IT Documentation - The Blog

Missing IT Documentation: Is Your SysOp a Security Risk?

June 14, 2013

Especially SMBs often underestimate the importance of documenting their network structure. If you are lucky, at least the credentials for accessing the various services are stored in a central place. An overview showing the interrelations between the system components, their configuration as well as the software and their licenses often does not exist at all. In an emergency, i.e. when a fatal error occurs in the network, such negligence may have dire consequences. A lot of (paid) time elapses while people try to figure out the network structure and locate the error. These costs are absolutely unnecessary and can be avoided by due care and an awareness of the importance of IT documentation.

Dangerous dependency

The situation becomes even more critical if the knowledge about the network, including all passwords, is in the hands of only one person, i.e. the system administrator. Thus, the corporate management depends on the goodwill of that employee – and this can turn out badly. Some years ago, a study revealed that a major part of the IT experts would be prepared to steal critical or commercially relevant internal corporate information if they were fired. According to this study, almost 90 percent of the 300 interviewed would cause harm to their employer by doing so.

IT documentation must be comprehensive and up-to-date

No company should take this risk lightly. To avoid being dragged into such a dangerous dependency, one of the most important goals for a company must be to always have comprehensive and updated documentation of their IT environment at hand. Smaller companies may outsource this to an external service provider who, in turn, needs to be selected carefully. From a certain size on (more than 25 computer users), it is advisable for a company to seek an internal solution. The advantage of in-house employees is that they know the network structures better and have created all the processes themselves. In both cases, however, one must make sure that the IT environment is documented reliably and that it is always available to the company.

For more on this topic: Professional IT Documentation with Docusnap