In terms of threat potential, Fred is off the charts. In order to do his job, he has essentially uncontrolled access to all computer resources. Fred can damage software and data in obvious or subtle ways. He can wipe out users, steal data, and wreak almost unimaginable carnage.
Fortunately, the vast majority of system administrators are conscientious, professional and honest. They are a force for good, committed to keeping systems running smoothly, data protected, and users productive.
Fred is a risk to system integrity in two ways – accidentally and deliberately.
Most of the time, the greatest threat from Fred is that he doesn’t have the resources he needs to do his job or that his hands are tied by management edicts. These factors can cause system administrators to do (or not do) things that threaten system integrity and security. If Fred is denied budget for proper backups, data is at risk. If Fred is ordered to punch a hole through the firewall to allow sales people access to the orders database, without VPN and proper authentication, systems are at risk. If Fred is ordered to allow contractors access to internal networks – see the Target case – the entire network can be exposed.
In the Target case it isn’t clear if the issue was do to a network design problem or if there were orders to provide this access. This would be interesting to know.
If Fred does go bad, there is almost no limit to the damage he can do. Even if he doesn’t compromise systems he can commit identity or credit card theft or steal company – or even national – confidential data. I don’t think I have to do more than mention the name Edward Snowden…
A number of things can be done to mitigate the threats that Fred presents:
- Recruit and hire system administrators carefully! Look for proof of integrity as well as technical skills.
- Ensure that your sysadmins have the training, resources and management support to do their jobs.
- “Trust but verify.” Have regular system audits. Ensure that system access and changes are logged to a secure remote logging server. Look at the log files! Apply technology, process, and people to maintaining the integrity of system management.
- Divide responsibilities. Large companies will have separate organizations responsible for systems, networks, storage and applications. Divide up the work and accountability to address both functional and system integrity needs.
- Focus on detection, mitigation and remediation more than prevention. Go talk to your colleagues in Finance – they have hundreds of years of experience working with high value systems. You will be surprised at what you can learn from them. They have evolved a model that is designed to prevent theft and misuse where possible, to detect it when it does occur, and to minimize losses. They are aware that you can’t stop everything while keeping the business going – but you should be able to minimize losses and to discover things eventually. Find out how they do policies and procedures, the ethical and business guidelines they follow, how they implement internal controls, and how they balance risk and cost. Hint: it isn’t worthwhile spending $10,000 to stop $20 in losses. But if someone is stealing $10 here and $10 there, you want to find out about it before it grows.