Friday, December 12, 2008

Guardians? What Guardians?

Yesterday, the New York Times covered the recent arrest of Bernard L. Madoff.

Madoff, a prominent Wall Street Hedge fund manager, has admitted to running a $50 Billion Ponzi scheme.

While law enforcement has been quick to react, the revelation came when Mr. Madoff confessed to an associate. While rival Hedge fund managers had been suspicious that Madoff's results were too good to be true, THE REGULATORS HAD NO CLUE.

Years ago, there were many warnings on and off the Hill. Regulators, economists and many others sounded the alarm that allowing an entire financial industry to exist without regulations was a bad idea. However, the standard responses were: regulations are bad, the market will police itself, we can trust our Hedge fund managers. Well, look at what has happened. AIG failed to accurately assess and hedge their risks. Dozens of financial institutions have gone under and hundreds more are at risk. Hedge fund managers have admitted to running a crooked game.

The lesson is clear, systems and the people who work within them are not self-policing. Shocker. I am sure Machiavelli and Juvenalis are laughing at the continuing naivete of the human race.

Now, right now, we have a very similar pattern emerging in information technology. Institutions around the world are virtualizing like crazy. IT is deploying the vast majority of these virtual infrastructures without any of the protections I recommend here. PCI, HIPAA, SOX, you name it, these IT Groups are putting sensitive data about you and me, valuable data worth billions of dollars is at risk.

Where are the Guardians?

The Guardians are out to lunch, they missed the memo, they drank the Kool-aid from the platform vendors.

People like myself, Chris Hoff, Greg Ness, Ian Pratt, Brandon Baker and many others are sounding the alarm.

It's time for the Guardians to get to work. It's time for the IT security team to get off their butts and start addressing this issue.


No comments: