Memory-Lane Monday: Even worse than you thought

Credit to Author: Sharky| Date: Mon, 15 Jul 2019 03:00:00 -0700

This government agency has cashiers’ stations for handling transactions with the public, and the treasurer’s office decides it needs new software to run those stations, according to a pilot fish in IT.

And there’s going to be one sign-on and password for all the stations, brag the higher-ups.

Bad idea, protest all the IT programmers and system administrators. For one thing, having a single user sign-on to the system will prevent tracking who is completing each transaction. They cite security, accountability and separation of duties, but their protests fall on deaf ears.

The vendor rep shows up one day, and he and the treasurer do a presentation for an audience that includes IT managers. The two sound excited, and a touch proud, when they tell everyone that the cashiers will sign on with the user ID “Cash.” They don’t share the top-secret password, though; that’s just for the cashiers to know.

IT manager blurts out, “What is it, ‘Money’?”

And immediately sees that the treasurer’s and vendor rep’s faces fall.

“Before testing was finished,” reports fish, “the application was changed to allow individual user IDs and passwords. It took a little longer, but transactions are now tracked by the user ID, date and time.”

Sharky will file the identifying marks off your true tales of IT life. Send them to me at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.

http://www.computerworld.com/category/security/index.rss