Enjoy the freedom to innovate and grow your business
[ad] With Microsoft Azure you have hybrid cloud flexibility, allowing your platform to span your cloud and on premise data centre. Learn more at microsoftcloud.com.
IT Admin: No Time to Save Time?
[ad] Do you spend too much time patching machines or cleaning up after virus attacks? With automation controlled from a central IT management console accessible anytime, anywhere – you can save time for bigger tasks. Try simple IT management from GFI Cloud and start saving time today!
Free Forrester analysis of CRM solutions
[ad] In this 25 page report, independent analyst house Forrester evaluates 18 significant products in the customer relationship management space from a broad range of vendors, detailing its findings on how CRM suites measure up and plotting where they stand in relation to each other. Download it for free now.
Great articles on other sites
- Former Jetstar CIO picks up new gig
- Bitcoin goes retail with Westfield ATM
- Turnbull too quick to abandon faster, smarter broadband service
- NBN hypocrisy confirms contempt for process
- Turnbull walks away from NBN high ground claims
- Costs must be fixed first in piracy solution: Comms Alliance
- NAB deploys Chaos Monkey to kill servers 24/7
- History won't judge Turnbull's governance-free NBN kindly
- Telstra drops cap on wholesale 3G
- Calls for technological neutrality in Financial System Inquiry
Reader giveaway: Google Nexus 5
We’re big fans of Google’s Nexus line-up in general at Delimiter towers. Nexus 4, Nexus 7, Nexus 10 … we love pretty much anything Nexus. Because of this we've kicked off a new competition to give away one of Google’s new Nexus 5 smartphones to a lucky reader. Click here to enter.
Enterprise IT, Featured, News - Written by Renai LeMay on Monday, April 16, 2012 16:23 - 22 Comments
Lacking reality: Sysadmins slam “snooping” claims
news Australia’s peak representative body for systems administrators has taken an axe to claims published in the Sydney Morning Herald last week that a huge proportion of IT professionals abused their system access to illegitimately read others’ email, calling for evidence to be presented to back the claim.
The claim was made in an article published by the newspaper last week, by Carlo Minassian, founder and chief executive of Earthwave, a minor IT security company based in North Sydney. “We know that 40 per cent of IT email administrators and IT managers look inside their manager’s, their board’s, their chief information officer’s, and chief executive officer’s emails regularly and read their email,” Minassian reportedly said.
However, in a statement issued this morning, the System Administrators Guild of Australia (SAGE-AU) strongly repudiating the claim, stating that it “does not reflect reality”. “SAGE-AU condemns the article for lacking any qualification or validation of this figure,” the organisation’s statement read. “The only source quoted is an organisation whose primary focus is the outsourcing of email and other computer system management for Australian businesses. SAGE-AU believes the claimed figure does not reflect reality and that the actual figure across all industries is substantially lower than this. SAGE-AU invites clear evidence from any party to the contrary – if it should exist!”
SAGE-AU highlighted figures published by the Australian Bureau of Statistics, which showed crime victimisation rates in the low single digit percentages across a wide range of crimes. The organisation noted that it anticipated a similar figure (in the low single digit percentages) would apply in the case of IT professionals illegitimately accessing email systems at their workplace. The systems administrator’s group additionally pointed out that modern technology platforms came with audit features built in, which would chronicle both authorised an unauthorised (or even attempted) access to data such as archived email.
“Actions which result in data access by any user, including system administrators, are logged at time of access and recorded in security log files,” the organisation wrote. “Access by administrators to private data of the scale suggested in the article would simply not go un-noticed.”
Furthermore, SAGE-AU added that its members committed to a published code of ethics upon joining the organisation, which contained provisions specifically applying to the appropriate use of an employer’s computing assets, and “to the need to uphold the privacy and confidentiality of material stored on computing systems”. SAGE-AU could expel members for breaches of the code, it noted — and it encouraged Australian organisations to employ IT professionals which were members of such a professional group.
SAGE-AU’s code of ethics on the matter of privacy asks its members to commit to the following statement: “I will access private information on computer systems only when it is necessary in the course of my duties. I will maintain the confidentiality of any information to which I may have access. I acknowledge statutory laws governing data privacy such as the Commonwealth Information Privacy Principles.”
Update: Minassian has provided some further information on the issue, including some of the statistical basis for his claims, in this article on ZDNet.com.au.
What disturbs me about the Sydney Morning Herald’s article is two things. Firstly and most obviously, there is the fact that it completely unfairly demonises a whole class of professionals for merely having access to the resources needed to do their job, without providing a shred of evidence that there is systemic abuse of those resources.
Take this sentence for example, referring to Minassian: “He said IT administrators “can’t help themselves” as soon as they have control and authority over IT assets.”
To my mind, this is a grossly inaccurate and stereotypical generalisation of an entire category of professional. I’ve worked as a systems administrator myself at several major organisations (for example, David Jones), and I can say that if sysadmin staff had been busted spying on sensitive corporate email outside of their remit, they would have been shown the door in almost all cases with no hesitation. I know the IT managers of the groups I have worked for would have taken it very seriously.
It is true that in the IT community, there are a number of recurring jokes about this kind of behaviour, with The Register’s Bastard Operator From Hell series being the best example of it. However, the reason that these jokes exist is that by and large, sysadmins understand that by virtue of their job, they have been given a very large amount of access. The jokes are there to underscore the fact that with that great power, comes great responsibility. Almost all of the sysadmins who I have worked with or dealt with over the years have a high degree of integrity — and I simply cannot imagine them casually reading someone’s private email and covering their tracks.
Secondly, there’s also a broader issue here with the Sydney Morning Herald’s reporting.
Do sysadmins and other IT professionals have higher levels of access to sensitive organisational data than other staff? Of course they do. It’s part of their job to keep the systems running which store such data, and they are also often called upon by management to carry out certain acts with respect to that data. If they can’t access that data, they often can’t do their job.
However, sysadmins aren’t the only professionals with similar access. HR staff, for example, have extensive access to employee data, and anyone above a basic managerial level is usually able at most companies to obtain a certain level of access to the data of their employees. I’m sure a chief executive would be able to access whatever data they wanted inside their organisation. None of this is new or unusual — it’s part of the normal functioning of corporate life.
So why has the SMH chosen this moment to highlight this decades-old fact of corporate life, and attack sysadmins? Why sysadmins and not another profession such as HR professionals? Why cover this story at all? The answer, of course, is because of public relations (what else?).
Earthwave recently hired Australian PR firm Watterson to drum up some free publicity for its security services. Watterson is a very experienced PR firm which specialises in dealing with Australian technology journalists, and so has already been successful in getting Earthwave coverage with a number of the nation’s major technology media outlets (here, for example, or here, or here). It’s also recently begun issuing a ‘wave’ of self-promoting media releases. No doubt one of these, perhaps based on the ‘snooping’ scare campaign issue, found its way into the hands of the Sydney Morning Herald’s technology journalist team, and from there Bob was Earthwave’s uncle, so to speak.
It’s a classic IT security industry campaign: Use the press to scare businesses into thinking there’s some kind of threat, and then sell them the solution to dealing with that threat. In this case, however, I’m rather of the opinion, especially reading the dozens of outraged comments under the SMH’s article (outraged at Minassian, rather than at the issue of sysadmin snooping), that Earthwave’s PR efforts here might have backfired. This one in particular summed it up for me:
“I call bullshit. I’ve been in this industry for a long time now, people who would be stupid enough to display that lack of professionalism don’t last long. Way to pump your own services Mr. Minassian.”
My thoughts, precisely.
Enterprise IT, Featured, News - Apr 16, 2014 16:49 - 0 Comments
More In Enterprise IT
- Former whole of Qld Govt CIO Grant resigns
- Hills dumped $18m ERP/CRM rollout for Salesforce.com
- Dropbox opens Sydney office
- Heartbleed, internal outages: CBA’s horror 24 hours
- Android in the enterprise: Three Aussie examples from Samsung
News, Telecommunications - Apr 16, 2014 11:46 - 65 Comments
More In Telecommunications
- “Labor mindset”: Turnbull denies cost/benefit hypocrisy
- One.Tel saga finally concluded
- NBN Co’s Telstra bill may be $98 billion
- NBN Co to kill TPG rollout while Minister dithers
- What’s actually important for the NBN: Upload speeds
Industry, News - Apr 15, 2014 15:54 - 3 Comments
More In Industry
- Tesla Model S may come to Australia shortly
- Equinix expands third Sydney datacentre
- Atlassian sells US$150m stock to US funds
- NSW Govt directly regulates taxi mobile apps
- Building a financial system for a cashless age
Analysis, Digital Rights - Apr 14, 2014 9:40 - 7 Comments
More In Digital Rights
- Europe says no to data retention, so why is it an option in Australia?
- House Foxtel: Unbowed, Unbent and Unreasonable
- Once again, Australia sets new Game of Thrones piracy record
- Website blocks, court orders, three strikes: Rights holders want it all
- Six more years: Ludlam on track for Senate win