Premier 100: Yahoo gets 'Paranoid' about IT security
Company embeds select team of security staffers in operating units, CIO says
Computerworld - PALM DESERT, Calif. -- One of the most important IT teams at Yahoo Inc. is a globally dispersed group with a name more fitting for a punk rock band.
The Paranoids is a small, select team of techies who are embedded into each of Yahoo's engineering and product management groups and collectively provide a "big voice" that constantly is arguing for better IT security, according to Yahoo CIO Lars Rabbe.
"We felt strongly that security can become an afterthought if it's created as a separate organization," said Rabbe in an interview Monday after speaking at Computerworld's Premier 100 IT Leaders Conference here. "We thought it was important to make it part of the process, so that security becomes part of the job, so that every developer looks at it and thinks about it."
To ensure that the Paranoids aren't treated as deadline-busting killjoys, the team is strongly endorsed and supported from the top. And many members are "very well-regarded technically" within Yahoo, Rabbe said. For instance, Rasmus Lerdorf, the original creator of the PHP open-source scripting language, is a member of the Paranoids.
Security is only one area in which Rabbe, who has been CIO since 2003, and his 350-member IT team stand apart from the ones at many other companies.
For example, Rabbe's team is often called on to help evaluate potential acquisitions –- not just how much time and effort it would take to integrate a company's systems into Yahoo's global network, but also the quality of the services it offers.
To optimize the operation of Yahoo's servers in 25 global data centers, the IT staff has created proprietary file systems that, along with heavily customized MySQL databases, can process more than 13TB of data each day.
During his time at the company, Rabbe also has improved Yahoo's data redundancy, such that "all important pieces of info are stored in at least two, and often three, geographically dispersed locations," he said. The IT group is also working hard to eliminate tape backups.
All of those technical achievements by Rabbe's IT staffers surely must have impressed their engineering peers, right? Not really, he said.
"In most companies, IT is revered as the holder of the black arts," Rabbe said. "At a technology company like Yahoo, everyone thinks they can do your job better than you."
To cater to his end users and help maintain Yahoo's engineer-friendly climate, Rabbe tolerates all manner of operating systems and applications that a CIO used to a more traditional command-and-control environment might not. In addition to typical setups of Windows, Office and Internet Explorer, Yahoo's IT team has to support Macintosh systems and PCs running various flavors of Linux, and make sure that Web-based human resources applications don't break on the Opera Web browser.
Rabbe downplayed the impact of a recent internal reorganization at Yahoo on the IT unit. "It's the first major reorg we've had in five years," he said. "It doesn't change that much for us on the back end. We just need to stay close to the business to help them get to market faster."
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Accelerating Network Convergence in Virtualized and Cloud Data Centers Adopting a converged networking strategy enables organizations to traffic server and storage I/O workloads on consolidated data throughput channels. Intelligent software helps optimize...
- How 10GbE Network is the Backbone of the Virtual Data Center The shift to a virtual data center has put tremendous strain on legacy networks; driving the need for more speed, lower latency, more...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts