dangerous than not having the snow cleared completely. When I'm out walking, if I find a patch of black ice, I will, by preference, start walking on areas where the snow has not been completely cleared, since that gives me a bit of traction, which the black ice definitely does not.
This gives us our illustration of security. Sometimes I call this lesson "security is like a bridge, not a road." If you build a road halfway, it generally is at least of some use. It provides for an easier means of transport at least part of the way that you need to get some place. But if you build a bridge halfway, it's completely useless. There is absolutely nothing that it will do for you, since when you get to the end of a half finished bridge, you are hanging in mid-air, and have no other recourse than to retrace your steps and go back and start again. This is like security. If you don't finish the job with security, you end up in a situation that is even worse than if you didn't do any security at all.
Security is based on pretty simple concepts. But it's difficult to get security right, because you have to do the whole thing. There are generally a number of aspects and layers to security, and you've got to do all of them in order to complete the job. If you leave something undone, you leave a vulnerability or an open exploit, and generally speaking this vulnerability is one that you won't notice, until it's too late and someone has taken advantage of it. You have to do the whole job, or you are left with a situation that is even worse than not doing security, because you have a false sense of security, because you think you've done some security, when in fact you have left the back door wide open.
This is the same as shoveling snow off sidewalks. You think you've done a good job because you have cleared a path, right down to the bare pavement, down the middle of the sidewalk. You don't particularly care about the piles of snow at the edges of the sidewalk. But they are going to melt when temperatures get slightly warmer, and then the melt water is going to flow over the sidewalk, or driveway, and then, at night, it's going to freeze. It's going to freeze into a nice clear surface, which, from any distance, is indistinguishable from the pavement. And therefore you are not going to notice that you are on a surface which provides you with absolutely zero traction, until your feet start to go out from under you, and you are desperately trying to find traction on a tractionless surface.
So, finish the job.
No comments:
Post a Comment