Feeds

BOFH: This buck's for you

Psst, pass it on

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Episode 2

“What’s this?” the Boss snaps, pushing several sheets of paper over the desk at me in an annoyed manner.

“Ah! Memo two thousand and eleven dash one dash one,” I reply, “workplace resiliency.”

“Yes, I can read the title, but what is it?”

“It’s a memo outlining the things we should be addressing for systems and networks resiliency.”

“And you expect me to take this seriously?”

“Of course. You asked us to identify areas of risk in the company so we worked through the issues at length over the past two days and considered the changes we might make to ensure the company is protected both from disaster and accident.”

Which is a complete lie. In actual fact we hastily cobbled together a variety of randomly selected Google documents about disaster planning, disaster recovery into a semi-coherent investment guide for senior management. Then went to the pub for two days…

…Earlier in the week…

“I don’t get it,” the PFY says. “We’re recommending dual UPS units with dual generators, fed from dual supply circuits via dual redundant switching? It’d cost millions!!!”

“Probably not millions, but certainly more than the company would want to spend,” I reply. “I’ve not even got to the terabit backup network linking us to our hot site.”

“They’ll never go for it!!!”

“Of course they won’t – that’s the point.”

“What is?” the PFY asks.

“It’s the Big Buck Pass,” I sigh. “The insurance company wants to reduce their risk so they’ve upped the premiums claiming we don’t have a policy document which outlines how we mitigate risk - using this year’s terminology. The auditors – who should have seen this coming – raise it with the board as an ‘audit issue’ a couple of nanoseconds before the insurance bill comes in. The board raises the audit issue with the CEO, the CEO passes the buck to senior management, senior management pass it to middle management, middle management to line management and line management to us.”

“Yes, I get all that, but what are we doing?”

“We’re pushing the risk back up the food chain by suggesting the most expensive solution possible.”

“Why?”

“Imagine we have no offsite backups but decide we’d get by if you took a portable drive home every night.”

“We don’t have any offsite backups. And the only hard drive I take home is full of completed torrents!”

“That’s why I said ‘Imagine’. Now if the drive fails when the company really needs it we’ll be held responsible for not protecting the data to the best of our ability. If, however, we recommend an offsite disk storage solution that’s outside of our spending authority then the Boss has to authorise it before we can proceed. When he says no then we’re in the clear – buck shifted.”

“You’re losing me…” the PFY says.

“The Secret to the Big Buck Pass,” I say, “is in recommending a solution that someone further up the chain will say NO to. So the more outrageous the solution the better, because as it gets more expensive it needs to go further up the food chain to get approved or denied. Then, when disaster strikes we’ll say we always knew this might happen and had recommended a good solution but it got turned down. Buck passed.”

“So why don’t we just recommend the offsite disk storage idea?”

“It’s not expensive enough. See, if it’s something we can afford they might agree to it - and undoubtedly axe part of our ever decreasing operational budget to pay for. If, however, it’s something ridiculous that we couldn’t possibly afford it’ll get vetoed by someone up the food chain and we just keep the veto memo for... insurance… purposes.”

“And they wouldn’t try and implement it over a couple of years – part this year and part next?”

“Not if it’s ridiculously expensive,” I say.

“But won’t the Boss just say we have to do something cheaper?”

“He would – but to counter that we embellish the risk with fake numbers – like the 103 reported cases of UK companies losing over a million quid as the result of poorly backed up data in 2010 alone. And those are just the reported cases!!”

“And the real number?”

“Who cares? The Boss will hear “103” and “a million quid” and crap himself. By the time it gets to the IT Director it’ll be 153 and 2 million. But he’ll change “reported” to “apparently reported” just in case the IT Director checks.”

“Will he?”

“Course he won’t. IT Directors check numbers for accuracy about as often as they check their faeces for fibre – i.e. only when it’s in their face. He’ll pass it up and it’ll get axed somewhere below the CEO.”

“And this will work?”

“Sure, everyone does it!”

“Like when?”

“Like when the HR person was complaining about how much liability the company was carrying from accumulated leave from the Beancounters who never take leave. And someone suggested pushing the worst offenders down the lift shaft.”

“And were you the one who suggested pushing them down the lift shaft?”

“Hell, I was the one who pushed them down the lift shaft! But who could have known their grandparented contract gave them unlimited sick leave. So then someone suggested maybe the company should stop paying for their life support and maybe the problem would solve itself...”

“And that someone was you?”

“It might have been.”

“This has stopped being about passing the buck and just become a brag session hasn’t it?” the PFY asks unkindly.

“I’m trying to teach you about the machinations of a large company!” I counter. “Machinations that take years to learn. Like the time the Boss vetoed a workplace resiliency proposal and someone suggested we take him to the pub, feed him absinthe till he thinks he’s Conan the Barbarian, hand him a sword and let him out of the lift at the Beancounter’s floor.”

“I think I’ve seen that movie!” the PFY says.

“How did it end?”

Internet Security Threat Report 2014

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.