Do you trust your admins? 5 tips to manage administrator access

The access rights that internal and external network admins possess carry the potential for abuse and errors that can expose systems and data. These practices can help avoid that.

login credential - user name, password - administrative controls - access control - single sign-on
Thinkstock

Trusting your administrators and outside consultants is a key part of the security process. But should you? I recently came across a story where an employee of a managed service provider (MSP) sold access to the client base. Years ago, a Microsoft security strategist, Steve Riley, asked attendees at the company’s security conference if they trusted their administrators. Astoundingly, most people in the room indicated that they did not trust their administrators.

As Riley stated at the time, “If we can’t trust the very people we hire to build and manage the mission-critical networks on which our business successes depend, we might as well unplug it all and revert to the days of stone knives and bearskins.”

Here are my suggestions for building trust in your internal and external admins.

1. Have an end-to-end process to manage and monitor

Trusting administrators will always carry risk, but having a process for interviewing, investigating, hiring, monitoring and terminating any employee or consultant who has the role of administrator will minimize that risk. 

To continue reading this article register now

The 10 most powerful cybersecurity companies