Microsoft’s sixth law of Immutable Laws of Security states that “a computer is only as secure as the administrator is trustworthy.” How does your administrator rank on the trust scale? Working with systems/network administrators in my security assessments – and having been one in the past – their level of access is typically unlimited. And no one seems to be watching.
I’m not saying you should micromanage your IT folks; that’ll only run them off. But don’t let your guard down either. There have been some highly-publicized cases of admins doing misdeeds or simply being sloppy with security when they shouldn’t have been. This is probably something you’re not ready to take on.
If you’re a business manager or internal auditor, never lose sight of the fact that the master key to everything electronic is in your administrator’s hands. It seems obvious, but it’s something many take for granted, trusting that all’s well in IT-land just because the administrator says everything’s okay. That’s not always the case.
For further reading, I delve into this topic further in the following piece I wrote for SearchWinIT.com:
Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with Atlanta-based Principle Logic, LLC and a contributor to the IT Watch Blog. You can reach Kevin through his website at www.principlelogic.com and follow him on Twitter at @kevinbeaver.