MTBF and Everyday Value

By Dr. Guy Bunker @guybunker

Cyber-attack can happen any day

I used to work for a storage company it was many years ago, when to get a TB of disk space, you needed a bank of hard drives and some smart software to keep it together. The problem was that the disks would fail.

As an individual with a laptop (or a desktop at home) disk failure is somewhat of a legend, a friend of a friend has had it happen, but you didn’t. Within the enterprise, disk failure would happen all the time... and if you look at storage cloud service providers, then it isn’t unusual for a pallet of replacement disks to arrive every Monday to keep the system up and running – the mean time between failure (MTBF) of disks meaning that for the bigger disk farms they can be replacing one an hour!

Of course, when there is a disk failure, you need to keep the data safe – the cheapest way (and what you should do at home) is to have a backup. For the enterprise, and in today’s 24x7 economy, this isn’t the greatest option – so the solutions that manage the disks started to do other functionality, such as RAID; mirroring, striping, error correction and all sorts of combinations. As time went by, and disks got bigger, it was the other functionality which became as important, or more important than the original. Spanning multiple disks is not so much of a problem when the disks are 1+TB each! The software evolved.

Security software is the same. It needs to evolve. All too often it is seen as insurance – protection against possible hackers, against probable viruses, against ... and indeed this is still the case. Cyber-attacks are growing, in both frequency and complexity, but there are also the inadvertent security risks – from the people inside. Forwarding the spreadsheet to ‘the wrong Dave’, copying a report onto a USB stick and forgetting it is there, losing the laptop and so on. In fact the majority of breaches come from inside the organization (“The Enemy Within”) and the majority of those are inadvertent. So this is where security solutions need to provide ‘everyday value’ – protection against the inadvertent, which happens every day, rather than just against the malicious which may never (hopefully) happen.

For security policies and solutions, the incident rate (or MTBF if you like) for inadvertent events can be 70 times greater than for malicious events. As with the disk drives, security departments can be dealing with multiple inadvertent events every hour. So, the solution that’s implemented needs to deal with the everyday events – as well as the more serious ones which provided the original purchasing impetus.

When building a business case and looking at the ROI (Return on Investment) it is important to look at the everyday value of solutions as well as the ‘insurance’ side. Preventing a cyber-attack is important, but a breach is a breach, so preventing the inadvertent is equally important – but the likelihood of the latter is much higher.