Customer Story

Food and Beverage Organization Implements Automated Access Control

After failing a SOX audit, this leading food and beverage organization implemented an automated approach to control the administration, authorization and audit of privileged users.

 

THE CHALLENGE

Operating thousands of restaurants worldwide requires a large server infrastructure. Keeping that global infrastructure secure is a huge challenge. After failing a SOX audit related to lack of control over how privileged users were accessing servers, this company determined it was time to find an automated method for administering, enforcing, and auditing privileged user access rights.

The initial target was to add automated privileged controls for 500 core Unix servers. However, they needed a solution that would scale to potentially support thousands of servers. In addition, the privileged access management solution needed to control privileged user access to both Unix and Windows servers, and preferably from a single architecture and console.

The controls needed to automatically enforce granular access policies and eliminate any sharing of privileged passwords as well as provide control over local accounts on Windows servers. In addition to having powerful authorization capabilities, they needed a solution that would enable them to centrally administer the privileged users’ identities, and leverage Active Directory (AD) as needed. 


THE SOLUTION

They explored many options, but found that HelpSystems BoKS ServerControl offered them the most granular, proactive enforcement of authentication and authorization policies. As well, BoKS ServerControl was proven to be highly scalable and offered a single architecture across the Unix and Windows servers. The ability to centrally administer all of the privileged user identities, in conjunction with Active Directory, was also a key value.

BoKS automatically controls the elevation of privileges for administrative users based on granular, role-based policies including which commands the privileged user is allowed to execute. Over 100 different operating systems are controlled by BoKS, including the lock-down of local 0Windows accounts.

The deep granularity offered by BoKS is enabling the organization to proactively control access and privileged elevation based on: the role, the source system, the communication method, the target system, and the time. Centralized distribution of SSH keys, another feature of HelpSystems ServerControl, is also incorporated into the authorization and can be controlled down to the sub-service level as part of the access rules, further boosting productivity while enabling more granular control over administrator actions. BoKS also enables the food and beverage company to keystroke log sensitive sessions and grant privileged command execution to non-privileged users.

All authorized users and accounts have security policies that are centrally administered and enforced through BoKS. The user administration works in conjunction with Active Directory. Users imported from Active Directory can leverage a common identity across Windows and UNIX servers. Additionally, the Kerberos ticket that is presented to a Windows user as they log into a domain can be extended to include UNIX servers. This provides the users with a single sign on experience.

While controlling privileged accounts and privileged user actions in a proactive fashion is crucial for system security, it also enables the food and beverage company to address their SOX audit failure and other regulatory mandates including PCI. Rich audit reporting capabilities are making it very easy for the IT Security Team to produce the required data needed to prove that their access controls are in place.
 

SUMMARY

Utilizing BoKS ServerControl, a leading food and beverage organization has been able to significantly streamline administration of privileged users reducing the cost of administration, while satisfying requirements from auditors to eliminate the sharing of powerful functional account passwords.

As well, they are able to address SOX and other key regulatory compliance mandates and ensure that their systems and data are safe from insider fraud.

REQUEST A DEMO

See BoKS ServerControl in action. Schedule a demo now.

Results

Centralized administration console for heterogenous environment

Enforced control for root accounts across all servers

Simplified compliance reporting and auditing

Key Solutions