Control your sides!

Control your sides!

Hello there my Darling Data Protectors! Hopefully this week is filled with departmental donuts (the best kind of donut!) and may all your downtimes be scheduled! Today we will be talking about a security and business continuity concept that sadly only becomes apparent when bad things happen...Controlling your data.  Without control of your data, you literally have no Intellectual property. I mean, you can think you own your data, but if your source control (for instance) is run under your developers personal account, then you only own that data as much as you and the developer are in good standing. If you ever part ways, then you suddenly have no guarantee that the IP is yours!

Boooooooooooooooooo!!!!

Todays topic comes on the day that I read about an upcoming bankruptcy. This particular bankruptcy is for a car...a car today is essentially a moving data center. A data center whose code is updated over the air.  So lets say we have a zero day that was discovered in the underlying OS, the developers patch, test and then update the software over the air (LTE/5G)...This all assumes that the source code control software (Source Control) is accessible.  There are all sorts of legal requirements for this data as it literally can mean the difference between life and death as it controls the car itself!

This got me thinking...so what happens if said car company has an "outsource first" paradigm and that all the code was controlled by a 3rd party vendor? What then? What happens with the current clientele...what happens if the car needs to be flashed again? Since bankruptcy will completely take out the "over the air" transmission since no one is paying for if. How can the thousands of customers who already have sunk tens of thousands of dollars into their car, how can they can move forward when the company eventually dies?

 

Before I continue… everything in this blog post are my daydreams and conjecture. Nothing written in this blog refers to any real company.  Its all my day dreaming of horrible architectures and how they would impact a bankrupting business.

In previous instances of bankruptcies or automobile companies, there are always service people who form support companies for the short term.  Most famously the Fisker Karma service team grouped up set up a company to service the existing cars.  This helped bridge the support needs for the Fisker Karma community until the buyout of Fisker by Wanxiang...this is a benefit to the car owners and really was paramount to a (somewhat) painless transition out of bankruptcy!

 

Now what happens if the company doesn't own the system that the source code is housed in?  Then what? Well, then that company doesn't own their own intellectual property. If your company is essentially a "management only" company with the independent contributor work (the real work) completed by outsourced teams, then at the very minimum, you need to control the systems where all the work is created. 

Product lifecycle management (PLM) tools to control the CAD data....source control software to control the source code...ERP to control the business/financial data....HR software to control the documents that can easily become multi-million dollar lawsuits!  you get the idea...at the end of the day, whomever architects an "outsource first/management only" type company without control of the systems, has failed horribly at their job and should only manage Access databases or should answer phones for the real IT people.

Also another aspect of Source Control software is...the control. Its one thing to allow outside contractors to have more control of your IP than you do...but lets say one did something even more braindead...they used source control software that is not meant to control source code...lets say someone architected source control software on...SharePoint! Controlled the over the air push using something like power automate.

What then? The data isn’t really yours in this case either In that you created a massive gaping hole for your source code to leave the building.  I am one SharePoint backup away from owning your data if I were a tech who knew their job was ending due to an upcoming bankruptcy, theoretically speaking, of course. If I didn't want to expose myself i would recover the data from the backups...Using a system built for one function and shoe horning a solution works great in mom and pop shops...but not so much with global manufacturing companies.

Now, let’s hope all my daydreams of bad architecture remains in thought form… I can only imagine what damage a company going into bankruptcy, one whose data might be the difference between life and death of the person driving the car… what damage all of this uncontrolled data can lead to. Let’s hope no one is as shortsighted to not have proper systems, controlling all of the important, intellectual property and meta data that accompany generates.

Poor control of your data can lead to lawsuits, and worse. If you were to ever to listen to Doc Holligray (me), please listen to this… The only way you have control over your intellectual property is by controlling your data. Contractors will not treat data with the respect that you will vendors during bankruptcy will make getting access to that data almost impossible. Can easily be leaked, resulting in poorly written source control that might actually end up with a loss of life.

Lastly, if the vertical you are working for is beholden to governmental frameworks (like say for instance...NHTSA in this theoretical  day dream of horribly architected systems), where one has to hold records for years without some type of government agency making your life even more interesting...if the company was beholden to such a framework, how can one state that they can deliver on their responsibilities if they don't control their IP? One could not.  One should be expecting a visit soon by government authorities.

Hopefully I have made a good case to better control your date. Its one of the small paradigms that separate IT professionals with true enterprise experience and who actually care for the company vs than the "yes men" you can hire that will allow you to crash and burn. I know as a CEO that it might feel binding to be beholden to IT regulations, but there's normally a reason for all of those rules and policies.  Listen to your team and don't open yourself up to a visit by a man in black asking questions about how you handle your data. Whew!

The last thing one needs while going bankrupt is the fear that you need to produce data that you don't control.  Terrifying!

Anyhow, Back to reality. Oh, there's goes gravity! No more daydreaming… It’s time to get some work done. Thank you all, until next time.

 

Want to learn more? Contac Us!

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.