Flashback Friday: No, if it were too risky … oh, never mind

The logic of upper management baffles once again.

Computerworld  |  Shark Tank
Computerworld / IDG

Pilot fish works for a health care organization that's looking for ways to cut costs and boost efficiency using IT — and there are some obvious targets.

“One particular area where I felt we could make some gains involved the reports from outlying clinics,” says fish. “They were transmitted in files to a secure FTP server, and then employees would print out the files and enter the information into three different systems manually.”

The organization has already bought a package that’s capable of receiving the reports, parsing them and feeding data to the three systems. In fact, the transmission can all be done through secure connections to the remote clinics systems — no more FTP required.

The catch: Using this approach means configuring the application to be exposed outside the firewall, and that’s never been done at this organization.

Fish explains what’s involved to the chief security officer. He’s interested, but he suggests doing a risk assessment to make sure the project gets a hard look.

That sounds fine to fish. Next step in the approval process: presenting it to the CIO.

“I went through my explanation and what we thought we could save, and then told him the CSO was on board with performing a risk assessment,” fish says.

“His response: ‘He thinks a risk assessment is needed? Then it must be too risky. We better not go forward with it.’”

Sharky keeps your risk to a minimum by filing the identifying marks off every story. So send me your true tales of IT life. Send them to me at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.


Copyright © 2020 IDG Communications, Inc.

Shop Tech Products at Amazon