Tuesday, July 03, 2007

History of Business Computing 101; information and physical security when work is taken home


The old fashioned culture of information systems in large companies, with overnight batch cycles, end-of-month, and demand for absolute perfection actually developed a few years ago, in the 60s and 70s. IBM introduced its 360 lines in the mid 1960s, and their verbose JCL (DOS at the time, to be largely replaced by MVS in the 70s) and assembler and COBOL created the computing culture of the time.

In the 1970s many financial institutions and other large companies (manufacturing, media, retail) would write their own inhouse business systems, and developed a culture of “systems analysts” who wrote specs, and programmers, and operators. The level of perfection necessary quickly became apparent and programmers had to be on call when nightly production ran. The dreaded “SOC7” became a buzzword. (That was IBM, [“I’ve Been Moved”] which came to dominate business systems culture, partly because of the secondary propagation by H. Ross Perot and his militaristic company EDS (located in Exchange Part in Oak Lawn in Dallas in the early days, to move to Forest Lane and then Plano, and then all over the world, and morph into a mainstream, even pluralistic consulting, project management, data center management and software firm). With other vendors, there were similar buzzwords, like “0219” on RCA Spectra 70 (which emulated IBM), and “Guard Mode” on Univac 1108 / 1110 (which I worked on in the early 70s until yielding to the pressure to migrate to IBM).

In the old days, programmers had unchallenged access to production files, and there were no automatic source management procedures to guarantee source-load module integrity. (All of this developed in the 80s.) You had to be very careful to save records of what you did. At NBC, in the mid 1970s, where we had a Univac 1110 environment, we had paper-roll terminals and could save the rolls of what we did (we didn’t have individual CRT yet: to look at source code in a program, you entered a command to get it to print on the paper.) Another thing you shouldn’t do was go on vacation over a month-end closing. (I did once, and almost regretted my gratuitousness.) Also, if you wrote a program to save records, you learned to read the data back yourself; otherwise production data could be lost forever. The close-calls of those days sap energy from later personal competitiveness, and it is not good to let them happen.

Today, of course, there are (and have been since 1990 or earlier) all kinds of automated tools (RACF, Top Secret, source management like Changeman or Endeavor) that protect the integrity of the production environment automatically. The old days were much riskier than you want to know.

One major news issue is the physical security of data in large companies. Today, an employee theft of financial data of about 2.3 million consumers from Fidelity National Information Services, part of Certegy Check Services in Florida, was reported. The data was used only for sale to direct marketers. But the point is that physical security of consumer data is a bigger issue than it was fifteen or so years ago, and compares to home personal computer security as a possible source of identity compromise. When I was working, it was common to take work home (sometimes test results listings and source listings) during implementations, as well as laptop computers. Possible theft of a company laptop, as by burglary (especially when traveling on business) is a serious source of compromise if the laptop contains production data. Other employees dial in to a work mainframe from a personally owned computer (this used to be done a lot through products like Procomm or PC-Anywhere), but this could lead to co-mingling of personal and protected business information of a personally owned computer. Because I had authored a politically controversial book on my own computers and maintained websites on them, and was sensitive to the idea that company resources could ever appear to be misused for personal political purposes, I insisted that any work done from home (even production support of abends) be done on equipment that I owned. However, most of the time I physically went in when there was a problem. Many other associates, however, worked from home some days of the week (I did not have to as I was in an apartment 1500 feet from work), and telecommuting, while desirable from an energy-saving and carbon-saving (and work v. family) point of view, can present security issues.

Picture: White has just played 8. Qa4 and Black can resign. This is like a Fool's Mate. Chess Life and Review, June 2007, p. 26.

No comments: