[LINK] No more human sysadmins??

[Bernard Robertson-Dunn]

On 9/08/2013 5:41 PM, Robert Brockway wrote:
> On Fri, 9 Aug 2013, Bernard Robertson-Dunn wrote:
>
>> Sysadmins can only get at data that is viewable with "common" programs
>> e.g. data in files with .txt .docx .wri type extensions.
>>
>> If the data are held in an application and can only be accessed via that
>> application, then sysdamins can't get at the data - they need
>> application level access.
> The sysadmin responsible for managing the application

Sys admins shouldn't manage applications, they should only manage systems.

Application managers should manage applications. It's a question of 
division of responsibilities.

If the data is held in an SQL database and only an application can 
access that application, then the sysadmin would have to go through the 
application.  If they are not in the ACL (which is under the control of 
the application manager), then they can't get at the the data. If 
necessary, the data in the SQL DB can be encrypted.


> There are approaches that can be taken to limit this sort of behaviour but
> they generally take a level of effort and discipline I've rarely seen in
> organisations.

If it's important enough, it can be done. The ABS does it for census 
data, national security is somewhat more important.

> I don't agree that it is easy to all. Siloing can be used to restrict 
> access but it tends to be an expensive and cumbersome approach - so 
> much so that most organisation don't use it at all, even many that 
> should. 

DoD and NSA are not "most organisations"

-- 

Regards
brd

Bernard Robertson-Dunn
Sydney Australia
email: brd at iimetro.com.au
web:   www.drbrd.com
web:   www.problemsfirst.com
Blog:  www.problemsfirst.com/blog