[ISN] An interview with Santa's CIO

From: InfoSec News (isn@private)
Date: Fri Dec 24 2004 - 00:19:07 PST


http://www.theregister.co.uk/2004/12/23/santas_cio_interview/

By William Knight
23rd December 2004 

With hands on management and a little bit of star dust, Santa's IT
operation goes without a hitch year after year. William Knight talks
to the big guy's very secretive CIO and finds out it's not always
eternal joyfulness at Christmas HQ.

As interviews go this was not hard to arrange. Some weeks ago I'd said
it would be interesting to meet Santa's CIO and he must have been
listening because late one evening the door bell rings and an
immaculately dressed chauffeur asks me if I'd like an interview.

A huge limo is parked under the street lamp and circling exhaust fumes
create a mysterious vignette. I note the number plate "RUD 0LF", just
as the rear door opens and the chauffeur ushers me through.

Inside, deep in white leather upholstery, sits an archetypal business
man. No beard or red hat, just a dark suit and plain tie, with a lapel
pin in the shape of a small Christmas pudding.

Ünter Klaus is CIO of Christmas HQ, and as the mist billows round the
windows and the car sets off he explains how his responsibilities
centre on the NGBS (Naughty Girl & Boy System) with its billions of
records.

The reality of Christmas HQ is far from the pixies and fairies
wonderland described in legend. Klaus must manage the terabytes of
data and facilitate the Big Day (BD) or Christmas Eve. "We have
tremendous organisation, logistics and planning for each year's
timetable," he says. "I must make sure each child gets only what their
record demands."

The size of the job is impressive and while delivery is run with
Santa's special abilities IT must rely on its own resources. "Magic is
very expensive and hard to control," says Klaus explaining how it
requires technical expertise to wield magic effectively. "Things can
go very wrong without the right level of support, maintenance and
specialist staff.

"We recently implemented a Magic Oriented Architecture (MOA) but had
enormous difficulties integrating NGBS. The project has been a major
compliance exercise, but no matter what products say on the box, we've
found there's no silver bullet."

Compliance is Klaus's top item. Christmas HQ runs via many
organisations world wide and each has its own requirements. Even
though the enterprise is beyond any single jurisdiction they must
still respond to requests from subsidiaries and pressure is escalating
due to ever-more financial products given away in Christmas stockings.  
"Kids don't just want chocolate and model cars," he says. "They have
sophisticated tastes we have to cater for."

The UK's data protection act caused tremendous problems. "We were
inundated with requests from upset little boys and girls who believed
Santa had got it wrong; that they had in fact been good," he says.  
They have been forced into a massive record management program and
employ hundreds of data entry staff at head office.

On cue the car door opens and we step into a huge white-walled
computer centre. Giant icicles hang majestically from the ceiling and
rows of decorated Christmas trees serve as partitions between cells of
busy workers tapping at their workstations. I wonder at the mix of ice
and electricity, but though the temperature is mild - most of the
staff were wearing T-shirts emblazoned with "Team Santa - Delivering
IT for Christmas" - the ice isn't melting.

I follow him along a partition to the bank of a babbling river running
right through the middle of the building. He stops at the entrance to
a foot bridge and swipes an ID card. A tinsel-clad barrier rises up to
let us through.

"On one side of the bridge we have the technicians," he says, "and on
the other the management." He stops in the middle and points to group
of Elf consultants constructing another crossing further downstream.  
"The consultants tell us to build bridges between the business and the
IT department, that we sometimes misunderstand each other."

We settle in an open-plan lounge on the far side of the river and
Klaus describes why communication is so important. "Each year we have
to finish by first light on 25 December - there is no option.  
Misunderstanding causes delays so we are always building more bridges
between the camps."

His request to move to a building without a river has been postponed
for another year and Klaus has to deal with the realities of the
situation. "Each year's BD is the goal. We have to remain focussed,"  
he says.

The rigid timetable and communication overhead creates formidable
pressure and despite the wonderful surroundings and holiday
atmosphere, this can throw up mavericks. Klaus relates an incident
when the NGBS was updated with thousands of bogus records. "We had
sacks of toys and gifts delivered to a warehouse full of mock-up boys
and girls. It was a terrible scam," he says. "We only found out when
our gnome-built produce was listed on eBay the day after Christmas."

They traced the perpetrators through a hacked server on Christmas
Island and to a dacha on the black sea. It turned out to be
disgruntled contractor Gnomes annoyed at being left off the Christmas
party guest list because they weren't permanent staff.

Klaus talks of other threats and stresses his belief in careful risk
management. To illustrate his point he pulls out a risk list showing
"Incompetent Management" at the top. He laughs when I point it out.  
"Oh! I have them mixed up, this is the anonymous risks," he says and
searches his pockets for another list. "This is it," he says. "The
Christmas number one is always rather predictable I'm afraid." The
list shows "Skills gap" at the top and a mitigation of "Identify
training requirements".

His staff are capable of solving most technical problems so when they
identify areas that need better skills they order a book from Amazon,
he says.

The talent of his staff is hard to dispute. The RFID system - that's
Rudolf's Indicated Direction - was created by a genius developer in an
afternoon. "It uses a GPS system cross linked to the NGBS and a Neural
Net finds the best route for Santa to take on the BD. The optimum
route must consider sleigh loading, distribution points, weather
patterns - all this is too complicated for procedural languages."

Results are transmitted via an encrypted, always-on XMas Link (XML) to
the big guy's monitor, and so far the system has never broken down.  
But now the genius developer involved has left the company without
writing anything down they daren't touch it. "Nobody is quite sure how
the RFID works," he says, "so we don't mention it at project meetings
and we never reboot it."

Other programs have been bolted on the side of the RFID so now they
aren't certain if results comes from RFID or not. "Without it Santa's
job would be impossible," he says. "We can never replace it or change
it."

He shrugs and reluctantly admits that an IT system has dictated how
the business works. He hopes that one day they'll get the magic budget
to fund a replacement, but in the meantime they have too many fixes to
make in all the subsidiary systems.

Despite the difficulties Klaus has an enviable record. For thirty
years, not one deserving child has been missed from the Big Day's
delivery and he credits his hard working staff and the dedication of
the Boss. "We have a no-failure policy," he says. "We understand the
situation and we work to it." He hopes that other CIOs can look
forward to perfect deliveries at Christmas and wishes everybody a
happy new year.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Fri Dec 24 2004 - 03:59:40 PST