SF Not an Exception In Giving IT Too Much Control

CWmike writes "The city of San Francisco's IT department is certainly not the exception when it comes to allowing just one person to have unfettered rights to make password and configuration changes to networks and enterprise systems. In fact, it's a situation fairly common in many organizations — especially small to medium-size ones, IT managers and others cautioned in the wake of the recent Terry Childs incident."

Re:It will happen again, and continue to happen.

[Aphoxema]

While more people should have had access to the network were it ever really needed, sometimes the only really efficient way to take care of a really intricate and dedicated task is to have one person do it all.

He certainly could have been more responsible about it though and prepared assistants to understand exactly how it worked, but who knows, maybe he really was trying to document his system for others but management got in the way of anything productive. That's what management's for, right?

HA!

[Splab]

As if it's ITs fault. Most companies I've worked at I have pointed this very situation out and usually get overruled based on the cost of doing it "right".

(It isn't enough to have several people with the password, you need to know how to recover if you lose total communication with the guy responsible - ig. died.)

Also it isn't just IT. Last months pay got delayed at my company, which really shouldn't happen since KPMG is responsible for taking care of payments for our company. The reason? The lady responsible for authorizing the transfer was the only one with the passwords to do so, and she was in labor.

Re:It will happen again, and continue to happen.

[MightyMartian]

This whole "I'm unique and a genius and only through my incredible mental powers does this network keep running" schtick was idiotic long before the lunatic out SF decided that he was God of the Network and beyond any of the Powers that Be. Yes, it's true that complex networks can be tough to explain, and yes, I can well understand why the architect of a network might not want someone else screwing with the configs, but come on, at least a few of us have been faced with having to untangle a complex network config. For the most part, I find the really complex ones I've had to deal with were more due to a distinct lack of ability rather than because the guy was some supergenius. Make some decent network diagrams with good descriptions of what various routers, servers, etc. do, and a reasonably well-trained and/or experienced network guy will likely be able to figure it out. It might be painful at points, and if the old guy is truly gone (rotting in prison because he's a narcissistic wanker or because he got hit by a bus) it might take some work, but providing the configurations aren't some sort of spaghetti routing tables, it should be reasonably possible to pick it all up.

I'm sometimes wonder whether guys like Childs are more hiding their own inadequacies than trying to protect the network from incompetents. I've done a few configs that I've been a little embarassed about, but because of time constraints I went with the flow and hoped either it would stay working or that I'd get a chance further down the road to clean things up.

At any rate, I think it's the head of any IT department's job, implicit in that very position, that the network architecture have some documentation, and that things not just be stored in one's cranium.

Re:God complex

[Vancorps]

Ya know, I would kill to have another person around with the same skillset that I have but it just ain't gonna happen. Periodically I print out a report of all my passwords and lock them in the safe of the CFO. That way if another admin comes in because I got run over by a bus or more likely in my case, got in a horrid car wreck going well into the triple digits he or she can read my documentation and gain access to the system.

Not the best solution but it works since they refuse to hire me help even though I am way overworked increasing the likelihood I will kill myself traveling to and from work at all hours.

Re:It will happen again, and continue to happen.

[jackspenn]

I know what you are saying, but I don't blame Childs, I blame city workers who out of their own laziness let him do/control everything.

I mean think about it, do you think that there was just one person hired in all of SF to manage the network? Exactly, there were people getting paid and not producing. People giving up their freedom in return for promises of stuff without effort. (AKA socialists, communists, freeloaders, hippies,but not all hippies, some of my hippie friends are cool, etc.)

Those are the people who should be in jail. While their laziness or unwillingness to learn/question did not produce Childs, it allowed him to get out of control.