The new and improved….


Well not really.  I disappeared for the past few months, no blog, no twitter, not much of anything except work and golf.  The project I was spending most of my time on after RSA was one I couldn’t really talk about without breaching agreements and getting in trouble so going dark for a bit seemed like a good idea.  A bit turned into much longer than I anticipated…think of it like a reboot, except interrupted by a BSOD that took me a while to recover from.  I did manage to shave 10 strokes off my golf game though so it wasn’t all bad.

Enough of that and onto a story that should make you shake your head.  About a month ago I had a meeting with the IT Leaders of various firms.  We covered some good topics and offered advice on how people could solve specific problems they were facing.  Most of these folks are intelligent, hardworking, and always willing to learn as well as teach when the opportunity arises.  Some however, well, not so much.  One conversation stood out and made me think WTF!  A particular firm is building a portal to allow their partners/customers to share information with them.  Contractors were implementing at the time of the meeting.  There were a slew of questions around implementation, maintenance, and security….none of which could be answered by the IT Director of the firm.

What ever happened to understanding your environment?  How can you be in charge of IT for an organization but not have the ability to explain how the pieces all go together?  I don’t know about you, but if I don’t fully understand how it works, how I will manage it, and the security implications of implementation it sure as hell is not going into production. Ugh!


One Response to “The new and improved….”

  1. This is a very common problem that really smart people have thought a lot about, but don’t know how to solve. A VP of the New York Stock Exchange told me last fall that he had the same problem , and he did not know how to solve it.

    This is a business operations problem, access privilege based on the relative trust of business partners, not really addressed by technologies out there.

    John Pescatore of Gartner said on his blog a couple of months ago that the disconnect between business rules and security policies is one that he thought would never be solved. Obviously, we feel differently.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: