Application Administration

Best Practice: Maintain up-to-date workflow diagrams of data and inter-system dependencies.

Creating diagrams of what the various data dependencies/feeds are will make you and others more aware of how various systems/applications are interconnected and dependent upon each other. It will also help in diagnosing application problems related to data. 

Best Practice: Maintain up-to-date versions of application documentation, both online and offline.

Online versions of documentation allow them to be easily accessible and shared among many people, but in a disaster recovery situation many online resources will probably not be available and that's where the offline versions become invaluable.

Best Practice: Document configuration settings, especially changes from default settings.

With documentation of the specific changes and configuration settings of an application, anybody with the needed skillset and privileges will be able to rebuild an application.

Best Practice: Work at the right security/privilege level when diagnosing and resolving a problem.

When troubleshooting an error reported by a user, it's best to either access the application as that specific user or another account that has the same privileges and access rights as the user.  Too often admin level accounts provide different views and have abilities that are not obvious and available to a user level account and can cause issues in diagnosing a problem.  It also reduces the risk of any type of privilege escalation attack due to poor application security.

Best Practice: Properly source your administration accounts.

Use LDAP for authentication where possible.  This allows quick provisioning/de-provisioning of accounts as needed.  Use local accounts if access is needed and LDAP is unavailable or if there's a need to separate the privileges of an admin account from the users normal account.