Voir en


Computer Security: A new departmental car service


…with the cars painted in the favorite colour of the corresponding department head; an individual restaurant per department with the menu voted on by that department’s staff and users; each group with its own key and lock management system, using different techniques and lock sizes; separate badge systems, one per experiment, incompatible with each other and using different implementations; different power sockets following different national standards for different buildings; and, last but not least, different working hours for every section of CERN.

Indeed, that would all make… no sense! The cacophony of different services providing the same commodity – cars, food, keys, badges, electricity – would just be immense and would provide no overall significant benefit to the Organization. Instead, centralised services are paramount. They enable CERN to benefit from synergies and efficiencies when they are run by a group of specialised professionals with a pool of in-depth knowledge and experience, and hence save money and resources. In addition, centralised services allow the service managers to follow a high standard of implementation, ensuring redundancy, business continuity, compliance with CERN or host state regulations like the data protection rules, and integration with other services run at CERN. They can also benefit from additional (usually costly) features such as 24/7 service and Service Desk support.

This is all reasonable and rational in the physical world and at CERN there’s just one car service, one key and lock service, one access control service, one electricity standard and one restaurant provider. And we usually accept that CERN cars are white, the badges are credit-card sized, the power sockets are Swiss, and the restaurant serves those particular menus. So why do we have “shadow” IT at CERN and a cacophony of different non-centralised IT systems?

Why is it OK to violate CERN’s data protection needs and forward e-mails to external e-mail providers? Or store them on external cloud services? Why do some individuals buy fancy third-party presentation software instead of using whatever is already available at CERN? Why do we have the same application stack being run in different corners by different people? Why do we need Joomla when we have Drupal and WordPress? Why do we have many different (external) solutions for questionnaires? Why do we store meeting minutes and presentations in the “wrong” storage systems? Just as for physical services, centralised services are paramount!

Whenever you need an IT service, please check CERN IT’s software portfolio first. Whether you want to manage your conferences, meetings and minutes, would like to set up a website or database, need storage space or a virtual machine, the IT department, but also the EP-SFT and FAP-BC groups, provide you with a range of centrally managed IT services run in a professional manner, guaranteeing data preservation, security, business continuity, high availability, data policy compliance, and integration with CERN’s Single Sign-On. All central IT services are listed here. In addition, dedicated licences are available for a wide variety of office and engineering software packages and for control software. If these do not suit your needs, please contact the CERN Cloud and Software Licence Officer to check your options and, if needed, agree to make a central purchase.


Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.