‘Your IT infrastructure and the data it supports are Mission Critical assets’
MTS is in the business of supporting small, medium, and large scale network infrastructure for clients from the public, private, and NGO sectors. We support our client base as they deploy scores of applications across thousands of end-user devices, in dozens of physical locations. Every day of the week, we respond to numerous support requests most of which can be handled quickly and easily. To the casual observer and/or daily computer user, we do our best to make it look simple and easy. After all, end users and administrators have work to do, and that usually doesn’t involve adjusting the IT infrastructure, ensuring the security and integrity of the network, or deploying applications to dozens of desktops. In short, we do our job quickly and effectively so our clients can do theirs.
Sometimes the apparent ease with which things get done can be deceptive. How often are we inspired to hop up on the stage after a great performance? The performer is so skillful it is as if it requires no skill at all. However, whether the skill is a theatrical performance, or tuning a network of computers, the ease with which it appears to get done belies the underlying complexity and the specificity of the procedures that need to be followed to make it work in the first place and keep working well moving forward.
So it is with IT services. Today’s networked environment has evolved over decades and now has the capacity to move as much data every single day as was even in existence 30 years ago. The internet moves 2500 PB of data each day. The sheer scale is incomprehensible in terms of quantity of data, let alone the sophisticated equipment and software protocols required to route that much data efficiently.
Further, today’s networks are under constant attack. As of 2013, the volume of automated internet traffic exceeded that of live traffic and this trend continues. In addition, directed attacks such as spoofing, phishing, man-in-the-middle, DDOS, and social engineering are routine. Monitoring networks for penetration, enacting defenses, and responding to threats and/or actual attacks are round the clock activities for MTS technicians. Any activity on the network that compromises security is potentially an existential threat to the operation of the network and the underlying data it supports.
Add into the mix the end user. In a perfect world, the inner workings of the IT infrastructure is transparent to the end user – they neither know nor care how network engineers make things work. In more practical terms, we strive to offer end users a highly available, very secure, and easy to use network infrastructure. 90% of what we do is done ‘behind the scenes’, either in the local IT ‘datacenter’ or remotely from our offices. End users see approximately 10% of what MTS IT technicians do on a daily basis and sometimes may draw inaccurate conclusions about what it is we do and how we get it done.
This leads to a common request – elevated access privileges for the purposes of ‘minor’ tasks such as installing printers and software.
Did you know there is a right way and a wrong to perform installation tasks?
Yes, it’s true, just like any routine maintenance task, installing applications, printers, and other software and hardware on your network needs to be done a certain way. Whether we like it or not, printers and printer drivers continue to be noticeable points of failure on all networks. It is common for improperly installed printer drives to essentially disable one or more workstations on a network and possibly the printer itself.
Software installation is now a high-risk activity – applications must have execute permission in order to run an improperly installed software package can expose the network to direct attack. End users are certainly capable of running a software installation program, but most do not have the IT background to ensure a secure installation, which also works correctly in a network environment.
Don’t become a casualty
Over the past few years it has become a regular occurrence – news of a network intrusion and massive amounts of user data being compromised. This is a serious problem with numerous consequences. Often overlooked are the ground level personnel involved. They are direct victims of the criminal activity, but unlike many crime victims, because of their professional position they are held accountable as responsible parties, not victims. In other cases, there is no criminal activity, rather a problem has arisen with an organization’s IT infrastructure and we are called to assist. Naturally, when the problem is serious enough, executives and administrators investigate and as part of this process they seek our opinion on ‘how it happened’. There are always multiple contributing factors, but one we prefer not to identify is unnecessary elevated privileges.
In the IT world, there is a fundamental tenant of security known as ‘least privilege’. You can view the Wikipedia entry here. Put simply, each person, application, or process is given only the minimum level of access required to perform their necessary and approved function on the network. If any doubt exists we err on the side of caution. Naturally, this leads to the occasional circumstance where an end user is unable to complete a task without our assistance, but fortunately, this is not the norm.
Nevertheless, we field our share of requests for elevated privileges i.e. administrator level access, on the part of end users and administrators. Consider carefully, when asking for this level of access. Ultimately, that decision is made by the network owners, not by MTS, but do keep in mind that true Administrator-level access on today’s networks implies the ability to do virtually unlimited damage to the network and its assets, up to and including complete and irreversible data loss.
Consider carefully if the need for Administrator access truly outweighs the associated risks. There are a number of alternatives available and we are happy to explore them with our clients.
Contact Us for help with your IT needs: