An application used extensively by business users has been shown to be flawed in certain security aspects, the main one being that anyone on the network can view data if they want to. Now when this application was developed by someone who no longer works for the company, they left a number of years ago – leaving no documentation I might add. This wasn’t a problem for a long time, however there is now a requirement to make some significant changes, so now it is a problem.
What has happened, well the security problems have to be fixed. What department is going to pay, well the user thinks this should be business as usual – however the IT department thinks that as this is a change in requirement there should be a project code. Who will win, who can tell? The changes are at the behest of the security auditors, but there is no budget for security and so no one to pay for the changes – it’s all very confusing. As usual this work has somehow landed with the systems admin team, yours truly to be specific and tomorrow I’m going to have to spec all the changes up and try and get the damn thing running on an other server.
I would say that given the work load that’s on the horizon, it’s not that likely to get completed anytime soon. But as it’s security it will probably get pushed up the queue in preference to some thing else, just when we have the next set of tasks coming in for the August audits. This just gets better and better, what with the differing security requirements for each sector in the business. Still when all the dust settles and you think that you can see the light at the end of the tunnel, it’s a real bummer when you realise that it’s just someone with a head torch on bringing you more work!