Article in the works: trusting your administrators
At TechEd US this year Jesper and I noted a new worry many of you were having: trusting your administrators. Or, more accurately it seems, an inability to trust your administrators. This is troubling, since these are the people who have unfettered access to pretty much everything in your network. Seems that it's time for an article on the topic, so look for it in the upcoming July security newsletter.
Speaking of articles: if you've got ideas about something you'd like to see in an article, please let me know! While I'm full of opinions, I want to make sure I'm giving you the information you need. Drop me a note with topics that interest you. Thanks!
Existing stuff:
Security Management columns
Security newsletter for IT pros
What's new on TechNet about security
Comments
- Anonymous
June 21, 2005
I really agree on this article.
I encounter many times for this issues.
I hope there is a real good article about this.
do not use EFS, which is too complex for users. do not relay on delegate control only!
many customers think it is complex.
thanks. - Anonymous
June 23, 2005
I think most boss just don't want Admins visit their files.
Never let admin complex. ^_^
If some way can encrypt these file by thirt-party (I means not by Admin, eg: passport or infocard), and easy to use, may be can resolve this problem. - Anonymous
July 11, 2005
As a consultant for big telcos, I come across this all the time. Telco's like many other businesses are big enough that their web properties and internal properties are not managed by a single group. It is a mixture of business unit admins, OS admins, hardware admins, operations admins, etc. Through in a network guy or two for good measure, and what a mess. None of which trust each other.
We usually find a happy medium to setup group rights/permission to have each group get their job done. But the thing that I see more than anything is that they use a single user to login everyone in their group (ex Bob, Bill and Steve all use the OpsAdmin account to login).
** EVERYONE NEEDS THEIR OWN ACCOUNT ** This is the first step in developing "trust" when you can hold individuals accountable for good and bad things.
BTW, nice to see your blog Steve. - Anonymous
July 16, 2005
The comment has been removed - Anonymous
July 17, 2005
I echo the comments of Bruce McNiell.
Corporate culture everywhere pines for the loyalty and commitment of the old days while ignoring the facta that: a)they display none; b)in the old days most companies returned loyalty. Staff used to be viewed as more than operating costs.
Many IT staff now call for Unions citing the same abuses that labour and all other sectors report.
What do companies want for nothing? Most people understand companies go south; but in that case human resources should be the last to go and after that lay off across the board from the mail room to the board room.
You might regain loyalty that way; especially if you didn't waste half your money in the first place.
They might further consider their own productivity, their own byword: Get rid of 90% of non-productive middle management no matter what they are named. This is per capita where the most operating capital and GNP bleeds out for the least return. Business continues in spite of these people, not because of them.
One last thought: Considering the plethora of creative management titles and staff, why don't they do their own admin instead of dumping it on people that have work to do? That's why they're there, supposedly. - Anonymous
July 18, 2005
The comment has been removed