
How InfoSec Security Controls Create Vulnerability - reader_1000
https://blogs.technet.microsoft.com/johnla/2016/02/20/how-infosec-security-controls-create-vulnerability/
======
reader_1000
Our management thinks that sysadmins should not know admin / root passwords
and when they need it, they should get it from a privileged identity
management [1] software for say 15 minutes. However, I think having an
software / appliance that has administrator rights on your all infrastructure
is more problematic than a disloyal employee. Since it is the master key that
opens all the doors, attacker would love them. If an attack succeeds, its
result would be global. For a disloyal employee, effect should stay local for
a large organization. Also I don't understand the idea of trusting some random
company's employees and their closed source / un-audited software but not
trusting your own employees. Our management say that this is the industry best
practice. Is this really the case? Do your companies also follow this
practice?

[1]
[https://en.wikipedia.org/wiki/Privileged_Identity_Management](https://en.wikipedia.org/wiki/Privileged_Identity_Management)

