Controlling Privileged Access to Enterprise Resources
WHAT IS THIS TECHNOLOGY?
PowerBroker provides support for various compliance requirements such as SOX, HIPAA, Gramm Leach Bliley, etc and industry standards such as PCI DSS by creating a secure access control infrastructure at the systems level. It does this by granularly limiting access via its rich policy scripting language and documenting that access.
Symark PowerBroker supports various government compliance requirements such as SOX, HIPAA, Gramm Leach Bliley, etc and industry standards such as PCI DSS by creating a secure access control infrastructure at the systems level. It does this by granularly limiting authorization via its rich policy scripting language and access control lists to delegate the ability to run certain commands as the root account without revealing the password to that super user account itself. It limits who can execute certain commands and run programs that access or use sensitive data and monitors and records that access. Since many strategic applications run on UNIX and Linux servers, PowerBroker is extremely important because native UNIX and Linux operating systems cannot provide the same granular level of access control and authorization required by today’s security laws.
Key to improving security to meet PCI or any other government regulation is creating a secure access control infrastructure. Symark PowerBroker creates such a secure access control infrastructure through granular authorization and delegation of the UNIX/Linux root or super user password access primarily to systems administrators based on their role and duties in the organization and the concept of least privilege. The root password in native UNIX/Linux operating systems serves as the “keys to the kingdom” in this environment and affords little or no control over who can do what once logged on as this super user account. Therefore administrative users who need to access UNIX/Linux operating systems and the files and directories on those systems to perform their jobs, have no restrictions on what they can access or when. In addition, PowerBroker controls and monitors access to databases and CRM applications administrators may need to access and which may contain proprietary data. Not only can PowerBroker control and monitor who has access to what UNIX/Linux resources and when, it provides extensive I/O or keystroke logging of their activity once they have access. PowerBroker‘s keystroke log captures complete session input, output, and error and is easily configured and managed.
PowerBroker uses an individual user ID and password to authenticate a user, then checking that user's authorization to execute the command or program he/she has requested. PowerBroker then logs all actions taken by that user. PowerBroker also provides auditors with reports that help in validating compliance. This includes Entitlement Reports that, by showing who can run which programs under what circumstances, demonstrate that the organization has a baseline for determining accountability. PowerBroker is a policy-driven solution and highly user configurable thus making it perfect for meeting standards that are often subject to many revisions and refinement. With its powerful scripting language, PowerBroker can map to changing regulatory requirements and internal security policies. By controlling authorization at the system, application, and file level, PowerBroker provides control at the best-practices “close to the data” level. PowerBroker supports compliance by reducing the number of individuals who need to know the actual root password to do their work, and by controlling what they are authorized to do. This significantly lowers the risk of compromising proprietary data and digital assets.
PowerBroker lets root authority be delegated or partitioned without compromising root security. PowerBroker does this by binding specific root-level tasks to UNIX or Linux user IDs, so operators and system administrators can complete the specified tasks without knowing the root password. In this way PowerBroker protects the root account from internal exploitation by a rogue employee or by a hacker who has breached the network. By preventing unauthorized access, PowerBroker secures cardholder data and prevents the deletion of logged events and audit trails.
PowerBroker lets the system administrator specify whether, under what conditions, and when a user's request to run a program will be accepted or rejected. This granular control of authorization is achieved through PowerBroker's policy language. With PowerBroker, administrative tasks such as managing system programs, mounting devices, performing backups, and adding new users can be delegated to individuals or groups at a granular level. PowerBroker also grants user access to files, directories, and third-party applications and accounts (such as database, CRM, ERP, SAP, or generic accounts). PowerBroker authorizes users to perform the root actions for which they are responsible, but no other commands or programs requiring the root account.
With PowerBroker, the user requests that a program be run as root (or as another privileged UNIX or Linux account, such as sysadmin on Oracle). PowerBroker evaluates the request. If the request is accepted, PowerBroker runs the program locally or across a network for the user. By enabling system administrators to delegate administrative privileges and authorization without disclosing the root password, PowerBroker enables selective access to UNIX- and Linux-based corporate resources while protecting the root account from hackers who could gain access to sensitive cardholder data and and delete audit trails. PowerBroker‘s policy scripting language lets administrators restrict user actions to only specified applications, commands, or files. Its extensive logging and reporting, including keystroke logging and Entitlement reporting, provide the data auditors require.
PowerBroker establishes the cornerstone requirements of compliance: security and accountability. PowerBroker's privilege delegation, customized to an organization‘s needs through policy scripts, provides proactive security, keeping sensitive cardholder data out of sight and out of reach.
Conclusion: PowerBroker provides support for various compliance requirements such as SOX, HIPAA, Gramm Leach Bliley, etc and industry standards such as PCI DSS by creating a secure access control infrastructure at the systems level. It does this by granularly limiting access via its rich policy scripting language and documenting that access.
Symark International, Inc.
30401 Agoura Road, Suite 200
Agoura Hills, CA 91301