Wednesday 20 April 2011

Alarm Bells

So in my experience everybody has their own individual hot buttons, the topics that trigger those alarm bells in your head. The statements that make you stop what you were doing, and sit up to actually pay attention to the meeting / conference call / video conference you were supposed to be enduring / participating in.

Now for me these alarm bells can be areas I have particular specialist expertise in (started small and reducing daily), topics I have a passion in (growing), FUD, or just things that leave me initially dumfounded.

Naturally in the last few years I've had plenty of these, a couple of recent ones that come to mind are :-

1) "Writing data to a CD at a person's desk and keeping it in a drawer is more secure than storing it on an array in a corporate information management platform within a data centre"

2) "We need physical segregation between virtual servers" (Now depending on the context this can be valid in order to enable fault tolerant services, however 90% of the time its used by non-trusting tin huggers.)

So once I'd closed the PowerPoint deck that I was inevitably editing at the time, asked for a replay of the conversation & recovered my composure - I thought for a while (quite a while in fact, in order to self censor the expletives).

My first conclusion was a simple one - "Are the TeleTubbies now working in IT?". My second conclusion was probably of more use - "IT is moving too fast and leaving many people, processes, definitions, roles & techniques without time to adjust - let alone time for diverse disciplines to align.". My third conclusion was "people still look at partial, incomplete & inaccurate cost models - and have little actual or mental methods for valuing risk or consequence"

Not a radical, new or difficult set of conclusions at all really - but ones we don't seem to be making any real progress on. But something that are vital for us to resolve urgently in order to prevent the IT technology hermits detailing the future.

Oh and (with the exception of @Beaker) I continue to believe IT Security dudes live in an entirely parallel independent universe with no concept of reality, consequence or costs!