Wednesday, September 03, 2008

This One Time I Was Honest In A Meeting

With a project the size and scope of the one we are currently undergoing, there are bound to be a lot of meetings.
After all, we are migrating a whole lot of servers and consolidating down from five separate farms to seven and from 450 servers to a slim-and-trim 500 or so.
Okay, so the "consolidation" part of the migration isn't going so well. I'll schedule a meeting about it to see if that will change anything.
The point is (and I can't recall the last post where "the point is" came in anywhere under six-hundred words into it) we meet a lot. We do it to make sure that we get everything moved from the old into the new with the exception of the problems, flaws, concerns, poor design choices, compliance issues and fire hazards.
This is our shot at fixing the stuff that annoys the break-fix people.
I was understandably disappointed to be involved in a discussion where it was decided that we would keep and old and insecure idle-time-out setting because we didn't want to inconvenience the users.
Hold up a minute.
"We didn't want to inconvenience the users?!?"
I'm not on the "Convenience Team".
I'm not a member of the "Usability Help Squad".
I have never endorsed an organization known as the "Coddle the Users and Give Them Hugs Department".
I'm in Security.
Sometimes, as a joke, I run it together: "I'm insecurity". And then I follow it up with "Are you sure you meant to wear that sweater with those slacks? Well, okay, if you say so."
This is what I do, damn it.
Anyway, while I was disappointed to be involved in the discussion, please imagine for a moment how upset I might be to find myself on Tuesday morning in my third actual meeting about it.
I said, "In addition to server consolidation, this project was supposed to remedy long-deficient security settings. If we don't do this now, we are wasting our chance to fix something."
I also said, "We have no control over users at home, this setting gives us a low-impact way to limit access to authorized users."
Later on I said, "If someone opens a screen full of sensitive data and then gets up to get another Venti Latte, a stoned and slow Barista could inadvertently provide a window of opportunity for some identity thief to make the haul of a lifetime right there in Starbucks."
Towards the end I was reduced to, "This is not the last migration. There is no 'Migration to End All Migrations.' Someday, maybe soon, something new will come out and we will repeat this process right down to the meeting level. If you think we won't be at this conference table again, or possibly one with a plasma top which displays network topology in a hologram and dispenses espresso, you are kidding yourself."
And then, I closed with, "I hope in the future meeting about this issue someone brings cookies because then at least we'd get something out of it."
The admin added it to the meeting minutes, so I specified that I like chocolate chips.

No comments: