Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Sys-Admins Reading the Bosses Mail? 398

Posted by CmdrTaco
from the well-of-course-they-are dept.
PetManimal writes "Computerworld has an article about IT staff who have access to corner-office email. Systems administrators, database administrators, storage administrators and higher level IT super users are the types who may access sensitive executive information; one source quoted in the article says that in a company with 1,500 employees, there might typically be five to 10 administrators who have this access. As for how many abuse these priviledges, it's hard to tell, but rogue admins out for workplace revenge or personal gain can wreak havoc: '... Experts agree that the severity of these occurrences generally makes them more harmful than external attacks. One of the biggest obstacles to eliminating unauthorized access is determining how many people have it. Access lists are particularly difficult to formulate in both mature companies, where the number and power of administrators have expanded over periods of years, and small companies, where rapid growth leads to undocumented tangles of administrators who are able to maintain their access because nobody has time to assess their status.'"
This discussion has been archived. No new comments can be posted.

Sys-Admins Reading the Bosses Mail?

Comments Filter:
  • by ezh (707373) on Wednesday October 25, 2006 @11:11AM (#16579456)
  • Clearance Control (Score:5, Insightful)

    by Shadow Wrought (586631) * <shadow,wrought&gmail,com> on Wednesday October 25, 2006 @11:12AM (#16579472) Homepage Journal
    A friend in the Government once told me that after the Pollard spy scandal the Government rethought the way it handled clearances. So now there is a discreet pool of clearances. There's no reason why a company, new, mature, huge, or small shouldn't be able to institute a similar policy in terms of access.
    • by qwijibo (101731) on Wednesday October 25, 2006 @11:19AM (#16579662)
      Policies are the problem, not the solution. The policies grant access only to those who have a legitimate business need. The practical problem occurs when you consider system administration to be an annoying fact of life to be relegated to the lowest bidder. The administrator has a legitimate business need to have priviledged access to the system. That same access means the administrator can do whatever they want. You can implement more policies to make it harder for someone to abuse their position without collusion, but the reality is that all systems have one or more people that you trust implicitly. The problem is that very few people think of making that trust explicit and well known to everyone who relies on it.
      • Re:Clearance Control (Score:5, Interesting)

        by 1stpreacher (848239) on Wednesday October 25, 2006 @12:32PM (#16581162)
        I equate many of these positions to the janitor (and sometimes I've felt like a janitor) while he may not get paid much, and may not get much respect ... He's one of the few guys that has keys to the WHOLE building... You just have to trust some people. Or don't hire them...
        • by h4rm0ny (722443) on Wednesday October 25, 2006 @01:46PM (#16582512) Journal

          That's one good example. Another is secretaries. Everything confidential seems to go through them in a small business and they always seem to need access to all the sensitive areas of the network.

          Incidentally, I run the network at my current employers. Shortly after starting, I restructured all the groups to make it more secure. I then matter of factly told them that I'd removed my access to certain areas that I didn't have the right to access. On occasion, I've added myself back on to accomplish certain things for them. They always find that hugely amusing.
          • Re: (Score:3, Insightful)

            by jesterzog (189797)

            We do this in a lot of places too, and I think there are perfectly good reasons for it, including security. (eg. If my account ever gets hacked, someone probably still needs to know a much more secure password if they want to give the account more access.) Another is just plain robustness. It's harder for me to accidentally break things when I don't have access to them.

            At least as importantly, though, I think it helps the users actually trust us more easily. Most of our users realise that we don't auto

        • Re: (Score:3, Interesting)

          by thethibs (882667)

          Janitors have the keys to the whole building, but none of the file cabinets.

          And, yes, the analogy is a good one. Read the rest of this thread; do the Dilbertian attitudes presented make you feel warm and fuzzy about the loyalty and trustworthiness of the avarage sysadmin? Sysadmins should have enough access to maintain the systems, but not enough to modify their own personnel files or read their boss' mail (at least not without leaving a trail).

          Achieving this is not rocket science with a modern system.

      • by Total_Wimp (564548) on Wednesday October 25, 2006 @01:41PM (#16582426)
        Insightful indead. Companies choose to trust CxOs, accountants, bookeepers and physical security personnel. These people can cause a tremendous amout of damage to a company, up to, and including, the complete collapse of the company (Enron, Worldcom, etc).

        The question isn't whether to trust, but under what conditions? Accountants and bookeepers often have checks, balances, licenses and bonding. CxOs have major positions of repsonsibilty with the salaries to match, and now they have Sarbanes-Oxley too. Physical security folks are often bonded, polygraphed, drug tested, etc.

        So which of these are most applicable to IT? Do we have checks, balances, licensing, bonding, major positions of responsibility with the salaries to match? Do we have polygraphs or drug tests? Do we have laws like SOX that put us in the hot seat if things go wrong?

        I'm not sugesting we should do any particular one of these things, but as IT continues to mature, and IT is seen, as it should be, as a single point of failure that could cause damage up to, and including, the complete collapse of the company, we're going to need to proffesionalize our practices to the point much greater than the blind faith that often exists today.

        TW

        (note: I know IT has a major role in SOX compliance, but we're not held responsible unless the company in question builds that into the system. Many companies aren't, at least not to the extent they should. If SOX causes more shops to know exactly who has access to email, and exactly how to go about making sure they're responsible and holding them accountable then, well, problem solved. I personally don't think SOX alone is enough.)
    • Re:Clearance Control (Score:5, Interesting)

      by Coffee Warlord (266564) on Wednesday October 25, 2006 @11:22AM (#16579724)
      There's no reason why a company, new, mature, huge, or small shouldn't be able to institute a similar policy in terms of access.


      Frankly, I say it's a nightmare for a small company when a big boss reads shit like this, freaks out, and all of a sudden you have to spend the next week trying to implement some goofy policy that will either be totally ignored, or tossed aside when it becomes a hassle. For larger companies, yes, internal security is no laughing matter. For small companies, when there's one, maybe 2 admins running the show, it's a wasted expense. They don't need intricate security policies. They need nothing more than, "Okay, I can access everything, everyone else can access their own shit. Done."
      • Re: (Score:3, Funny)

        by griffjon (14945)
        And the reality, a week later, when the boss has problems/forgot his super-cool passphrase and you're now locked out of his information, too.
      • Re: (Score:3, Funny)

        Okay, I can access everything, everyone else can access their own shit. Done.

        It's like you read my mind. Freaky.
      • by kabocox (199019) on Wednesday October 25, 2006 @12:06PM (#16580694)
        Frankly, I say it's a nightmare for a small company when a big boss reads shit like this, freaks out, and all of a sudden you have to spend the next week trying to implement some goofy policy that will either be totally ignored, or tossed aside when it becomes a hassle. For larger companies, yes, internal security is no laughing matter. For small companies, when there's one, maybe 2 admins running the show, it's a wasted expense. They don't need intricate security policies. They need nothing more than, "Okay, I can access everything, everyone else can access their own shit. Done."

        And this is what is really wrong with IT now. In 100-200 years maybe when the industry starts to get alittle mature things will change, but currently the one or two computer guys have access to everything school of thought is really what's wrong with the entire industry. I'll consider this industry to be growing up when any small business could hire/fire/transfer admins with complete confidence that the new guy has complete access and the old guy has zero access without carrying home backups or enough info to successfully compete with the company. We just aren't there, yet. I know that I'm trust worthy, but I wouldn't trust any other IT person. I wouldn't trust Bill Gates or Linus to be left with ulitmate unchecked power over all my machines. Why would I want a setup where just 1 guy may or may not have complete control/access to the small network? Of course you need to define "small business." If you are talking about 10 networked computers and one temp. computer contracter guy that comes in to set things up or do windows up dates every 3 months or so, then your reasoning makes sense, but is still off. That computer guy no matter how trusted shouldn't have complete control over the network. What happens when that trusted computer guy is killed by a drunk driver, and then you have to hire a new guy?
        • Re:Clearance Control (Score:5, Interesting)

          by Maximum Prophet (716608) on Wednesday October 25, 2006 @12:22PM (#16580998)
          Welcome to small business. Most usually have one or two key players that, if they die, the business dies with them. Usually, this is the founder, but not always. Sometimes, the president/founder/Grand Poobah doesn't realize who this key player is, and he fires that key player only to see his business fail, because he was too egotistical and arogant to notice that the company revolved around someone else.

          Many small businesses have several key player that would severly hurt the company if they left. I was working at a small database company many moons ago, and was offers a consulting gig in a far off state at twice my current salary and I jumped at the chance. I had no clue that there was a million dollar contract riding on the project I was working on. Once the customer heard I was leaving, the contract evaporated. If they had only let me know that what I was doing really mattered, I might have stayed. (at a higher rate)
          • Re:Clearance Control (Score:5, Interesting)

            by gwayne (306174) on Wednesday October 25, 2006 @02:27PM (#16583098)
            Haha...that reminds me of a print shop I used to run. I was a part-time employee and college student, but I did all the quoting, typesetting, pre-press and some of the press work. The owner sold out to some guy who decided he needed a full-time office manager, and since I was only part-time, he hired some bimbo who didn't know dick about printing to run the place. I put up with her trying to tell me how to do my job for a few weeks. Then one day I needed $10 out of petty cash for supplies to finish a printing job. She refused to let me have it, so I quit right there on the spot. The next day the pressman quit. Less than a month later the business closed.

            BWAHAHAHAHAHAHAH! F*CKERZ!
        • Re: (Score:3, Insightful)

          by Anonymous Coward
          re trusted guy getting hit by a car.

          Here, there's also an "if sysadmins get run over" domain admin account detailed in an envelope in the company safe (with appropriate precautions to make tampering evident).

          Use of that password and account will light up every sysadmins pager / mobile and is logged as critical in all monitoring kit. So there's the means to ensure business continuity, but a massive lart ready for anyone who abuses their access to that envelope.

          You still need to read the network docs and kno
        • Re: (Score:3, Insightful)

          by rilian4 (591569)
          When it comes down to it, there has to be a sysadmin at some level who is trusted to have complete access to the network. My mentor in college taught me and my classmates that a good sysadmin should always have a VERY trusted person who has access to a copy of the main password(s) to the network in case of physical injury or incapacitation. This trusted person has to know and be held accountable that they cannot use this information other than in an emergency.

          You simply cannot run a network effectively
      • by Anonymous Coward
        I too have seen many knee-jerk reactions by management to any number of real or perceived problems.

        Think about it. A group of highly paid MBAs sit in a room and come up with an IT solution you are supposed to implement.

        It really doesn't matter whether or not their solution is workable. You MUST embrace it.

        If you do not embrace it, you will always be remembered as the "difficult one".

        And really, the stupider the idea is, the faster it will go away and be forgotten. It is kind of like evolution, good ideas li
    • Re: (Score:3, Interesting)

      by paranode (671698)
      Clearances are expensive and time-consuming, many companies cannot afford to do it unless it is a stipulation of their contract (eg defense contractors). And you can also bet that it will cut your available workforce significantly.
    • Re: (Score:2, Funny)

      by Anonymous Coward
      So now there is a discreet pool of clearances.

      Well there was, until you went and told everyone!

    • by petes_PoV (912422) on Wednesday October 25, 2006 @11:38AM (#16580082)
      The biggest problem with this is the way lazy exec's just reply to all for every comment they make. If a request for info is sent out to (say) 20 people, it's very possible that all 20 recipients will get all the traffic on this subject - whether it's "sorry I don't know" or "don't bother, we're closing that location" or anything in between.

      You can't back security into an organisation. Either the individuals are prepared to put up with the extra work it needs, or they aren't. Without some effort from everyone, your level of security drops to that of the weakest link (usually the boss)

    • Re: (Score:3, Insightful)

      by pilgrim23 (716938)
      Or, they could act like government's true approach to security: everything is so sensitive, nothing can be read by anyone on any level, thereby removing all information from the decision making process. In the case of every corner office I have ever associated with, no change in practice would be observed at all.
    • Re:Clearance Control (Score:5, Interesting)

      by Dun Malg (230075) on Wednesday October 25, 2006 @12:32PM (#16581154) Homepage
      A friend in the Government once told me that after the Pollard spy scandal the Government rethought the way it handled clearances. So now there is a discreet pool of clearances. There's no reason why a company, new, mature, huge, or small shouldn't be able to institute a similar policy in terms of access.
      As a holder of a TS clearance and former military intelligence goon, I can tell you that there are PLENTY of reasons why a private company shouldn't implement a similar policy. The primary problem is that it introduces a huge amount of bureaucratic "friction" to anything you do. By my estimate, I spent about 20% of my time as an analyst dealing with the various forms of "hoop jumping" required to get anything done with heavily classified and compartmentalized information. For example, I might want to ask a guy specializing in "compartment A" stuff about something, but if the material I'm working with contains "compartment B" intel, I have to try to either a) try to recompile the material to omit "B" intel while still making sense (tedious, takes time, might not even be possible); or b) get him signed off with "B" clearance (takes even longer, might not even be possible). Since the government is already produces nothing tangible and operates as a net drain on the economy anyway, this massive waste is just more of the same. In a corporate environment, though, a government-style security policy would be a monstrous drain on productivity and, in turn, profitability.
    • Re: (Score:3, Insightful)

      by SharpFang (651121)
      Who polices the police?

      If the company is huge, it's hard to audit all the systems to ensure no backdoors - especially that local admins have years of experience with said systems, often with custom modifications auditors will have no idea about. If the company is small, it's very expensive to employ a reliable external contractor who will implement security properly (and won't side with the admin instead of the boss, "overlooking" some backdoor). It may be easier in a new company where a system is created f
  • by Anonymous Coward
    The article mentions the lack of encryption and I suspect if it ever starts being used the same IT folks who have admin access will end up with the encryption keys, so the added admin and overhead won't buy you more security from prying eyes.
  • by Lumpy (12016) on Wednesday October 25, 2006 @11:12AM (#16579496) Homepage
    I read this last week when my boss submitted the article to that magazine in his outgoing email.

    Gotta go, he's sending an email now about outsourcing the IT department!
    • That wouldn't solve anything. It would just make things work. Sueing people or a Company across State Lines is Tough and expensive, Suing them across countries, that much more so. So there isn't much stopping them from collecting the mail and selling it to a competitor. At least with on site staff, if caught can be fired imeadeatly, Sued for dammages, without much of a hassle for any Mid Sized company.
    • Funny but... (Score:3, Insightful)

      by Anonymous Coward
      but the title is still insightful. This is old news. At work, I'm a domain admin. I have unrestricted access to all the files on tends of thousands of workstations. And to countless shares on hundreds of servers, with lots of infos and documents. And several Exchange servers. And many large databases. Webservers too. You name it, I can access it, totally unrestricted. I have access to tape backup libs. I can read the CEO's mail and documents no problem. I could install keyloggers or anywhere or do packet sn
      • Re:Funny but... (Score:5, Interesting)

        by Kelbear (870538) on Wednesday October 25, 2006 @01:00PM (#16581662)
        http://en.wikipedia.org/wiki/Efficiency_wage_hypot hesis [wikipedia.org]

        Reading the parent's post made me recall this footnote from my economics classes. It's a theory that when you pay your employees well(i.e, better than the average competitor), you'll find advantages in that employee's performance. If you're in a good job and know you're being treated like you're a good employee, the theory is that this serves to discourage you from being a bad employee since you're risking the loss of a good thing.

        There's other reasons involved in this theory too though. If your compensation is that of a good employee, you're expected to be worthy of it, and your conscience may urge you to live up to such expectations.

        Of course, there's diminishing returns from doing this, but the point is...

        If an employee is important enough to possibly damage a company with negligence or malice, maybe that employee should be treated a little better to encourage them to put more effort in to avoid such things from happening. Economically, the additional compensation should reflect the chance of the damage times the cost of the damage if it were to occur, but it's not something easily measured.
  • by Silver Sloth (770927) on Wednesday October 25, 2006 @11:14AM (#16579526)
    Knows how to break IT security, but no longer needs to.
  • Whoever has access to sensitive company information is a threat to the company. It doesn't matter if they are a sysadmin or an executive. Limiting access may help, but at a certain point someone must know these details within a firm. And sysadmins cannot do their jobs without full access to the systems they support.

    The solution is regularly teaching business ethics to students. Perhaps even make it mandatory to earn a degree. Certainly mandatory for a graduate degree.
    • by overshoot (39700) on Wednesday October 25, 2006 @11:19AM (#16579650)
      sysadmins cannot do their jobs without full access to the systems they support.
      Which isn't the same thing as having full access to the data on them.

      There are, after all, fairly straightforward ways to secure data against the admins (assuming they don't actually install spyware, which is a separate subject.) There are also ways to arrange secure key recovery so that the records can be recovered if Something Happens to the exec, but no one person can do it (say, three board members and an outside law firm.)

      • by skids (119237) on Wednesday October 25, 2006 @11:27AM (#16579882) Homepage

        There are ways to run a business that limit the amount of information that has to be classified so that it can be relayed verbally or by sneakernet. Like not defrauding your workers or business associates is a good start, followed by not raking in huge undeserved stock options and bonuses, not downsizing and outsourcing just because it is the latest fad, and in general being competent to the point that the only people who care what's in your email are the rarer criminal element and not every damn single employee.

        Ahh, driftnet on the switch monitor port. Never has there been such an artistically odd juxtaposition of shoes, porn, corporate logos, and vacation photos.

        • by AHumbleOpinion (546848) on Wednesday October 25, 2006 @03:04PM (#16583686) Homepage
          ... followed by not raking in huge undeserved stock options and bonuses ...

          While I agree that there have been terrible abuses here, I also recognize that sometimes these options and bonuses are appropriate but that is not always readily apparent. First there is the agent problem. The boss is sometimes merely an agent of the owner(s), how do you make sure he acts in a manner that improves the owners situation rather than his own? Options are one way. This also works up and down the ranks, for bosses and workers. The other area where a big seemingly undeserved bonus is appropriate is for the founder(s) who lost interest/investment income by spending his/her saving to start a business, lost salary income as he/she worked for no salary or a partial salary in the early days of the business, who risked their financially security and reputation to pursing a dream, etc. If they get a couple of big bonuses to repay and compensate for the preceding once the company becomes established, IMHO that is fair. I've seen small companies get bought out, and I've seen employees complain that they got a far smaller bonus than the founder they worked side by side with. What these employees failed to realize is that they took little risk, and that their boss made personal sacrifices so that their payroll checks were there on schedule.

          Is the above a typical scenario? I have no idea, but I have seen it a couple of times. I believe it happens often enough to warrant mentioning among the stream of expected "bosses are evil and all profit should go to those doing the work" follow ups. Like many topics, things are far more complicated than they seem.
      • by qwijibo (101731)
        How do you differentiate between having access to do system administration and access to the data? In theory, you could store everything encrypted so that the sysadmin could backup and recover your data without ever having the ability to see it. In practice, this is not a practical solution. How many applications that normal people (non-geeks) use will encrypt their data by default? In my experience, it's approximately 0.

        There are ways to mitigate against having to trust one person too much, like separa
        • Re: (Score:3, Interesting)

          by peragrin (659227)
          Funny I have just that setup at home. I have an encrypted disk image(Yes I run OSX that's why this works and is easy for any idiot to implement)

          as I was saying, I have an ecrypted disk image, which stores my sensitive files. Tax file documents, and other such documents. Also on that image are the data files, and configuration files for an application. The data files are encrypted by the application, so that I can have my passwords secured(twice).

          When i double click on the app it tries to load it's confi
    • by Anonymous Coward on Wednesday October 25, 2006 @11:21AM (#16579698)
      If you do not trust your staff, you have other problems.

      In my consulting work I have worked with systems containing sensitive information. Outside the workplace and outside the context of my particular role the information was of no interest to me.
    • by jafiwam (310805) on Wednesday October 25, 2006 @11:22AM (#16579732) Homepage Journal
      Also, maybe access but _logged_ access. And then a process where someone views the logs to look for unauthorized browsing.

      The DMV does it (every once in a while some bozo is fired from the state DMV for looking up minor celebrities information), I am sure many other less involved database systems can too.
      • Re: (Score:3, Insightful)

        by nine-times (778537)
        And what do you do about the IT personnel who have rights sufficient to circumvent logging or alter the logs? The difference from you DMV situation is that you're talking about logging random DMV workers, and not the person who set up the system and maintains it, therefore having read/write access to everything.
    • Maybe if companies paid their workers fairly and instilled loyalty things like this wouldn't be such a worry. Instead we're asked to do the jobs of several people for fraction of payroll - and not complain about it. What do CEO's think is going to happen?
    • Re: (Score:2, Insightful)

      by dc.wander (415024)

      The solution is regularly teaching business ethics to students. Perhaps even make it mandatory to earn a degree. Certainly mandatory for a graduate degree.

      The suggestion that a mandatory degree and ethics classes will solve the problem is laughable. Many examples of why this is so exist: Citigroup, Enron, Worldcom... to name a few. Do they teach business ethics in MBA or CPA programs? Of course they do. Did it help? No.

    • by mungtor (306258)
      Passing and ethics course and acting in an ethical manner are completely unconnected. It might even be unethical to pass a course on ethics if you know in advance that you plan to act in an unethical manner in the future....

      But the people who really need to learn business ethics are the stuffed shirts in the corner offices. They need to learn that they shouldn't turn around and blame IT that their laptop is broken when they installed AOL on it the night before their big presentation. Then it might leak
    • Can ethics be taught?

      What you are proposing is that every student has to be bored senseless in ethics class because you do not have an idea that will work!

      I think it would be just better if everybody woke up to the fact that business is the pursuit of wealth. There are enough greedy bastards in the world that to convert them all to ethics is impossible. So just make sure everybody knows that businesses cannot be trusted and leave it at that. No new laws, no sensless law cases, you invest in a business yo
    • by slashkitty (21637)
      The real solution is to let the boss know who has access to see these things. They might stop putting the most sensitive stuff through the open email system.
  • by overshoot (39700) on Wednesday October 25, 2006 @11:15AM (#16579552)
    The same executives wouldn't keep sensitive paper documents in an unlocked drawer, though.

    I realize it's a business problem when the CxO doesn't have a clue about encryption, but who's going to demand he get some education?

    FWIW, the legal profession actually has directives from the Bar Associations on when it's even permitted to use e-mail, and if so when encryption is required. Sometimes it's nice to actually have authority over you.

  • by cyanics (168644) on Wednesday October 25, 2006 @11:15AM (#16579578) Homepage Journal
    Would you be upset if your alergist (doctor) had access to your blood work? No. It is his job. Trust is a huge component of system administration, and any company, or corporation, who doesn't understand that the administrator has the keys to the system, needs to take a better look at their corporate layout.

    Admins have access to everything. Or at least they should have access to virtually everything. Because who would you call if it was broken? certainly not the corner office.

    Trust is necessary. You have to trust your admins. And if you have an admin that leaves under suspicious or grievious circumstances, you protect your corporations ass with a dismissal agreement.
    • TRUST. (Score:2, Interesting)

      by DRAGONWEEZEL (125809)
      How very true. I have to say that if you don't trust your employees, they can't do their job. If they can't do their job, how are their supervisors going to do supervisory work? etc etc.

      From a CEO's perspective you trust that your subordinates do their job, so that their subordinates are able to do their job all the way down to janitorial staff. Granted your level of trust declines proportionally to the level of visibility, but if the janitorial staff fails to take out the garbage for a week...
    • Re: (Score:3, Insightful)

      by Shivetya (243324)
      The still do not need access to the text of the email.

      Sorry, but here are quite a number of methods by which the admin could track down an errant email or such without knowing its contents.

      Its like passwords, your argument has been used before by people who defend systems in which the password is retrievable. The only way for me to know a user's password in my systems is if I set it myself or they tell me. There is not a method to recover them. The same can be done for the text and such of the mail.
      • Re: (Score:2, Insightful)

        by cyanics (168644)
        Good response. However, why on earth would a corner office think that the contents of ANY email were secure. email is basically just plain text. it sits in the spool as basically plain text. it prints on your screen as plain text. there is typically no encoding, no decoding, and anyone who has an email client can read it.

        I guess it is a problem with assumption. Corners assume communication is privileged, and private. Well, it isn't. It's like using a megaphone to talk through the wall to the office next doo
      • by NMerriam (15122) <NMerriam@artboy.org> on Wednesday October 25, 2006 @11:52AM (#16580380) Homepage
        Its like passwords, your argument has been used before by people who defend systems in which the password is retrievable. The only way for me to know a user's password in my systems is if I set it myself or they tell me. There is not a method to recover them. The same can be done for the text and such of the mail.


        Except that assigning a new password and "destroying" the old one is a perfectly acceptable solution. So there is no need for anyone to be able to recover the old one. Destroying a document is not an acceptable solution -- if my boss needs me to recover a document, I need to be able to do it, whether it is by interacting with the application, searching through cache data, or scouring the individual hard disk sectors.

        Ultimately it does come down to trust (or greater monitoring), but you can't remove the fundamental ability of IT to be able to access all corporate data in some manner if you expect them to provide comprehensive support to the organization.
        • Re: (Score:3, Informative)

          Nope. You just encrypt everything. Everyone gets a USB keychain (or something similar). You keep a backup copy of all the keys on discs which you store in a safe. The admin can still manage stuff, but can't actually read, only the owner of the key can. If a user requires assistance in finding a file in an encrypted filesystem, then the admin might have to use remote desktop (or visit in person) and find the file under the supervision of the user. If a user loses their key, the admin has to go to the vault,

          • Re: (Score:3, Insightful)

            by metamatic (202216)

            Nope. You just encrypt everything. [...] If a user requires assistance in finding a file in an encrypted filesystem, then the admin might have to use remote desktop (or visit in person) and find the file under the supervision of the user.

            But in that scenario, IT can still get access to the encrypted data if they really want to. They can install a key logger and a tool that records your screen contents at intervals. Face it, you have to trust everyone who's able to install software on your computer.

            So wh

          • Re: (Score:3, Insightful)

            by NMerriam (15122)
            Yes, it's possible. And even in your scenario, the admin ultimately has the ability to get at the data (albeit with a supervisor). You simply cannot remove that requirement the way you can with passwords, because you cannot destroy the data.

            Ultimately you do have to trust the IT department not to go to the vault together and decrypt everything over the weekend. They have to be able to decrypt things without the user, that's just a fundamental requirement for data preservation. You can put all the auditing a
      • by Orange Crush (934731) on Wednesday October 25, 2006 @11:57AM (#16580492)
        The still do not need access to the text of the email. Sorry, but here are quite a number of methods by which the admin could track down an errant email or such without knowing its contents.

        That depends on who you work for/with. My boss likes to ask for things like:

        "Can you print me a copy of that e-mail I sent about our new sales strategy a few months ago? I think I deleted it."

        "Do you remember who you sent it to?

        "No."

        "Do you remember the date you sent it?"

        "Oh, a while ago."

        "What was it about?"

        "Sales."

        So anyway, when you work for people who routinely ask you questions that are about as specific as: "Hey, can you find me the thing I wrote about something just the other day?" it's helpful to be able to do fulltext searches and keep blunt throwable objects out of arm's reach.

    • by nine-times (778537) <nine.times@gmail.com> on Wednesday October 25, 2006 @12:01PM (#16580560) Homepage

      Yeah, people don't get what's going. In the first place, e-mail isn't a secure form of communication. It's usually transmitted unencrypted, and often your authentication to your e-mail server isn't encrypted. Whoever is running your e-mail server, whether it's your ISP or Google, can read your e-mail if they really want, and mostly you're relying on them to be disinterested in the matters you're sending back and forth. People should understand this.

      However, the second component here is that, if you can't trust your IT staff, you are in big trouble. The reason is this: even if you put security measures in place to restrict IT access to e-mail messages, your IT staff is going to have to put that in place. If you can't trust the person who institutes your security, you won't know for sure whether they left themselves a back-door in. Basically, you're trying to lock people out of a system that they've set up themselves, and they know the system better than you do (or you probably wouldn't have hired them).

      So the best solution-- the only solution-- is to hire IT people you can trust. When you hand over control of your network to someone, imagine it being like handing over keys to a storage room with all your information in it, with only their integrity to keep them from browsing through it.

      As an aside: you should also be careful about the communications you have through your office e-mail. Even well-intentioned trustworthy support personnel might stumble across it while fixing problems or troubleshooting. Take it from a guy who's accidentally stumbled across e-mail from an executive's mistress before. I was just browsing trough our spam filter to look for false positives, and there it was. I wasn't looking for it, wish I hadn't seen it, and didn't want to know, but there it was. So as a rule, if you have personal information you wouldn't feel comfortable telling your IT people (like that you're having an affair and doing coke on weekends), don't talk about it in your work e-mail account.

  • When anyone will start to consider PGP as a viable solution? I have a key, but really rarely use it. In fact only when I want to send a password to one of my friends. Will this chenge somehow. When all those "supid-proof", uber-popular mail readers will out-of-the box encourage users to use PGP. Or any other encryption in fact.
    • Re: (Score:3, Insightful)

      by wwest4 (183559) *
      The problem is: how will PGP stop an admin? Clickity-click, I just logged keystrokes and got Mr. Fancy Pants' private key password. You have to trust your admins to some degree.

  • Dog bites man. I (Score:5, Insightful)

    by wwest4 (183559) on Wednesday October 25, 2006 @11:18AM (#16579632)
    If you don't have a chain of trust in your IT department you're fucked... even if you do spend bank on "secure internal IT infrastructure."

    The rest of the article is all over the place. There's some mention of rogue admins reading executive e-mail rolled into boilerplate security talk about how X% of security risks are insider threats, and then it finishes up with a vaguely related sales pitch for RSA products, owned by... yep, EMC. The guys providing ComputerWorld with ad revenue on that sidebar.

    Hopefully those scared VPs will hire consultants and purchase EMC products to "secure" their infrastructure from "rogue admins" who are probably reading their e-mail RIGHT NOW.
    • Re: (Score:3, Insightful)

      by Lumpy (12016)
      here's a few facts for you.

      Computrerworld is nota very highly regarded magazine. It's a freebie they shove down your throat. only middled managers actually put ant value into that rag's words. All this article does is fester distrust of the IT department from managers that have not a clue.

      your IT admins can bury your company and wield far more power than the executive staff combined does. Yet compared to all other departments IT get's the lowest pay.

      One admin with all they keys can easily take down anyone
      • by wwest4 (183559) *
        That's exactly what I was getting at (the FUD aspect). So I'm unsure as to why you're spreading more. Admin "power" is overrated. Anyone with physical access to a facility and a modicum of destructive creativity can cause major trouble for a company without an administrator password or even a computer.
  • WTF exactly is the "type to access this sensitive information"?

    Access to that information is pretty much required and a given for SOMEBODY. Otherwise, you sorta can't build the system in the first place.

    Having the ability to access that doesn't mean they DO. It's just that if the person happens to want to, the ability of accessing it is not a block if they do, in fact have access.

    Submitter makes it sound like all IT types are nosy BOFH criminals, which is not the case. Sure, SOME are, but then again I be
  • big deal (Score:2, Insightful)

    by dlc3007 (570880)
    I've got read access to the entire financial database. I can find out how much they spent for dinner on their last trip and their salary as well. Luckily for them, I just don't care.
    • Re: (Score:3, Insightful)

      by MrNougat (927651)

      Luckily for them, I just don't care.

      You just haven't found anything worth caring about yet. Wait till you find out that all of the people who are at the same level in the org chart as you are make $20K more a year than you, and they all come to you all the time to get things done because none of them know what they're doing. Or that the person reporting to you makes $30K more. Or that the company subsidizes the CEO's political fundraisers (worse if it's for a political party you strongly oppose).

      Keep loo

  • by drsmithy (35869) <drsmithy@gmailSLACKWARE.com minus distro> on Wednesday October 25, 2006 @11:23AM (#16579762)

    ...Then the battle is already lost. You may as well close up shop and go home.

    Which is not to say there aren't unscrupulous people out there who will abuse positions of trust, but this is a HR issue, not a technical/security one (and is most certainly not one limited to the IT department).

  • I have access.. (Score:2, Insightful)

    by Anonymous Coward
    I work for a relatively small company with approximately 100 employees, and being one of the two sysadmins, I could easily go in and look at anyone's email. One of the many reasons I have for not doing so is because I have dignity and want to respect peoples privacy, no matter who they are. Also I could probably find some "dirt" about someone, but in the end it does no good, and in some cases would probably piss me off. If there really is dirt going around the office, I would rather hear about it by trad
  • IT people checking out new web access monitoring software might also discover the boss is surfing personal ad websites in his office next to his wife.

    Most companies warn new employees that their email and other electronic activities can and will be monitored. Why should execs be any different?
  • by compunut (105677) on Wednesday October 25, 2006 @11:25AM (#16579810)
    At least in small business, and probably in all business, it is completely necessary for upper IT staff to have complete access to everything. I've lost count of how many times upper level management has come to me with the 'I forgot my password, can you get my stuff back?' request. This is a normal occurrence. If we take away the privileges of IT to access upper management data, then upper management is very likely to lose that data.

    As an anecdote, one of my customers (I am an IT consultant) lost the password to the video surveillance system. They immediately came to me, and were shocked and annoyed when I said 'Sorry, I wasn't involved in the installation of that system and was never informed of the passwords.' In the end, we found that a user had written down the password at one point and were able to get back in that way!

    The point really should be that companies better find upper IT staff that they can TRUST! If they can't trust their IT staff, they have big problems.
    • by snarlydwarf (532865) on Wednesday October 25, 2006 @11:43AM (#16580176) Homepage
      I have complete access to read (and even modify! w00t! that could be fun!) email for some 15,000 people.

      Unlogged.

      Do I?

      Hell, no.

      It would be nice to pretend it is all about ethics, but let's be realistic: it is really about "why would I -care- what they are jabbering about?" These are people who complain about getting "unbearable amounts of spam" when they get a total of a half dozen emails a day...

      Sorry: nethack, dinking around on forums and mailing lists, listening to music... all of them are much more important than the sort of nonsense people send in mail. I really don't care what people mail each other, how many porn sites they visit or whatever it is they actually do online as long as they leave me alone.

      It isnt ethics: it is pure and simple apathy about them.

    • Bullshit (Score:3, Interesting)

      by Overzeetop (214511)
      In small business, there is (noramlly) no need for high security beacuse you can't Really Fuck Things Up (TM) like you can in big business where there are billions at stake.

      In big business, the data should be secure. Period. You lose your password, you lose your information - it's that simple. Oh, sure, you can^Wmust have a contingency plan (the three board members and an outside law firm) if somebody gets hit by a bus, but it really should be a hard process to implement retrieval. Would that embarrass the
      • Re: (Score:3, Insightful)

        by pmc (40532)
        There are three parts to IT security - confidentiality, integrity, and availability. An IT security policy must balance these. Your solution sacrifices availability. Maybe in some situations it is worth it, but in others it won't be. You say data should be secure - what do you mean? If data is on a public web server you know it isn't confidential, but you definitely want the webserver to be up, and you certainly don't want anyone unauthorised to change it.

        In your example (which boils down to two man working
      • Re: (Score:3, Insightful)

        In big business, the data should be secure. Period. You lose your password, you lose your information - it's that simple.

        That's a perfect strategy for security if you completely disregard human behavior. If you set the stakes so high for forgetting your password, you end up with people either using ridiculously simple passwords (so they remember) or writing their passwords on post-it notes underneath their keyboard. Congratulations, now your system is less secure.

  • by Salo2112 (628590) on Wednesday October 25, 2006 @11:25AM (#16579812)
    Odd people are concerned that IT types *might* be reading email when so many of the C*Os give their secretaries their passwords and other sensitive information. I am convinced that my Big Boss's secretary actually runs the place.
    • by SpecBear (769433) on Wednesday October 25, 2006 @03:11PM (#16583790)

      I was once trying to explain to an exec why his account would never be absolutely secure.

      Me: "If somebody wants your account information badly enough, he's going to get it. He doesn't have to hack the system, he can just get it from you."
      Exec: "That's crazy, I'd never give anyone my password."
      Me: "Imagine you come home and find someone's broken in. He's got a gun to your daughter's head, and he tells you he's going to shoot in ten seconds if you don't give him your password. What would you do?"
      Exec: [long pause] ... Which daughter?

      To this day I still don't know if he was joking. But I no longer use that example.

  • by generic (14144) on Wednesday October 25, 2006 @11:26AM (#16579840) Homepage
    I already read it in cmdrtaco's inbox. Seriously I bet a good number of IT people own the T-Shirt, "I read your email". We aren't kidding.
  • There's a very strange paranoia to this entire article. Is the next article going to be about how the cleaning staff have access to papers lying on executives desks? I'm sure all the exectives think that someone reading their "high level" email is some kind of worst case scenario. But I highly doubt anyone reading it would have much to gain. There's a lot more sensitive information in a business than some dumb executives new corporate strategy of outsourcing the IT department. Client lists for one thin
  • So what?

    Do these companies not have data classifications and policies around what must be done with secret/confidential information? Do the employees (including execs) not understand these classifications? Why not?

    Any of this is a failure of your organization's ability to create proper security policies and ensure that employees understand what compliance means.

    Email is plaintext unless you do something with it. Same goes for any data that is stored on any servers in your company. If it is confidential
  • by spottedkangaroo (451692) * on Wednesday October 25, 2006 @11:34AM (#16580020) Homepage
    Public key encryption, duh. Then, even if your admins had this access, which they must in some cases, they couldn't read the message anyway. The sooner CEOs catch on, the sooner everyone else will also.
  • by Robber Baron (112304) on Wednesday October 25, 2006 @11:35AM (#16580036) Homepage
    No shit Sherlock! Did you figure that out all by yourself?!? Of course I can read their e-mail! I'm a sysadmin and I set up the frigging mail system in the first place! Duh!
    What they fail to grasp is I don't have time to be going through their shit!
    Conversely PHBs don't have time to learn how to admin mail systems, which is what they'd have to do in order to keep me out.

    Here's a novel concept: Why don't you simply try hiring people who are trustworthy?
  • With Active Directory it is possible to delegate control [microsoft.com] of subsets of an organization. Imagine a tree with various branches and sub-branches. You can delegate various administrative permissions to branches without allowing access to higher level nodes. I'm sure is something similar with Unix-style systems.

    At any rate, since Exchange is fully integrated with Active Directory, organizations often give administrators control over only certain subsets of e-mail accounts. For instance, if Company has 5 offices
  • Sysadmins can read everyone's email!!?? Wow - what else will they find out? Can't wait to see the furor when someone discovers HR's DBAs can see everyone's salary!

    Idiots - of course sysadmins can read everyone's email. This is why you should take care in hiring them.
  • ...this shirt [thinkgeek.com] at work. Otherwise the jig is up.
  • by Bigbutt (65939) on Wednesday October 25, 2006 @11:53AM (#16580402) Homepage Journal
    As the e-mail admin receiving the bounces are even more enlightening. There was a torrid love exchange in e-mail going on but they'd put an extra, invalid e-mail address in so the thread kept bouncing down to us. We tried to let them know about the problem but they were ignoring our messages.

    I created a t-shirt for work a couple of years back when I heard someone saying that we were reading their e-mails.

    "I Read Your E-mail"
    " It's Boring " :D

    [John]
  • by volsung (378) <stan@mtrr.org> on Wednesday October 25, 2006 @11:58AM (#16580500)
    The root problem here is that standard email is intrinsically insecure. Most people imagine it as a digital letter, but it is more of a digital postcard. Anyone can read the message contents on any mail server queue it sits in. To solve this problem properly, you really need to start using encrypted email. Then you don't have to worry about the IT people (unless they installed a keyboard sniffer while you were on vacation) reading your mail, or anyone for that matter even if there is a server break in.
  • by fractalus (322043) on Wednesday October 25, 2006 @12:14PM (#16580840) Homepage
    At one small company I once worked at, my Windows box popped up a strange notice one day that someone else was using my IP. Since my IP was fixed (so that I could access various IP-restricted network devices) this immediately raised some red flags. We began looking for the culprit; something must've tipped off the hacker because we found ourselves locked out of our mail server. Since access to the mail server was only permitted from inside our network, we shut off our net access, hoping to block the hacker while we got back into our server.

    We tracked the hacker down. It turned out it was another admin, who had gone some kind of crazy. He had three NICs in his desktop box all configured to impersonate different machines, he had re-routed the boss's email through his mailbox (and some clients' mail too), and had all kinds of other things going on. And he had sat there the whole time we were trying to ID the hacker, pretending nothing was going on, all the while trying to stay ahead of us. Strangest thing I ever saw.

    Yes, he was fired. He really didn't seem to know why he'd done it (none of it made rational sense) and he'd really put his family in a bind. I think he was sick, but I'm not a psychiatrist.
  • two man rule (Score:3, Interesting)

    by thanasakis (225405) on Wednesday October 25, 2006 @12:20PM (#16580952)
    There are methodologies that can ensure that certain types of actions cannot be done without two admins working together. Can this be done for the action of reading someone elses email? If it was possible, they would have to conspire to read the bosses email. Anyone has any good links?
  • postcard (Score:5, Insightful)

    by martin (1336) <<maxsec> <at> <gmail.com>> on Wednesday October 25, 2006 @01:23PM (#16582086) Journal
    Let me think, when all this email started getting popular in the mid 1990's wasn't the advice to treat it as postcard....

    ie it could be read during transmission buy the post-office worker (sys-admin)....

    just a gentle reminder.

"Text processing has made it possible to right-justify any idea, even one which cannot be justified on any other grounds." -- J. Finnegan, USC.

Working...