Have your say at computerweekly.com
On IT systems and civil service job reductions
In response to Colin Beveridge's Thought for the Day (computerweekly.com) on the chancellor of the exchequer's plans, announced in the Spending Review, to reduce civil service headcount by 100,000 through the use of IT systems
I could not agree more with Colin Beveridge. What planet has Gordon Brown been living on? Certainly not in the UK where IT has been solely accountable for the greatest waste of taxpayers' money.
The chancellor would do well to talk to his Civil Service colleagues running the Department for Work and Pensions and the Inland Revenue and ask their IT leaders how easy it is for them to continually update their vast systems with the changes that he introduces at each Budget and Spending Review.
Using a term like "technology" without being able to clearly explain how it brings about these potential savings is mere fantasy. Furthermore, it smells like the work of some rather over-ambitious service providers who, at the end of the day, will be the only ones to benefit.
Director, ICT Management Services
On the dangers of pirated software
In response to Frank Coggrave's opinion that the EU Directive for the Enforcement of Intellectual Property Rights will create a dilemma about copyright issues for IT directors (Computer Weekly, 6 July)
Frank Coggrave is right that illegal downloading of music by employees is a problem for IT directors but, in comparison with software piracy, it is merely irksome.
In a week when the Business Software Alliance revealed that the UK software piracy rate is 29%, the chances are that the majority of Computer Weekly readers' networks are home to illegal software, whether through ignorance or deliberate risk-taking.
The penalties for companies which have unlicensed software are great and include legal actions, punitive fines and reputational damage. The number of tribunals brought against employers for misuse of corporate IT resources is increasing.
So the argument for reducing an organisation's legal exposure, with the aid of tools, such as automated asset management, is clear.
On the sharing of information by police
In response to Adrian McKeon's comments on the failings in the way police share data (Computer Weekly, 29 June)
Without over-simplifying the situation we must remember that cases such as Soham will always bring increased scrutiny on methods of policing and the interpretation of legislation in this country.
Measures are being taken by the authorities to encourage and facilitate the sharing and distribution of accurate and current information to the people who need it most - the police officers on the beat.
Great technological strides have been made to enable the UK's police forces to have greater accessibility to important investigation tools such as the Holmes II database, set up following inquiries into the Yorkshire Ripper case in the 1980s.
Police across the UK now use handheld wireless PDAs to get access to the database, as well as the police national computer. This encourages greater police presence on the streets, by empowering officers to make decisions in the field, ensuring that they have the most accurate and up-to-date information to do so.
So let's be constructively critical of the possible areas of improvement especially when the consequences can be tragic. Do not overlook the huge steps already taken which directly benefit us all.
Duncan Gerrard, Senior consultant, APD Communications
Let others be the blue-sky pioneers
With regard to your exhortation for us to "Salute the bold IT adventurers" (Computer Weekly, 20 July), I make no judgement on either side. But, to balance the view, and having worked on the "good old dependable side of IT" for 30 years, I would like to ask a few simple questions. How much benefit do these entrepreneurial organisations actually get for their investment?
How much does it actually cost them? Are the developers keen to part-fund the costs in return for public association with blue-chip clients? How quickly does the need for new technology developers to recoup their costs force them to release their products into the market so we can all benefit? Does it really take "the nerve to fly into blue skies" or a combination of plenty of funds and a need that the market cannot yet satisfy?
Similarly, are your stated drawbacks - appearing a Luddite or risking overlooking methodologies or technologies that could deliver - really an issue?
Investments in major technologies are long-term decisions, most often made after relatively long-term assessments and budget exercises. You would have to be Rip Van Winkle to miss out on key technology advances to the point where your business colleagues know more about these things than you do to the extent you are branded a Luddite.
I have yet to be convinced of the benefits of living on "the bleeding edge", but I would not want to put off these brave souls for fear of missing out on the opportunity of cherry-picking the fruits of their labours.
Senior business analyst, Centura Foods
Linux access rights can stand test of regulations
Neil Chaney's column on Linux access rights (Computer Weekly, 6 July) highlights a very important issue that many people are not aware of and could possibly get them into a lot of trouble. But there are simple and viable solutions that can be easy to put in place and the article does not mention any of them.
It is easy to stand on the sideline and point to something wrong on the field, but it is more useful to work harder at searching for options and alternatives.
I am a systems administrator working in the pharmaceutical world and in my experience a lightweight directory access protocol (LDap) switch can be used as a central user ID management for a multiple server environment. In fact, Active Directory was based on LDap and there are even tools to integrate both in the same environment.
As far as auditing and document control, any good administrator can subvert a Windows system just as easily as a Unix system. The only way around this is to use digital signatures and CFR-part 11 compliant systems, such as Documentum or MXDoc from DistinctHorizon. These store all documents in a digitally-signed format with version control to make it impossible for even a root user to modify it without anybody's knowledge.
Are sys admin using root shells to manage Linux?
I was bemused by the letter from Andrew Youngman (Computer Weekly, 13 July) in response to my column on some of the issues Unix and Linux users face in reaching compliance with Sarbanes-Oxley, and other recent or forthcoming legislation.
I am concerned that the letter might lead some IT directors to ignore the issue to their cost.
Most of the statements Youngman makes have a basis in fact. However, they do not refute the primary cause for concern which is that Unix and Linux installations are most often managed by administrators via root access permissions, which gives those administrators effectively unlimited access to those systems. This needs to be an issue of concern for IT directors in their move towards legislative compliance.
In our experience, the majority of UK Unix and Linux sites are not using LDap-based directories for user authentication, nor have they "hardened" the operating system to control privileged access.
The fact that technology exists to circumvent all or part of the problem is accepted and stated in my column. The problem, as we see it, is that only a minority of user organisations actually employ such technologies to control privileged access to Unix and Linux systems and they need to, whether using intrinsic operating system capabilities or third-party software.
The resolution is simple. IT directors should ask their Unix and Linux systems administrators whether they use the root shell to manage their systems. If the answer is yes, then there is a potential cause for concern that needs to be addressed.
Managing director, Open Systems Management
Don't let vital data fall into rivals' hands
My colleagues and I read the article on the dangers of disposing of discs (Computer Weekly, 8 June) with disbelief as we are data recovery and data destruction experts and understand this subject.
Data destruction is a tricky subject but "reformatting" is not the answer, writing ones and zeros in alternate patterns to the disc is. This ensures that data has been eliminated or "destroyed".
A special piece of software is required. One must also consider other media such as tapes, Zip discs, memory sticks and so forth, which are not covered in your article. The solution must cover all media quickly, quietly confidentially and on site, thus maintaining security, which should be paramount.
I recently had to deal with a large retail company disposing of 10,000 back-up tapes, which the company thought we could not read. The tapes would contain all the information of this company, yet he was happy to give them away to another company with no security appreciation. The retailer's rivals would be most interested.
Data should be destroyed on all media before disposal of the equipment it is on.
Sales and marketing director, R&R Data Managed Services