Security swallows the CEO

In an era when security breaches hog the headlines and companies scramble to protect corporate data, in some ways I’m grateful to work for a CEO who emphasizes the need for security. But there are drawbacks.

We’re a small business with a correspondingly sized IT staff, and “Jim” often springs yet another of his security concerns on the few of us. For example, one time someone sat outside the office next door, waiting for it to open while typing away at their laptop. Jim saw this and panicked, assuming they were there to “hack” our servers and ordered that I immediately check the network for intrusions. Needless to say, nothing was wrong.

[ Also on InfoWorld: Can you guess what the worst tech screwups of 2012 are so far? See Cringely’s top 10 list. | Follow InfoWorld’s Off the Record on Twitter for tech’s war stories, career takes, and off-the-wall news. | Subscribe to the Off the Record newsletter for your weekly dose of workplace shenanigans. ]

Another time, someone described to him how a “memory leak” caused a random crash of their systems. Now whenever a computer slows down or anything crashes at our company, Jim orders the IT staff to drop everything and find “memory leaks.”

Then there’s our server room, the subject of one of Jim’s latest spells. We have an amazing setup for a small business, if I do say so myself. The space itself has its own AC and humidity control, and the servers are locked in a cage within the room. No one here has ever unplugged the servers, due to the power outlet’s placement within the locked server cage. The door into the room has double locks, and a motion sensor alarm goes off whenever the door is opened.

Jim is deservedly proud of the server room, and appearances are important to him. Ironically, for someone so guarded about security, he’s quick to throw open the doors and give prospective clients a guided tour. At the same time, he wants the nightly cleaning crew to keep out, which wasn’t happening, and the crew kept setting off the security alarm.

The CEO’s security solution

Jim came up with a “solution,” one in which he insisted on being the sole person on the alarm contact list for “security reasons.” Soon, he was getting called several times a week, wasn’t sure what to do, and finally brought up the topic in casual conversation with me when he complained about lost sleep. By then, almost an entire year had gone by without IT knowing of the problem. The only actions Jim had undertaken in the meantime were to make several official, yet ineffective, complaints to building management. Now it fell to us in IT to assess the situation.

We considered the circumstances: The door to the server room was unmarked and looked the same as any office door in the facility, and building policy didn’t allow us to change the lock or install a different entry system to the room. To make matters worse, this building changed cleaning crews more often than I change socks, and the successive cleaners exchanged no warnings about the alarm. We asked the building maintenance manager to tell cleaners to stay out, but to no avail.

Sign of the times

One recommendation we gave Jim was to put a sign on the door alerting people that an alarm will sound if the door is opened and to keep clear. Jim was resistant for reasons he didn’t immediately disclose, but after more late-night calls, he agreed that a sign on the door was the answer. He had one made by a custom sign company, and the day it came in, Jim excitedly showed it off. The sign was small and simple, black text on white background, and said, “Authorized Personnel Only.”

We voiced our most immediate concern: Cleaning crews are authorized personnel. They have keys to every room in the building. Jim assured us it would do the trick.

He was wrong. The alarm went off as often as it had before, so we mentioned getting a larger and more noticeable sign, again recommending the “Keep Out: If Door is Opened Alarm Will Sound!” variety.

Jim rejected this idea and finally he told us the reason he was so hesitant: “I don’t want people thinking there’s something important in that room and break in.” Head meet desk, as they say.

So we’re back to Square One and can’t seem to come up with a solution that satisfies him, despite all our points about the ultimate inefficiency of his stubbornness. Sure, the servers are still secure within the locked cage inside the alarmed room, but the building managers won’t budge on their policies and the cleaning crew keeps opening the door.

In the end, we spend far too much time soothing Jim’s nitpicky and sometimes unfounded concerns rather than tending to the company’s overall security. But on the bright side — if you can call it that — we get somewhat regular tests to our security company’s reaction time, and I never have to be the one to pick up that call or pay the bill.

Do you have a tech story to share? Send it to offtherecord@infoworld.com. If we publish it, you’ll receive a $50 American Express gift cheque.

This story, “Security swallows the CEO,” was originally published at InfoWorld.com. Read more crazy-but-true stories in the anonymous Off the Record blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.