When it comes to the need for server and data center access, administrators often find themselves on the wrong...
side of the debate. According to popular belief, administrators only require as much access as it takes to complete their work -- no more, no less. Those who work in security tend to agree.
Administrators, however, argue this is too restrictive and impedes their ability to take care of systems. So, how much server and data center access does an administrator really need? The answer exists somewhere between these two opposing perspectives.
Create strict access policies
We've all heard stories about rogue IT admins deleting configurations and virtual servers or crashing systems. Though these incidents are rare, they can and do occur. The problem is too many data center operators hand out administrative access to anyone who requests it. This most commonly occurs when IT personnel are behind schedule. It can be time-consuming to set up the appropriate level of access, so operators hand out administrative access indiscriminately to make up for lost time. Fortunately, this issue is relatively easy to resolve: Simply revoke administrative access and create stricter policies to determine who receives what level of access.
This might also lead you to reconsider the level of access you grant to administrators. Many administrators insist they need administrative access at all times, but, in reality, they likely spend more time in email or doing general-level tasks than tasks that require upper-level administrative access. As a happy medium, give your administrator two separate accounts: one with normal access and one with administrative access. This adds a layer of security in the event that the administrator's normal account is compromised, and it adds accounting layers for auditing purposes. Managing two accounts might slow your administrator down a bit, so adjust your business needs accordingly.
Redefine administrative access
The same applies to general data center access and overall systems. A specific administrator doesn't really need access above read-only to systems they don't manage. For example, there's no real reason to grant a domain admin administrative access to a storage system. The topic of physical access to the data center is a bit trickier. There are risks associated with granting physical data center access to admins, as it leaves room for accidental configuration changes or troubleshooting from unqualified personnel. Like all roles, the role of the administrator comes with limitations.
This brings up an additional point: A single person shouldn't be solely responsible for an entire system, nor should they be the sole proprietor of access and passwords to a system. If you carefully dole out the appropriate levels of access to the appropriate personnel, you reduce the risk of rogue-admin-type situations.
Who does and doesn't have server and data center access is a critical part of any company's IT infrastructure. You need to regularly re-evaluate who has what level of access and why to ensure it makes sense from both a business and security perspective. Refusing access to an administrator isn't a sign of mistrust; it's about mitigating risk, especially because admins are prime targets for phishing and social engineering attacks.
Google Docs phishing attack abuses OAuth
The case for removing local admin rights
How to manage access in an enterprise