Financial Company Centralizes ID Administration and Logging
A top five U.S. Bank uses Core Privileged Access Manager (BoKS) to centrally control access to 84,000 servers across multiple domains and global locations.
This leading U.S. bank had thousands of Solaris, AIX, and Linux Redhat servers, with hundreds of administrators requiring access. They needed to ensure protection of data and applications running on servers both to protect corporate value and reputation and to meet regulatory requirements. As well, they were looking for an automated way to administer user accounts and control the access rights and executable commands of privileged users across their heterogeneous Unix and Linux server environments. The key drivers were not only to protect sensitive customer information from the risk of insider fraud, but also to streamline security administration and automate audit and compliance reporting.
After rolling out the Core Privileged Access Manager (BoKS) solution to a few thousand servers, in recent years, the bank has adopted Core Privileged Access Manager (BoKS) as a global corporate standard. Using Core Privileged Access Manager (BoKS), they have been able to centralize and automate the user account administration across their servers, enabling them to allocate fewer resources to security administration.
Core Privileged Access Manager (BoKS) transparently elevates privileges for administrative users and eliminates the sharing of functional account passwords. The ability to eliminate sharing of these functional account passwords is crucial for system security, and also enables the bank to address a big auditor concern and several areas of SOX, PCI and state-specific regulatory requirements. In addition, the bank is automatically controlling the authentication technique and authorization based on the person, the source system, the communication method, the target system, and time. Centralized management of SSH host keys, another feature of Core Privileged Access Manager (BoKS), is also incorporated into the authorization and can be controlled down to the sub-service level as part of the access rules, further saving time and enabling more granular control over administrator actions. Core Privileged Access Manager (BoKS) also enables the bank to keystroke log sensitive sessions and grant privileged command execution to non-privileged users.
Management of the entire multi-domain environment is significantly streamlined by using BoKS Multi-Domain Services Interface. The bank leveraged BoKS MDS to tie together and create centralized management across their large scale environment, which has multiple domains and enforcement points.
Core Privileged Access Manager (BoKS) also enables automatic registration and de-registration of servers, which is very helpful for large, multi-domain environments. Using this feature, the bank can easily manage virtual and blade servers that are used sporadically or have security administrators pre-register hosts that will be on-boarded by system administrators.
To streamline audits and compliance, Core Privileged Access Manager (BoKS) automatically consolidates all of the user activity logs from across diverse server types, including the keystroke logs, making it much easier to provide evidence of controls for audits and compliance reporting.
- Centralized administration console for heterogenous environment
- Enforced control for root accounts across all servers
- Simplified compliance reporting and auditing
Utilizing Core Privileged Access Manager (BoKS), a top bank has been able to significantly streamline administration of user accounts, reducing the cost of administration, while satisfying auditor requirements to eliminate the sharing of powerful functional account passwords. As well, they are able to address key regulatory compliance mandates and ensure that their systems and data are safe from insider fraud.
See Core Privileged Access Manager (BoKS) in Action
Find out how the right privileged access management solution can simplify your organization's ability to control privileged account delegation and access to critical systems.