An interesting case study in "duh!" (10 Aug, 2017)

Have your say on today's Aardvark Daily column

An interesting case study in "duh!" (10 Aug, 2017)

Postby aardvark_admin » Thu Aug 10, 2017 9:17 am

This column is archived at: http://aardvark.co.nz/daily/2017/0810.shtml

Did TNT have no backups?

Was their no disaster-recovery plan in effect?

What the hell went wrong?

Are they a wonderful case study in "getting it wrong" when it comes to managing an IT system in today's hostile online environment?

Is it time to build a separate network for critical infrastructure and only allow certified users to access it using high-security authentication?

And how long before the only code that will run on Net-connected computers is that which has been digitally signed and certified by a trusted authority?
aardvark_admin
Site Admin
 
Posts: 2522
Joined: Wed May 07, 2014 2:10 pm

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby goosemoose » Thu Aug 10, 2017 10:05 am

I couldn't care less about backups. Not at all.

What I do care about though are restores. That they work properly and are tested regularly. Whats the point of a backup that doesn't work or can't be restored properly. In this day and age I'm surprised at how many outfits don't test restores or DR or BCP. Management aren't really interested and are shy when its time to invest in it, either the processes and procedures or training and testing. Maybe its better here because of our geography. Who knows.

A separate network for critical infrastructure. Excellent. Now I know exactly where to direct my cyber attacks!
goosemoose
 
Posts: 488
Joined: Thu May 08, 2014 1:05 pm

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby aardvark_admin » Thu Aug 10, 2017 10:10 am

goosemoose wrote:A separate network for critical infrastructure. Excellent. Now I know exactly where to direct my cyber attacks!

Ah, but if access wasn't "public" in the way that Net access is there'd be a physical barrier to start with -- then there's the stringent authentication that would be involved and the constantly changing encryption keys etc, etc. Yes, it would be hackable but the amount of work required to do so would almost certainly mean that casual hackers would focus instead on the low-hanging fruit which exists on the public internet. Also, since only certified points of entry would exist for the alternet, locating the source of attacks would be *much* easier -- making the risk of being caught much higher.

Remember... you don't have to make hacking impossible -- just difficult enough to make it not worthwhile.
aardvark_admin
Site Admin
 
Posts: 2522
Joined: Wed May 07, 2014 2:10 pm

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby hagfish » Thu Aug 10, 2017 10:37 am

[IT systems patched, backed up, reports and regular maintenance all automated, everything humming along quietly] "What the hell am I paying you guys for?"
[IT systems on fire, haphazard backups, infrastructure leaking data and customers] "What the hell am I paying you guys for?"
hagfish
 
Posts: 512
Joined: Thu May 08, 2014 10:28 am

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby foxyboy » Thu Aug 10, 2017 10:54 am

hagfish wrote:[IT systems patched, backed up, reports and regular maintenance all automated, everything humming along quietly] "What the hell am I paying you guys for?"
[IT systems on fire, haphazard backups, infrastructure leaking data and customers] "What the hell am I paying you guys for?"


Thats bang on and sadly been in both situations (on fire that is). :roll:
foxyboy
 
Posts: 2
Joined: Mon Jan 18, 2016 8:09 am

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby phill » Thu Aug 10, 2017 10:54 am

i recall my ex coming back from a computer and data security course in the early 80s
it stuck with me as to how well these guys thought things out
to the point where they would not put a computer ( remember the size and cost of these things at the time ) within 10 miles of an airport because the risk of a plane crashing into the centre was so much higher
and a loss of the computer and data would kill most companies stone dead
30 years on it seems all those ideas and safeguards .. " cost to much " / " will never happen " / " are just theoretical " / " waste time we dont have "

up to date software is the same as faraday areas .. its only when its needed do you get to rethink about the way you did it
Last edited by phill on Thu Aug 10, 2017 10:57 am, edited 1 time in total.
User avatar
phill
 
Posts: 1114
Joined: Tue Nov 25, 2014 8:31 pm

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby GSVNoFixedAbode » Thu Aug 10, 2017 10:55 am

hagfish wrote:[IT systems patched, backed up, reports and regular maintenance all automated, everything humming along quietly] "What the hell am I paying you guys for?"
[IT systems on fire, haphazard backups, infrastructure leaking data and customers] "What the hell am I paying you guys for?"

Bang on the money, Haggy! IF IT are doing their job then they are invisible - except for the Accountant seeing this high cost of staff ... "if we don't replace that person we save $XX! Woo hoo, win!". Until something like this comes along, and every IT dept that is:
- under-resourced,
- under-funded,
- inexperienced,
- and who therefore haven't set up and kept up their Firewalls + anti-virus + implemented business processes
are in the brown stuff.

Keeping security systems up-to-date is a lot of effort with near-ill visible reward. Crucial to most businesses, but it takes a switched-on senior level Management to realise that and fund as appropriate.
GSVNoFixedAbode
 
Posts: 136
Joined: Thu May 08, 2014 8:53 am

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby roygbiv » Thu Aug 10, 2017 11:30 am

GSVNoFixedAbode wrote: IF IT are doing their job then they are invisible - except for the Accountant seeing this high cost of staff ... "if we don't replace that person we save $XX! Woo hoo, win!". Until something like this comes along . . .


What happens is that there is more movement towards the US corporate culture where the likes of the above accountant is incentivised to making cost cuts ie. individuals working to maximise their personal gain, but to the detriment of others. In this case letting the "invisible" people go because they are neither noticed or appreciated when everything is fine.

This is a disservice to the organisation also as the infrastructure is slowly undermined over a number of quarterly/annual bonuses. The company has increased its risk due to the fine tuning of someones spreadsheet to reduce costs and hit targets in order to receive incentive payments.

No doubt we will see more results from keen cost savings
roygbiv
 
Posts: 133
Joined: Wed May 21, 2014 9:28 pm

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby Weasel » Fri Aug 11, 2017 5:12 am

Same old story, some or all of these:

IT doesnt have a direct reporting path to the CEO, they are lumped under Finance or something silly like that.

IT is under funded.

IT has bumbling middle managers.

IT doesnt have the budget to attract skilled people and retain them.

Environment is too frustrating to those that want to "do it right" and get things fixed. Typically those people don't stick around too long.

Things sail along nicely for years until the "unexpected" happens, and the sh1t hits the fan.
Weasel
 
Posts: 161
Joined: Wed Jul 08, 2015 10:44 am

Re: An interesting case study in "duh!" (10 Aug, 2017)

Postby Muscular Jam » Fri Aug 11, 2017 8:00 am

very true Weasel. true story that happened to a friend of mine: IT person at large NZ company estimates how much storage a large datastore project will need, and what that will cost. Accounting type manager allocated half of what was requested. Surprise surprise, project runs out of storage when only half way through. Big stink, manager blames IT. IT person quits in frustration.
Muscular Jam
 
Posts: 34
Joined: Wed Jun 21, 2017 4:09 pm

Next

Return to Today's column

Who is online

Users browsing this forum: No registered users and 1 guest