Slashdot Mirror


Sys-Admins Reading the Bosses Mail?

PetManimal writes "Computerworld has an article about IT staff who have access to corner-office email. Systems administrators, database administrators, storage administrators and higher level IT super users are the types who may access sensitive executive information; one source quoted in the article says that in a company with 1,500 employees, there might typically be five to 10 administrators who have this access. As for how many abuse these priviledges, it's hard to tell, but rogue admins out for workplace revenge or personal gain can wreak havoc: '... Experts agree that the severity of these occurrences generally makes them more harmful than external attacks. One of the biggest obstacles to eliminating unauthorized access is determining how many people have it. Access lists are particularly difficult to formulate in both mature companies, where the number and power of administrators have expanded over periods of years, and small companies, where rapid growth leads to undocumented tangles of administrators who are able to maintain their access because nobody has time to assess their status.'"

6 of 398 comments (clear)

  1. Re:Clearance Control by Coffee+Warlord · · Score: 5, Interesting
    There's no reason why a company, new, mature, huge, or small shouldn't be able to institute a similar policy in terms of access.


    Frankly, I say it's a nightmare for a small company when a big boss reads shit like this, freaks out, and all of a sudden you have to spend the next week trying to implement some goofy policy that will either be totally ignored, or tossed aside when it becomes a hassle. For larger companies, yes, internal security is no laughing matter. For small companies, when there's one, maybe 2 admins running the show, it's a wasted expense. They don't need intricate security policies. They need nothing more than, "Okay, I can access everything, everyone else can access their own shit. Done."
  2. Re:This is normal and necessary by snarlydwarf · · Score: 5, Interesting

    I have complete access to read (and even modify! w00t! that could be fun!) email for some 15,000 people.

    Unlogged.

    Do I?

    Hell, no.

    It would be nice to pretend it is all about ethics, but let's be realistic: it is really about "why would I -care- what they are jabbering about?" These are people who complain about getting "unbearable amounts of spam" when they get a total of a half dozen emails a day...

    Sorry: nethack, dinking around on forums and mailing lists, listening to music... all of them are much more important than the sort of nonsense people send in mail. I really don't care what people mail each other, how many porn sites they visit or whatever it is they actually do online as long as they leave me alone.

    It isnt ethics: it is pure and simple apathy about them.

  3. Re:Clearance Control by Maximum+Prophet · · Score: 5, Interesting

    Welcome to small business. Most usually have one or two key players that, if they die, the business dies with them. Usually, this is the founder, but not always. Sometimes, the president/founder/Grand Poobah doesn't realize who this key player is, and he fires that key player only to see his business fail, because he was too egotistical and arogant to notice that the company revolved around someone else.

    Many small businesses have several key player that would severly hurt the company if they left. I was working at a small database company many moons ago, and was offers a consulting gig in a far off state at twice my current salary and I jumped at the chance. I had no clue that there was a million dollar contract riding on the project I was working on. Once the customer heard I was leaving, the contract evaporated. If they had only let me know that what I was doing really mattered, I might have stayed. (at a higher rate)

    --
    All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
  4. Re:Clearance Control by Dun+Malg · · Score: 5, Interesting
    A friend in the Government once told me that after the Pollard spy scandal the Government rethought the way it handled clearances. So now there is a discreet pool of clearances. There's no reason why a company, new, mature, huge, or small shouldn't be able to institute a similar policy in terms of access.
    As a holder of a TS clearance and former military intelligence goon, I can tell you that there are PLENTY of reasons why a private company shouldn't implement a similar policy. The primary problem is that it introduces a huge amount of bureaucratic "friction" to anything you do. By my estimate, I spent about 20% of my time as an analyst dealing with the various forms of "hoop jumping" required to get anything done with heavily classified and compartmentalized information. For example, I might want to ask a guy specializing in "compartment A" stuff about something, but if the material I'm working with contains "compartment B" intel, I have to try to either a) try to recompile the material to omit "B" intel while still making sense (tedious, takes time, might not even be possible); or b) get him signed off with "B" clearance (takes even longer, might not even be possible). Since the government is already produces nothing tangible and operates as a net drain on the economy anyway, this massive waste is just more of the same. In a corporate environment, though, a government-style security policy would be a monstrous drain on productivity and, in turn, profitability.
    --
    If a job's not worth doing, it's not worth doing right.
  5. Re:Clearance Control by 1stpreacher · · Score: 5, Interesting

    I equate many of these positions to the janitor (and sometimes I've felt like a janitor) while he may not get paid much, and may not get much respect ... He's one of the few guys that has keys to the WHOLE building... You just have to trust some people. Or don't hire them...

  6. Re:Clearance Control by gwayne · · Score: 5, Interesting

    Haha...that reminds me of a print shop I used to run. I was a part-time employee and college student, but I did all the quoting, typesetting, pre-press and some of the press work. The owner sold out to some guy who decided he needed a full-time office manager, and since I was only part-time, he hired some bimbo who didn't know dick about printing to run the place. I put up with her trying to tell me how to do my job for a few weeks. Then one day I needed $10 out of petty cash for supplies to finish a printing job. She refused to let me have it, so I quit right there on the spot. The next day the pressman quit. Less than a month later the business closed.

    BWAHAHAHAHAHAHAH! F*CKERZ!