|
Distributed servers provide a great deal of flexibility, but they also increase the need for protection from external and internal threats. The number of servers, physical and virtual, is still on the rise and the amount of critical resources that they control is increasing as well. This scenario, combined with the further specialization within IT departments, means that more people need some form of access to these machines to keep the business running smoothly. A programmer may need access to event logs to troubleshoot an issue, a database manager may need to adjust the configuration for better performance and a server administrator may need to perform regular maintenance activities to prevent downtime. Many organizations have outsourced specific tasks and need to provide access rights to even more individuals outside the organization. Add changing roles, regular turnover and new outsourcing contracts, and you’ve got a complex, moving target.
To top it all off there are auditors and IT security personnel that need access to logs and event data. This leaves IT management with the need to provide privileged access to a growing number of people with very diverse needs — a significant challenge because server operating systems are not set-up to accommodate these requirements. At the same time, they must protect these critical servers from various forms of external attacks.
Most organizations have a variety of server platforms with different security capabilities and interfaces. Trying to manage security policies and track access rights in this type of environment is a time-consuming and expensive process, as traditional operating system security is not built to handle this type of scenario. Many systems have just a few roles or an all-or-nothing approach that revolves around a superuser accounts ("Root" in UNIX and "Administrator" in Windows).
If users need any kind of privileged access, they are often given the right to one of these shared superuser accounts, affording the user unlimited rights and anonymous access to the server. Worse still, the method by which these accounts are shared is through a single account password, which increases the risk of this password being exposed outside of the intended team. Over time, more and more people gain access this way and the risk to the organization multiplies because of the overexposure to sensitive resources.
These shared accounts don’t provide the necessary segregation of duties, provide no accountability for individual actions and even have the ability to turn off event logs. This has led to the many of the publicized data breaches and security problems that have been in the news, such as:
- The database administrator who changes the server configuration and mistakenly grinds the system to a halt
- The backup technician who makes a mistake and shuts down some vital services
- An employee that uses over-privileged access to override company policies and approve inappropriate activities
- A programmer that makes changes on a Web server that inadvertently brings down the machine
- A disgruntled employee that uses superuser access to steal sensitive data or purposely harm critical systems
- A malicious outsider that gets a hold of a shared account password that has spread throughout the organization and is not changed often
If you create multiple guests on a host machine and then give superuser access to the host machine (for a user that really only needs access to one aspect of one guest machine), you are overexposing a wide array of resources on multiple machines and further compounding the risk profile.
Meanwhile, companies are being required to pass security audits and meet additional compliance standards. SOX, PCI-DSS and HIPPA all have clauses that require the protection of sensitive data, the restriction of access to a “need to know” basis and the tracking of access events over time. These requirements cannot be satisfied with the traditional shared account approach mentioned above.
Companies need the ability to create specific access rights to match the various roles of the growing number of privileged account users. They also have to manage the passwords on these accounts and track the activities on an individual basis for audits, compliance regulations and to facilitate incident investigations.
|
