Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

6 dirty secrets of the IT industry

IT pros blow the whistle on the less-than-white lies and dark sides of the tech business

Article comments

IT pros usually know where the bodies are buried. Sometimes that's because they're the ones holding the shovel.

We asked InfoWorld readers to reveal the dirtiest secrets of IT -- the less-than-white lies and dark sides of technology that others may not be aware of. We then ran those "secrets" through a BS detector, fact-checking them with experts in the relevant field. In some cases the experts concurred, in other cases they did not.

Do sys admins wield power far beyond the CIO's worst nightmares? Are IT employees routinely walking off with company equipment? Can the data you store in the cloud really disappear in an instant? Are you paying far too much for tech support?

Read on to find out what our leakers and experts believe.

What's the biggest IT secret you know about? Spill the beans below.

Dirty IT secret No. 1: Sys admins have your company by the short hairs

When the IT fox is guarding the data hen house

Anyone who's followed the Edward Snowden story knows what kind of damage a sys admin with an agenda can do. But even IT people may not realize the full range of unfettered admin access and the kinds of pain it can bring.

"There are no secrets for IT," says Pierluigi Stella, CTO for managed security service provider Network Box USA. "I can run a sniffer on my firewall and see every single packet that comes in and out of a specific computer. I can see what people write in their messages, where they go to on the Internet, what they post on Facebook. In fact, only ethics keep IT people from misusing and abusing this power. Think of it as having a mini-NSA in your office."

This situation is more common than even most CIOs are aware of, says Tsion Gonen, chief strategy officer for data protection firm SafeNet.

"I'd estimate this is true in 9 out of 10 organizations," he says. "Enterprise security is only as secure as the ethics of trusted IT administrators. How many of them have sys admins who abuse their access privileges is harder to say -- but enough to hit the news almost every week. The scariest thing is that the same people who present the greatest risk are often the very people who approve access."

David Gibson, VP of Varonis, a data governance solution provider, agrees that admins are often able to access data they shouldn't without being noticed, but he puts the number closer to 50 percent. He adds it's not just the admins; most users have access to far more data than they need to do their jobs.

He says the solution comes down to getting a better handle on two things: reducing access to get to a "least privilege" model, and continuous monitoring of who is accessing data.

"The organization needs to be able to see who has access to what data, who the data belongs to, and who has been accessing which files," he says. "From there, IT can involve the data owners directly to make informed decisions about permissions and acceptable use."

Dirty IT secret No. 2: Your employees may be helping themselves 

When "retired" IT assets enjoy a surprise second career

Old tech equipment rarely dies, it just finds a new home -- and sometimes, that home is with your IT employees.

"Employee theft of retired equipment is commonplace," says Kyle Marks, CEO of Retire-IT, a firm specializing in fraud and privacy compliance issues relating to IT asset disposition. "I have never met someone from IT that doesn't have a collection of hardware at home. To many, taking retired equipment is a victimless crime. Most don't view it as a security threat. Once equipment is retired, they act like it is fair game."

The problem with taking equipment bound for the scrap heap or the recycling bin is that it often still contains sensitive data, which if lost could result in massive liability for the company that owns the equipment, says Marks. And, of course, it is still theft of company equipment.

"Theft and fraud are serious situations that create massive privacy liability," he adds. "A capricious IT insider can have costly consequences if left unchecked. Yet in most cases, the people responsible for making sure assets are disposed of properly -- with all data removed -- are in IT. Organizations need to have a 'reverse procurement' process that assures assets are retired correctly."

But does every IT employee really steal old hardware? A veteran of the IT asset disposition industry, who asked to remain anonymous, says the problem isn't nearly as commonplace as Marks makes it out.

"I'm not saying that theft is nonexistent," he says. "I am simply stating that I have never met anyone in the industry with that particular mind-set."

Most equipment that goes missing is simply lost for other, less nefarious reasons -- like it was shipped to the wrong place, he adds.

"It sounds like a bad generalization when in essence a lot companies pride themselves on providing secure services and act in a way that is completely honest and full of integrity."


Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *