The Customer Is Always Right

We were in a client meeting with a high-level executive, mapping out business processes and examining risk points and factors.

The executive raised the issue of ensuring data integrity and security for sensitive information that had to pass between departments in her organization.

Since the organization dealt with extremely sensitive information, none of their computers were connected to any outside networks.  Therefore, using a shared network file store or even simply sending an encrypted email between departments was not an option.

It was decided the information would be exchanged in person on encrypted CDs or DVDs.

The executive then started worrying about viruses.  "What if the department encrypting the disk has a virus on their system and passes it to the other department", she asked.

So we added a step to the process where the receiving department would decrypt the disk on a standalone workstation and then perform a full virus scan on the disk before copying the data onto their internal network.

We thought we had finally finished mapping out the process when she threw in another monkey wrench.

"What about the cell phone virus?"

"What cell phone virus?"

"I heard you can get a virus on your cell phone!"

"I suppose it's possible, especially if you have a smart phone that runs an entire OS, like Windows Mobile, but what are you getting at?"

"What if the person transferring the information gets a virus on their phone and it infects the disk they're carrying in their pocket?"

*Suppressed snickers of disbelief*

"It can't pass from the phone to the disk.  The disk is already burned, there's nothing connecting the two, the disk is encrypted, and it wouldn't be in the same format anyway."

"Of course it can spread!  That's what viruses do!"

After further discussion, it was decided we would err on the side of calm, well-reasoned logic:  We added a step to the process wherein the individual transporting the disk would carry his or her phone in a separate pocket.

The customer may not always be logical, but the customer IS always right!

As long as the checks clear.



Sgt. Wolverine said...

It's really not a big deal unless the phone vomits in your pocket. Then you have to clean all those 1's and 0's out of your pocket.

Some Guy said...

I heard Apple products don't get viruses... Therefore, the solution should have been that anyone who transports the disks must have an iPhone.

Ricky Anderson said...

Yes, and I would like to volunteer to transport said disks so that work will be forced to get me an iPhone.