{"id":2573,"date":"2020-07-28T09:28:41","date_gmt":"2020-07-28T13:28:41","guid":{"rendered":"https:\/\/zzzptm.com\/wordpress\/?p=2573"},"modified":"2020-07-28T09:28:41","modified_gmt":"2020-07-28T13:28:41","slug":"when-roi-becomes-dos","status":"publish","type":"post","link":"https:\/\/zzzptm.com\/wordpress\/?p=2573","title":{"rendered":"When RoI becomes DoS"},"content":{"rendered":"\n

Here’s the scenario: a firm purchases a security solution. The firm skimps on professional services<\/a> and\/or rushes the schedule on implementation and\/or neglects to maintain the product properly.<\/p>\n\n\n\n

Do not be surprised when, one day, that security solution<\/a> does something that results in a system-wide outage:<\/p>\n\n\n\n

Fig. 1: System-wide outage<\/p>\n\n\n\n

Why were those decisions made? Because professional services, longer timelines, and proper staffing\/coordination are all costs, and we demand better return on investment!<\/p>\n\n\n\n

The problem is that many security systems<\/a> have the capability to shut down the entire network<\/a>, or kill access<\/a> to PCs, or other stuff that, well, keeps devices<\/a> completely safe from threats<\/a> by denying any access to them whatsoever. And while an enraged executive<\/a> can satisfy his need to offer up a sacrifice to the shareholders in his firm by kicking out the vendor<\/a> closest to the outage, there’s still the problem of cleaning up the after-effects. The vendor typically survives to roll out product another day, but the firm is left with the same problem as before – and will have to now go to another vendor whose product can be just as destructive as the first, if implemented incorrectly.<\/p>\n\n\n\n

Fig. 2: Vendor making an exit from firm after system-wide outage<\/p>\n\n\n\n

Worse, the firm may choose to reject all vendors<\/a> of a particular solution and instead seek to eliminate all technology that requires such a solution with a Bold Move. “We’re going to get rid of all our Windows<\/a> workstations<\/a> and switch over to thin clients that run on burner phones<\/a>, so we don’t need firewalls<\/a> anymore.” Yeah. Good luck with that. This much I know: whatever product is mentioned as part of a Bold Move Strategy<\/a> definitely has an amazing salesperson in that region. Chances are, that Bold Move is going to involve a purchase order that skimps on professional services, compresses timelines, and lacks proper staffing<\/a> and coordination, which may result not in a system-wide outage, but an undesired result after a lofty promise.<\/p>\n\n\n\n

Fig. 3: Undesired result after a lofty promise<\/p>\n\n\n\n

This, in turn, can result in the executive that oversaw a failed vendor implementation and a failed Big Move taking an opportunity at another company. This makes way for a new executive to step in and try his hand at choosing between doing things on the cheap or doing things correctly. Because RoI is much easier to measure than the chance that a botched implementation results in a DoS, my money’s on the cheap.<\/p>\n\n\n\n

Fig. 4: Another botched implementation of a security product…<\/p>\n","protected":false},"excerpt":{"rendered":"

Here’s the scenario: a firm purchases a security solution. The firm skimps on professional services and\/or rushes the schedule on implementation and\/or neglects to maintain the product properly. Do not be surprised when, one day, that security solution does something that results in a system-wide outage: Fig. 1: System-wide outage Why were those decisions made? Because professional services, longer […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-2573","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2573"}],"version-history":[{"count":1,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2573\/revisions"}],"predecessor-version":[{"id":2574,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2573\/revisions\/2574"}],"wp:attachment":[{"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zzzptm.com\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}