Top Security Mistakes that IT Admins Make (And How To Avoid Them)

Microsoft MVP Orin Thomas lays out the most common security pitfalls IT administrators face, and how everything from the cloud to company management can make them worse.

It's not just end users who have bad habits. IT administrators have them, too, from poor user account management to juggling one or two passwords for multiple accounts.

Enter Microsoft MVP and veteran server administrator Orin Thomas, who's well-versed in troubleshooting the most common bad habits plaguing IT shops. His upcoming TechMentor 2018 session at Microsoft's Seattle headquarters, "30 Terrible Habits of Server and Cloud Administrators," will take a close look at the biggest mistakes IT administrators make, why they happen and how they can be fixed. Ahead of his session, we asked Orin about the most common security pitfalls for IT administrators.

What would you say is the No. 1 worst habit (with the worst repercussions) of server and cloud administrators?
Not applying software updates. So many security events would not have occurred if systems and applications were simply kept up to date.

How has cloud changed the game as far as what administrators can do wrong?
It's now possible to delete your organization's entire infrastructure because it all exists as ephemera in the cloud. It was pretty difficult to destroy an on-prem server room or datacenter filled with physical hardware, even if you drove a front-end loader through it. Not that any of us wanted to do that. We just thought about it occasionally.  

What are two or three common security mistakes every admin should avoid?
Using the same password for multiple accounts across multiple systems. Configuring account passwords so they don't have to be changed. Avoiding a problem because you worry that attempting to solve it might make things worse.

"Ignored problems don't go away, they just fester quietly until they become bigger problems."

Orin Thomas, Server Administrator and Microsoft MVP

If there was one habit caused by laziness that you could completely banish, what would it be?
Not applying software updates and not documenting things. It shouldn't take the efforts of Sherlock Holmes to determine what something does and why it was configured to do it that way.

How do you even know if you or your team has a problem?
Everyone and every team has bad habits. Rather than pretending we don't, try instead to recognize them and do something about them.

What are the roles a company can play in contributing to an environment where IT has bad habits, and how can managers deal with that?
A lot of problems occur because people aren't given enough resources to do their jobs. If organizations provided enough resources, IT departments could go from being reactive to being proactive.

What else would you like to share with our readers about this topic?
Ignored problems don't go away, they just fester quietly until they become bigger problems.

About the Author

Gladys Rama is the senior site producer for Redmondmag.com, RCPmag.com and MCPmag.com.


  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

  • Why Windows Phone Is Dead, But Not Completely Gone

    Don't call it a comeback (because that's not likely). But as Brien explains, there are three ways that today's smartphone market leaves the door open for Microsoft to bring Windows back to smartphones.

  • Feature Update Deferral Mix-Up in Windows 10 Version 2004 Further Explained

    Microsoft last week described the confusion it is attempting to avoid by removing the client graphical user interface (GUI)-based controls to defer Windows 10 feature updates, starting with version 2004.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.