Apple Co’s new SE iPhone model has come out with the marketing line, “A big step for small”. It’s obviously a play on the famous quote by Neil Armstrong when NASA landed on the moon, “That’s one small step for [a] man, one giant leap for mankind”. It made me wonder if big is good? I know my Apple 6 Plus is too big for some of my britches but I love the size of the screen for mobility. I’m confident all the single hand fanatics will buy the SE in droves as that is the only major drawback when considering size.
Size is not always great in other scenarios either. Marvel’s Ant Man movie has an interesting twist on size – go see it! A notable number of lottery winners are divorced after a few years of blowing their winnings – often because of the stress of finances and such massive change beyond what they were skilled or experienced to handle.
When you own a small company have a handful of clients it’s easy to store data, find it, and manage it accordingly. But when you’re small you normally don’t care about time consuming, expensive, more complicated topics like computer security so you may be more at risk than a more mature organization who is larger in size. When looking at super huge organizations, the largest networks in the world, the scale of managing such assets and data is staggering. I know of organizations that take weeks to perform high priority patching across the globe – because it’s a behemoth of a challenge for an organization of their size. Naturally this introduces risk that other organizations don’t have a problem with, due to scale.
Size impacts how we govern, and what we overlook. In small organizations if you’re a jerk you’re gone – life’s too short to let Johnny Jerk ruin your day. In larger organizations Johnny Jerk can keep a job and still be difficult to work with, as long as he meets certain performance guidelines and behavior. When we get big and busy we tend to separate jobs into separate tasks and can lose focus of who owns the entire security risk or event/incident. Size and scale is a massive need for any growing organization that extends well beyond anecdotal challenges shared here.
How can you handle size in a wise manner? Break it down into achievable bits and bytes, and chip away at it in a managed manner, applying due diligence according to an enterprise risk management plan. Are your networks and users/permissions segmented, or one great big opportunity for the next intruder? Do you have policies and procedures that address your workflow needs, changes to the threat and business environments, and so on? Don’t lose sight of what made you great as a company as you grow – and the assets you increasingly have on hand. Know your crown jewels, your people, and your technology, and manage it in a way where it’s not a blog but it’s specific and actionable at every level.