Computer Security: A new departmental car service


…with the cars painted in the favorite colour of the corresponding department head; an individual restaurant per department with the menu voted on by that department’s staff and users; each group with its own key and lock management system, using different techniques and lock sizes; separate badge systems, one per experiment, incompatible with each other and using different implementations; different power sockets following different national standards for different buildings; and, last but not least, different working hours for every section of CERN.

Indeed, that would all make… no sense! The cacophony of different services providing the same commodity – cars, food, keys, badges, electricity – would just be immense and would provide no overall significant benefit to the Organization. Instead, centralised services are paramount. They enable CERN to benefit from synergies and efficiencies when they are run by a group of specialised professionals with a pool of in-depth knowledge and experience, and hence save money and resources. In addition, centralised services allow the service managers to follow a high standard of implementation, ensuring redundancy, business continuity, compliance with CERN or host state regulations like the data protection rules, and integration with other services run at CERN. They can also benefit from additional (usually costly) features such as 24/7 service and Service Desk support.

This is all reasonable and rational in the physical world and at CERN there’s just one car service, one key and lock service, one access control service, one electricity standard and one restaurant provider. And we usually accept that CERN cars are white, the badges are credit-card sized, the power sockets are Swiss, and the restaurant serves those particular menus. So why do we have “shadow” IT at CERN and a cacophony of different non-centralised IT systems?

Why is it OK to violate CERN’s data protection needs and forward e-mails to external e-mail providers? Or store them on external cloud services? Why do some individuals buy fancy third-party presentation software instead of using whatever is already available at CERN? Why do we have the same application stack…

Source…