Security scan. What does that mean? The phrase came out during a recent meeting. A few of us looked at one another – eyes betraying a look of bewilderment and amusement as we contemplated the possibilities.
We’re in software so tri-corders, armed men making rounds around the perimeter; these did not make any sense. Surely the security scan was some sort of manual software process. A check list of tasks to determine that the software to be released passes some bar of predetermined security threshold. Perhaps an automated process?
The conclusion we eventually came to was that there was a “security scan specialist” waiting at a terminal somewhere deep within the corporate megaplex. He surely wore a white collared shirt complete with skinny tie. Upon accepting the security scan task he places a physical representation of our software into some sort of device. He initiates the scan. Lights and whirrs come to life validating the integrity of our humble payload.
The specialist stands back. Out comes a cigarette. He lights it and takes a deep, long drag allowing himself to savor the bitter combination of burnt paper and stale tobacco.
Minutes come and go. The ash tray accepts a couple more taps. In what seems like coincidence the dot matrix printer comes to life roaring through a ream of paper as it output various diagnostics.
The specialist presses out his cigarette.
He then, with both hands, separates the output of the security scan from the printer with a single well practiced tear. Walking over to his desk he pauses. Grabbing a lukewarm cup of coffee off his desk he takes a sip. Scanning the top page and locating the output of the process which the collection of yellow stained machines had arduously labored to complete:
SCAN PROGRESS: 100% RESULT: PASS
A thin smile presses through his lips. He lifts the papers, places them into a manila folder. He scribbles the date and target project for which the scan was completed and then coupled the two. Placing the documents into a massive filing cabinet he completes the task by shooting off an email to his colleagues who were eagerly awaiting the results of his work.
We laugh a good laugh. The technology may be different but the analogy remains. We should question if established processes or practices are really in sync with current times and technology. It is harder to see in software but the absurdity of what we sometimes settle into is as our security scan specialist illustrates.