Virtual or Physical, Who Should Get Fired?
In an effort to stir the pot and gain a little attention, Symantec conducted a survey on the exhibit show floor of VMworld regarding the repercussions of various catastrophic events related to backup and data protection. More than 130 respondents were asked about the possible repercussions of these events in terms of who would get fired if they occur.
In terms of methodology, most of the respondents said they worked at mid-to-large-sized enterprises, with 37 percent involved with virtualization, 18 percent working in IT security, and another 26 percent working in general IT roles.
In order to get the blame game off and running, respondents were asked who is responsible for securing virtual servers, and 51 percent said virtual admin/architects, while the other 49 percent said security admins. Adding to the fun, as we will see, CIOs also have their heads on the chopping block. Now that some of the villains have been selected, let's get to some damning questions (all answers below in percentages):
Question: If credit card data was automatically added to a virtual system that wasn't configured for PCI compliance and the company was fined $500,000, whose head would roll?
Answer: IT security administrator, 42; CIO, 23
Question: If a virtual server failure left the VP of sales unable to submit a contract at quarter-end, causing the company to miss their sales target by $5M, whose head would roll?
Answer: CIO, 30; server administrator, 28; VM admin/architect, 22
Question: If a virtual backup failure resulted in an angry CEO missing key M&A docs, whose head would roll?
Answer: Server administrator, 40; VM admin/architect, 23; CIO, 22
Question: If data was left on a virtual server for seven years instead of purged (according to data retention policies), leaving the company open to lawsuit, whose head would roll?
Answer: Server administrator, 23; IT security administrator, 23; CIO, 23
Question: If virtual account sprawl were not properly managed, causing an additional $2M in hardware purchases, whose head would roll?
Answer: VM admin/architect, 42; CIO, 27
Time to discuss: Who's responsible for laying the blame? If there was a really big screw-up involved, would it get pushed up the ladder to the CIO who could conceivably quash it? At what point does it somehow appear on the CEO's desk?
Also, the Symantec survey asked whose heads would roll, but are all these admittedly egregious mistakes firing offenses, or would the unwitting perpetrators merely be reprimanded? When it comes to dealing with the CIOs, if there's one thing I've learned, it's that the person in charge tends to get the lion's share of the credit or blame, even though he or she usually doesn't deserve it.
How does this kind of thing work at your organization?
Posted by Bruce Hoard on 08/29/2012 at 12:48 PM