- 1
- 2
- < previous
The issue isn't just control over passwords, but also over documentation relating to configurations and changes. Often in situations such as this, "requests for access, passwords and documentation are frequently taken as hostile acts by those that have been holding the keys to the kingdom," he added. "In my experience I have encountered this type of situation on more then one occasion," he said. In one incident, a mainframe systems programmer had to be fired for changing access rights because he disapproved of others' activities on the system, Michael said. In another case, the individual resigned when he "realized that the pressure to follow processes and procedures was not going to go away despite the protesting," Michael said.
These practices persist due to lack of resources and prioritization, said Richard Gorman, CEO of Vormetric, a vendor of database security and encryption products. "For many organizations, security is not a mission-critical priority until it has been breached," Gorman said. As a result, it is not unusual to find many companies handing over control of entire networks and systems to one individual. "There is no valid technical reason to do this," and it is something that can always be avoided. Nonetheless, it is "surprisingly common."
Especially in smaller and medium-sized companies, control is vested in a single individual in order to more cost-efficiently troubleshoot problems and take care of daily administrative tasks such as resetting passwords, said Raj Rajamani, product manager at Solidcore Systems, a vendor of change management products.
"If you have one person serve as an administrator, then have another person audit the administrator, and have yet another person audit the auditor, you get into a costly and time-consuming cycle of inefficiency," he said. Tools are available to do this sort of auditing, but often the process can be more of an impediment than a benefit, he said.
"Single points of failure are always bad," said John Pescatore, an analyst with Gartner. "There should never be one person who is the only person who knows the configuration or the password." Companies need to make sure there are at least two if not three people who share the knowledge of network configurations and server configurations. "As a minimum, require it to be documented and stored somewhere if personnel limitations say you can't have personnel with overlap," Pescatore said.
- 1
- 2
- < previous
- +
Strategies for Dealing With IT Complexity 24/12/2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. AP-7131 | The industry’s first 802.11n access point with tri-radio design
Everything you need to know about email and web security (but were afraid to ask)
The disruptive approach of open WiMAX
Motorola Introduces 802.11n Wireless LAN Switch Enabling the All-Wireless Enterprise
The Case for an Untethered Enterprise
LANPlanner | Ensuring High Performance WLAN Networks
RFS6000 | Wireless switch
Look before you leap | Key considerations for moving to 802.11n
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Know thy self: Reduce costs, secure data and ensure compliance with identity management
Midsize businesses cannot operate effectively without the ability to control access to their networks and business systems. A strong identity management platform can play the role of gatekeeper and guardian of business intelligence and information. Read on to discover how you can create a strong identity management plan to protect your business.
Buying Guides
Latest Products
Buying Guides
