Feeds

BOFH: This buck's for you

Psst, pass it on

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

Episode 2

“What’s this?” the Boss snaps, pushing several sheets of paper over the desk at me in an annoyed manner.

“Ah! Memo two thousand and eleven dash one dash one,” I reply, “workplace resiliency.”

“Yes, I can read the title, but what is it?”

“It’s a memo outlining the things we should be addressing for systems and networks resiliency.”

“And you expect me to take this seriously?”

“Of course. You asked us to identify areas of risk in the company so we worked through the issues at length over the past two days and considered the changes we might make to ensure the company is protected both from disaster and accident.”

Which is a complete lie. In actual fact we hastily cobbled together a variety of randomly selected Google documents about disaster planning, disaster recovery into a semi-coherent investment guide for senior management. Then went to the pub for two days…

…Earlier in the week…

“I don’t get it,” the PFY says. “We’re recommending dual UPS units with dual generators, fed from dual supply circuits via dual redundant switching? It’d cost millions!!!”

“Probably not millions, but certainly more than the company would want to spend,” I reply. “I’ve not even got to the terabit backup network linking us to our hot site.”

“They’ll never go for it!!!”

“Of course they won’t – that’s the point.”

“What is?” the PFY asks.

“It’s the Big Buck Pass,” I sigh. “The insurance company wants to reduce their risk so they’ve upped the premiums claiming we don’t have a policy document which outlines how we mitigate risk - using this year’s terminology. The auditors – who should have seen this coming – raise it with the board as an ‘audit issue’ a couple of nanoseconds before the insurance bill comes in. The board raises the audit issue with the CEO, the CEO passes the buck to senior management, senior management pass it to middle management, middle management to line management and line management to us.”

“Yes, I get all that, but what are we doing?”

“We’re pushing the risk back up the food chain by suggesting the most expensive solution possible.”

“Why?”

“Imagine we have no offsite backups but decide we’d get by if you took a portable drive home every night.”

“We don’t have any offsite backups. And the only hard drive I take home is full of completed torrents!”

“That’s why I said ‘Imagine’. Now if the drive fails when the company really needs it we’ll be held responsible for not protecting the data to the best of our ability. If, however, we recommend an offsite disk storage solution that’s outside of our spending authority then the Boss has to authorise it before we can proceed. When he says no then we’re in the clear – buck shifted.”

“You’re losing me…” the PFY says.

“The Secret to the Big Buck Pass,” I say, “is in recommending a solution that someone further up the chain will say NO to. So the more outrageous the solution the better, because as it gets more expensive it needs to go further up the food chain to get approved or denied. Then, when disaster strikes we’ll say we always knew this might happen and had recommended a good solution but it got turned down. Buck passed.”

“So why don’t we just recommend the offsite disk storage idea?”

“It’s not expensive enough. See, if it’s something we can afford they might agree to it - and undoubtedly axe part of our ever decreasing operational budget to pay for. If, however, it’s something ridiculous that we couldn’t possibly afford it’ll get vetoed by someone up the food chain and we just keep the veto memo for... insurance… purposes.”

“And they wouldn’t try and implement it over a couple of years – part this year and part next?”

“Not if it’s ridiculously expensive,” I say.

“But won’t the Boss just say we have to do something cheaper?”

“He would – but to counter that we embellish the risk with fake numbers – like the 103 reported cases of UK companies losing over a million quid as the result of poorly backed up data in 2010 alone. And those are just the reported cases!!”

“And the real number?”

“Who cares? The Boss will hear “103” and “a million quid” and crap himself. By the time it gets to the IT Director it’ll be 153 and 2 million. But he’ll change “reported” to “apparently reported” just in case the IT Director checks.”

“Will he?”

“Course he won’t. IT Directors check numbers for accuracy about as often as they check their faeces for fibre – i.e. only when it’s in their face. He’ll pass it up and it’ll get axed somewhere below the CEO.”

“And this will work?”

“Sure, everyone does it!”

“Like when?”

“Like when the HR person was complaining about how much liability the company was carrying from accumulated leave from the Beancounters who never take leave. And someone suggested pushing the worst offenders down the lift shaft.”

“And were you the one who suggested pushing them down the lift shaft?”

“Hell, I was the one who pushed them down the lift shaft! But who could have known their grandparented contract gave them unlimited sick leave. So then someone suggested maybe the company should stop paying for their life support and maybe the problem would solve itself...”

“And that someone was you?”

“It might have been.”

“This has stopped being about passing the buck and just become a brag session hasn’t it?” the PFY asks unkindly.

“I’m trying to teach you about the machinations of a large company!” I counter. “Machinations that take years to learn. Like the time the Boss vetoed a workplace resiliency proposal and someone suggested we take him to the pub, feed him absinthe till he thinks he’s Conan the Barbarian, hand him a sword and let him out of the lift at the Beancounter’s floor.”

“I think I’ve seen that movie!” the PFY says.

“How did it end?”

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Attack of the clones: Oracle's latest Red Hat Linux lookalike arrives
Oracle's Linux boss says Larry's Linux isn't just for Oracle apps anymore
THUD! WD plonks down SIX TERABYTE 'consumer NAS' fatboy
Now that's a LOT of porn or pirated movies. Or, you know, other consumer stuff
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
FLAPE – the next BIG THING in storage
Find cold data with flash, transmit it from tape
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.