Have your say at computerweekly.com
On IT systems and civil service job
reductions
In response to Colin Beveridge's Thought for the Day
(computerweekly.com) on the chancellor of the exchequer's plans,
announced in the Spending Review, to reduce civil service headcount
by 100,000 through the use of IT systems
I could not agree more with Colin Beveridge. What planet has Gordon
Brown been living on? Certainly not in the UK where IT has been
solely accountable for the greatest waste of taxpayers'
money.
The chancellor would do well to talk to his Civil Service
colleagues running the Department for Work and Pensions and the
Inland Revenue and ask their IT leaders how easy it is for them to
continually update their vast systems with the changes that he
introduces at each Budget and Spending Review.
Using a term like "technology" without being able to clearly
explain how it brings about these potential savings is mere
fantasy. Furthermore, it smells like the work of some rather
over-ambitious service providers who, at the end of the day, will
be the only ones to benefit.
Gavin Young
Director, ICT Management Services
On the dangers of pirated software
In response to Frank Coggrave's opinion that the EU Directive
for the Enforcement of Intellectual Property Rights will create a
dilemma about copyright issues for IT directors (Computer Weekly, 6
July)
Frank Coggrave is right that illegal downloading of music by
employees is a problem for IT directors but, in comparison with
software piracy, it is merely irksome.
In a week when the Business Software Alliance revealed that the UK
software piracy rate is 29%, the chances are that the majority of
Computer Weekly readers' networks are home to illegal software,
whether through ignorance or deliberate risk-taking.
The penalties for companies which have unlicensed software are
great and include legal actions, punitive fines and reputational
damage. The number of tribunals brought against employers for
misuse of corporate IT resources is increasing.
So the argument for reducing an organisation's legal exposure, with
the aid of tools, such as automated asset management, is
clear.
Glenn Stephens
Centennial Software
On the sharing of information by
police
In response to Adrian McKeon's comments on the failings in the
way police share data (Computer Weekly, 29 June)
Without over-simplifying the situation we must remember that cases
such as Soham will always bring increased scrutiny on methods of
policing and the interpretation of legislation in this
country.
Measures are being taken by the authorities to encourage and
facilitate the sharing and distribution of accurate and current
information to the people who need it most - the police officers on
the beat.
Great technological strides have been made to enable the UK's
police forces to have greater accessibility to important
investigation tools such as the Holmes II database, set up
following inquiries into the Yorkshire Ripper case in the
1980s.
Police across the UK now use handheld wireless PDAs to get access
to the database, as well as the police national computer. This
encourages greater police presence on the streets, by empowering
officers to make decisions in the field, ensuring that they have
the most accurate and up-to-date information to do so.
So let's be constructively critical of the possible areas of
improvement especially when the consequences can be tragic. Do not
overlook the huge steps already taken which directly benefit us
all.
Duncan Gerrard, Senior consultant, APD Communications
Let others be the blue-sky pioneers
With regard to your exhortation for us to "Salute the bold IT
adventurers" (Computer Weekly, 20 July), I make no judgement on
either side. But, to balance the view, and having worked on the
"good old dependable side of IT" for 30 years, I would like to ask
a few simple questions. How much benefit do these entrepreneurial
organisations actually get for their investment?
How much does it actually cost them? Are the developers keen to
part-fund the costs in return for public association with blue-chip
clients? How quickly does the need for new technology developers to
recoup their costs force them to release their products into the
market so we can all benefit? Does it really take "the nerve to fly
into blue skies" or a combination of plenty of funds and a need
that the market cannot yet satisfy?
Similarly, are your stated drawbacks - appearing a Luddite or
risking overlooking methodologies or technologies that could
deliver - really an issue?
Investments in major technologies are long-term decisions, most
often made after relatively long-term assessments and budget
exercises. You would have to be Rip Van Winkle to miss out on key
technology advances to the point where your business colleagues
know more about these things than you do to the extent you are
branded a Luddite.
I have yet to be convinced of the benefits of living on "the
bleeding edge", but I would not want to put off these brave souls
for fear of missing out on the opportunity of cherry-picking the
fruits of their labours.
Steve Pauline
Senior business analyst, Centura Foods
Linux access rights can stand test of regulations
Neil Chaney's column on Linux access rights
(Computer Weekly, 6 July) highlights a very important issue that
many people are not aware of and could possibly get them into a lot
of trouble. But there are simple and viable solutions that can be
easy to put in place and the article does not mention any of
them.
It is easy to stand on the sideline and point to something wrong on
the field, but it is more useful to work harder at searching for
options and alternatives.
I am a systems administrator working in the pharmaceutical world
and in my experience a lightweight directory access protocol (LDap)
switch can be used as a central user ID management for a multiple
server environment. In fact, Active Directory was based on LDap and
there are even tools to integrate both in the same
environment.
As far as auditing and document control, any good administrator can
subvert a Windows system just as easily as a Unix system. The only
way around this is to use digital signatures and CFR-part 11
compliant systems, such as Documentum or MXDoc from
DistinctHorizon. These store all documents in a digitally-signed
format with version control to make it impossible for even a root
user to modify it without anybody's knowledge.
Patrick Lefebvre
Systems administrator
Are sys admin using root shells to manage
Linux?
I was bemused by the letter from Andrew Youngman (Computer Weekly,
13 July) in response to my column on some of the issues Unix and
Linux users face in reaching compliance with Sarbanes-Oxley, and
other recent or forthcoming legislation.
I am concerned that the letter might lead some IT directors to
ignore the issue to their cost.
Most of the statements Youngman makes have a basis in fact.
However, they do not refute the primary cause for concern which is
that Unix and Linux installations are most often managed by
administrators via root access permissions, which gives those
administrators effectively unlimited access to those systems. This
needs to be an issue of concern for IT directors in their move
towards legislative compliance.
In our experience, the majority of UK Unix and Linux sites are not
using LDap-based directories for user authentication, nor have they
"hardened" the operating system to control privileged access.
The fact that technology exists to circumvent all or part of the
problem is accepted and stated in my column. The problem, as we see
it, is that only a minority of user organisations actually employ
such technologies to control privileged access to Unix and Linux
systems and they need to, whether using intrinsic operating system
capabilities or third-party software.
The resolution is simple. IT directors should ask their Unix and
Linux systems administrators whether they use the root shell to
manage their systems. If the answer is yes, then there is a
potential cause for concern that needs to be addressed.
Neil Chaney
Managing director, Open Systems Management
Don't let vital data fall into rivals'
hands
My colleagues and I read the article on the dangers of disposing of
discs (Computer Weekly, 8 June) with disbelief as we are data
recovery and data destruction experts and understand this
subject.
Data destruction is a tricky subject but "reformatting" is not the
answer, writing ones and zeros in alternate patterns to the disc
is. This ensures that data has been eliminated or
"destroyed".
A special piece of software is required. One must also consider
other media such as tapes, Zip discs, memory sticks and so forth,
which are not covered in your article. The solution must cover all
media quickly, quietly confidentially and on site, thus maintaining
security, which should be paramount.
I recently had to deal with a large retail company disposing of
10,000 back-up tapes, which the company thought we could not read.
The tapes would contain all the information of this company, yet he
was happy to give them away to another company with no security
appreciation. The retailer's rivals would be most interested.
Data should be destroyed on all media before disposal of the
equipment it is on.
Bill Osborne
Sales and marketing director, R&R Data Managed
Services