Well, it’s secure, all right…

Well, it’s secure, all right…

This small IT consulting outfit gets a contract with a very, very big company -- which is a very big deal, says a pilot fish at the consultancy."On a

Answering the WannaCry wake-up call
Hurdles Remain After Senate Votes To Restore Net Neutrality
Simple Banking Security Tip: Verbal Passwords

This small IT consulting outfit gets a contract with a very, very big company — which is a very big deal, says a pilot fish at the consultancy.

“On a daily basis, a large text data file needs to get loaded into a very fast database, and that information is used to deal or not deal with certain customers,” fish explains. “And this all has to happen in real time.”

The big client is very security conscious, and it won’t let the consultancy download the data from the client’s site. Instead, a third-party site is used, and access is through a secure connection with a totally inscrutable password.

And on the first day, everything works fine. The big client puts the data on the site and fish’s company downloads the data, then keeps checking back periodically to see if anything has been added or changed.

But on the second day, there’s some kind of problem: The consulting guys can’t seem to get a connection to the data. That news makes everyone nervous, because the big client is expecting real-time responses — and the client has made clear that if fish’s outfit doesn’t meet expectations, the client will go elsewhere.

Some quick analysis shows that the consultants are getting through the internet to the third-party site. But the connection is being rejected because the password is invalid.

The consultancy’s contact person for the deal calls the big client, and it turns out there’s a perfectly reasonable explanation: For security reasons, the big client changes the password every day.

Reports fish, “Our guy said, OK, just tell us what the password is each day and we can get the data. The response was that telling us the password would violate security protocols.

“The tech department decided to sit back and let management deal with the issue — including informing the large company that we can’t deliver any results to them until they give us a password to get the data.”

You don’t need a password to send Sharky your true tale of IT life — just mail it to me at sharky@computerworld.com. You’ll get a stylish Shark shirt if I use it. Comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.

Get Sharky’s outtakes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.

Go to Source

COMMENTS