Windows Server 2012 Resource Centre
[ad] Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Click here to visit our Windows Server 2012 Resource Centre with case studies, white papers and articles about Windows Server 2012.
Nokia Lumia Smartphones: Innovation's calling
[ad] Nokia Lumia with Windows Phone comes with unique camera technology, wireless charging and turn-by-turn navigation. Make every image picture perfect. See your city differently. Charge without wires. Click here to learn more.
Save up to $199 on Dell XPS 12 Ultrabooks: Power for your projects and passions.
[ad] This convertible Ultrabook™ delivers the speed and performance you expect from the XPS family in a sleek new design that's ready for work and play. Don't get two pieces of technology when one will do it all. The Dell XPS 12 is a tablet and Ultrabook combined to produce the perfect laptop.
Great articles on other sites
- $5.2m to put e-tax on Mac
- Galaxy S 4 “Google Edition” to be available in Australia via MobiCity
- When does mission creep become censorship?
- First NBN fibre extension completed
- Proof the internet filter lives on by other means
- Budget 2013: Heavy on 'showcasing', light on strategy
- CGU to replace core insurance system
- Google Australia calls for mandatory comp sci until year 10
- Spectrum fail could help Libs fight Labor's regional NBN
- Offended By Fraudband? Maybe You Shouldn’t Have Said It First
Managing virtualised environments: Free whitepaper
[ad] Virtualisation is one of the single most important technologies for efficiently operating servers. This free whitepaper presents information about current trends in virtualisation adoption, risks associated with single vendor virtualisation, and the benefits of open source virtualisation. Click here to download the whitepaper.
One More Thing - iOS App Maker Conference - 24th May
[ad] If you make iOS apps, come listen to the best in the industry share their tip & tricks for App Store success. Melbourne, 24th May, 2013 - use the coupon code "delimiter" for 5% off.
Enterprise IT, Featured, News - Written by Renai LeMay on Monday, April 16, 2012 16:23 - 22 Comments
Lacking reality: Sysadmins slam “snooping” claims
news Australia’s peak representative body for systems administrators has taken an axe to claims published in the Sydney Morning Herald last week that a huge proportion of IT professionals abused their system access to illegitimately read others’ email, calling for evidence to be presented to back the claim.
The claim was made in an article published by the newspaper last week, by Carlo Minassian, founder and chief executive of Earthwave, a minor IT security company based in North Sydney. “We know that 40 per cent of IT email administrators and IT managers look inside their manager’s, their board’s, their chief information officer’s, and chief executive officer’s emails regularly and read their email,” Minassian reportedly said.
However, in a statement issued this morning, the System Administrators Guild of Australia (SAGE-AU) strongly repudiating the claim, stating that it “does not reflect reality”. “SAGE-AU condemns the article for lacking any qualification or validation of this figure,” the organisation’s statement read. “The only source quoted is an organisation whose primary focus is the outsourcing of email and other computer system management for Australian businesses. SAGE-AU believes the claimed figure does not reflect reality and that the actual figure across all industries is substantially lower than this. SAGE-AU invites clear evidence from any party to the contrary – if it should exist!”
SAGE-AU highlighted figures published by the Australian Bureau of Statistics, which showed crime victimisation rates in the low single digit percentages across a wide range of crimes. The organisation noted that it anticipated a similar figure (in the low single digit percentages) would apply in the case of IT professionals illegitimately accessing email systems at their workplace. The systems administrator’s group additionally pointed out that modern technology platforms came with audit features built in, which would chronicle both authorised an unauthorised (or even attempted) access to data such as archived email.
“Actions which result in data access by any user, including system administrators, are logged at time of access and recorded in security log files,” the organisation wrote. “Access by administrators to private data of the scale suggested in the article would simply not go un-noticed.”
Furthermore, SAGE-AU added that its members committed to a published code of ethics upon joining the organisation, which contained provisions specifically applying to the appropriate use of an employer’s computing assets, and “to the need to uphold the privacy and confidentiality of material stored on computing systems”. SAGE-AU could expel members for breaches of the code, it noted — and it encouraged Australian organisations to employ IT professionals which were members of such a professional group.
SAGE-AU’s code of ethics on the matter of privacy asks its members to commit to the following statement: “I will access private information on computer systems only when it is necessary in the course of my duties. I will maintain the confidentiality of any information to which I may have access. I acknowledge statutory laws governing data privacy such as the Commonwealth Information Privacy Principles.”
Update: Minassian has provided some further information on the issue, including some of the statistical basis for his claims, in this article on ZDNet.com.au.
What disturbs me about the Sydney Morning Herald’s article is two things. Firstly and most obviously, there is the fact that it completely unfairly demonises a whole class of professionals for merely having access to the resources needed to do their job, without providing a shred of evidence that there is systemic abuse of those resources.
Take this sentence for example, referring to Minassian: “He said IT administrators “can’t help themselves” as soon as they have control and authority over IT assets.”
To my mind, this is a grossly inaccurate and stereotypical generalisation of an entire category of professional. I’ve worked as a systems administrator myself at several major organisations (for example, David Jones), and I can say that if sysadmin staff had been busted spying on sensitive corporate email outside of their remit, they would have been shown the door in almost all cases with no hesitation. I know the IT managers of the groups I have worked for would have taken it very seriously.
It is true that in the IT community, there are a number of recurring jokes about this kind of behaviour, with The Register’s Bastard Operator From Hell series being the best example of it. However, the reason that these jokes exist is that by and large, sysadmins understand that by virtue of their job, they have been given a very large amount of access. The jokes are there to underscore the fact that with that great power, comes great responsibility. Almost all of the sysadmins who I have worked with or dealt with over the years have a high degree of integrity — and I simply cannot imagine them casually reading someone’s private email and covering their tracks.
Secondly, there’s also a broader issue here with the Sydney Morning Herald’s reporting.
Do sysadmins and other IT professionals have higher levels of access to sensitive organisational data than other staff? Of course they do. It’s part of their job to keep the systems running which store such data, and they are also often called upon by management to carry out certain acts with respect to that data. If they can’t access that data, they often can’t do their job.
However, sysadmins aren’t the only professionals with similar access. HR staff, for example, have extensive access to employee data, and anyone above a basic managerial level is usually able at most companies to obtain a certain level of access to the data of their employees. I’m sure a chief executive would be able to access whatever data they wanted inside their organisation. None of this is new or unusual — it’s part of the normal functioning of corporate life.
So why has the SMH chosen this moment to highlight this decades-old fact of corporate life, and attack sysadmins? Why sysadmins and not another profession such as HR professionals? Why cover this story at all? The answer, of course, is because of public relations (what else?).
Earthwave recently hired Australian PR firm Watterson to drum up some free publicity for its security services. Watterson is a very experienced PR firm which specialises in dealing with Australian technology journalists, and so has already been successful in getting Earthwave coverage with a number of the nation’s major technology media outlets (here, for example, or here, or here). It’s also recently begun issuing a ‘wave’ of self-promoting media releases. No doubt one of these, perhaps based on the ‘snooping’ scare campaign issue, found its way into the hands of the Sydney Morning Herald’s technology journalist team, and from there Bob was Earthwave’s uncle, so to speak.
It’s a classic IT security industry campaign: Use the press to scare businesses into thinking there’s some kind of threat, and then sell them the solution to dealing with that threat. In this case, however, I’m rather of the opinion, especially reading the dozens of outraged comments under the SMH’s article (outraged at Minassian, rather than at the issue of sysadmin snooping), that Earthwave’s PR efforts here might have backfired. This one in particular summed it up for me:
“I call bullshit. I’ve been in this industry for a long time now, people who would be stupid enough to display that lack of professionalism don’t last long. Way to pump your own services Mr. Minassian.”
My thoughts, precisely.
Leave a Comment
Blog, Enterprise IT - May 23, 2013 13:03 - 0 Comments
More In Enterprise IT
- Victoria abandons IT shared services?
Core CenITex services to be outsourced
- Australia gets two Windows Azure datacentres
- Oracle reveals swathe of Aussie rollouts
- Australia’s universities hacked on a regular basis
- 32 years later, CGU replaces insurance IT platform
News, Telecommunications - May 23, 2013 11:57 - 78 Comments
More In Telecommunications
- Telstra set for massive internal restructure
- iiNet sells TransACT’s FTTP to NBN Co
- At death’s door:
Vodafone loses 216k more customers
- 4G race: Telstra turns on 1500th tower
- Optus launches TD-LTE 4G trial in Canberra
Blog, Gadgets, Gaming - May 23, 2013 14:28 - 21 Comments
More In Gadgets
- Sony Xperia Z tablet hits Australia
- HP Slate 7 to land in Australia shortly
- Why touchscreens matter for laptops
(Or, review of the ThinkPad X1 Carbon Touch)
- Amazon Appstore challenging Google Play as Australian launch looms
- Consoles to suffer as tablets triple mobile games downloads by 2017