Dave: Okay, the auditors have pinpointed our problem with privileged identities. Apparently we have no controls, so unauthorised people could gain access to sensitive company information. What can be done about that?
Tarquin: We can create some technology in-house. I can put a team together to start mapping all the necessary relationships.
Means: We can write ourselves a blank cheque.
Dave: Will that work?
Tarquin: Yes. As far as the auditor is concerned, he just needs to see that you are doing something about it.
Means: As far as the auditor goes, yes. As far as solving the problem goes, hell no. But it will be a while before you realise that, and by then I'll have bled you dry. You'll have invested so much money trying to solve the problem you won't be able to admit defeat. You'll roll over every time I say you need to put more bodies on it.
Dave: Don't you already have an accurate list of our privileged identities?
Tarquin: No - we've been following your processes and this isn't one of them.
Means: We did think that Sue was managing these but when she left, we discovered she hadn't been. You just can't get competent staff these days.
Dave: Isn't there existing technology to automate privileged identity management?
Tarquin: I'm pretty certain there isn't, but if you want to have a look feel free.
Means: Yes, but do I look stupid? Why would I automate manual tasks I can bill you for?
Dave: I don't have the resources to do product evaluations. Can you do that for me?
Means: Of course not - why would I slit my own throat?
Dave: I've just been looking in this magazine and it talks about Lieberman Software who provides privileged identity management solutions - it sounds like this is exactly what we need. I'm going to give them a call.
Tarquin : Oh yeah, I've looked into that for you but I don't think it will work with your complicated infrastructure. Give them a call by all means...
Means: Damn, how did he find that out? Well, if I make it sound like it would be a mare to manage then hopefully he'll back off. He doesn't have the people or the resources to do much of anything in-house because he's using all his budget keeping me in the good life to which I've become accustomed.
If Dave had just picked up the phone and given me a call I'd have been able to tell him that manually trying to manage his privileged accounts was just a money trap and wouldn't work. By automating the process, within a week his privileged identities could be under control and managed going forward - without a contract negotiation in sight.
Sign up for MIS Asia eNewsletters.