The recent mad house scene that played out with the city of San Francisco and its IT administrator, Terry Childs, has once again brought to the forefront a long neglected bane of most enterprises - the concentration of responsibility and knowledge of critical systems, especially technology systems in the hands of one individual and the attendant crisis that follows if an emergency arises.

The main issue the San Fransisco incident raises is that of trust, namely, how much trust should corporations place in the custodians of their technology infrastructure? The dilemma here is that organizations, enterprises and even small businesses who use consultants have to place some level of trust on these "employees" and expect them to act honestly and ethically. There is also the expectation and indeed, knowledge that at some point, such employees may pose certain risks to the system. A recent survey by InformationWeek found that about 53% of business executives considered authorized users and employees one of the greatest threats to their systems. In that same study, 43% of all employees were considered the greatest threats. The bottom line is it only takes one bad apple to make all of us go squeamish. It is my belief that most employees are indeed ethical, honest and have the best interest of their employers at heart.

It is almost impossible to totally control the mischieveous tendencies of some errant employees, especially if such employee is highly knowledgeable as was the case of Terry Childs in San Fransisco. The more important question in this case is the rather puzzling negligence of the city of San Fransisco. Why would such a large city fail to put in a system of checks and balances? What hold did Childs have over the city management to make them fail to implement strong authentication systems? What happened to the use of change management processes that could have alerted others about the out-of-norm activities of the IT Manager? What happened to use of teams in managing an obviously large infrastructure like the one owned by the city of San Fransisco that included an expensive FiberWAN project? Did the city managers, auditors and advisers not know about cross-training? Could they perhaps, have tried to spread responsibility for the IT systems over a few people as opposed  to relying on one person? Did Mr. Childs ever go on vacation, and if he did, how did the city manage when he was gone? The answer to a lot of these questions will unravel in the coming months, of that we are very sure.