By David Tumlin
Most of you may know that I have been with Future Com for 13 years now, but you may or may not know that I have been an avid cyclist for over 20 years. I started with group rides with my friends, moving to organized rallies (t-shirt rides), to randonneuring (long distance self-supported rides), and eventually to ultramarathon racing. As a result, I have spent an amazing amount of time sitting on a bicycle saddle in all kinds of situations. There are a number of lessons I received on the bike that translate to the technology and security work I do here at Future Com.
One is none, two is one – A mantra I heard repeated within randonneuring circles was “If it’s important, one is none and two is one.” Randonneurs are, quite possibly, some of the most prepared individuals I’ve ever met. This is probably due to the inconvenience and embarrassment of having to call someone to rescue you, usually in some locale that, even with near global rollout of cell service and GPS, might be “off the grid”. Also, if you are riding a 600K or longer ride, you might be hundreds of miles from home when you call for help. “One is none, two is one” refers to the fact that, if you have one of an item and it doesn’t work for some reason, you are in trouble. You were expected to have at least 2 tubes plus a patch kit (if you have a systemic problem), 2 methods of airing up a tire, two headlights, two taillights, extra batteries for all lights, extra socks, a jacket, and a variety of tools.
This concept is mirrored in the IT world in the requirement for redundancy. Most organizations have either internal or external requirements for redundancy for their key systems. This concept is neither new nor innovative, although it is not always as easy as buying two of everything.
Sometimes two is none… There are always factors that complicate perfect redundancy. On a 200K ride in February, we were still 30 miles from our cars when it got dark. I was prepared and turned on my headlight and taillights. When we were about 20 miles from finishing, rain started. One of my fellow riders informed me that I had no taillights. Both taillights had stopped working. He pulled up beside me, looked at my malfunctioning equipment, and said “Oh! Those are SuperFlashes (the brand of taillight)! Their switch will short out if they get wet.” I had two very good quality taillights that had a single flaw, and that flaw was enough to make both useless to me. I stayed ahead of a rider with working taillights the rest of the way in. After that experience, I always carried one more taillight of a different brand as an emergency spare. I also bring 2 small plastic bags to wrap around the taillights if rain starts.
In the security space, if all your protections rely upon a single platform or vendor, a single vulnerability could compromise your entire environment. It is important to either have a diverse set of controls, or a complete enough understanding of the controls that you have that you can mitigate any vulnerabilities relatively quickly.
There are always resource constraints. An important caveat to the one is none, two is one adage is that space and weight are always a consideration, much in the same way time and money are in the information technology arena. On a bicycle, adding weight impairs your ability to ride and, with enough weight, will affect how far and how much time you can ride. On one particular ride, a group of us were riding to a nearby town to have pie. It was a hilly route and one of our group uncharacteristically kept falling further and further behind on the climbs. Upon querying him on the potential cause, we found he was carrying a fairly sizable (and heavy) chain, nominally for chaining the bikes at our destination. When we arrived at our pie stop, the hosts offered to let us use their meeting room which had ample room for our bikes as well. All the effort to carry the large chain was wasted because it was not needed.
Limitations of budget or personnel force us to make choices. Sometimes the technical solution (heavy chain) is expensive and may not be as effective as a procedural change. This is clearest when dealing with business e-mail compromise. Teaching end-users to be suspicious and inform them of things to look for is much more effective than many of the technical solutions, and generally more cost-effective.
Share the Load. When riding with a group, some of the additional items can be spread across the group. One tool that has been indispensable in a couple of rides was a chain breaker tool. If you have a problem with your chain, you will probably need one of these to fix it. It is fairly rare though to need a chain breaker, but if you need it, there is no substitute. On long self-supported rides, we make sure at least one person has a chain breaker. We do the same for first aid kits, and other supplies that are important but unlikely to be used. For these types of items, everyone carries a bit of the load, rather than everyone carrying their own.
This translates to the use cases for Managed Services and Cloud Services. Your organization does not have to invest in the infrastructure and, in the case of a managed service, the personnel to manage the solution. You share the resources with others which allows you to use the saved resources elsewhere.
Expense does not always mean it is best for you. While on a four-day bike tour through southern Louisiana, I had a tire split open, due partly to the poor road conditions. I had an extra tire in my bag which would be waiting for us in our destination town. The problem was that there were around 15 miles of bad road before I could replace the damaged tire. A common temporary repair for a split or cut tire is to insert a dollar bill between the tube and the tire. This will generally keep objects from puncturing the tube and keep the tube from bulging out of the split. I found that I had a 5 and a 20-dollar bill in my pocket. One of my teammates started explaining to a novice rider nearby that if I wanted to make it back safely, I should use the twenty as the 5 was not sufficient for the task and that the split was at least a 20 dollar split. I used the $20 bill to repair the split to back up his story, but ended up borrowing money from him at the next stop because I needed more than the $5 I had left.
While this is a fairly silly example, in our environments, we purchase products for features we hope to someday use. If there is no plan to leverage the additional functionality, wouldn’t it be better to spend that money on other tools that can offer a benefit more quickly?
Best in the marketplace is not always best for you. At the expo at the Hotter than Hell Hundred bicycle ride, I was purchasing extra supplies and a few bargains I had found. As I went to check out, the salesperson tried to sell me a set of the newest Look Keo carbon pedals. “You can save 100 grams with these!” he exclaimed. Some of you have met me in person: I am 6 feet 4 inches tall and weigh more than 200 pounds. 100 grams is less than 4 ounces, one quarter pound. I can save more weight than that by skipping dessert. In addition to my doubts about any kind of marginal gain as the result of this approximately $200 purchase, another function of my size is that most ultralightweight components cannot take the stresses of a larger rider. (For the record, I have broken 2 frames, 2 chains, 3 stems, 1 fork, 4 saddles, 1 crankarm, and somewhere in the double digits for wheels and pedals.) While these pedals may separate a 125-pound pro racer from the peloton, it will only serve to separate me from my hard-earned cash.
Many managers swear by Gartner, Forrester, etc. as an indicator of what solutions they should purchase. While these are good tools for judging overall, they cannot take your specific infrastructure and personnel into account. “One size fit all” doesn’t work in the business world any more than it works in cycling. Use case and personnel skills are important factors in choosing a solution. For your needs, a Gartner Niche Player may be an optimum fit, while the Leader may not be sufficient for your requirements.
It’s good to ride with people who have done this before. I cannot count the number of times I have been helped on rides by more experienced riders. I rode the Hotter than Hell Hundred for several years and, though I finished every time, I always struggled during the last 30 or so miles. I trained and trained and just could not keep performing beyond the 70-mile mark. On one of my first 200K rides, an experienced long-distance rider saw me fading when I typically did. She started barking commands at me, “What do you have in that bottle? Drink all of it. Do you have a (energy) bar or a gel? Eat it now!” I complied. Within 10 minutes, I had energy again. I had no idea that 70 miles was when my blood sugar would drop, and it would affect not only my energy level but my attitude as well. Though I had ridden for years, riding for 6 or more hours at a time was different and having someone who knew the details of it was important.
Having someone who has dealt with the issue you are having is a huge benefit. The engineering staff at Future Com gets extensive experience with a wide variety of customers and see a wide variety of issues and environments. We are always willing to assist and advise.
Ride with Future Com. Let us help you find the right solution and the right architecture for your journey.
To find out more, please reach out to us at FutureComNews@fcltd.net or call 817-510-1126.