Properly defining, controlling, and monitoring administrative privileges in IT systems is a real challenge for enterprises. A lack of proper control over root and privileged accounts can lead to:
Users being given more privileges than they need to do their job
Passwords for superuser accounts not being properly protected
Inadequate audit logging of privileged account operations
Organizations must prove that privileged operations are suitably controlled, but delegating privileges is not straightforward. Sharing sensitive privileged account passwords is a security and compliance no-no, while more complex methods, such as dual controls, can hinder business processes.
FoxT Solution
To effectively and efficiently control privileged accounts, a combination of different access management components is required:
Enforced delegation of privileges, so users only get the privileges they need and no more
Enforced use of encrypted communication to protect privileged account passwords
Detailed audit logs that record privileged operations, including forensic-level keystroke logging
Users can perform specified privileged operations using their own password or token; the system can be configured so that privileged account passwords are never needed for day-to-day operations
Privileged account password checkout function to prevent password sharing
