By Larry LaBas – Senior Management Consultant
In the aftermath of the past year’s publicized security incidents such as the Target malware, Home Depot hack, and now Sony Entertainment’s troubles, we continue to be reminded that technology is only one part of the play. On the stage, we also have others such as the users, other businesses, management, and system administrators. All play a part in the opera of business, but one area can accelerate or destroy a performance quickly.
Think of technology as the stage, lights, and props for a play. They may have been purchased or created to fill a particular need in the play. However while where they are placed, how and when they are used is usually set in the script, it is the stage manager or director who creates the flow and works to ensure the pieces are where they are needed and when.
When we look at all three major events mentioned above, one common theme comes forward in that the stage managers missed several key parts of what common IT and security best practices should have been in their scripts. The issues were not in the scripts, props or where the props were placed. More than some script parts or props were misused, incorrectly configured, ignored or plainly mishandled.
Avoiding a bad performance takes teamwork, however, the stage manager has a key role in the building, documenting, preparing and operating during a performance. If any of the areas do not go well then the performance may not go well. Enter the stage manager of the IT world, the system administrator.
Enabling, supporting and fostering many system administrators over the past number of years has given me a unique perspective on security, management and how the systems administrator affects both while being a business enabler or detractor. Sometimes without even knowing the effects, they can have.
A systems administrator like the stage manager performs many duties in a company. They may plan the architecture, build your infrastructure, deploy the applications, troubleshoot issues, work with customers (internal/external), perform vendor management, etc. Similar to the roles needed to ensure a play is ready for the performance and then that all goes well during the execution.
If we look at all three plays above we could surmise from the after-action reports that the system administrators may not have been as effective as they could have been. Without knowing the intimate internal details it is not clear if the causes were work overload, inherited bad architecture, bypass of standards or simply poor systems administration. It is clear however that there are some mitigating steps that could have been in place earlier that would have reduced or possibly prevented (to some extent at least) major impacts on the businesses and customers.
Systems administrators could have played key roles in preventing or mitigating some of the effects of all three incidents. Setting zones of segregation, access levels, ensuring up-to-date patches were applied, password encryption are some of the technical ways systems administrators could have helped. Staying in tune with current best practices, industry trends, escalating appropriately when needed might have also lessened the effects as enabling good systems administration.
What we can say is that as leaders we need to support and foster good systems administration in our own businesses. Just like having good stage managers to help direct the show. While this needs to be in the three areas of technology, process, and people the main focus of this should be the people. That’s where the greatest impact will come from. One can have the best technology and practices in place however if they are not used, followed or appropriately challenged then the benefits won’t be realized.
Who are the systems administrators that I want on my teams helping the business with its performance on stage? Those who will help accelerate the business, be part of a team and continue to grow both technically and in their knowledge of the business. Good team members who are willing to help find solutions to problems, learn new technologies as needed, raise flags when they see a risk, learn and apply best practices when appropriate and challenge appropriately for the betterment of the business, the team and themselves.
Do we need superstars? Yes. Junior systems administrators? Yes. Good systems administrators? Definitely. Having all three is best and you can mentor, train or hire from Junior to a superstar but having good systems administrators you can trust, train, and rely on that you will support is critical.