Email spying not prevalent: sysadmins

Email spying not prevalent: sysadmins

Summary: The Systems Administrators Guild of Australia (SAGE-AU) has released a fiery statement defending the systems administrator role against a claim that almost half of all IT email administrators and IT managers look at their managers' emails regularly.


The Systems Administrators Guild of Australia (SAGE-AU) has released a fiery statement defending the systems administrator role against a claim that almost half of all IT email administrators and IT managers look at their managers' emails regularly.

The Sydney Morning Herald published quotes from Earthwave's CEO Carlo Minassian, who said, "We know that 40 per cent of IT email administrators and IT managers look inside their manager's, their board's, their chief information officer's, and chief executive officer's emails regularly and read their email."

SAGE-AU pointed out that Earthwave, which provides security services and advice to companies looking to outsource systems, would have a vested interest in companies believing that their IT admins are reading company emails.

SAGE-AU admitted that IT administrators do have access to "vast ranges" of sensitive information, and that they sometimes need to use that access to do their jobs. However, SAGE-AU said that the number of system admins spying on emails without permission would be much lower than 40 per cent. SAGE-AU said that the rate would likely be the same as that for other crimes listed in Australian Bureau of Statistics (ABS) reports, which are in low-digit percentages.

"Further, modern information systems provide multiple audit trails, which demonstrate both authorised and attempted or actual unauthorised access to any form of data on a computing system. Actions which result in data access by any user, including system administrators, are logged at time of access and recorded in security log files. Access by administrators to private data of the scale suggested in the article would simply not go unnoticed," the organisation said in a statement.

SAGE-AU members have to commit to a code of ethics, it said, which includes "appropriate use of an employer's computing assets" and the need to uphold privacy for material on company systems. However, not all employees read company codes, as shown by the recent Independent Commission against Corruption (ICAC) hearing looking into the conduct of a University of Sydney manager, who said that he often signs things without reading what they say.

Minassian has stood by his information, saying that the 40 per cent figure had come from investigations using the company's Real-time Threat Analysis and Incident tool, with a sample size of about 400 medium- to enterprise-sized companies. When the tool was being used less widely, the figure had been higher, he said.

The figure also excluded one-off clients that had contacted the company to investigate the issue, as well as email snooping that is difficult to detect, such as reading email from backup tapes or from the company's file system.

Along with looking at logs to checking email snooping, the tool also carries out other policing, to check, for example, when a sales employee copies a customer database before leaving the company, or when a developer takes code.

Minassian backed up his numbers with a Ponemon Institute study (PDF) conducted in December 2011 and sponsored by HP. It surveyed 5569 IT operations and security managers in 13 countries, including Australia, where 64 per cent of those surveyed believed that those with privileged access rights feel that they are allowed and empowered to access things, and 61 per cent believed that those with privileged access rights look at sensitive or confidential data because of their curiosity.

Minassian said that it is natural for the 60 per cent of administrators who are being ethical to be upset by the figure, as it questions their integrity.

He also agreed with SAGE-AU's comment that audit trails are there to detect such intrusions, but said that managing security takes time and money.

"Lack of resources and leadership makes it difficult to address the insider threat. Speaking with our clients, we have found out that the number one barrier to addressing this risk is lack of sufficient resources, followed by lack of leadership and finally ownership of managing insider threats," he said, adding that it doesn't make a lot of sense to have the same people that provide the services monitoring performance.

"Insiders have two things that external attackers don't: privileged access and trust. This allows them to bypass preventative measures, access mission-critical assets and conduct malicious acts, all while flying under the radar unless a strong incident-detection solution is in place," he said.

According to SAGE-AU president Stephen Gillies, hiring the right staff is critical.

"Employers should seek to employ staff with a strong sense of ethics who recognise their professional duties as reflected by their membership of an appropriate professional organisation," he said.

Topics: Collaboration, Security

Suzanne Tindal

About Suzanne Tindal

Suzanne Tindal cut her teeth at as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for the site.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • A fewe points
    - System admins are entrusted with a degree of trust similar to senior staff hence it comes with the territory that you trust them, the same as payroll people or anyone else with responsibilty in a business.
    - Secondly System admins are usually well paid and would not jepordise there salary to read someone elses emails
    - Thirdly it is important to be trusted and so if you violate the trust you are likely going to find it hard to get another job
    - What of software developers, database administrators, email engineers, network engineers and application support people that to perform their roles have the same kind of access
    - More over having worked in a number of businesses often System admins are requested by business owneres, Manageing Directors or the most senior people in businesses to access information on their behalf (after all they own it) so these people are very aware