Query on managing administrative system access to systems that contain personal data
I have been looking around but cant seem to find an answer specific to this. What is the general approach for system administrators when it comes to GDPR, or protecting data in general?
Although a wider concern, if I focus on a specific example - say we had 1000 servers, and the OS was looked after by Wintel groups. Each Wintel resource may need administrative access to each of the servers, and these servers host, in some form, personal data. Left as is, an administrative user could ultimately see whatever data they wanted, and wipe their tracks.
There are of course approaches to cover this:
- pseudonymisation (depends on where the data is that maps 'real' to anonymised'
- encryption (then we have key management, and ultimately administrators of the key management solution - forcing collusion would be a reasonable mitigation)
- auditing, logging, SIEM etc - separation would mean that not all tracks could be wiped
- I had toyed with PAM, however I dont see it helping in this particular context
the above are a sample of mitigations, however what if we look at a smaller group or charity with limited funds. The process wraps and implementation costs could be prohibitive. If such a group relied on administrative users who had no need to access personal data stored on these systems, is the only real mitigation to shadow them whilst accessing the system, and either log them in, or change the administrative password when the administrator is done?