Iraje_PIM_White_Paper_V5

White Paper

Privilege Identity Management

Enterprise Data Security

Governance Risk & Compliance

March 2014

Privilege Identity Management – White Paper

© Iraje Confidential – All rights reserved 1

TABLE OF CONTENTS

1. Executive Summary ............................................................................................................................ 2

2. Introduction to Privilege Identities .................................................................................................... 4

3. Types of Privilege Identities ............................................................................................................... 4

4. Risks of Unmanaged Privilege Identities ........................................................................................... 5

5. Potential Threats of Unmanaged Privilege Identities ....................................................................... 6

6. Privilege Identity Management ......................................................................................................... 6

7. Why managing privileged identities are important? ........................................................................ 7

8. Business Drivers: Do you need a solution to manage privilege identities? ..................................... 8

9. Solution Alternatives ........................................................................................................................ 10

10. Implementation Review Checklist ................................................................................................. 14

11. Architecture of the Proposed Solution ......................................................................................... 15

12. Iraje Privilege Identity Management Solution Differentiators ..................................................... 15

13. Bottom Line .................................................................................................................................... 16



Executive Summary Every typical IT environment comprises of hundreds or thousands of servers, databases, network devices and more, all controlled and managed by a variety of privileged and shared identities which are the most powerful in any organization. The term “Privileged Identities/Accounts” refers to any type of user or account that holds special or extra permissions within IT environment like built-in system accounts, admin ids in every operating system, database and applications. These accounts are distinguished from general user IDs by assignment of security, administrative, or system authorities. Privileged accounts and passwords are extremely powerful, allowing a privileged user to log on anonymously and have complete control of the target system with full access to all the information on that system. The vulnerability could potentially cause tremendous financial losses and reputational damage for businesses. Privileged accounts give system wide access to anyone with a password. How well protected are the passwords? Do they change often? Who is using them and are they easy to crack? If so, then the organisation may be risking a serious data security breach. Unmanaged privileged accounts are responsible for many security breaches, causing damaged reputations and loss of money. They also post devastating risks in the long run such as

Data leakage

System abuse

Financial losses

Business continuity damage

Customer Loss

Brand damage It is no secret now that from all possible threat vectors acting on an organisation; an insider threat is the most potent of them all. It has been proven time and again that a harmless change or mistake can have colossal repercussions. The Ernst & Young 2009 Global Information Security Survey identified that authorised users and employees pose the greatest security threat to an organisation. Privilege Identity Management (PIM) is required to manage the privilege accounts within an organization to ensure every action/activity of these users is auditable.



It provides the following benefits

Manages and protects all Privileged Accounts

Controls Access to Privileged Accounts

Complies with Audit and Regulatory Requirements

Streamlines Management of Privileged Accounts

Seamlessly Integrate with Enterprise Systems

Easy Set Up and Deployment

An Iraje Privilege Identity Management (PIM) solution will help companies emphatically meet compliance requirements and prevent internal data breaches that occur through the use of privileged accounts. We provide products and services that can help enable an organization to centrally manage and audit a pool of privileged users, which can be checked in and checked out by authorized people when needed.

http://en.wikipedia.org/wiki/Compliance_(regulation)



Introduction to Privileged Identities Privileged identities are users or accounts that hold elevated permission to access files, install and run programs, and change configuration settings. They have access to operating systems, database servers, user directories, network devices, and enterprise resource planning applications. Privileged users could be system, database, or network administrators, support personnel and application owners. These accounts allow unrestricted access to view and change data, alter configuration settings, and run programs. Typically associated with hardware and software assets (and not with any one user), privileged identities grant “super-user” access to virtually every resource on your network. Privileged accounts are the most powerful accounts in the organisation because -

Privilege accounts have access to sensitive information.

The passwords are rarely changed and known to many.

There is no individual user accountability.

Types of Privileged Identities Privileged identities are usually categorized into the following types:

Common/Shared Administrative Accounts – The non-personal accounts that exist in virtually every device or software application. These accounts hold “super user” privileges and are often shared among IT staff. Some examples are: Windows Administrator user, UNIX root user, and Oracle SYS account.

Privileged Personal Accounts – The powerful accounts that are used by business users and IT personnel. These accounts have a high level of privilege and their use (or misuse) can significantly affect the organization’s business. Some examples are: the Super user, DBA user etc.

Application Accounts – The accounts used by applications to access databases and other applications. These accounts typically have broad access to underlying business information in databases.

Emergency Accounts – Special generic accounts used by the enterprise when elevated privileges are required to fix urgent problems, such as in cases of business continuity or disaster recovery. Access to these accounts frequently requires managerial approval.

http://en.wikipedia.org/wiki/Super_user

http://en.wikipedia.org/wiki/Super_user



Risks of Unmanaged Privilege Identities The following Risks have emerged due to the growth of privileged accounts within

organizations:

Organization Assets

Account Types Actions that may go untraced

Flavours

Operating Systems: Windows, Unix, Linux, AIX, Sun Solaris, Mainframe

Administrator

Root

Service

Super User

Read, Copy, Alter data Change security settings Create and delete accounts Run programs Enable & remove file shares

Databases: Oracle, MS-SQL, MySQL, DB2, Ingress, Informix, Sybase

Root

Sys

Sysdba

SA

Ora

Access transaction data Switch on-off the logs Edit-delete DB logs Modify DB records Change DB configuration and schema Modify stored procedures

Database Tools: Toad, MS SQL, PL/SQL, OEM, SQL Developer, DB2 Admin

System

Sys

SA

Service accounts

App Owner

Access transaction data Edit-delete DB logs Modify DB records Change DB configuration and schema Modify stored procedures

Network & Security Appliances: Cisco, Juniper, Nortel, Watchguard, Checkpoint, etc.

Root

Enable

Admin

Cisco

Alter config settings Give access or deny access to users Access data packets Enable or disable monitoring Change policy settings

Backup, Storage & Service Infrastructure

Administrator

Root

Service

Super User

Access transaction data Modify, delete or transfer saved files Change config settings Save and transfer archived data

Directory Services Administrator

Root

Read, Copy, Alter data Add & delete users Change user privileges Enable remote access

Application Layers Service

Config Files

Run As

DB Connection

Modify backend applications Alter web pages Change records from backend

Disclaimer: all logos used in the picture above are for illustrative purposes only and are intellectual property of

the respective brands.



Potential threats of unmanaged privileged identities Too many privileged identities (users or accounts) to keep track of

No accountability to individuals who are using privileged accounts

Privileged passwords are either not changed or changed rarely

Limited or no audit trials

Increased user id administration cost

No control on direct backend access

Insider threats

Privilege Identity Management In many organizations there is no tracking around of who does what and what kind of

account is being used. Therefore Privileged identity management (PIM) is necessary to

automate control over administrative accounts, which typically put too much power in too

many people's hands with too little accountability. It helps to address the security,

operational and compliance issues posed by the widely shared administrative accounts and

passwords, excessive administrative rights, poor separation of duties, embedded passwords

in legacy applications and scripts, and poor or non-existent privileged-password rotation. It

also provides individual accountability and an audit trail to prove that policies and controls

are actually being enforced.

http://www.csoonline.com/article/446017/separation-of-duties-and-it-security



Why managing privileged identities are important? The drivers to manage these privilege identities often start with an immediate need to address negative audit findings, or with an executive mandate to improve an organization’s GRC (governance, risk management and compliance) position. Additional business drivers can include the need to manage privilege account ids & passwords, get audit trails of every activity and action performed by privileged users, file regulatory compliance, manage completely outsourced environments effectively and get overall visibility and control of your IT organization. The potential business drivers are explained below: Password Management

• Critical passwords of Databases, OS & Routers are stored in text files and/or spreadsheets

• 60 day password change: Admins must manually change approx. 100*3=300 passwords

• ‘Admin’ passwords shared by all Administrators Privileged Access Management

• Privileged ids (‘sys’, ‘system’, ‘ora’) and passwords are shared by all the admins • Every DBA has unrestricted full access on all aspects of an accessed database

Audit Trails

• No audit trail to the activities performed using tools like Toad, OEM, XManager, etc. • Limited audit trail of Application administrator activities • Limited audit trail of OS (Unix/Linux/Windows) access and activity • Limited audit trail of access to databases • Limited audit trail of access to all network devices • Logs not available at one central location for all devices without being under the

control of administrators

Visibility & Control • Limited visibility on the datacenter activities • Limited visibility on activities performed by internal resources/partner resources • No control/restrictions on device activities

Compliance with Regulatory Mandates

• Datacenter activities not complying with regulatory compliance mandates (example ISO27001, RBI guidelines etc.)

• Third Party Audit gaps & data privacy issues

Moving to the cloud

An increase in the use of data centre consolidation, cloud computing, virtualization and outsourcing creates an even greater need to centrally manage and secure privileged IDs.



Business Drivers: Do you need a solution to manage privilege

identities? Before embarking on your Privileged Identity Management (PIM) journey, it’s important to

understand the severity and criticality of the issue and how urgent it is to manage the same.

The Top 10 lead in questions for the same are.

Example: If your answer is option a, put 1 in the first column, if your answer is option b. put

2. in the second column, if option c. put 3 in the third column and so on.

Sr. No. Lead in Questions Severity & Criticality

Less Severe Severe

Very severe Critical

Very critical

1. How many privileged users do we have in the organization?

a. < 10

b. >10 <25

c. >25<50

d. >50<100

e. >100

2. How many privileged accounts are there on your systems?

a. < 100

b. >100 <250

c. >250<500

d. >500<1000

e. >1000

3. How many passwords are there across all privileged accounts?

a. < 100

b. >100 <250

c. >250<500

d. >500<1000

e. >1000

4. Is your environment completely outsourced, insourced or a mix?

a. Completely insourced

b. Mostly insourced

c. Mix of both

d. Mostly outsourced

e. Completely outsourced



5. How sensitive is your business data?

a. Not at all critical

b. Not much critical

c. Important

d. Critical

e. Very critical

6. Did you have any data breaches in the past?

a. No breaches at all

b. Very few breaches

c. Few breaches - but regularly

d. Many breaches

e. Very critical breaches

7. Do you have trace of every privilege user action as of now with your current monitoring infrastructure?

a. Every privilege session is traceable

b. Most privilege sessions are traceable

cc.

Privilege sessions are most likely Traceable

d. Limited traceability

e. No traceability at all

8. Do you struggle during system audits and get non-compliances on privileged accesses?

a. No issues in system audits

b. Limited issues in system audits

c.

Issues in systems audits and non- Compliances

d. Many issues reported in system audits

e.

Critical issues and non-compliances in system audits

9. Do you have visibility and control on your datacentre?

a.

Complete visibility and control on your datacentre

b.

Good visibility on your datacentre Activities

c. Fair visibility on your datacentre

d.

No visibility on your datacentre Activities

e Zero visibility and control on your Datacentre



10. Do you have regulatory compliance requirements on privileged accesses

a. No regulatory compliance

b. Limited compliance requirement

c. Only internal compliance requirement

d.

Mandatory local compliance Requirements

e.

Mandatory local and international compliance requirements

Now add the answers. The scores will point to the severity and criticality of a PIM solution

required for the organization. Table below gives the severity and criticality scores at which

organization needs to take a decision on implementing PIM solution.

Severity and Criticality Scores Suggested Action

>10 <20 Not critical

>20 <30 Critical but not urgent

>30 <40 Critical & Urgent

>40 Immediate requirement

It is very likely that your scores are in your 20s, which means that though this threat is

important it may not be urgent to be acted on.

Alternatively your scores may be in your 40s, which means the issue is not only critical but

very urgent as well, and needs to be address immediately.

Solution Alternatives While there are multiple solutions in the market, it is imperative to choose certain

alternatives to narrow down your solution alternatives.

Most of these solutions have grown from Identity Management and Access Management

modules of companies and extended to Privilege Identity Management.

There are hardly few pure play Privilege Identity Management solutions that have thought

about this problem and developed a solution primarily to address privileged access only.

Every PIM solution offers features that address security concerns for privileged accesses.

There are few features that are critical and must have in PIM solutions.

Below is the list of most important features that should be there in PIM solutions.



Sr. No

Area Details

1. Architecture

2. Deployment

Software based/Appliance based

Agent based/Agent less on either users or target systems

VMware Supported

3. Scalability Deployment in terms of number of users, target systems, concurrent sessions

4. Redundancy – HA Active-Active/Active-Passive

5. Redundancy – DR Active-Active/Active-Passive

6. Password Management

7. AD Integration Integration with Active Directory - for user authentication

8. Single Sign On SSO on all servers, databases, network, storage, security devices etc.

9. Single Sign On (browser & thick clients accesses)

SSO on all devices accessed through browser

SSO on all clients used to access databases and network devices

SSO on all clients used to access storage and security devices

10. Manage Common accounts Ability to trace every action to the user using the common account

11. Password management Sync password changes of privilege accounts to target systems

Auto verify function after change

12. Password Policy Enforcement on target systems

Password change at predefined frequency

Password generation with min length, strength, uniqueness etc.

Minimum & max length supported

Complexity

Password History

13. Secure password printing Printing passwords in secure PIN mailers

14. Password Release & Reset Password Release on user request & approval

Password View/Display with maker checker control

15. Manage hardcoded passwords

Manage privileged passwords in scripts

16. Access Control

17. Approval Workflow

Email / SMS / Voice workflow to raise & approve access

requests with maker - checker process

Email/SMS/Voice workflow to raise & approve privileges

with maker checker process

Email/SMS/Voice notifications to approvers and requestors

18. Role and rule/policy based access control

Role based delegation of administrative privileges - grouping target systems or users according to business needs.



Access control profile for target systems

Access control profile for users

Time based restriction

Activity/Command based restriction

Mandating screen to record justification/comments before allowing access to target system

19. Privilege Access Restriction - Granular Control

Restricting to specific commands, tasks & working directory on various platforms/applications

20. Segregation of duties Prevent user access conflicts as per the roles assigned within organization

21. On-Demand Access

On-demand & temp access over HTTPS/VPN for vendors based on approvals

On-demand & one-time access for administrators based on approvals

22. Security

23. Multifactor Authentication Integration with various 2 factor authentication e.g. SMS-OTP, Hard/Soft tokens, Smart card, Bio-metrics etc.

24. Privilege User Id Discovery Discover privilege accounts on target systems – configured/non-configured

25. Encryption

While at rest - Type of Password Encryption used for privileged accounts

While in transit - Type of Password Encryption used for privileged accounts

Discover target systems in the network – configured/non-configured

26. Audit Trails

27. Screen recording & replay Session recording and replay

28. Command line logging & replay

Session recording and replay

29. Compression of session recordings

Recordings to be in compressed format and optimized for storage

30. Search options on recordings

Search on session recording logs based on user, resource and/or date

31. Control on playing of recordings

Session recordings cannot be played anywhere, except on the PIM solution, for enhanced security

32. Storage Space Management Auto archiving of session recording files based on period and backup status

33. Abnormal Login Activity

Logging user's user id, source system IP address & MAC id

Alerting same time logging by same user id but with different source system IP

Unusual time user login alert

34. PIM Tool Admin User Activities

Recording of all user activity on PIM solution (password request, session request etc.)

35. Audit Trails/recording Control

Restricted access to recordings & audit trails of PIM tool



36. Real-time activity monitoring & correlation

Integration with other enterprise tools

37. Other Features

38. Scripts & scheduler To run the batch scripts / programs using privileged ids

39. Ticketing System Integration Integration with ticketing system for allowing access based on ticket

40. Dashboard & Reports

41. Executive Dashboard for Reporting

Role based dashboards

42. Reports in different file formats

Export of reports in Excel or CSV formats

43. Audit Compliance Reports Reports that meet compliance requirements of ISO27001, PCI, SOX etc.

44. Privileged User Access Report

Access Control Master - wrt privileges & Connection Master - wrt accesses

45. PIM Tool Management

46. Role based access Role based administrative access to tool for delegated administration

47. Integration with Active Directory

Active directory integration for the super-admins, admins of tool. User to login with their A.D. credentials for administration of tool

48. Approval Workflow Email/SMS option

Request for a new connection

New privilege authorization

New user authorization

49. Session Management User privilege change authorization

Real time session monitoring

50. Alert Management -email/sms/voice notification options

Manual session termination

Alerts for sensitive commands

Alerts for sensitive connections

Alerts for changes to PIM audit trails

Alerts for all changes to PIM parameters

51 Automation

52 Element Management PIM solution itself monitors CPU, Memory and Storage of the

PIM appliances.

53 Port Management Monitor ports of target devices and send email/sms/voice

alerts

54 Auto upload of connections Automate addition of new devices/connections through csv

uploads



Implementation review checklist A good Privileged Identity Management Solution should provide the following:

Discover privileged accounts throughout the enterprise

Discover devices configured in the network and list devices outside PIM

Control spread of shared-privilege accounts

Automate manual processes

Manage services, scripts and applications

Integrate with other enterprise tools

Automate password generation and rotation

Secure storage of password data

Provide detailed audit trails to prove controls are in place and effective

Mitigate the risk of insider threats

Give dashboards for executive reporting



Architecture of the Proposed Solution Iraje proposes the following architecture for ensuring the Privilege Identity Management

solution is robust, meets compliance requirements, scalable, and has redundancy and to

ensure 24*7 smooth operation. The key highlights of this architecture are:

SSO on the entire datacentre environment with secure https access to the solution

Redundancy and load balancing with DR option

Complete audit trail of every activity and every command executed by admins

Reports to meet compliance requirements and

Dashboards for executive reporting

Iraje Privilege Identity Management Solution differentiators PIM solutions offers the features mentioned in the list above. Few features that

differentiate Iraje PIM from other solutions are:

1. SSO on any url (this helps cover entire set of network devices that are accessed through SSH, Telnet & browser)

2. SSO on any thick client/Tool (SQL Developer, Toad, PL/SQL, MS SQL, X Manager, OEM, SAP, Cisco ASDM, VM Client, Lotus Domino, etc. )

3. SMS, Email and Voice alerts on defined events/connections 4. In built BI tool to help build custom reports on the fly 5. AD integration, DB Links, Script Manager, Pin mailer printing - all out of the box

PIM Solution with the shortest time to implement.



Bottom Line The threat of un-managed privileged identities is very high and it can cost the organization very heavily in case of data breaches. The insider threat is dangerous as well since it goes on without being traced easily. Addressing the threats from insiders is always a sensitive area to handle. While companies will always want to hire trustworthy employees, it is an irrefutable fact that accidental breaches occur very regularly, and that a single, well-motivated malicious insider with privilege accesses can cause immense damage. IT auditors are also realizing the potential of threats posed by unmanaged privileged identities in your organization. There is an ever increasing pressure to bring these powerful logins under control. Fortunately, Privileged Identity Management software can help organizations secure privileged credentials throughout your network and provide an authoritative/forensic audit trail of their access. A successful PIM implementation can give

give complete visibility and control on privilege accesses

help comply to regulatory requirements

improve overall Governance Risk and Control (GRC) of the organization For more details or a demo of the solution, contact us at [email protected] or the below partners.

Our Partners:

mailto:[email protected]

Iraje_PIM_White_Paper_V5

Documents

types of privilege identities

privileged accounts

privileged user

shared identities

variety of privileged

builtin system accounts

target system

system authorities