I’m going to write about something that happened at work recently. I apologize for some of the generalities in this post, but I am not going to discuss any company specific technologies in a public forum. In our cyber-security courses we learn about Confidentiality Integrity and Availability being the cornerstones for protecting information. This also applies to new systems in development. My company prides itself on our technology and often uses it as an incentive when we are inviting new agents to join us. While our agents do think about the Confidentiality and Integrity legs of the triangle, their primary concern is Availability.
A new program was recently implemented that completely replaced one of the primary services we provide to our agents. Testing had been done to ensure it worked as designed; however, it couldn’t talk to the agent facing system that is used to view the service. The new program was security tested, and passed. Information remained remained secure, but the Availability failed once the program went live. Because of this the entire Information Security team had to give up their weekend so they could find the problem, fix it, and test it by Monday morning.
In my opinion, this comes down to planning and patience. I saw this happen at my previous employer, but never to the scale as what happened at my current company. Management was excited about the new program, and rushed to put it in place. Once it passed initial testing, it should have gone through a secondary phase of a limited rollout to test it in the live environment. This wasn’t done, and resulted in a pretty big failure. Planning and patience could have avoided this.
No comments:
Post a Comment