Register for a free consultation!

System Security or You don't know what you are doing (again).

5/12/2016 10:46 AM

Not too long ago I was invited to talk to the IT leadership of a “well-funded financial startup-up” in Charlotte, NC. As usual, they wanted to tell me why they were doing it right and how thorough they were being and weren’t really interested in the expert opinion. They didn’t have the doors open yet but did have 20 or 25 developers sitting around throwing paper airplanes at each other. The CIO went on about Enterprise Service Bus (ESB) and how that made his data so much more secure. I asked him if that was an ESB like Sony, Adobe, Zappos and Yahoo employed (click here for an article about it) So if these big, successful companies can’t secure their own data, who can? To answer that question, we need to look at what they are doing and where it went wrong.

Hundreds or thousands of disparate systems

In the beginning there was a man and he did work. He was a farmer or a smith and he took a youngster in and taught him a trade. With the industrial revolution things started to specialize more. You had one person doing one little part of the job, another procuring the pieces that person needed to do the job, a third overseeing the job, and a fourth keeping accounts of what the first three cost. That’s all well and good and obviously worked or we wouldn’t still be doing the same exact thing today. Every department in every mid-sized to large company on the planet is its own little fiefdom with its own little squire/knight/baron/viscount/duke/earl /king/queen and they do everything differently. The powers that be run out and buy some piece of software to help them do their jobs and spend hundreds thousands and sometimes millions of dollars implementing it. This leads to one or more disparate systems for every department in a company. Nobody in this company knows who wrote the software, how secure it is or usually even how it was written or what language it’s in. As Sony and even Adobe found out, you literally can not secure all these systems. (or, you don’t know what you are doing.)

Bob Cratchit

Charles Dickens published “A Christmas Carol” in 1843. Jacob Marley was the squire/night/baron of a small accounting firm and he employed Bob Cratchit as an accountant. Bob sat around all day and wrote and tallied columns of numbers in a spreadsheet. The only difference between what was happening then and what is happening now is that the spreadsheet is behind the plastic sheet that is the screen of your monitor. Bob had ink stains on his fingers, you get carpal tunnel. When Bob was done, he folded up his spreadsheet and put it in a file cabinet somewhere. You email yours to someone in another department to file or make some arcane decision or just pass it along, but it is all the same and it isn’t secure. So if we can’t secure email and spreadsheets and we can’t have hundreds of disparate systems, what do we do?

The Solution

First, feudal leadership doesn’t understand Information Technology so remove them from the decision making process, except at a high level. That means they get to pick Java/Oracle or .NET/SQL Server but that is it. (Basically Microsoft v. non-Microsoft technologies) Second, build one application that does everything that needs to be done. This sounds a lot like an Enterprise Resource Planning (ERP) system, but it isn’t. Once you break down what a department actually does, you’ll find that most of the people are shuffling papers typing into spreadsheets or eating donuts but not getting much done. All we really need to do is find the inputs, find the outputs and connect them together in the simplest way possible, taking human decision making out of the process. We all lived through the Great Recession of 2008. That was caused by speculation in the mortgage industry. Bankers gave loans to people who couldn’t pay them back thinking that housing could never actually lose value. They were wrong. By taking people out of the decision making process (which the federal government did by saying ‘you have to have 20% cash down to buy a house’) we have a mortgage system that people can’t screw up. But what does a bank really do? They take deposits from clients, and they loan those deposits back out to them. Sure there is some black magic in the background with time value of money and traders and playing the stock market, but outside of that and actually talking to customers everything a bank does can be automated. …and should be. In Sentia’s little world, there would have been no disruption in 2008 because the one system would have not loaned money to people who couldn’t pay it back, they would have taken the greedy bankers out of the equation and not lost trillions and caused worldwide famine and death. This is NOT an exaggeration. That still doesn’t make our data secure, does it? Once this one system is in place, we only have to worry about securing it and nothing else. We have to secure it at the lowest level first, that is, the database level. What our developers do is require a Globally Unique Identifier (GUID) for every interaction with the database. This GUID identifies not only the user, but the user’s session. That means that the unique combination of the specific user and that specific login time of that user are identified. One of the more clever attacks is the “Man in the Middle” ploy where a hacker opens a new session while a user is logged in spoofing his or her credentials. Since this is effectively a new session, we automatically deny this attempt. ESB (remember them?) does not. Also, since we Identify the user with this GUID, we can lock down the database so tightly that nobody save the system administrator can even see the tables (where the data lives). This GUID is issued by the database server and transmitted to the application server (where the web service or web application lives) and is never transmitted across the internet. All that is great, but nobody can build this ONE application, right? Who ties the bell on the cat? Sentia does. We have a set of tools that can not only generate entire applications, but import data into them from legacy software. We can also import data from machines that we don’t’ want to redesign. If a car painting robot has a database that tells us how much paint and how many cars goes by in the day, we’ll not reinvent the wheel, and we can use that data as if it were native and actually resided in our application. What is the conclusion? You are doing it wrong, big business. You have thousands of Bob Cratchits and Jacob Marleys running around making idiotic decisions wasting resources and gumming up the works. These people (at least the Bobs) know they are doing it wrong and have a thousand ideas about how to do it better, but can’t get the ear of the aristocracy to shout “The King has no clothes!” How is that for some metaphor mixing? What we need is strong, knowledgeable leadership that at least knows what they don’t know and isn’t so arrogant that they can’t hear “The King has no clothes!” …and the King IS naked. Sentia is working right now to completely redesign the way health insurance is managed. You can read all about that in the blog prior to this one. That application is done and has several thousand users and will cut about 1/3 out of the cost of healthcare for every man, woman and child in the United States. We also have an application in the works to manage credit unions and after that will come small banks. My vision is that the Bank of Peoria (or Fannin County or whomever that is barely making it now) with some good leadership and automated processes can grow and take over the too-big-to-fail financial institutions by simply being more agile, more efficient and better able to follow the rules that get the arrogant squire/duke/king into trouble. If this doesn’t happen, don’t look at us. We are doing everything we can to get the word out. Nobody really wants to hear that the King is naked, even if by saying it they could have the throne.

Date Written Comment
10/18/2020 6:23 AM KSKD6M levitra nizagara
10/18/2020 6:42 AM Rokdmk levitra nizagara
11/13/2020 7:01 PM FMd0wg viagra online
12/3/2020 3:20 PM MH272y write my essay
12/3/2020 5:30 PM Wt5uJS write my essay
12/12/2020 1:03 PM mzUmf5 xnxx videos
12/12/2020 1:54 PM zyBaZB xnxx videos
12/12/2020 9:27 PM V3MuNf
12/12/2020 10:06 PM LuRxk2
12/14/2020 10:27 PM sA2Vih
12/14/2020 11:06 PM hamThz
1/9/2021 12:43 AM ERfeaR
1/9/2021 2:16 AM KKnes8
1/9/2021 4:58 AM LoBqXQ waldorf doll
1/9/2021 6:32 AM PryhaN waldorf doll
1/17/2021 1:59 AM YYLDD1
1/26/2021 5:31 AM A2FZke
1/26/2021 7:19 AM ryKrv9
1/27/2021 5:55 AM 4ZPhUI
1/27/2021 6:08 AM QxBGou
6/29/2021 12:55 AM a1vQGk xnxx
7/22/2021 4:04 PM write my essays
8/3/2021 8:21 AM
8/3/2021 8:30 AM
8/11/2021 8:00 PM I'm not interested in football fatmomtube Patient advocates and the company say the decision might slow the development of future diagnostic tests for Alzheimer's and deny patients with symptoms the chance to find out whether they have Alzheimer's or some other disease that causes symptoms of dementia.
8/11/2021 8:00 PM Just over two years thisav The pal has also been spotted out with Lohan on a few nights when she found herself in trouble. Lohan and her buddy were spotted at Lure fishbar in SoHo over the weekend sharing laughs and some dinner.
8/11/2021 8:00 PM An estate agents streamate "The only way to make that team for me is to play good golf and so, that's a goal," said DeLaet. "I've got to just focus on the process and that's hitting every shot the best I can, playing solid golf day-by-day and tournament-by-tournament.
8/11/2021 8:00 PM I'd like to open a personal account vporn Maryland delayed its exchange opening due to "connectivity" issues. Minnesota did not try to launch until the afternoon to make sure it could access federal databases. Colorado temporarily threw in the towel soon after its exchange opened, suspending customers' ability to create accounts for a few hours.
8/11/2021 8:00 PM I'd like to open a business account hentaihaven Jim Fitzgerald was 65 when he raced in the 1987 Cup race at Riverside International Raceway. James Hylton is the oldest driver to start a NASCAR race. He was 76 for the 2011 Truck Series race at Pocono.
11/15/2021 8:58 AM How do I get an outside line? stromectol ivermectin Unlike Funding Circle, Endurance Lending's site is only open to accredited and institutional investors, due to differences in regulation. Desai said initially it would continue this way but longer term the plan was to include smaller investors.
11/15/2021 8:58 AM About a year stromectol ivermectin "I can tell you that we have spoken with Brazilian officials regarding these allegations," she said this week. "We plan to continue our dialogue with the Brazilians through normal diplomatic channels, but those are conversations that, of course, we would keep private."
11/15/2021 8:58 AM Which year are you in? stromectol ivermectin More than 700 firefighters have been deployed to the mountains west of this affluent region, where celebrities like Arnold Schwarzenegger, Tom Hanks and Bruce Willis own pricey getaways. Five more hotshot crews arrived Saturday, and more are expected to arrive this weekend to continue focusing on protecting homes in a sparsely populated county.
11/15/2021 8:58 AM I like watching TV stromectol ivermectin "It is critically important nationally for more people to achieve lipid control," Gellad said. "However, as the authors explain, it is not so clear how important it is to achieve lipid control for individuals once they reach 80, especially if they have evidence of limited life expectancy."
11/15/2021 8:59 PM I've just graduated stromectol ivermectin Even close fans of the biggest — and wildest — girl group America has ever known may be surprised by some of the movie’s salacious anecdotes. Who knew Chilli was briefly booted from the group early on after the manager, Reid, caught her swapping spit with band producer Dallas Austin?
11/15/2021 8:59 PM What sort of music do you like? stromectol ivermectin It has been a slow but steady road back — Seaver still takes a bunch of pills, most of them vitamins, every day, has changed his diet and no longer drinks his beloved wine, not even the highly rated Cabernet he produces in his GTS (for George Thomas Seaver) Vineyard — but Seaver, who was grateful a few months ago for feeling good for two to three straight days, now has mostly good days. The other day, when I caught up with him by phone in his vineyard atop Diamond Mountain in Calistoga, was definitely one of them.
11/15/2021 8:59 PM I've just graduated stromectol ivermectin A hurricane watch for the coast from Grand Isle, Louisiana,to Destin, Florida was dropped. Tropical storm watches andwarnings were still in effect in other areas includingmetropolitan New Orleans and Lake Pontchartrain. Tropical stormscarry winds of 39 mph to 73 mph (63 kph to 118 kph).
11/15/2021 8:59 PM Where did you go to university? stromectol ivermectin "There has been no consistency," said Duncan Martin, partnerat the Boston Consulting Group (BCG), whose firm has worked onthe Irish bank stress tests and Portugal's bank restructuringprogramme. "There has been a gradual harshening of treatment."
11/15/2021 8:59 PM A Second Class stamp stromectol ivermectin The two new finds bring the total to four in the central San Joaquin Valley. In June, Aedes aegypti mosquitoes were found in Madera County and in Clovis. Yellow fever mosquitoes have also been reported in San Mateo County this year.
11/15/2021 10:56 PM I live here stromectol ivermectin Commander of the Air Force Space Command, General William Shelton, said the system - which has been in operation since 1961 - was outmoded and that newer technology will provide more accurate observations.
11/15/2021 10:56 PM Can I use your phone? stromectol ivermectin The Arkansas Department of Health has closed down Willow Springs Water Park in Arkansas, where it is believed that Kali contracted the disease, according to Medical Daily.  A case of parasitic meningitis in 2010 was thought to be connected to the same park.
11/15/2021 10:56 PM History stromectol ivermectin A federal jury convicted all three last August of conspiring to defraud municipal bond issuers, and also convicted Ghavami and Heinz of wire fraud. UBS agreed in 2011 to pay $160 million in restitution, penalties and disgorgement for the scheme.
11/15/2021 10:56 PM An estate agents stromectol ivermectin Ties between the world's second- and third-biggest economies have been strained over the uninhabited islets, controlled by Japan but claimed by both countries. The isles are known as the Senkaku in Japan and the Diaoyu in China.
11/15/2021 10:56 PM When do you want me to start? stromectol ivermectin BEIJING/HONG KONG - China reiterated its opposition on Thursday to a European Union plan to limit airline carbon dioxide emissions and called for talks to resolve the issue a day after its major airlines refused to pay any carbon costs under the new law.
11/16/2021 3:29 AM I'm sorry, I didn't catch your name stromectol ivermectin 1512: The origins of the Royal Mail go back to the early years of the Tudor monarchy. Brian Tuke, a former King's Bailiff in Sandwich, was acknowledged as the first "Master of the Posts" and went on to build up a network of postmasters across England for Henry VIII.
11/16/2021 5:05 AM Gloomy tales stromectol ivermectin "The forecast and scenario for tomorrow is about as bad as it gets. On days like tomorrow there is a very real potential for more loss of homes and loss of life," said New South Wales Rural Fire Service Commissioner Shane Fitzsimmons.
11/16/2021 5:05 AM Can you put it on the scales, please? stromectol ivermectin To locate a vaccination site that offers these options, ask your doctor or pharmacist, or check the online flu-shot locator at Most chains like CVS, Walgreens, Safeway, Kmart, Walmart, Rite Aid and Kroger will offer the standard and high-dose shots, along with the flumist nasal spray. But because of limited supply, it may be a bit more difficult to locate the intradermal, quadrivalent or flublock vaccines.
11/16/2021 5:05 AM I'm not working at the moment stromectol ivermectin Phase two of Help to Buy is being rolled out three months early. A Treasury spokesman told the BBC that was because "the government is committed to making the aspiration of home ownership a reality for as many households as possible. We want current and future generations to experience the benefits of owning their own home, in the same way as their parents and grandparents."
11/16/2021 9:24 AM We're at university together stromectol ivermectin Greenwald, an American, has written a series of stories revealing the NSA's electronic surveillance programs and national security programs in Britain, most based on information passed to him by Edward Snowden. Snowden, an American granted temporary asylum in Russia, is a wanted man in the United States.
11/16/2021 9:24 AM What line of work are you in? stromectol ivermectin Morningstar said that looking only at U.S. states, however,Illinois is in the worst condition. The state has only enoughassets to cover 40.4 percent of its liabilities, or 3 percentless than last year, it said.
11/16/2021 9:24 AM Very funny pictures stromectol ivermectin His remark appeared offhanded, and the city is not working on such a program. But the comment, which comes just days after a key Bloomberg public safety measure was deemed unconstitutional, immediately drew criticism from several of his would-be successors.
11/16/2021 9:24 AM Do you know the address? stromectol ivermectin The agreement contains roughly the same destruction deadlines as in a Russian-American deal brokered earlier this month. Syria must submit additional details of its arsenal, including munitions types, amounts of precursors and toxins, and the location of all storage and production sites within a week.
11/16/2021 9:24 AM I'm not sure stromectol ivermectin Bloomberg’s spokeswoman, Julie Wood, said the ball is in his successor’s court: “The mayor's position is that these board members are excellent. The next mayor will have to make his own judgment.”

Add Comment: