Business Issues -> Compliance
By: Bob Tarzey, Service Director, Quocirca
Published: 20th December 2011
Copyright Quocirca © 2011
For IT users, the most important things are the applications that enable them to do their jobs and the devices they access those applications from. However, system administrators (sys-admins), responsible for ensuring end-user devices can link to the applications, know it takes a lot more in between. Resellers know this too; selling both the high and low profile equipment is their bread and butter. What resellers may not realise is the extent to which their customers fail to manage much of their equipment securely and effectively and the additional opportunity this represents.
A new Quocirca research report—Conquering the sys-admin challenge—underlines the extent of the problem. It looked at three broad areas: the management of privilege, the ability to automate sys-admins' tasks and ensuring compliance.
The over-granting of privilege is a common problem; sys-admins are often granted access to more equipment than is necessary and they often have access to data they have no need to see (Figure 1). This is a problem, not because sys-admins are innately malicious people (although a few have turned out to be) but because, just like anyone else, they can make mistakes.
Errors made when acting under privilege can have a serious impact on the availability of IT systems. For example, the failure to backup up a server properly (or at all) may mean data is lost and a project is put back by days or weeks; wrongly reconfiguring a network firewall may lead to remote users being locked out of systems they need to access; or spinning down the wrong disk volume for maintenance purposes may leave an email server out of action.
The new research shows that the average sys-admin's error rate is about 7%. One way to reduce error rates is better management of privilege. To achieve this it is necessary to have tools in place to manage the scope of privilege access, limiting the range of data and devices a sys-admin has access to and the time they have access for.
There is another way to reduce error rates—more automation of sys-admin. Many tasks are mundane and repetitive. A good example is data protection, most organisations regularly backup file servers and many have automated this. However, other devices need protecting too and it is less likely that the settings of firewalls, routers and load balancers are backed-up (Figure 2). This is important for ensuring a quick recovery in the case of failure and the task is an easy one to automate with the right tools. Other tasks can also be automated, including the gathering of data for audits.
This brings us full circle, because one area that auditors are keen to see IT departments have control of is the use of privilege. Some standards are specific about the management of privileged users. One of the controls in the IT service management standard (ITSM) ISO 270001 states, “the allocation and use of privileges shall be restricted and controlled”. The Payment Card Industries Data Security Standard (PCI DSS) recommends, “auditing all privileged user activity”.
Many organisations do not have the controls in place to make sure this required data is gathered. Indeed some admit to appalling practices, in particular the uncontrolled changes to sys-admin procedures immediately prior to audits, which then lapse following the audit. Over two thirds of respondents admitted this happened at least occasionally; for some it was a regular practice (Figure 3).
When it comes to helping customers with the management of privilege, the automation of sys-admins and ensuring compliance, resellers can take one of two approaches. They can either ensure the tools to do their job are available as part of their portfolio or they can use such tools themselves to provide managed services. Vendors that focus on the management and privilege and the automation of IT include Osirium (the sponsors of Quocirca latest report), CA, Cyber-Ark, Quest Software and Lieberman Software.
Quocirca’s new report is freely available to IT-Director readers via this link: http://www.quocirca.com/news/88
This article first appeared in the Computer Reseller News (CRN) UK print edition.
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: electronicdawn Ltd.