Matthew Pollicove

I got this "joke" email from a family member, which I think proves some interesting points in the field of Identity Management, especially where governance controls are involved:

Outside the Bristol Zoo, in England, there is a parking lot for 150 cars and 8 coaches, or buses.

It was manned by a very pleasant attendant with a ticket machine charging cars £1 (about $1.40) and coaches £5 (about $7).

This parking attendant worked there solid for all of 25 years. Then, one day, he just didn't turn up for work.

"Oh well", said Bristol Zoo Management - "we'd better phone up the City Council and get them to send a new parking attendant..."

"Err ... no", said the Council, "that parking lot is your responsibility."

"Err ... no", said Bristol Zoo Management, "the attendant was employed by the City Council, wasn't he?"

"Err ... NO!" insisted the Council.

Sitting in his villa somewhere on the coast of Spain, is a bloke who had been taking the parking lot fees, estimated at A£400 (about $560) per day at Bristol Zoo for the last 25 years. Assuming 7 days a week, this amounts to just over A£3.6 million ($7 million)!

So what's the point here? Without governance controls anyone can come in and rule the roost. There is no accountability, control or record. I know I've been harping on this a lot lately, but it just seems to me that if controls are not in place and a means for reviewing the implementation and usage of the controls, anyone can walk away with the keys to the kingdom as it were.

This is much like what happened with Abdirahman Ismail Abdi or even Terry Childs, both of whom I have commented on before. If either one of them had been subject to some sort of governance process it would have been much more difficult for them to execute their schemes.

After all, you know what they say, "a million here, a million there and soon we're talking about real money."