Hi folks,
Among aristocratic families, marriage was/is a tool to cement relationships, gain power, and grow empires. In America, having thrown off the yoke of a formal class structure, we’ve instead embraced an informal class structure where we celebrate family dynasties in politics, industry, entertainment, and elsewhere. Because, apparently, what good is a society if you don’t have betters to look down at you?
So it’s kind of big news when a marriage unites two of the American “royalty” families. Like the marriage of the Ford and Firestone families via the grandkids of both founders. Which made the corporate breakup in 2001 – after more than 100 years of partnership – perhaps a bit awkward. What could have caused the end of such a long and fruitful relationship? The death of more than 240 people as the result of flawed Firestone tires installed on the roll-over prone Ford Explorer.
The fallout for both Ford and Firestone was huge. On top of the tragic losses of life, both Ford and Firestone spent about $2 billion each on tire recalls and undisclosed millions in lawsuit settlements. Not a good era for either company.
Much like the auto industry, IT is a very interconnected, interdependent world. Our systems and networks don’t exist in vacuums – they establish relationships with other systems and networks. Those relationships extend trust and, by doing so, open themselves to risk – shared risk. Ford inherited risk from Firestone when it decided to install the tires on their vehicles. We in IT inherit risks in the same way – from our OS, development frameworks, plugins, connections, etc. If something goes wrong with those components, the impact is felt by our system.
Sadly, many system owners strangely see this interconnectedness as an opportunity for risk transference It’s not. These kinds of risks are shared risks, not transferred risks. When the Firestone tires failed on Ford vehicles, no amount of finger pointing (try as they might) could exonerate Ford – they were significantly impacted by the realized risk. You can’t just walk away from inherited risks – they impact you, too.
Information security is a team effort and none of us are in a position to ignore a risk to our system. We must work together to solve all problems – even if it’s “somebody else’s responsibility”.
Rex