Monday, June 23, 2008

The "IT admin bad guy"? Not sure I buy it much..

The recent survey on IT Admins misusing privileges might be accurate - but am not sure I buy it much. I'd like to see some of the questions as well :)

Most of the IT admins I have met with have a sense of the responsibility that comes with their power. True, there might be some bad eggs or apples in the bunch, but overall I think they are ethically sound people.

This is like implying that since the guard to the safe has access to it, he/she might be taking advantage of that ability. My view is that the state of technology is (or was) such that there is no way around it - there had to be someone who has access.

However, to get this monkey off the back of IT admins, all they have to do it install technology that creates isolation between content and infrastructure. IT admins don't lose anything - they get their work done, and they wont be scapegoats for leaked data or bear the burden because of a few rotten apples.


Rob Lewis said...

Two comments:

If one thinks in terms of information-centric security or even multilevel security, IT people can retain system and network privileges to maintain networks without having access to data in work groups.

The greatest tool to prevent insider abuse in the tamper proof audit trail.
People with access are authorized to use that data for only certain things. If an authorized user attempts an unauthorized use of the data, he will hang himself by the audit trace that can not be altered to cover one's tracks.

Manu Namboodiri said...

Rob - agree absolutely. I do think a log and audit trail is absolutely critical.

In an information-centric or data-centric world, the protection and audit policies are part of the data (or meta-data if you will) and this makes it easier to track, audit and more importantly deter bad behavior...

Rob Lewis said...


We do not use meta-data. We rank code, devices and users for integrity and enforce at the kernel level. If you rank code higher for integrity, than all users, including the security officers and admins, then no one can alter code.

Let me ask you this? What governs the meta-data? How do you know that it is not being altered? Do you have a secondary infrastructure just for this? Actually, integrity rankings can be used here as well.

The thing most people do not consider is that meta-data is a potential covert channel in itself. It is only one way to do things.

Manu Namboodiri said...

Meta-data is any data describing the policies of what can be done with the data - this can be protected via integrity checks. Not that hard.

The hard part is getting the policies to "persist" with the data itself - and this is the key. If you can track and enforce policies that remain with the data regardless of where it goes and rests, now we are getting somewhere.

And these policies can also have fine grained ACLs which can deny IT admins the rights - while allowing content owners to access it. All the while integrating with a robust and integrity checked log/audit trail.