Seriously people when are the decision makers going to get a clue and realize that outsourcing never saves money in the long term and typically leads to something like this.
Source: MSFT/Danger's Servers Were Sabotaged
After reading this story how can you consider outsourcing your critical infrastructure? Just ask T-Mobile how this feels, if they even recover from the negative PR. Outsourcing never delivers what is promised, it's strictly for executives to enrich themselves in the short term and leaves someone else holding the bag when it hits the fan. The only time outsourcing makes sense is when its for short term project-based activities, otherwise your waiting on a potential time bomb.
Also, why is everybody hating on Microsoft? Hitachi was the "expert" vendor in this fiasco performing the upgrade. They should have made damn sure they had a working backup copy prior to this major upgrade. What is it amateur hour? Is that what platinum support buys you these days?
Another interesting aspect to this case now, is the hint of insider sabotage. How are you going to stop a disgruntled privileged user. The answer is, 99 times out of 100 you won't. It is more luck if anything if you are able to prevent it from happening. In cases where you have decent logging you should at least be able to prove what happened after the fact, but good luck stopping it. The only thing that would work prevention wise is dual-controls, which would be very cumbersome. I would be interested to know if any company is going the extra mile of routinely interviewing their system admins to ensure they are not disgruntled. I doubt it. Anybody have some realistic solutions to prevent insider sabotage by trusted administrators?
Source: MSFT/Danger's Servers Were Sabotaged
After reading this story how can you consider outsourcing your critical infrastructure? Just ask T-Mobile how this feels, if they even recover from the negative PR. Outsourcing never delivers what is promised, it's strictly for executives to enrich themselves in the short term and leaves someone else holding the bag when it hits the fan. The only time outsourcing makes sense is when its for short term project-based activities, otherwise your waiting on a potential time bomb.
Also, why is everybody hating on Microsoft? Hitachi was the "expert" vendor in this fiasco performing the upgrade. They should have made damn sure they had a working backup copy prior to this major upgrade. What is it amateur hour? Is that what platinum support buys you these days?
Another interesting aspect to this case now, is the hint of insider sabotage. How are you going to stop a disgruntled privileged user. The answer is, 99 times out of 100 you won't. It is more luck if anything if you are able to prevent it from happening. In cases where you have decent logging you should at least be able to prove what happened after the fact, but good luck stopping it. The only thing that would work prevention wise is dual-controls, which would be very cumbersome. I would be interested to know if any company is going the extra mile of routinely interviewing their system admins to ensure they are not disgruntled. I doubt it. Anybody have some realistic solutions to prevent insider sabotage by trusted administrators?
Comments
Post a Comment