Hi, this is Wayne again with a topic “Not Everyone Needs a Key”.
Uh, hello, W dlll Luke, I’m relatively I’m a relatively new IT director of a booming it team. What criteria do you use to give Junior admins or Engineers admin passwords or the keys to the kingdom for critical infra uh? Generally, it’s Ru AJ um. If the answer is no flowchart, then then no, if the answer is yes, then yeah um, so AJ’s been with us over five years now, um years shut up has seven pretty sure he he technically started helping me with things in a nonprofessional capacity in 2016. Good Lord um, that was super light. Okay um by the time we’re in 2017.
Things are ramping up, he’s still technically nonprofessional capacity at the beginning of the year. By the end of the year, he’s working with us full-time, um, yeah um, I don’t know it’s diff. It’S very difficult, though it’s actually really hard um. You need to not one thing that you need to communicate to your team.
That I think, is actually really important to communicate. Is that it’s not a sign of respect? It’S it’s! No seriously, though it’s it’s! No! I was just I was looking at our um sales report. Yeah yeah, yeah um having the keys is a threat for everyone. It’S not a good thing.
You don’t want too many people to have access to St. You want generally at least two admins on every system. Just in case, something goes wrong with one of the admin accounts: you can still recover it or whatever um, but other than that. You really want to limit it as much as possible and what you might end up wanting to do. Uh because it sounds like your team might be fairly. Sizable is to have some like areas of ownership.
So you have a person who has the keys to a certain like portion of the IT department um, but they don’t have it for all of it and then a different person has it for another portion, and then you have it for all of them or something Like that, but there shouldn’t be very many people that have it for all of them, ideally just kind of one and then uh, some people that have smaller amounts. It’S it’s an accountability. Ah, it’s a risk Vector because every account has a potential to be compromised.
So, even if like every single person at LTT was perfectly trustworthy, which I’m sure they are um, if we gave every single person full admin rights to every single thing, then every single person’s account is now a major insanely scary attack, Vector to owning everything that we Have um so you just you, don’t want to do that um! So you it’s like. I have people on my team that are like happy when they lose permissions to things cuz they’re like oh. I don’t have to like worry about this thing So Much Anymore, which is good, um yeah, I don’t know so. It’S scary try to try to slowly creep your trust with people um like increase it slowly, um yeah, fun. Fact. One of the reasons why, when I was at school I was seriously thinking about becoming a database administrator was because I was like hey if I’m in control of all your data, you’re, probably going to pay me pretty well, that was yeah.
It’S like I don’t know like I, I, when you have access to extremely important things and all that type of stuff it comes with. You are a a portion of risk, and you know that person is probably going to be taken care of decently. Well, that was a thought process.
.