Procedures | Sten Vesterli's Blog

The weakest link is the human. Microsoft does keep the software in their Azure cloud up to date with the latest patches but still managed to lose 2.4 terabytes of data belonging to 65,000 customers in 111 countries. The reason is that someone at Microsoft misconfigured a storage container.

This story became public because a security company wanting to sell its scanning solution posted it. They also informed Microsoft, who quickly secured the container. But for every white-hat hacker scanning the internet for unsecured storage, there are ten black-hat hackers siphoning off your secrets and selling them.

By buying a high-level cloud service from a reputable vendor, you can be sure that it runs on well-patched servers without known vulnerabilities. But you’ll have no idea when your cloud vendor fails to secure some lower-level service until you read about it in the news.

There must be a shortcut for every Standard Operating Procedure (SOP). You cannot allow the production database to be down for hours while you chase down everyone on the Change Advisory Board. The police cannot wait for a judge and the associated paperwork if somebody’s life is in danger.

The problems start if the shortcut is abused. Amazon is sharing video from your Ring doorbell with anyone who works for one of their 2,161 “partners” as long as they promise on their scout’s honor that it is really important. Google will similarly share the video feed from your Nest camera. They say they haven’t done so yet, but that’s only because law enforcement hasn’t noticed them yet.

I’ve been in organizations where half the work of IT operations was Emergency Changes. Do you track how much work is handled following SOP and how much your people use the shortcuts?

Tag: Procedures

The Problem is the Humans, Not the Technology

When the Shortcut Becomes the Standard Way