Confidential Documentation and the role of the Sysadmin

Question

I've got another interesting one.

I'm about to backup and reinstall the HR Administrator's PC. I suspect that the fastest way to do this is to use the Windows 7 Transfer tool, and create a backup of the entire Users and Settings profiles on the NAS.

I don't see a problem with this.
She claims that nobody else should be able to see the information on her computer. Fair enough. I think that the systems administrator (me), should be in a significant enough level of trust to be able to make a backup, no questions asked, and delete the backup once the task is complete.

Her view is, that nobody (not even the other directors) should be able to view the HR documentation on her PC.

We already have a semi-backup (files, not user-state) on box.net, which does allow granular access to various users.

Questions:

1) Which one of us is nuts, her or me?

2) Do you trust your sysadmins to take backups of company policy / HR files?

3) Does anyone have a LART?

Wait, she's worried about the security of these documents and they're being stored on an online service? Oh, and have her store those files in a TrueCrypt container. You can backup & restore the container as needed, and her documents are safe(r) from others. — afrazier, Jun 14 '11 at 13:01
One extra layer of things to go wrong. Also, one extra layer that I'll be unable to help with. — Tom O'Connor, Jun 14 '11 at 13:16
@Tom O'Connor: To take this to extreme: why not get her a typewriter? A modern computer has waaaay too many extra layers that could go wrong anyway (starting with the abstraction/shared delusion of discrete bits, and building up from there) - it's security vs usability, as usual. Encryption is indeed the Right Answer here, even if that's inconvenient. — Piskvor left the building, Jun 14 '11 at 14:31
Maybe I'm missing something... what's a LART? Google is less than helpful on this topic. — Mark Henderson, Jun 14 '11 at 22:56
Ah. I'm dubious of any references that cite newsgroups as their primary source... — Mark Henderson, Jun 14 '11 at 23:05

score 34 · Accepted Answer · answered Jun 14 '11 at 10:33

34

My opinion on this may not be popular here but I think she's right, HR is a very specific role in most businesses, requiring one very key skill - absolute discretion. IT people have to have a very wide range of skills and while discretion is important it's not the 'be all and end all' that it is with HR. Typically recruitment of IT people is less thorough in this area too.

Perhaps there's a technical solution to this, how about getting your HR people to backup their own stuff to encrypted external disks that they own/manage/store?

Ultimately you have to protect yourself, if there's no way you could get at HR data then you're in the clear, if your management see that you've tried your best and provided as secure and private a means to functionally get your job done without exposing yourself to accusations of data prying then they'll be happy - even if the process is clunky and slow.

Basically don't be afraid to cover your own arse in this area - most people will understand and the HR people will appreciate that you're respecting their role and authority. Plus of course you should never piss off HR anyway, these ninny's help decide your fate for some crazy reason :)

answered Jun 14 '11 at 10:33

Chopper3

100,240
9
106
238

2

I think we've actually come to a resolution based on a whole bunch of points. 1) Nothing sensitive is stored on the PC itself. 2) Backups will be done via DVD in the fire safe, and Box.net. 3) Turns out they do trust me, but still have to ensure they're covering their collective arses. – Tom O'Connor Jun 14 '11 at 11:38
2

"Typically recruitment of IT people is less thorough in this area too." That's a significant failure of HR & management. In many organizations (particularly SMBs), IT has "keys to the castle" levels of access, with the ability to read and modify nearly every document and DB stored within the organization. – afrazier Jun 14 '11 at 13:05
1

@afrazier - your absolutely right, but I've seen senior management's attitude towards IT recruitment in a number of companies and countries over the years - most senior people think of all but their top IT guys as a commodity, sad but true. – Chopper3 Jun 14 '11 at 13:21
It's not always just covering your ASSets. In many states (and some countries) failure to protect your integrity can open open up a world of legal hurt for you. – Jim B Jun 15 '11 at 03:22

score 10 · Answer 2 · answered Jun 14 '11 at 10:35

10

No. 1:

She has a point, but as you are trusted with other sensitive information you should be trusted with HR info as well. Explain you need access to backup the files.

No. 2:

I have full read access to my current systems. Everything gets backup and file access is logged. I've got more important things to worry about that poking through HR files, or finding how much the school spent on food for the school cat. In my previous workplace I was unable to view some of the Admin areas (but the network manager could).

No. 3:

enter image description here

answered Jun 14 '11 at 10:35

tombull89

2,958
8
39
52

8

As a system administrator, you have access to people's files, their emails, and network traffic. If a business can't trust their sysadmins then they already have a problem with the hiring practices. You need to have access to files in order to back them up. While it's good that she takes her job seriously enough to worry about people accessing those files, you need to get the job done. – Bart Silverstrim Jun 14 '11 at 10:38
5

Also, those files aren't *hers*, per se, but the company's. As you're working for the company and company interests, she shouldn't be getting in your way of doing your job. – Bart Silverstrim Jun 14 '11 at 10:39
4

Also, what would happen if her computer breaks? Does she trust you to repair it? Troubleshoot it? Take it back to the work area to be worked on? Does she trust you to destroy hardware/data before scrapping said computer, that you're following DoD guidelines for data destruction? Or is she taking the computer with her when she retires? If you wanted the data she has access to, is she even technologically competent to understand that as a sysadmin she may not have a clue how to stop you from getting that information? – Bart Silverstrim Jun 14 '11 at 10:41
@Bart, the point the files belong to the *company* and not *her* is an excellent one, if the company trusts you, so should she. – tombull89 Jun 14 '11 at 10:41
5

Remember. "Back off man. I'm a computer scientist." Then do the job. Like a boss. /puts on sunglasses – Bart Silverstrim Jun 14 '11 at 10:42
but HR people wont having the time to do the backup process.also sometimes their knowledge regarding some advanced stuff will be limited . – Vamsi Krishna B Jun 14 '11 at 12:39
@krishna, you're right. That's why *I* look after the backups. – tombull89 Jun 14 '11 at 12:46
8

Upvoted for cat5-of-nine-tails. – eckza Jun 14 '11 at 14:48
-1 I have to disagree there is no reason you need access to HR files (or any sensitive information for that matter). It's certainly not impossible to back up files without you having access to them. – Jim B Jun 15 '11 at 03:24

score 5 · Answer 3 · answered Jun 14 '11 at 10:27

She is right, and so are you.

She is (maybe my law) obligated to protect these informations, you are directed to do your job.

Thats the dilemma.

Maybe you should offer her to reinstall her PC while she 's around you, so she can be sure her precious data is not compromised

score 2 · Answer 4 · answered Jun 14 '11 at 10:31

2

System Admins are trusted here, but all admin actions are logged. I don't know how much something like that would re-assure her - the logging of actions so it can be demonstrated that only the backup process is backing up this data, not you reading it for entertainment.

The other points to make is that as bad as it might be if you did read this stuff via the backups, firstly is she seriously saying that would be worse than the documents being lost forever because they were not backed up, and secondly that as HR director she should be able to ensure that any misuse of system admin privileges can be treated as gross misconduct.

Lastly, are you a member of the BCS / other IT Professional association? If so, these have members rules about ethics. If you're a member of such a professional association then pointing her to your professional ethics requirements might re-assure her.

answered Jun 14 '11 at 10:31

Rob Moir

31,664
6
58
86

The thing is, the backups of the critical files are handled by box.net. This is all USMT type stuff really. – Tom O'Connor Jun 14 '11 at 10:36
ahh i missed that. Can't you just do a restore of her data onto the new system from box.net? – Rob Moir Jun 14 '11 at 10:40
Yep. That is precisely the point. – Tom O'Connor Jun 14 '11 at 10:48
@Robert - Even if you restore the files the only way you could read them is if you took ownership (under windows). – Jim B Jun 15 '11 at 03:25
The League of Professional System Administrators (which Server Fault [partnered with](http://blog.serverfault.com/post/free-lopsa-memberships-for-top-server-fault-users/) a little while back) has a [Code of Ethics](https://lopsa.org/CodeOfEthics) which might be pertinent here. – Handyman5 Jun 15 '11 at 16:42
@Handyman5 - absolutely right... I mentioned BCS because it's a UK-based organisation (both Tom and myself are in the UK) and I know they/we also have a code of ethics. I'd expect and support every IT organisation that wants to work on that, to improve the professional standing of its members and the profession as a whole. – Rob Moir Jun 15 '11 at 18:45

DJClayworth · Answer 5 · 2011-06-14T18:27:47.373

This isn't your decision. Assuming you are doing this in a developed country, then there are laws about disclosing private information. Your HR professional probably knows more about those than you do.

It's also not about taking backup, but what happens to those backups? If they contain confidential information, the backups themselves have to be extra secure - more secure than other company confidential information. What are you going to do if someone wants to restore a file from the backups? You will no longer be able to hand them over for someone else to restore from - you'll have to do it yourself. Remember this is your confidential information too - who do you want knowing about your disciplinary issues, your pay, or the fact that you received mental health counselling through your insurance?

EDIT: To be clear, I am not stating categorically "only the head of HR should see these files". But there are confidentiality issues with HR data that are different from other company secrets. It's not about whether the sysadmins are 'trusted' or not, but about reducing the number of people who have access to HR records. Neither CEO nor sysadmins necessarily need that access.

There are technical and procedural solutions to this. Maybe the HR machine should be backed up separately from everything else and the backups kept in a separate place. maybe that already happens and your HR person just needs to be reassured that they will be properly looked after. Maybe you and you alone 9and not your assistant who is hired next year) gets to work with them.

In short, neither of you are nuts and you need to work out how to make this work for both of you, while staying within the law.

I'm more than happy to disclose my salary to anyone who asks. — Tom O'Connor, Jun 14 '11 at 16:18
If there are laws, IT should be made aware of those laws - not get some vague statement that IT is not authorized to handle HR data. — blunders, Jun 14 '11 at 17:50
That's good news. But if you did, I'm pretty sure that you would want as few people in the company to know about them as possible. Or there's some other thing you wouldn't want widely known. — DJClayworth, Jun 14 '11 at 19:29

Confidential Documentation and the role of the Sysadmin

5 Answers5