Privileged and 3rd Party Access Control

Privileged access control means the capability to see, know, and control what goes on inside the encrypted network sessions used for system administration, secure file transfer, and other activities that are done with elevated privileges.

Privileged Access Best Practises

Privileged access controls are considered key (critical) for all organizations. Regardless of the industry and market the organization operates on, keeping a watchful eye on all privileged activity within your the IT environment is critical.

The privileged access controls must account for the following to ensure continuous effective controls:

  • A predefined list of users with permission to elevate their access (network admins and 3rd party)
  • A predefined approval process granting the elevated access for a set period of time. Elevated access is revoked at the end of the approved period. This process is also referred to as “Break The Glass (BTG)”.
  • An extensive level of logging of all activity that may potentially impact production. Keeping in mind that users with privileged access have keys to the kingdom during that time.
  • Trust but verify!! - Log, audit, and record all activity for review.

The 3rd Party Access dilemma

It is common for many organizations to leverage 3rd party expertise. Outside consultants are used regularly to add bandwidth, to supplement the in-house skillset and to save on costs.

In many cases, leveraging 3rd party expertise requires extending elevated priviles access to non-fulltime employees, who are often located off-premises. Privileged third-party access challenges organizations with the critical task of ensuring adequate privileged access controls.

Organizations implementing true PAM solutions can easily prove that they have a truly segregated production environment from the rest of the network.

Privileged Access Contol Compliance Details


Segregation of Duties

CONTROLS

Adequate segregation of duties exist so that systems and programming personnel do not have update access to production data or software on a regular basis.

RISK

IT personnel have access levels that weaken or eliminate segregation of duty controls. Production data is modified without appropriate controls.

CRYPTOAUDITOR

Centralized visibility of encrypted remote system access, privileged user activities and data transfers.


Segregation of Duties

CONTROLS

Controls relating to appropriate segregation of duties over requesting and granting access to systems and data exist.

RISK

A lack of segregation of duties over the ability to add/change/remove access could result in unauthorized access.

UNIVERSAL SSH KEY MANAGER

Leverage CryptoAuditor to require manual authorization before granting access or to terminate unauthorized user sessions.


Logical Access Management

CONTROLS

Process exists to electronically request and approve accounts on company assets for creating, suspending, modifying and removing access.

RISK

Inconsistent procedures for system access could result in unauthorized or excessive access or may hinder business and may promote sharing of passwords to accomplish routine tasks.

UNIVERSAL SSH KEY MANAGER

Leverage CryptoAuditor to require manual authorization before granting access or to terminate unauthorized user sessions.


Logical Access Management

CONTROLS

Terminated company employees are removed from systems within a reasonable timeframe.

RISK

Access to critical production systems by terminated or employees or anonymous access occurring through the use of the terminated employees account by a current employee.

UNIVERSAL SSH KEY MANAGER

Leverage CryptoAuditor to centrally revoke access to provisioned systems.


Privileged Access Management

CONTROLS

Privileged or ‘super user’ access is restricted to authorized personnel, granted on an exception basis, and monitored for appropriateness.

RISK

Privileged users have access levels that weaken or eliminate segregation of duty controls.

UNIVERSAL SSH KEY MANAGER

Leverage CryptoAuditor to record, monitor and replay all privileged activity sessions and to limit super user access at sub–protocol level.


Security Monitoring

CONTROLS

System audit logs are activated and monitored to ensure unauthorized activity is detected and the integrity of key data elements is maintained.

RISK

Inadvertent or malicious changes to critical production data may not be prevented or detected timely.

UNIVERSAL SSH KEY MANAGER

Leverage CryptoAuditor monitoring and logging capabilities in combination with a DLP solution to detect and automatically terminate any unauthorized sessions.


3rd Party Access Management

CONTROLS

Third party (business partners and contractor/consultants) access privileges to systems is reviewed periodically.

RISK

Consultants no longer under contract with company may have access to critical production systems.

UNIVERSAL SSH KEY MANAGER

CryptoAuditor enhances the 2-factor authentication control for 3rd party remote access.


Security Monitoring

CONTROLS

Monitoring software is used to manage and monitor systems in order to ensure availability as well as to identify related problems.

RISK

Lack of monitoring could result in poor performance or unscheduled downtime.

UNIVERSAL SSH KEY MANAGER

CryptoAuditor logs leveraged to reconstruct session activity that may have contributed to or caused a BCP situation.


Activity Logging

CONTROLS IT monitors and logs security activity, and identified security violations are reported to senior management.

RISK

Lack of violation monitoring could result in unauthorized or malicious activity not being detected.

UNIVERSAL SSH KEY MANAGER

Leverage CryptoAuditor logs and replay capabilities to report security violations.


Security Events Logging

CONTROLS

System event data are sufficiently retained to provide chronological information and logs to enable the review, examination and reconstruction of system and data processing.

RISK

An effective audit trail is required to reconstruct significant events after processing has occurred (i.e. errors, fraud).

CRYPTOAUDITOR

CryptoAuditor logs and recordings are an excellent tool to assist in events reconstruction.


Change/Program Management

CONTROLS

Change documentation (Change Record or equivalent) is maintained for each program change.

RISK

Deviations from planned job execution and job failures require a timely response in order to minimize business impact.

CRYPTOAUDITOR

Leverage CryptoAuditor session recording capabilities to document all changes to production environments.


Change/Program Management

CONTROLS All significant system modifications and development activities are supported by projects. They include project charter, project requirements, a testing strategy, work plans and progress monitoring procedures.

RISK

Formal procedures and documentation are required to ensure system changes effectively support the business.

UNIVERSAL SSH KEY MANAGER

Leverage CryptoAuditor logs and video replay capabilities to reconstruct encrypted sessions that may have caused production processing failures.


Production Batch Jobs

CONTROLS

Access to modify or cancel scheduled and batch jobs is limited to only a small number of personnel.

RISK

Uncontrolled changes to manual and automated job schedules in the production environment can result in missed processing deadlines, ineffective backup and recovery tapes, and system downtime.

UNIVERSAL SSH KEY MANAGER

Leverage CryptoAuditor logs and video replay capabilities to reconstruct encrypted sessions that may have caused production processing failures.