Gartner Blog Network

Consumerization Is To IT Security as Matches Were to Fire Safety

by John Pescatore  |  March 9, 2011  |  3 Comments

I spoke on the executive track at the NSA/DISA Information Assurance Symposium in Nashville yesterday. My talk was on how consumerization and mobility are changing how IT security has to be delivered. I decided to base the talk on this analogy:

Back in the early cave people days, there was no fire. Then lightning caused fire, or a cave person dropped a rock that caused a spark and started a fire or whatever. Dangerous stuff, but turned out fire was pretty useful – but unpredictable. A few smarties figured out how to start fires from burning embers and then figured out how to carry around those burning embers to start fires whenever and wherever they wanted to -they were the “keepers of the flame.” Anyone who wanted fire had to go to them  – they were basically the Chief Fire Officers (CFOs).

Flash foward a few thousand years and in 1827 the safety match was invented – and anyone could go around the CFO and create their own flames. This lead to many burned fingers, cows kicking over lanterns burning Chicago down, arsonists – lotsa risks – but also many innovative uses of fire, like candles in the shape of bunnies and really tasty Smores concoctions at campfires. Leap ahead to about 1960 and we had evolved to have the National Bureau of Standards define fire safety standards, insurance company sponsored fire stations had evolved into community volunteer/professional firefighters and we learned that actually letting forest fires caused by natural firews burn where possible was actually better than immediately putting them out.

Jump to 1982 and the PC is the safety match that bypassed the ADP keepers of the mainframe IT flame, and today smart phones and Internet/cloud services are the next generation safety matches that are bypassing the CIO/IT group keepers of the enterprise IT flame – and it is not going back, there will be more IT equivalent of Bic lighters to come. Security strategies that are based on hoping the mainframe will come back will be bypassed like those little towns that were built 20 miles apart (because that is how far a horse could go in a day) got bypassed when the Interstates were built.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Thoughts on Consumerization Is To IT Security as Matches Were to Fire Safety

  1. Pretty good analogy but I’d spell fire “phire” just so we know what you’re talking about. 🙂

  2. Mike Meikle says:

    Great analogies all around in the article. Puts an interesting spin on the consumerization trend. Excellent work!

  3. I guess you could say that Intel IT is playing with fire today.

    The Intel IT team is embracing IT consumerization, enabling smartphones, tablets and other devices as companion devices to employee PCs, while implementing a radical 5-year re-design of our security infrastructure.

    Learn more about our best practices in 2010-2011 Intel IT Annual Performance Report at

    Chris P, Intel

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.