Removing admin from people who don't need it is 100% the correct thing to do according to any IT guidelines you could quote. And of course, every single user will whine that they're special and really really need it.
With regards to the rest of the article, there's definitely stuff to be investigated here but I don't see the investigation yet.
"Removing admin from people who don't need it is 100% the correct thing to do"
Indeed. And if you look at the picture of the email from the deputy CIO he mentions SCuBA (see here: https://www.cisa.gov/resources-tools/services/secure-cloud-b...). Cleaning up unnecessary admin roles is exactly the kind of thing that CISA itself is requiring agencies to go in and do.
> Removing admin from people who don't need it is 100% the correct thing to do according to any IT guidelines you could quote. And of course, every single user will whine that they're special and really really need it.
You assume that "suddenly none of the IT employees at the agency could do their jobs properly anymore" is whining and not substantial?
Shouldn't be least privilege principle a culture (a standardised and automated process) and not something that happens ad hoc?
Yes I do assume that... I've worked in IT for a long time. That phrase in a ticket would be an immediate eye roll from me. A lot of the quotes in the article trigger my eye roll reflex actually. But there is some stuff in there that warrants an explanation/double check to be fair.
You’re focusing on the wrong thing. You’re not wrong but why is this the bone to pick? The big story here is that priv accounts were created, shortly thereafter they were being utilized from Russia, and data exfiltration occurred.
