Het is nogal ontluisterend:
Global corporation X is storing all of its crucial data in encrypted form. To unlock the encryption you need special keys, which are stored in one central place, on one computer.Over IT-problemen en hun oplossingen:
"We sold them that system assuring them it was safe. One Friday afternoon, a new employee at X needs some extra capacity and notices this one computer doing nothing. He thinks it's idling so he copies its contents to a temporary file, and lets the computer run whatever he needs it for. Then he tries to copy the contents back, which is impossible with encrypted files and this is how he discovers what he's done: he has effectively erased the system that underpins all of X's global operations. Their data are still there, but encrypted and the keys are lost.
"Panic ensues, and my colleagues who installed the software jump on the first plane to X's headquarters. There they discover just how lucky company X has been. The installation was relatively recent, so our people had a good grasp of its details. They went through the system and thank God, the switches had not yet been reset, meaning the keys could be retrieved. If X had rebooted its systems all would have been lost.
"I am sure your readers would be shocked if they realised just how crap IT has been organised in many banks as well as corporations and government ministries. Sometimes we get a glimpse, when a company is unavailable for days due to 'computer problems'. Have you noticed these cases always take longer than expected? This is not because repairs take long. Finding out what the problem is in the first place – 'root cause analysis' – that's nearly always the most time-consuming. Nobody has a complete and in-depth overview any longer.Over outsourcing:
"Years ago management in major banks and corporations decided that they could outsource vital IT functions to companies such as IBM, Tata, HP and Atos Origin T-Systems. The idea was that if you describe the processes you require adequately, it's safe to delegate their execution to outsiders. But the first contract goes to IBM, two years later a contract for another part of the infrastructure is awarded to HP, then Cisco gets to manage the network … Now, who is responsible for the overall system? All systems need patches frequently. But before you install one, you need to make sure it doesn't do things you didn't expect. This requires cooperation between these suppliers, who will of course charge for these things. Often the various suppliers' support contracts don't match. Also, there is little continuity within those suppliers; operations are restructured, people get replaced or moved around. Vital expertise gets lost. Major suppliers do collaborate on patch management. But each has to 'certify' every upgrade, and since each works with a different 'software map', they come to different decisions on different timetables regarding certification. Often the latest software cannot be installed because one of the suppliers has not certified it.Over de panacee, de CIO:
"Are so-called chief information officers, the top executives responsible for IT, aware of this? I very much doubt if they are and if they care. They are managers, skilled in office politics, not technical experts. Most CIOs rarely stay in their post more than a few years. I worked for one of the major software companies in the world. It took my boss a year and a half of begging and pleading with the secretary to get a meeting with the CIO of a major client. CEOs are worse. They are afraid of looking stupid or ignorant, and actively avoid their IT people.En het ergste is natuurlijk: Het is o zo herkenbaar en geldt helaas ook allemaal voor overheidsorganisaties, klein EN groot!
Gelezen: Joris Luyendijk - Je hebt het niet van mij, maar...
Plaatje: Old Bank Vault - 003 van JasonBechtel