By E.K. Koh The blog What the Snowden affair taught us questioned, “Why should a system administrator be allowed to download and move files? Shouldn’t system privilege and data privilege be separate?” Ideally “yes”, but in practice, that has not been the case. Most system administrators have unfettered access to data given their system privilege. … More Would data level controls have stopped Snowden?
By Mandy Pang. In my last post, I talked about the high level challenges with permissions, and how new capabilities such as Active Directory Rights Management Server (AD RMS) and Windows Server 2012 Dynamic Access Control (DAC) offer some promising options for access control, but remain siloed within Windows File Server environments. In this post, … More Common Headaches About Permissions