Today I was helping one of my coworkers study for the Security+ exam, and one of his study questions reminded me of a story.
I wrote a few days ago about spending some time in an unhealthy IT shop. One of my cohorts supported one of the departments that decided to outsource its IT to a contractor, rather than use the internal IT department. It was a form of shadow IT on a large scale. The hand-off didn’t exactly go as it should.
He was showing the contractor who was going to be replacing him around, and at one point, the replacement asked my cohort if P2P services were blocked at the firewall. Of course my cohort said yes. The contractor looked disappointed.
“When I’m working on a server and I need a DLL file or something, I just jump on a P2P service. It’s the fastest way I’ve found to get the files I need.”
Needless to say, the right thing at that point for the client to do at that point is to hand the contractor a box, thank him for his time, and escort him out of the building. Anyone who worked with me about a decade ago knows that’s precisely what didn’t happen.
I don’t know what they got out of this particular contractor’s services, but I can assure you they deserved whatever it was they got. Because while I can assure you the P2P services were blocked at our firewall, they weren’t blocked at the Holiday Inn across the parking lot. And it had wi-fi.
If you ever wonder why some places never bring new employees on except through a right to hire process, this is one reason why. It’s a way to manage risk.