Security Issues: Compatibility, Convenience and Toys

Looking back over my 20 years of doing IT support, some of the top security issues that I have encountered have been compatibility, convenience and yes, you guessed it, toys.

Sometimes It can be hard to get employees with all their differences, likes and dislikes, to get along. Sometimes It can be downright impossible to get software to get along with the server. On more than one occasion I have seen where software wouldn’t play nice with the server unless the directory it used was given the security settings of “Everyone” and “Full Control”. Everyone means every authenticated user (It used to include even unauthenticated users!) and Full Control means, well, you get the picture.

For example, the application team of a company was trying to get a new web application installed for some executives. The data in the directory was not updating properly. The team had tried everything and the only thing that worked was allowing “everyone – full control” security rights to the directory. Of course this was against corporate policy for a web app, and the server team would not allow it. The software had to be up and running by a certain date. A mini power struggle ensued. The server team called in their people, the application team called in, well, the executives. Guess who won that battle?

Companies will run old versions of software because it is too costly, time-consuming or difficult to upgrade. These programs can be full of security issues. Especially software 10 or even 15 years old when security was not a top concern.

It seems that the more authority an employee has, the more toys they have. When dealing with top executives and company decision makers, many times you run into the magical four word phrase, “But, I want it”. This means, “I understand that this peer-to-peer software sharing service is an open door for malware and hackers, and even though we jumped through hoops to secure our system, I want it.” Of course that attitude lasts until their network is compromised, and their toy costs them.

It is amazing what I have been asked to do for executives and business owners over the years. One of the funniest by far was for a utility company CEO. He was one of the most technically competent executives that I had even met. He was an engineer before he became an executive and was probably the top engineer in the company. I had installed a new workstation for him. It was a two-day process.

Many of the utilities that he used were no longer being made and where not network aware. They were going to be replaced “someday”, but processes still relied on them. It was a minor miracle to get them to work with the newer OS. He only wanted certain data copied over from his old computer. It was checked and double checked. When I left we had verified that everything had worked at least twice, sometimes more. When I went in to work the next morning I received a call from a very angry CEO. As I was taking the call, I couldn’t fathom what I had missed or what ancient program decided to crash on his new system. Or what company process was being held up because his software wasn’t working. When I picked up the phone all I heard him say was, “WHERE ARE MY BIKINI BABE PICTURES???”

~ by D. Dieterle on July 9, 2010.

2 Responses to “Security Issues: Compatibility, Convenience and Toys”

  1. That’s really funny dude! Of all things to call about. LOL

    I stopped arguing with executives a long time ago. I just document the threat and risks, make sure that all stakeholders are informed and move on. “Acceptable risk” is a four-letter word as far as I’m concerned. Either something is secure to the best of my knowledge, not accounting for undocumented or unknown threats – or it isn’t. I realize that I have to deal with the gray area in between, but that doesn’t mean that I have to like it.

    Failure to plan for obsolescence is failure by an organization to implement proper product life cycle management. Old equipment and software are usually red flag indicators to me that an organization doesn’t know how to properly manage its business. Times change and so does technology. People need to keep up.

  2. Lol, yeah, I know right? Good stuff.

    Documentation is a wonderful thing! It is amazing how many times it has saved my caboose. It clears up what a client was told, promised and warned about.

    One company that I worked for had a great help desk type system that allowed for copious notes. Everyone left detailed notes so that if you had to pick up on something months later that someone else did, you had a pretty good handle of what was done.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: