Denial ain’t just a river in Egypt
For Steve White, two recently running threads came together this month; and both are examples of real life imitating IT.
Firstly I was ‘inundated’ with a letter following my recent article on ‘how to kill a company’ where I suggested that the recipe for the destruction of a company was silent data corruption in a core IT system which remained undetected for too long, and brought the company down. My correspondent pointed out that there is clear to see data corruption going on every day throughout companies and governments, the corrupting of good quality information from problem detectors toward the people who make the decisions; the removal of ‘bad news’ from upward reporting.
My correspondent had been documenting in regular reports, through his manager to the CIO that there was a problem in a particular function in the IT department. The CIO reigned with a climate of fear, and it was in no-one’s interest to tell the CIO the truth as the messenger would be ‘shot’. The line manager removed all traces of negative news from his report before forwarding it on, so as far as the CIO was concerned everything was fine, no big decisions were required and he could report upwards that there were no issues. When the issue became obvious, the time for inexpensive remedial action had passed.
This is, of course, one great big silent data corruption, and the only antidote is to require, as a senior manager, the exact opposite of data corruption. There’s one company where the directive from the CEO was ‘tell me personally about bad news within 24 hours, or you’ll be fired’. Establishing a direct channel for bad news – the basic belief of accurate and timely reporting – into the culture of an organisation had a dramatic effect on the reduction of non-IT data corruption.
Secondly, being at a client site when breaking news about them hits the front pages is always interesting. This client was having a challenge with IT security – data was leaking out of the building. This came as little surprise to me. As a visitor to their site I was not given a visitor badge – I was expected to ‘draft’ through the building ‘security barriers’ after my contact had opened the gate (and up to three people could follow through behind someone with a badge, both in and out, without any challenge), badges were not worn by employees, car park security could be completely circumvented by arriving in the morning before security arrived – the list went on. The thin veneer of security was defeatable by a visitor with no malicious intent. The data corruption here is that when these flaws had been pointed out to ‘Security’ by conscientious staff, Security not only took no action, but did not even see the need to change their processes. Another of Mark Twain’s quotes is applicable here; “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so”.
