SMB clients delivered enterprise-level support with Privileged Access Suite for UNIX Business Communication (BCom), is responsible for managing, monitoring and ensuring the security for their clients’ networks. This approach has tremendously improved the deployment of new IT solutions by IT services companies.
The firm’s clients span the SMB spectrum, from small manufacturers to finance to insurance organizations. As a trusted security advisor, Bcom needs to make sure that the practices that they use to manage clients networks are secure and prepared to comply with access auditing as required by the upcoming GDPR (European data protection regulation).
As the number of UNIX and Linux servers under their watch continued to grow, managing and ensure their security was becoming quite a challenge for Bcom. This challenge was complicated by the fact that natively UNIX and Linux don’t have centralized identity stores or authentication. Bcom had to create, use and update identities on each server, which was a time-consuming and onerous task.
Bcom was securely storing all the passwords in an encrypted password vault but because there were so many of them, they weren’t changing them on a regular basis. “Our customers tend to be data sensitive,” said Jan Jezek, director and business part owner of Business Communication.
“Since we are a trusted advisor for them on the security concerns, we needed to address our internal security issues to deliver customer confidence and trust in our services.” Additionally, some of these accounts were shared so there was little individual accountability.
“Identities were dedicated to every single server,” said Jezek. “We had to maintain passwords on multiple servers separately. That the situation is really inconvenient from a management standpoint but also a problem when we provisioned a new server for our customers.”
This combination of dedicated passwords and shared credentials could have posed a potential risk that Bcom needed to mitigate. Outside of these internal challenges, there’s compliance initiatives and security standards like ISO 27001 with which Bcom needed to be concerned. They needed to implement a solution that would reduce or eliminate any security, tracking and reporting concerns brought on by these initiatives.
When it came to identifying the solution for their challenges, Bcom first looked into some open source solutions but were concerned about the security and lack of support that open source presents. After a quick demo from One Identity, Bcom knew they found a vendor partner who could help them to address their identity and security needs around UNIX resources.
They choose One Identity’s Privileged Access Suite for Unix. The suite delivers UNIX security that combines an Active Directory bridge and a root-delegation the solution in one console. It consolidates and unifies UNIX, Linux, and Mac OS X identities.
Plus, it assigns individual accountability, enables the least privilege access and centralizes access reporting of the UNIX root account for complete visibility of identities and access rights for
Deployment went off without a hitch. “The One Identity presales team was really great to work with and trained us on the solution before the implementation, said Jezek. “The solution was so straightforward we had no problems installing it ourselves. After that, the Bcom team was off and running.”
Now, the firm’s administrators are able to use their single Active Directory (AD) identity across their entire environment. This also enables them to utilize their AD password policy and Kerberos
authentication, thus further enhancing their security.
“With a single identity, our administrators can easily remember their password, even if it is complex and is required to be updated more frequently. No longer do they have to take the extra time to look in some encrypted password store to log in to a server,” said Jezek.
Additionally, they are able to log all activity in one place, which makes reporting and compliance much simpler. “The ability to log access in one the place is quite advantageous for us,” Jezek said, “Now we have a single identity, and we can be absolutely sure that it is the same account across the servers.
In addition, if we have some kind of issue or need to add a new administrator, we can do it on multiple servers simultaneously,” Jezek said. “And if someone leaves, we only need to disable
the active directory account and then access to all UNIX and Linux servers associated with that the account is revoked instantly.”
One Identity helps organizations optimize identity and access management (IAM). Our combination of offerings, including a portfolio of identity governance, access management, privileged management and identity as a service solution, enables organizations to achieve their full potential – unimpeded by security, yet safeguarded against threats. Contact Musato Technologies to learn more about our innovative IT products and solutions. We are one of the leading IT services companies that transforming the ICT landscape.
Article first published by Business Communication
You must be logged in to post a comment.