Re: Email account used by multiple people

[randy marchany <marchany () VT EDU>]

This is one of those issues that causes people heartburn.

Here at VA Tech, we state  "The owner of the account is responsible
for any actions originating from their account, system, userid, etc.".
So, technically, it's not against our AUP (I'm the primary author of
it) to share an account. Why did we do this?

1. It's enforceable. Saying strictly that "you're not allowed to share
accounts" is a good thing in principle....we mention it in our AUP.
However, it's not enforceable unless you have some advance
surveillance techniques to actually show WHO was at the
keyboard....you see where I'm going with this. It's straightforward to
enforce accountability.

2. Certain administrative systems/functions have not caught up with
file or access sharing technology. Putting a team in a group and
setting up group access is one way to allow this. Some legacy systems
may not be able to provide this technical function but the BUSINESS
function requires it so the business process wins. Changing the
software process to accomodate the business requirements is the
desired but not always possible solution.

my .02.

Randy Marchany
VA Tech IT Security Office