Q&A
Top Security Mistakes that IT Admins Make (And How To Avoid Them)
Microsoft MVP Orin Thomas lays out the most common security pitfalls IT administrators face, and how everything from the cloud to company management can make them worse.
It's not just end users who have bad habits. IT administrators have them, too, from poor user account management to juggling one or two passwords for multiple accounts.
Enter Microsoft MVP and veteran server administrator Orin Thomas, who's well-versed in troubleshooting the most common bad habits plaguing IT shops. His upcoming TechMentor 2018 session at Microsoft's Seattle headquarters, "30 Terrible Habits of Server and Cloud Administrators," will take a close look at the biggest mistakes IT administrators make, why they happen and how they can be fixed. Ahead of his session, we asked Orin about the most common security pitfalls for IT administrators.
What would you say is the No. 1 worst habit (with the worst repercussions) of server and cloud administrators?
Not applying software updates. So many security events would not have occurred if systems and applications were simply kept up to date.
How has cloud changed the game as far as what administrators can do wrong?
It's now possible to delete your organization's entire infrastructure because it all exists as ephemera in the cloud. It was pretty difficult to destroy an on-prem server room or datacenter filled with physical hardware, even if you drove a front-end loader through it. Not that any of us wanted to do that. We just thought about it occasionally.
What are two or three common security mistakes every admin should avoid?
Using the same password for multiple accounts across multiple systems. Configuring account passwords so they don't have to be changed. Avoiding a problem because you worry that attempting to solve it might make things worse.
"Ignored problems don't go away, they just fester quietly until they become bigger problems."
Orin Thomas, Server Administrator and Microsoft MVP
If there was one habit caused by laziness that you could completely banish, what would it be?
Not applying software updates and not documenting things. It shouldn't take the efforts of Sherlock Holmes to determine what something does and why it was configured to do it that way.
How do you even know if you or your team has a problem?
Everyone and every team has bad habits. Rather than pretending we don't, try instead to recognize them and do something about them.
What are the roles a company can play in contributing to an environment where IT has bad habits, and how can managers deal with that?
A lot of problems occur because people aren't given enough resources to do their jobs. If organizations provided enough resources, IT departments could go from being reactive to being proactive.
What else would you like to share with our readers about this topic?
Ignored problems don't go away, they just fester quietly until they become bigger problems.