[ad] The service leader for Cloud is now in Australia. Secure, reliable cloud and managed hosting all backed by 24x7x365 Fanatical Support. Create your free account now.
Buy an Seagate Business Storage NAS for your chance to win a holiday
[ad] Purchase a selected Seagate Business Storage NAS to receive a $20 cash-back AND go into the draw to win a $1,000 Flight Centre voucher so you can holiday in the destination of your choice. T&Cs apply.
Great articles on other sites
- Xbox One smashes sales records
- Tech leaders call for speed, ubiquity in NBN rollout
- AIIA urges Hockey to tackle taxes
- IBM accuses Qld govt of trying to ‘rewrite history’
- Newlease undergoes reverse takeover to score ASX listing
- Australia Post loses battle | The Australian
- Start-ups leap at Telstra's accelerator
- Labor won't hand over NBN advice to Turnbull
- Adelaide Uni on hiring blitz for tech transformation
- Human Services to cut 56 IT jobs
How mobile and social media affect your Customer Experience strategy
[ad] How will the adoption of mobile devices and social media affect your Customer Experience strategy? Are you reaching your organisation's customers through these touch points? Click here to download a whitepaper by Fifth Quadrant examining consumer and business attitudes to these new contact channels.
50 things top IT pros need to know
[ad] This 18 page TechRepublic whitepaper explores 10 things you should know to become an epic IT manager, 40 other essential tips to advance your IT career and practical guidance for starting an IT consulting business. Click here to access the whitepaper.
Enterprise IT, Featured, News - Written by Renai LeMay on Monday, April 16, 2012 16:23 - 22 Comments
Lacking reality: Sysadmins slam “snooping” claims
news Australia’s peak representative body for systems administrators has taken an axe to claims published in the Sydney Morning Herald last week that a huge proportion of IT professionals abused their system access to illegitimately read others’ email, calling for evidence to be presented to back the claim.
The claim was made in an article published by the newspaper last week, by Carlo Minassian, founder and chief executive of Earthwave, a minor IT security company based in North Sydney. “We know that 40 per cent of IT email administrators and IT managers look inside their manager’s, their board’s, their chief information officer’s, and chief executive officer’s emails regularly and read their email,” Minassian reportedly said.
However, in a statement issued this morning, the System Administrators Guild of Australia (SAGE-AU) strongly repudiating the claim, stating that it “does not reflect reality”. “SAGE-AU condemns the article for lacking any qualification or validation of this figure,” the organisation’s statement read. “The only source quoted is an organisation whose primary focus is the outsourcing of email and other computer system management for Australian businesses. SAGE-AU believes the claimed figure does not reflect reality and that the actual figure across all industries is substantially lower than this. SAGE-AU invites clear evidence from any party to the contrary – if it should exist!”
SAGE-AU highlighted figures published by the Australian Bureau of Statistics, which showed crime victimisation rates in the low single digit percentages across a wide range of crimes. The organisation noted that it anticipated a similar figure (in the low single digit percentages) would apply in the case of IT professionals illegitimately accessing email systems at their workplace. The systems administrator’s group additionally pointed out that modern technology platforms came with audit features built in, which would chronicle both authorised an unauthorised (or even attempted) access to data such as archived email.
“Actions which result in data access by any user, including system administrators, are logged at time of access and recorded in security log files,” the organisation wrote. “Access by administrators to private data of the scale suggested in the article would simply not go un-noticed.”
Furthermore, SAGE-AU added that its members committed to a published code of ethics upon joining the organisation, which contained provisions specifically applying to the appropriate use of an employer’s computing assets, and “to the need to uphold the privacy and confidentiality of material stored on computing systems”. SAGE-AU could expel members for breaches of the code, it noted — and it encouraged Australian organisations to employ IT professionals which were members of such a professional group.
SAGE-AU’s code of ethics on the matter of privacy asks its members to commit to the following statement: “I will access private information on computer systems only when it is necessary in the course of my duties. I will maintain the confidentiality of any information to which I may have access. I acknowledge statutory laws governing data privacy such as the Commonwealth Information Privacy Principles.”
Update: Minassian has provided some further information on the issue, including some of the statistical basis for his claims, in this article on ZDNet.com.au.
What disturbs me about the Sydney Morning Herald’s article is two things. Firstly and most obviously, there is the fact that it completely unfairly demonises a whole class of professionals for merely having access to the resources needed to do their job, without providing a shred of evidence that there is systemic abuse of those resources.
Take this sentence for example, referring to Minassian: “He said IT administrators “can’t help themselves” as soon as they have control and authority over IT assets.”
To my mind, this is a grossly inaccurate and stereotypical generalisation of an entire category of professional. I’ve worked as a systems administrator myself at several major organisations (for example, David Jones), and I can say that if sysadmin staff had been busted spying on sensitive corporate email outside of their remit, they would have been shown the door in almost all cases with no hesitation. I know the IT managers of the groups I have worked for would have taken it very seriously.
It is true that in the IT community, there are a number of recurring jokes about this kind of behaviour, with The Register’s Bastard Operator From Hell series being the best example of it. However, the reason that these jokes exist is that by and large, sysadmins understand that by virtue of their job, they have been given a very large amount of access. The jokes are there to underscore the fact that with that great power, comes great responsibility. Almost all of the sysadmins who I have worked with or dealt with over the years have a high degree of integrity — and I simply cannot imagine them casually reading someone’s private email and covering their tracks.
Secondly, there’s also a broader issue here with the Sydney Morning Herald’s reporting.
Do sysadmins and other IT professionals have higher levels of access to sensitive organisational data than other staff? Of course they do. It’s part of their job to keep the systems running which store such data, and they are also often called upon by management to carry out certain acts with respect to that data. If they can’t access that data, they often can’t do their job.
However, sysadmins aren’t the only professionals with similar access. HR staff, for example, have extensive access to employee data, and anyone above a basic managerial level is usually able at most companies to obtain a certain level of access to the data of their employees. I’m sure a chief executive would be able to access whatever data they wanted inside their organisation. None of this is new or unusual — it’s part of the normal functioning of corporate life.
So why has the SMH chosen this moment to highlight this decades-old fact of corporate life, and attack sysadmins? Why sysadmins and not another profession such as HR professionals? Why cover this story at all? The answer, of course, is because of public relations (what else?).
Earthwave recently hired Australian PR firm Watterson to drum up some free publicity for its security services. Watterson is a very experienced PR firm which specialises in dealing with Australian technology journalists, and so has already been successful in getting Earthwave coverage with a number of the nation’s major technology media outlets (here, for example, or here, or here). It’s also recently begun issuing a ‘wave’ of self-promoting media releases. No doubt one of these, perhaps based on the ‘snooping’ scare campaign issue, found its way into the hands of the Sydney Morning Herald’s technology journalist team, and from there Bob was Earthwave’s uncle, so to speak.
It’s a classic IT security industry campaign: Use the press to scare businesses into thinking there’s some kind of threat, and then sell them the solution to dealing with that threat. In this case, however, I’m rather of the opinion, especially reading the dozens of outraged comments under the SMH’s article (outraged at Minassian, rather than at the issue of sysadmin snooping), that Earthwave’s PR efforts here might have backfired. This one in particular summed it up for me:
“I call bullshit. I’ve been in this industry for a long time now, people who would be stupid enough to display that lack of professionalism don’t last long. Way to pump your own services Mr. Minassian.”
My thoughts, precisely.
Latest Delimiter 2.0 articles (subscriber content)
|Politicians from Australia’s major parties need to stop issuing ludicrous blanket pardons for the intelligence community’s ongoing misdemeanours and start applying a basic modicum of transparency and accountability to this important national security function.|
|The independent pro-fibre National Broadband Network movement is doing a far better job of promoting Labor’s Fibre to the Premises-based NBN policy than Labor itself. When is Labor going to wake from its slumber and start supporting this scrappy but energetic grassroots network of activists?|
|Ziggy Switkowski's first substantial public appearance since being appointed NBN Co chief executive has starkly demonstrated just how different he is from his predecessor, Mike Quigley, and just how strictly he will adhere to the guidelines which his patron, Communications Minister Malcolm Turnbull, has set for him.|
|Australian technology companies have been virtually absent from the the nation’s public stockmarket over the past decade as the stigma of the dot com bust took its toll on investor confidence. But a clutch of new listings planned for the closing months of 2013 shows renewed interest in the sector and that local entrepreneurs are smelling money in the air once again.|
|NBN Co’s Strategic Review process gives the company an unmissable opportunity to re-evaluate the early decision to deploy its FTTP network primarily through Telstra’s underground ducts. The company and its new Coalition masters must now seriously consider deploying more fibre aerially on power poles in an effort to speed up its rollout substantially.|
|That moment which many Australian technologists fervently hoped for but never expected to see has come to pass: Simon Hackett has been appointed to the board of the National Broadband Network Company. But what questions should the Internode founder be asking NBN Co’s executive management team? Here’s five ideas to start with.|
|The rapid replacement of respected NBN Co chief operating officer Ralph Steffens with a Telstra executive who appears less experienced with fibre rollouts but better politically connected represents a key signal that NBN Co’s senior executive hiring process has now become completely politicised and is no longer independent from the Federal Government.|
Enterprise IT, News - Dec 10, 2013 17:23 - 1 Comment
More In Enterprise IT
- David Boyle appointed NAB CIO
- Qld payroll lawsuit ‘rewriting history’, says IBM
- Harbour City Ferries goes Microsoft across the board
- Payroll disaster: Queensland sues IBM
- End of an era: Oracle Australia’s ‘safe hands’ leaves
News, Telecommunications - Dec 10, 2013 18:16 - 1 Comment
More In Telecommunications
- Telstra 4G trials hit 300Mbps
- “Captain of the Titanic”: Turnbull mocks Quigley’s NBN tenure
- NBN Co still has 1Gbps on way
- Delimiter appeals Turnbull Blue Book censorship
- Final closure: TPG buys AAPT for $450m
Blog, Industry, Startups - Dec 10, 2013 10:19 - 0 Comments
More In Industry
- Telstra shares millions with Box
- The Australian IT sector needs a stronger voice
- Xbox One goes off with a bang … but will the PS4 launch eclipse it?
- It’s not just Freelancer: Aussie tech IPOs are back in general
- Freelancer’s IPO: A billion reasons to care
Digital Rights, News - Dec 10, 2013 18:57 - 0 Comments
More In Digital Rights
- Telstra ‘not logging’ customers’ web, email history
- Labor, Coalition reject Intelligence committee reformation
- Screwed: Australian PS4, Xbox One lack basic functionality
- Censored: Appeal for AG’s Blue Book fails
- Senate to force TPP publication