Yahoo gets 'Paranoid' about IT security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures! =

Premier 100: Yahoo gets 'Paranoid' about IT security
Company embeds select team of security staffers in operating units,
CIO says
Eric LaiA0=C2=A0Today=E2=80=99s Top Stories=C2=A0A0 or=C2=A0 Othe=
r Networking and Internet
Stories A0


    Gartner Webinar: WAN Acceleration Scalability Requirements
    Internal Virtualized Storage Platforms -- Silverpop leverages leading-
edge technology to keep up with rapid data-growth
    Improving Vulnerability Management with Penetration Testing

    Cost-Effective High Availability with Veritas=E2=84=A2 Cluster Server
    An Assessment of CMDB Adoptions and Priorities in 2006
    Network Access Control Technologies and Symantec Compliance on

    Voice-over-IP will dominate the enterprise in the next few years -
are you ready?
    Security and Device Management
    IP Communications

March 06, 2007 (Computerworld) -- PALM DESERT, Calif. -- One of the
most important IT teams at Yahoo Inc. is a globally dispersed group
with a name more fitting for a punk rock band.

The Paranoids is a small, select team of techies who are embedded into
each of Yahoo's engineering and product management groups and
collectively provide a "big voice" that constantly is arguing for
better IT security, according to Yahoo CIO Lars Rabbe.

"We felt strongly that security can become an afterthought if it's
created as a separate organization," said Rabbe in an interview Monday
after speaking at Computerworld's Premier 100 IT Leaders Conference
here. "We thought it was important to make it part of the process, so
that security becomes part of the job, so that every developer looks
at it and thinks about it."

To ensure that the Paranoids aren't treated as deadline-busting
killjoys, the team is strongly endorsed and supported from the top.
And many members are "very well-regarded technically" within Yahoo,
Rabbe said. For instance, Rasmus Lerdorf, the original creator of the
PHP open-source scripting language, is a member of the Paranoids.

Security is only one area in which Rabbe, who has been CIO since 2003,
and his 350-member IT team stand apart from the ones at many other

For example, Rabbe's team is often called on to help evaluate
potential acquisitions80=93- not just how much time and effort it would
take to integrate a company's systems into Yahoo's global network, but
also the quality of the services it offers.

To optimize the operation of Yahoo's servers in 25 global data
centers, the IT staff has created proprietary file systems that, along
with heavily customized MySQL databases, can process more than 13TB of
data each day.

During his time at the company, Rabbe also has improved Yahoo's data
redundancy, such that "all important pieces of info are stored in at
least two, and often three, geographically dispersed locations," he
said. The IT group is also working hard to eliminate tape backups.

All of those technical achievements by Rabbe's IT staffers surely must
have impressed their engineering peers, right? Not really, he said.

"In most companies, IT is revered as the holder of the black arts,"
Rabbe said. "At a technology company like Yahoo, everyone thinks they
can do your job better than you."

To cater to his end users and help maintain Yahoo's engineer-friendly
climate, Rabbe tolerates all manner of operating systems and
applications that a CIO used to a more traditional command-and-control
environment might not. In addition to typical setups of Windows,
Office and Internet Explorer, Yahoo's IT team has to support Macintosh
systems and PCs running various flavors of Linux, and make sure that
Web-based human resources applications don't break on the Opera Web

Rabbe downplayed the impact of a recent internal reorganization at
Yahoo on the IT unit. "It's the first major reorg we've had in five
years," he said. "It doesn't change that much for us on the back end.
We just need to stay close to the business to help them get to market

Site Timeline