2014: IT's Good, Bad, & Ugly - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Digital Business
Commentary
12/29/2014
08:06 AM
Lawrence Garvin
Lawrence Garvin
Commentary
50%
50%

2014: IT's Good, Bad, & Ugly

Take a look back at some of the most memorable IT incidents -- for good and bad -- over the past year.

8 Quiet Firsts In Tech In 2014
8 Quiet Firsts In Tech In 2014
(Click image for larger view and slideshow.)

The things we'll most likely remember from 2014 are all the things in IT that went wrong, and those won't go un-re-noticed here. A couple of those things were just flat-out attributable to human error, and I'll also make a point of calling those out where I think they occurred.

But the year was not all catastrophic. There were a few really cool things that happened in IT, and in technology generally. Those are just as important to remember as the lessons learned from the fiascos.

18 months of credit card breaches
No doubt the biggest story of the year, or at least the longest-running story, was the spate of credit card breaches suffered by some of the country's most notable retailers. We've all read about these, to some extent or another, but since part of the point of this article is to call out the good, bad, and ugly, let's start there.

[Check out The Coolest Hacks Of 2014.]

First, kudos to P.F. Chang's for its rapid response in simply pulling the plug on its electronic credit card processing systems. No kudos for Neiman Marcus, which only reported its breach in June, although it occurred prior to the Target breach in late 2013. So, in fact, it was Neiman Marcus in July 2013 that is due the credit of starting the recent wave of breaches. The ugly goes to Home Depot. I'm still trying to wrap my head around how that stuff got past compliance auditing.

Microsoft names new CEO
I said I'd include some good news. While a good portion of the world was somewhat skeptical back in February, I have to say that for the most part I think Satya Nadella's ascendency to the software throne of the world has been a positive thing for Microsoft. Certainly, the culture of listening to customers has become more open, and it's hard not to be encouraged by the looks of Windows 10.

Unfortunately, the lack of quality in the trenches, particularly with respect to the bad batch of patches released over the past six months, is damaging the memory of what could otherwise have been a great year for Microsoft.

XXII Olympic Winter Games, Sochi, Russia
Despite all the cynical attitudes about the Winter Olympic Games being in Russia, all in all I thought the Sochi event was as good as any other Olympic Games in recent years, and certainly better than a few.

(Source: Chris/Flickr)
(Source: Chris/Flickr)

Heartbleed
So, in the midst of all the credit card chaos, we learned something really important about open source software: Apparently open source developers read their peers' source code about as often (and as diligently) as IT professionals read product documentation before implementing software in production.

The good news from Heartbleed, though, is that the damage could have been exponentially worse than it actually was. Kudos to a responsive IT community that plugged the critical holes pretty quickly, and as far as I know, there's still only one actual breach attributed to Heartbleed.

FIFA World Cup, Brazil
Like the Winter Olympic Games, the naysayers had a lot of negativity floating around the airwaves about Brazil hosting the FIFA World Cup. But aside from a couple of minor disruptions early in the tournament, some really bad officiating, and unbelievably unsportsmanlike incidents, it was every bit the success that the Sochi Winter Olympic Games were. It's sad, however, to realize that most of the high points of the year in an article about IT were sporting events.

Celebrity "NSFW" photographs
In September, we learned exactly how important personal passwords are. We also learned (well I think some celebrities learned) that one ought not to store controversial content on somebody else's computer systems. But if you do, encrypt it. And encrypt it with your own keys!

Shellshock
If only the responsiveness to Shellshock had been as strong as it was for Heartbleed. Unfortunately, it was not, and today there are a myriad of active exploits affecting all sorts of Unix- and Linux-based systems that use the Bash shell as their default. Ostensibly, this fix was even easier than Heartbleed: Just turn off the Bash shell! Of course, some systems have only the Bash shell, so this is not practical in all cases. But the fact that exploits are still commandeering entire storage systems because patches that exist have not been applied is just, well, shocking.

Humanity landed on a comet!
It's been a really long time since anybody in the world did anything truly notable in the realm of space exploration. Yeah, SpaceX built a rocket to resupply the International Space Station, but humanity has been building suborbital rockets for 50 years. But this year, the European Space Agency landed on a comet! Well, to be honest, ESA bounced the lander off the comet and then it landed in shade, rendering it functionally useless. But do you have any idea what sort of navigational expertise it takes to hit a comet after 10 years of unmanned spaceflight? I definitely think this is the story of the year.

Sony
And, not to be outdone by any of the above, once again Sony gave us something to think about. I might have a modicum of sympathy for Sony, given the size of the intrusion and the ongoing impact of what was stolen, except we're now learning that (like with Home Depot) much of the damage was due to the company failing to maintain its own computer security. To add insult to injury, we're also finding out that the code that infiltrated Sony was so bug-ridden that it may be a miracle that it even worked at all. Then the hackers make a threat against movie theatres that planned to show Sony's movie The Interview, and Sony pulled the movie from distribution. (Well, really, I'm more inclined to think Sony pulled the movie so it wouldn't have to explain a $10 million opening weekend from the few theatres that actually showed it.)

So, that was 2014. From malware hacking poorly protected credit card systems abetted by dysfunctional corporate security procedures, to malware hacking poorly protected entertainment companies abetted by dysfunctional corporate security procedures, it just seems that nothing ever changes. Shakespearean theatre would refer to 2014 as a "comedy," inasmuch as the year started pretty much like it ended. Let's all learn a lesson or two, or ten, from these rough experiences and make 2015 a little better.

Celebrate your IT team's hard work: Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 16, 2015.

Lawrence Garvin, head geek and technical product marketing manager at SolarWinds, wrote his first computer program, in RPG-II, in 1974, to calculate quadratic equations. He tested it on some spare weekend cycles on an IBM System 3 that he "borrowed" from his father's ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
LawrenceGarvin
50%
50%
LawrenceGarvin,
User Rank: Author
12/29/2014 | 7:20:34 PM
Re: Different year same indifference to consumer data breaches
I had the opportunity to "observe" a few SOX inspections in the early years as well. A lot of what I observed is that since the auditors really didn't know what they were supposed to be auditing.. they audited "everything"... to the point of absurdity in some cases, and having absolutely nothing to do with accounting systems. But, gee whiz, you'd think that properly patching computer systems used to perform accounting activities (read: Point of Sale Terminals) would still be fully covered in a SOX audit.
LawrenceGarvin
50%
50%
LawrenceGarvin,
User Rank: Author
12/29/2014 | 4:44:26 PM
Re: Different year same indifference to consumer data breaches
And yet, there are meaningful laws... both PCI-DSS and Sarbanes-Oxley apply in these cases, and certainly SOX provides for holding corporate executives accountable. One of the unanswered (but certainly not unasked) questions is what the results of recent PCI and SOX audits were, whether those audits uncovered such lapses, and what obligations the executive management of these companies were under to remediate those defects (assuming the audits even uncovered those defects).
LawrenceGarvin
IW Pick
100%
0%
LawrenceGarvin,
User Rank: Author
12/29/2014 | 2:33:26 PM
Re: So much for "given enough eyeballs, all bugs are shallow"
To be fair, I don't think the challenge is unique to open source software; we've seen plenty of examples of proprietary closed software show up with similar catastrophic failures -- probably as a result of the same root cause: "Nobody Noticed". What the crux really is, I think, in agreement with you, is the false premise that there are "enough eyeballs" or that those eyeballs are looking at the things they should actually be looking at. It takes a very unique and sophisticated mindset to trace through code and ponder the "What If? scenarios. Sometimes those "What If?" scenarios were pondered in testing, but considered too "edge-case" to warrant writing the test suites. That, maybe, ought to be a red-flag unto itself, because it's the edge-case scenarios that are being leveraged for many of today's exploits.
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
12/29/2014 | 2:05:36 PM
So much for "given enough eyeballs, all bugs are shallow"
Sadly, Heartbleed and Shellshock challenge that article of the open source faith.

Not enough eyeballs to go around for all the software requiring scrutiny
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Commentary
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
News
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll