Feeds

Furse should not resign, she should be sacked

Furse's farce at the LSE

Top three mobile application threats

Comment The farce of the London Stock Exchange not only crashing but failing to get its systems up and running again should surprise no one.

Well, no one except LSE boss Clara Furse, who demonstrates little understanding that technology is crucial to her business.

I’ve worked for members of the London Stock Exchange and everyone agrees she is world-class at corporate presentations, but the evidence that she can actually run things is rather harder to come by.

No one expects her to write FIX handlers, or optimise an order-matching engine, but her yes-men simply were not in the position to make any intelligent decisions on technology, if we look at the board of the LSE.

Do we see anything that even looks like experience in technology? No. We see three from the media, and of course accountancy, but no mention of technology.

To be sure, the CIO (not on the board) is ex-Accenture man David Lester. To a Reg reader, Accenture will be associated in the context of technology with the words “screw up”, “late”, and “over budget”. Clara Furse cannot be held responsible for problems with Cisco switches - one of the suggested culprits - but she is absolutely in the frame for the choice of senior management and strategic vendors.

So, LSE top level decision making either involves no one with technology experience, or someone who has a “good working relationship” with the biggest supplier. Hard to spin that as a wise choice of henchmen or good leadership. Hands up those who would choose Accenture, even if the company had worked for them before? Board members like this rely upon branding, so we can count ourselves lucky that the LSE is not running on Apple Airbooks, programmed by Sir Alan Sugar.

Send in the geeks

In spite of their ignorance, were the technology and supplier decisions good? Objectively we now know that not to be the case. Systems do go haywire, even if users don’t hear the shouting in the IT areas. I’ve had to do real-time database patching with real money at stake, but the important thing was that there was some geek like me on hand, not some suit chosen because he was reassuringly cheap and parroted “real business advantage” frequently.

The LSE is a prime terrorist target - indeed it has been attacked before. It needs near-instant fail over to the disaster recovery site. I am (nearly) a responsible journalist so won’t publish where it is, but it’s obvious from this event that if the pathetically vulnerable St. Paul’s site is taken out, we can have no confidence in when the market will be back on line.

If the DR site was working, why didn’t it take over? Can the LSE put paid to the rumour that they were running exactly the same software for both live and standby? If you are Clara Furse reading this, here’s a hint, two copies of the same software will probably crash at the same time, given the same inputs. That’s why grownups use multiple versions. Did Accenture tell you that? Did it sound like a luxury to the media beancounters you appointed?

Blaming Microsoft is fun, I paid off my mortgage by doing it professionally, but no technology is good enough for this purpose. Not Windows, not Linux, Sun or even OS/2, the platform that used to be strategic to the LSE (I was one of those soldiers).

If you want 5 or 6 9’s reliability, there is a line from the musical Chess: "No one is in your life constantly; no one is completely on your side”. You can’t trust anything. You have to be able to debug, hack and test at every level. Source code helps, but you can’t 100 per cent trust the compiler either. I saw one vicious “software” bug at the Stock Exchange fixed by changing a patch cable. You need very good techies, as well as management who don’t see those who point out ways the system might fail as “trouble makers”.

When you’re in a high reliability environment, every failure will be the result of bizarre improbable events - else you aren’t doing your job properly - so it’s easy for suit-based management to dismiss each individual threat as “bizarre and improbable”. Thus, although it may be a Microsoft bug, it is not wholly the fault of Microsoft. It supplies the raw materials, but only a total incompetent believes any shrink-wrap software comes with the necessary reliability. The idea that Windows can get to this level is like imagining that you can use iPods to manage the data from CERN.

No one will sell David Lester unemployment insurance now, but his departure would be in the political context of protecting Clara Furse. You don’t get to that level without the political cunning of Lord Vetinari, and anyone is fair game in her survival strategy.

The LSE is critical to Britain’s most important industry, yet it clearly does not have a management fit for purpose, having more experience in mail. ®

Dominic Connor was an occasionally competent CIO developing trading systems, before he wised up and became a headhunter.

3 Big data security analytics techniques

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.