Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Mark Altman, CEO of Altman Technologies Ltd: Protection from God

April 2009 by Mark Altman, CEO of Altman Technologies Ltd

Whatever your religious belief there is one god that we can all believe in … their existence is proven and beyond doubt. We see them at work most days, and pray to them when our IT world doesn’t quite live up to our utopian expectations of the on-demand, 100% uptime, customer focused world to which we aspire.

These utopian expectations are often set by the devil himself … if we didn’t live in a litigious and libelous world I would be tempted to provide a few examples of the devil in human form within the global IT providers that seek to control defacto standards and indoctrinate their own conventional wisdom … but to avoid now getting into libel territory I will get back to the subject matter in hand …

The gods I am referring to are our network administrators – they have the ultimate power in our working environment … without network access, database rights, internet connectivity we are rendered impotent and ineffective in pursuit of achieving our objectives and targets in the multi-level rodent race of modern society.

So, of course, with god like powers, how can management and other regulatory bodies be sure that they discharge their god like power with equal responsibility? The key is to having a policy, hopefully a sensible and realistic one that is manageable and measurable – a bit like if you were thinking of selling mortgages, having a policy that the person borrowing money has to have (a) a vague chance of repaying more than just the interest, and (b) over a period of less than 50 years, and (c) that it didn’t rely on property prices increasing at an unsustainable rate.

It’s easy being wise after the event about our current financial meltdown but good security and audit practices would have helped – as they will in any business model. Some would say there’s always been plenty of auditing in the banks but what procedures were defined, by whom and what were the checks and balances? As part of the project when defining banking pension policy, I wonder if the post implementation phase dealt adequately with the issue of a retired employee being allowed full pension at the expense of shareholders and taxpayers when clearly there was accountability and proven failure of that said employee?

Tick boxes were ticked, backs were covered and the buck was passed – and now we’re all paying the price!

OK, enough of current politics and back to our look at defining a simple model that works for all industries and all sizes of organisations. Accountability is one thing – monitoring provides this – but only if the output is manageable, exceptions are identified and actions able to be timely and effective.

Setting policy is the first step but then effecting monitoring and enforcement of policy in a way that is measurable without vast amounts of extra resource is the critical element in ensuring effectiveness.

Software solutions are a key element but only by combining a disciplined, formal project methodology to implement policy and procedure with achieve out utopian goal of compliance without compromise.

Based on these principles, the gods of the network are within the organisation’s control as are the end users, the rogue contractors, the auditors themselves and of course the senior management too … wherever the buck gets passed to but also where it stops.




See previous articles

    

See next articles