CXO investigate

Time to tighten up on sysadmins? Ten tips for safer IT management

Systems administrators are human and make mistakes...

...clear text, especially when using services like Telnet. This approach provides easy pickings for hackers, so all such transmissions should be encrypted.

Tip 6. Back up all IT devices

The failure of IT devices is inevitable. What is important is that they can be recovered and up and running again as soon as possible. Most organisations are diligent about the backup of servers. They are less rigorous about the backup of network and security devices, the failure of which can be just as damaging to IT access.

Such devices should be backed up regularly and at least every time their configuration is changed. The backups should be stored securely, to prevent them being stolen and used to clone the original device. Automating such backups is the best approach.

Tip 7. Limit sysadmin access to data

To carry out their jobs, sysadmins need access to systems data, not business data. All too often, their wide-ranging privileges have given them access to both. This approach is unnecessary. To protect the data and sysadmins from the accusation of abusing their position of trust, the scope of their access should be limited.

It can be done with the right tools. Cloud service providers have to observe this distinction, managing their own infrastructure while respecting the confidentiality of their client's data.

Tip 8. Safe disposal of old devices

All IT devices carry potentially useful data to hackers. Firewalls, load-balancers, content filters all contain various network-access settings and user details along with system log files.

All devices have an end of life, so before disposal it should be ensured that all such data is safely deleted or the hard disks involved destroyed.

Tip 9. Be ready for the auditors

Auditors take a particular interest in the actions of privileged users for many of the reasons already outlined. As well as being able to associate a given sysadmin with his or her actions, a full audit trail for the admin history of a given device should be kept.

Maintaining this trail is only possible if access to the device is controlled and the tools that provide access keep a record with the necessary level of detail.

Tip 10. Free sysadmins from drudgery

Part of the reason why sysadmins make mistakes is that many of the tasks they have to carry out are mundane and repetitive. Automating as many of their tasks as possible and having the tools and procedures in place to allow safe delegation to junior and temporary staff can relieve some of the drudgery.

It leaves sysadmins free to focus on more productive tasks that increase the value IT provides to their organisation rather than just fighting to keep the lights on.

Want to see the full research? Quocirca's report Conquering the sysadmin challenge is freely available to silicon.com readers.

Bob Tarzey is a director at Quocirca, a user-facing analyst house known for its focus on the big picture. Made up of experts in technology and its business implications, the Quocirca team includes Clive Longbottom, Bob Tarzey, Rob Bamforth and Louella Fernandes. Their series of columns for silicon.com seeks to demystify the latest jargon and business thinking.

About

Bob Tarzey is a director at user-facing analyst house Quocirca. As part of the Quocirca team, which focuses on technology and its business implications, Tarzey specialises in route to market for vendors, IT security, network computing, systems manage...

0 comments