Auditing Privileged User Access

You may ask, what is Privileged User Access. An aspect is when a developer has access to root access on a Unix system or Administrator access to an AD Domain. I’m sure that happens often in your shop. Over the years, at past companies, I can’t count how many systems, including production customer systems, that I’ve had root access to. And at a minimum, these weren’t secured with even the most basic open source controls like sudo.

So, I ask, of all your Unix systems or AD domains, when you see someone login as root:

  • Do you know who that person is?
  • Is it someone on your staff?
  • Maybe a vendor or partner?
  • Maybe a competitor?
  • And even if it is a friendly, should they have that access?
  • What controls do you have in place to audit that access?

CloakwareA couple of weeks ago, two leading vendors, Cloakware and SailPoint Technologies, in Privileged User Access and Governance, Risk & Compliance announced a partnership to deliver the industry’s first privileged user audit and compliance management solution.
With this combined solution, you not only get the security of knowing who has access to privileged user accounts, but also the ability to tie Governance, Risk and Compliance around that access.

In other words, my CIO can verify that Terry Sigle has root access to systems A, B and C while my CISO can audit, review activity and provide a role based definition around that access. This closed loop compliance will allow my enterprise to pass the related SOX controls around privileged user access.

I’m currently working on some prototypes around this combined solution and look forward to providing more details. I’d be interested if you have any good stories around privileged user access and how you’ve dealt with audit controls and roles around this.

Technorati Tags: , , , ,


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: