Paranoia strikes deep -- and without warning. Some upper-level executive at the big insurance company where I head up IT must have read an article about security disasters because one day my boss told me the company was installing a state-of-the-art software management and security system.
When my staff examined the package, we laughed out loud, bounced it back to top management, and told them to forget about it.
The next month, a junior programmer appeared and proceeded to install the stupid thing, anyway.
The system was designed to ensure that no one could move any software changes up the line until they were thoroughly approved. Online forms had to be signed by a complete hierarchy of users and middle management, most of whom would never use the software and didn't have the slightest idea how it worked. And not only that: if you missed a step or failed to clear a given hurdle within a certain time, the software would reset itself, and the whole process had to be restarted.
My team would spend the morning coding and testing needed software. Then we'd spend days rushing around trying to find the HR supervisor, the data-entry clerk, and various personnel from the dark recesses of obscure departments, all of whom had to enter their online say-so for us to continue.
After three months of glacial software deliveries, our users began to get snippy. Me, too. I told my boss that we were wasting three-quarters of our time dealing with the security system. Within a few days, we were introduced to our new full-time administrator of "security and data management". The kid came in bright-eyed and enthusiastic and quit three weeks later. By now our users were really mad, and our leaders were spreading the word that the troops were incompetent quitters.
Our Joan of Arc appeared in the unlikely person of Mary, a contractor who had been hired to work on a special project. She was a great developer, but in her leather jacket and jeans, she would never be mistaken for a rising star in the corporate world.
One night Mary returned from a particularly bitter session with her users and set to work digging through our meagre store of documentation, hacking the data management libraries, and interpreting the undocumented spaghetti code that comprised the diabolical security package. When I left late that night, she was still deep in the code.
The next morning when I arrived, her desk was clean and unusually tidy. I feared the worst. Then I discovered that she'd left me an e-mail message, written in the early hours of the morning. She was, she told me, taking a few days off. She asked me to please move all her changes into production, "now that the security package was fixed".
What in the world was she talking about? Then I noticed an attachment to the message, a beautifully documented executable that provided a secret way around all the fiendish security traps.
That week we shovelled all our backlogged changes into production, bypassing the signature controls -- and our users were happy. Everyone congratulated us on our productivity, including my boss, who told me he was glad we had finally adjusted to his little software package. I had to bite my tongue to keep from telling him the truth.
What traps, security or otherwise, lay in wait for you? E-mails to Sandra_Rossi@idg.com.au