White Paper Privilege Identity Management Enterprise Data Security Governance Risk & Compliance March 2014
White Paper
Privilege Identity Management
Enterprise Data Security
Governance Risk & Compliance
March 2014
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 1
TABLE OF CONTENTS
1. Executive Summary ............................................................................................................................ 2
2. Introduction to Privilege Identities .................................................................................................... 4
3. Types of Privilege Identities ............................................................................................................... 4
4. Risks of Unmanaged Privilege Identities ........................................................................................... 5
5. Potential Threats of Unmanaged Privilege Identities ....................................................................... 6
6. Privilege Identity Management ......................................................................................................... 6
7. Why managing privileged identities are important? ........................................................................ 7
8. Business Drivers: Do you need a solution to manage privilege identities? ..................................... 8
9. Solution Alternatives ........................................................................................................................ 10
10. Implementation Review Checklist ................................................................................................. 14
11. Architecture of the Proposed Solution ......................................................................................... 15
12. Iraje Privilege Identity Management Solution Differentiators ..................................................... 15
13. Bottom Line .................................................................................................................................... 16
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 2
Executive Summary Every typical IT environment comprises of hundreds or thousands of servers, databases, network devices and more, all controlled and managed by a variety of privileged and shared identities which are the most powerful in any organization. The term “Privileged Identities/Accounts” refers to any type of user or account that holds special or extra permissions within IT environment like built-in system accounts, admin ids in every operating system, database and applications. These accounts are distinguished from general user IDs by assignment of security, administrative, or system authorities. Privileged accounts and passwords are extremely powerful, allowing a privileged user to log on anonymously and have complete control of the target system with full access to all the information on that system. The vulnerability could potentially cause tremendous financial losses and reputational damage for businesses. Privileged accounts give system wide access to anyone with a password. How well protected are the passwords? Do they change often? Who is using them and are they easy to crack? If so, then the organisation may be risking a serious data security breach. Unmanaged privileged accounts are responsible for many security breaches, causing damaged reputations and loss of money. They also post devastating risks in the long run such as
Data leakage
System abuse
Financial losses
Business continuity damage
Customer Loss
Brand damage It is no secret now that from all possible threat vectors acting on an organisation; an insider threat is the most potent of them all. It has been proven time and again that a harmless change or mistake can have colossal repercussions. The Ernst & Young 2009 Global Information Security Survey identified that authorised users and employees pose the greatest security threat to an organisation. Privilege Identity Management (PIM) is required to manage the privilege accounts within an organization to ensure every action/activity of these users is auditable.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 3
It provides the following benefits
Manages and protects all Privileged Accounts
Controls Access to Privileged Accounts
Complies with Audit and Regulatory Requirements
Streamlines Management of Privileged Accounts
Seamlessly Integrate with Enterprise Systems
Easy Set Up and Deployment
An Iraje Privilege Identity Management (PIM) solution will help companies emphatically meet compliance requirements and prevent internal data breaches that occur through the use of privileged accounts. We provide products and services that can help enable an organization to centrally manage and audit a pool of privileged users, which can be checked in and checked out by authorized people when needed.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 4
Introduction to Privileged Identities Privileged identities are users or accounts that hold elevated permission to access files, install and run programs, and change configuration settings. They have access to operating systems, database servers, user directories, network devices, and enterprise resource planning applications. Privileged users could be system, database, or network administrators, support personnel and application owners. These accounts allow unrestricted access to view and change data, alter configuration settings, and run programs. Typically associated with hardware and software assets (and not with any one user), privileged identities grant “super-user” access to virtually every resource on your network. Privileged accounts are the most powerful accounts in the organisation because -
Privilege accounts have access to sensitive information.
The passwords are rarely changed and known to many.
There is no individual user accountability.
Types of Privileged Identities Privileged identities are usually categorized into the following types:
Common/Shared Administrative Accounts – The non-personal accounts that exist in virtually every device or software application. These accounts hold “super user” privileges and are often shared among IT staff. Some examples are: Windows Administrator user, UNIX root user, and Oracle SYS account.
Privileged Personal Accounts – The powerful accounts that are used by business users and IT personnel. These accounts have a high level of privilege and their use (or misuse) can significantly affect the organization’s business. Some examples are: the Super user, DBA user etc.
Application Accounts – The accounts used by applications to access databases and other applications. These accounts typically have broad access to underlying business information in databases.
Emergency Accounts – Special generic accounts used by the enterprise when elevated privileges are required to fix urgent problems, such as in cases of business continuity or disaster recovery. Access to these accounts frequently requires managerial approval.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 5
Risks of Unmanaged Privilege Identities The following Risks have emerged due to the growth of privileged accounts within
organizations:
Organization Assets
Account Types Actions that may go untraced
Flavours
Operating Systems: Windows, Unix, Linux, AIX, Sun Solaris, Mainframe
Administrator
Root
Service
Super User
Read, Copy, Alter data Change security settings Create and delete accounts Run programs Enable & remove file shares
Databases: Oracle, MS-SQL, MySQL, DB2, Ingress, Informix, Sybase
Root
Sys
Sysdba
SA
Ora
Access transaction data Switch on-off the logs Edit-delete DB logs Modify DB records Change DB configuration and schema Modify stored procedures
Database Tools: Toad, MS SQL, PL/SQL, OEM, SQL Developer, DB2 Admin
System
Sys
SA
Service accounts
App Owner
Access transaction data Edit-delete DB logs Modify DB records Change DB configuration and schema Modify stored procedures
Network & Security Appliances: Cisco, Juniper, Nortel, Watchguard, Checkpoint, etc.
Root
Enable
Admin
Cisco
Alter config settings Give access or deny access to users Access data packets Enable or disable monitoring Change policy settings
Backup, Storage & Service Infrastructure
Administrator
Root
Service
Super User
Access transaction data Modify, delete or transfer saved files Change config settings Save and transfer archived data
Directory Services Administrator
Root
Read, Copy, Alter data Add & delete users Change user privileges Enable remote access
Application Layers Service
Config Files
Run As
DB Connection
Modify backend applications Alter web pages Change records from backend
Disclaimer: all logos used in the picture above are for illustrative purposes only and are intellectual property of
the respective brands.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 6
Potential threats of unmanaged privileged identities Too many privileged identities (users or accounts) to keep track of
No accountability to individuals who are using privileged accounts
Privileged passwords are either not changed or changed rarely
Limited or no audit trials
Increased user id administration cost
No control on direct backend access
Insider threats
Privilege Identity Management In many organizations there is no tracking around of who does what and what kind of
account is being used. Therefore Privileged identity management (PIM) is necessary to
automate control over administrative accounts, which typically put too much power in too
many people's hands with too little accountability. It helps to address the security,
operational and compliance issues posed by the widely shared administrative accounts and
passwords, excessive administrative rights, poor separation of duties, embedded passwords
in legacy applications and scripts, and poor or non-existent privileged-password rotation. It
also provides individual accountability and an audit trail to prove that policies and controls
are actually being enforced.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 7
Why managing privileged identities are important? The drivers to manage these privilege identities often start with an immediate need to address negative audit findings, or with an executive mandate to improve an organization’s GRC (governance, risk management and compliance) position. Additional business drivers can include the need to manage privilege account ids & passwords, get audit trails of every activity and action performed by privileged users, file regulatory compliance, manage completely outsourced environments effectively and get overall visibility and control of your IT organization. The potential business drivers are explained below: Password Management
• Critical passwords of Databases, OS & Routers are stored in text files and/or spreadsheets
• 60 day password change: Admins must manually change approx. 100*3=300 passwords
• ‘Admin’ passwords shared by all Administrators Privileged Access Management
• Privileged ids (‘sys’, ‘system’, ‘ora’) and passwords are shared by all the admins • Every DBA has unrestricted full access on all aspects of an accessed database
Audit Trails
• No audit trail to the activities performed using tools like Toad, OEM, XManager, etc. • Limited audit trail of Application administrator activities • Limited audit trail of OS (Unix/Linux/Windows) access and activity • Limited audit trail of access to databases • Limited audit trail of access to all network devices • Logs not available at one central location for all devices without being under the
control of administrators
Visibility & Control • Limited visibility on the datacenter activities • Limited visibility on activities performed by internal resources/partner resources • No control/restrictions on device activities
Compliance with Regulatory Mandates
• Datacenter activities not complying with regulatory compliance mandates (example ISO27001, RBI guidelines etc.)
• Third Party Audit gaps & data privacy issues
Moving to the cloud
An increase in the use of data centre consolidation, cloud computing, virtualization and outsourcing creates an even greater need to centrally manage and secure privileged IDs.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 8
Business Drivers: Do you need a solution to manage privilege
identities? Before embarking on your Privileged Identity Management (PIM) journey, it’s important to
understand the severity and criticality of the issue and how urgent it is to manage the same.
The Top 10 lead in questions for the same are.
Example: If your answer is option a, put 1 in the first column, if your answer is option b. put
2. in the second column, if option c. put 3 in the third column and so on.
Sr. No. Lead in Questions Severity & Criticality
Less Severe Severe
Very severe Critical
Very critical
1. How many privileged users do we have in the organization?
a. < 10
b. >10 <25
c. >25<50
d. >50<100
e. >100
2. How many privileged accounts are there on your systems?
a. < 100
b. >100 <250
c. >250<500
d. >500<1000
e. >1000
3. How many passwords are there across all privileged accounts?
a. < 100
b. >100 <250
c. >250<500
d. >500<1000
e. >1000
4. Is your environment completely outsourced, insourced or a mix?
a. Completely insourced
b. Mostly insourced
c. Mix of both
d. Mostly outsourced
e. Completely outsourced
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 9
5. How sensitive is your business data?
a. Not at all critical
b. Not much critical
c. Important
d. Critical
e. Very critical
6. Did you have any data breaches in the past?
a. No breaches at all
b. Very few breaches
c. Few breaches - but regularly
d. Many breaches
e. Very critical breaches
7. Do you have trace of every privilege user action as of now with your current monitoring infrastructure?
a. Every privilege session is traceable
b. Most privilege sessions are traceable
cc.
Privilege sessions are most likely Traceable
d. Limited traceability
e. No traceability at all
8. Do you struggle during system audits and get non-compliances on privileged accesses?
a. No issues in system audits
b. Limited issues in system audits
c.
Issues in systems audits and non- Compliances
d. Many issues reported in system audits
e.
Critical issues and non-compliances in system audits
9. Do you have visibility and control on your datacentre?
a.
Complete visibility and control on your datacentre
b.
Good visibility on your datacentre Activities
c. Fair visibility on your datacentre
d.
No visibility on your datacentre Activities
e Zero visibility and control on your Datacentre
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 10
10. Do you have regulatory compliance requirements on privileged accesses
a. No regulatory compliance
b. Limited compliance requirement
c. Only internal compliance requirement
d.
Mandatory local compliance Requirements
e.
Mandatory local and international compliance requirements
Now add the answers. The scores will point to the severity and criticality of a PIM solution
required for the organization. Table below gives the severity and criticality scores at which
organization needs to take a decision on implementing PIM solution.
Severity and Criticality Scores Suggested Action
>10 <20 Not critical
>20 <30 Critical but not urgent
>30 <40 Critical & Urgent
>40 Immediate requirement
It is very likely that your scores are in your 20s, which means that though this threat is
important it may not be urgent to be acted on.
Alternatively your scores may be in your 40s, which means the issue is not only critical but
very urgent as well, and needs to be address immediately.
Solution Alternatives While there are multiple solutions in the market, it is imperative to choose certain
alternatives to narrow down your solution alternatives.
Most of these solutions have grown from Identity Management and Access Management
modules of companies and extended to Privilege Identity Management.
There are hardly few pure play Privilege Identity Management solutions that have thought
about this problem and developed a solution primarily to address privileged access only.
Every PIM solution offers features that address security concerns for privileged accesses.
There are few features that are critical and must have in PIM solutions.
Below is the list of most important features that should be there in PIM solutions.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 11
Sr. No
Area Details
1. Architecture
2. Deployment
Software based/Appliance based
Agent based/Agent less on either users or target systems
VMware Supported
3. Scalability Deployment in terms of number of users, target systems, concurrent sessions
4. Redundancy – HA Active-Active/Active-Passive
5. Redundancy – DR Active-Active/Active-Passive
6. Password Management
7. AD Integration Integration with Active Directory - for user authentication
8. Single Sign On SSO on all servers, databases, network, storage, security devices etc.
9. Single Sign On (browser & thick clients accesses)
SSO on all devices accessed through browser
SSO on all clients used to access databases and network devices
SSO on all clients used to access storage and security devices
10. Manage Common accounts Ability to trace every action to the user using the common account
11. Password management Sync password changes of privilege accounts to target systems
Auto verify function after change
12. Password Policy Enforcement on target systems
Password change at predefined frequency
Password generation with min length, strength, uniqueness etc.
Minimum & max length supported
Complexity
Password History
13. Secure password printing Printing passwords in secure PIN mailers
14. Password Release & Reset Password Release on user request & approval
Password View/Display with maker checker control
15. Manage hardcoded passwords
Manage privileged passwords in scripts
16. Access Control
17. Approval Workflow
Email / SMS / Voice workflow to raise & approve access
requests with maker - checker process
Email/SMS/Voice workflow to raise & approve privileges
with maker checker process
Email/SMS/Voice notifications to approvers and requestors
18. Role and rule/policy based access control
Role based delegation of administrative privileges - grouping target systems or users according to business needs.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 12
Access control profile for target systems
Access control profile for users
Time based restriction
Activity/Command based restriction
Mandating screen to record justification/comments before allowing access to target system
19. Privilege Access Restriction - Granular Control
Restricting to specific commands, tasks & working directory on various platforms/applications
20. Segregation of duties Prevent user access conflicts as per the roles assigned within organization
21. On-Demand Access
On-demand & temp access over HTTPS/VPN for vendors based on approvals
On-demand & one-time access for administrators based on approvals
22. Security
23. Multifactor Authentication Integration with various 2 factor authentication e.g. SMS-OTP, Hard/Soft tokens, Smart card, Bio-metrics etc.
24. Privilege User Id Discovery Discover privilege accounts on target systems – configured/non-configured
25. Encryption
While at rest - Type of Password Encryption used for privileged accounts
While in transit - Type of Password Encryption used for privileged accounts
Discover target systems in the network – configured/non-configured
26. Audit Trails
27. Screen recording & replay Session recording and replay
28. Command line logging & replay
Session recording and replay
29. Compression of session recordings
Recordings to be in compressed format and optimized for storage
30. Search options on recordings
Search on session recording logs based on user, resource and/or date
31. Control on playing of recordings
Session recordings cannot be played anywhere, except on the PIM solution, for enhanced security
32. Storage Space Management Auto archiving of session recording files based on period and backup status
33. Abnormal Login Activity
Logging user's user id, source system IP address & MAC id
Alerting same time logging by same user id but with different source system IP
Unusual time user login alert
34. PIM Tool Admin User Activities
Recording of all user activity on PIM solution (password request, session request etc.)
35. Audit Trails/recording Control
Restricted access to recordings & audit trails of PIM tool
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 13
36. Real-time activity monitoring & correlation
Integration with other enterprise tools
37. Other Features
38. Scripts & scheduler To run the batch scripts / programs using privileged ids
39. Ticketing System Integration Integration with ticketing system for allowing access based on ticket
40. Dashboard & Reports
41. Executive Dashboard for Reporting
Role based dashboards
42. Reports in different file formats
Export of reports in Excel or CSV formats
43. Audit Compliance Reports Reports that meet compliance requirements of ISO27001, PCI, SOX etc.
44. Privileged User Access Report
Access Control Master - wrt privileges & Connection Master - wrt accesses
45. PIM Tool Management
46. Role based access Role based administrative access to tool for delegated administration
47. Integration with Active Directory
Active directory integration for the super-admins, admins of tool. User to login with their A.D. credentials for administration of tool
48. Approval Workflow Email/SMS option
Request for a new connection
New privilege authorization
New user authorization
49. Session Management User privilege change authorization
Real time session monitoring
50. Alert Management -email/sms/voice notification options
Manual session termination
Alerts for sensitive commands
Alerts for sensitive connections
Alerts for changes to PIM audit trails
Alerts for all changes to PIM parameters
51 Automation
52 Element Management PIM solution itself monitors CPU, Memory and Storage of the
PIM appliances.
53 Port Management Monitor ports of target devices and send email/sms/voice
alerts
54 Auto upload of connections Automate addition of new devices/connections through csv
uploads
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 14
Implementation review checklist A good Privileged Identity Management Solution should provide the following:
Discover privileged accounts throughout the enterprise
Discover devices configured in the network and list devices outside PIM
Control spread of shared-privilege accounts
Automate manual processes
Manage services, scripts and applications
Integrate with other enterprise tools
Automate password generation and rotation
Secure storage of password data
Provide detailed audit trails to prove controls are in place and effective
Mitigate the risk of insider threats
Give dashboards for executive reporting
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 15
Architecture of the Proposed Solution Iraje proposes the following architecture for ensuring the Privilege Identity Management
solution is robust, meets compliance requirements, scalable, and has redundancy and to
ensure 24*7 smooth operation. The key highlights of this architecture are:
SSO on the entire datacentre environment with secure https access to the solution
Redundancy and load balancing with DR option
Complete audit trail of every activity and every command executed by admins
Reports to meet compliance requirements and
Dashboards for executive reporting
Iraje Privilege Identity Management Solution differentiators PIM solutions offers the features mentioned in the list above. Few features that
differentiate Iraje PIM from other solutions are:
1. SSO on any url (this helps cover entire set of network devices that are accessed through SSH, Telnet & browser)
2. SSO on any thick client/Tool (SQL Developer, Toad, PL/SQL, MS SQL, X Manager, OEM, SAP, Cisco ASDM, VM Client, Lotus Domino, etc. )
3. SMS, Email and Voice alerts on defined events/connections 4. In built BI tool to help build custom reports on the fly 5. AD integration, DB Links, Script Manager, Pin mailer printing - all out of the box
PIM Solution with the shortest time to implement.
Privilege Identity Management – White Paper
© Iraje Confidential – All rights reserved 16
Bottom Line The threat of un-managed privileged identities is very high and it can cost the organization very heavily in case of data breaches. The insider threat is dangerous as well since it goes on without being traced easily. Addressing the threats from insiders is always a sensitive area to handle. While companies will always want to hire trustworthy employees, it is an irrefutable fact that accidental breaches occur very regularly, and that a single, well-motivated malicious insider with privilege accesses can cause immense damage. IT auditors are also realizing the potential of threats posed by unmanaged privileged identities in your organization. There is an ever increasing pressure to bring these powerful logins under control. Fortunately, Privileged Identity Management software can help organizations secure privileged credentials throughout your network and provide an authoritative/forensic audit trail of their access. A successful PIM implementation can give
give complete visibility and control on privilege accesses
help comply to regulatory requirements
improve overall Governance Risk and Control (GRC) of the organization For more details or a demo of the solution, contact us at [email protected] or the below partners.
Our Partners: