The past two years have brought a lot of new computer-security deployments at CERN. Spurred on by the 2023 cybersecurity audit, the Computer Security Office in collaboration with the IT department deployed silver-bullet 2-factor authentication to CERN's Single Sign-On; new and enhanced SPAM filtering, email quarantining, and anti-spoofing protection; and subsequently 2FA protection for LXPLUS and the CERN Windows Terminal Servers, among many others. 2026 will bring improved and more granular network filtering to the Technical Network and, later, between the Campus and data centre networks. As with many security measures, some of these were not the most user-friendly for the CERN community, as this is not in the inherent nature of "security", which usually introduces inconvenience (as does locking your door, going through security scans at airports, using a PIN at the ATM, signing for an Amazon delivery, etc.). Still, we tried our best.
And this "our best" was usually constrained by existing and non-existing technologies, incompatibilities between them, or the risk of vendor lock-in; by CERN IT's current software stack and service provisioning, resources and budget, as well as by the cacophonic usage and the plethora of different use cases of our heterogeneous user community; by legacy usage, non-compliant usage, extremely creative usage, and very many special cases. Starting with a clean slate would have made many of our deployments better, more user-friendly and more convenient. Actually, we would have loved to! But there is no such thing as a "clean slate" in a 70-year-old organisation with many established IT services (provided by the IT department but also by many other CERN departments) in place, and operating 24/7 with very few occasions to have a calm moment for roll-out. So, we had to fit every deployment as best we could into the current environment at CERN. And we strive to do even better!
For this, however, we need your input. Data. Numbers. In order to see how frequent the problem is, to prioritise, to find quick mitigations and workarounds. Rumours and gossip in the corridors don't help. Neither do rants at coffee, in the cafeterias or in CERN's restaurants. We need facts and details on what works and what doesn't in order to further improve. But rumours, gossip and rants don't provide that. They don't answer our calls. They just stick around silently without any hope of getting improved or even fixed. And that is a pity.
