Global Food and Beverage Provider Uses BoKS to Centralize Privileged Access Management

After failing a SOX audit, this leading food and beverage organization implemented

an automated approach to control the administration, authorization and audit of

privileged users.

Access Control Challenge

Operating thousands of restaurants worldwide requires a large server infrastructure. Keeping that global infrastructure secure is a huge challenge. After failing a SOX audit related to lack of control over how privileged users were accessing servers, this company determined it was time to find an automated method for administering, enforcing, and auditing privileged user access rights.

The initial target was to add automated privileged controls for 500 core Unix servers. However, they needed a solution that would scale to potentially support thousands of servers. In addition, the privileged access management solution needed to control privileged user access to both Unix and Windows servers, and preferably from a single architecture and console.

The controls needed to automatically enforce granular access policies and eliminate any sharing of privileged passwords as well as provide control over local accounts on Windows servers. In addition to having powerful authorization capabilities, they needed a solution that would enable them to centrally administer the privileged users’ identities, and leverage Active Directory (AD) as needed.

The FoxT Solution

They explored many options, but found that FoxT BoKS ServerControl offered them the most granular, proactive enforcement of authentication and authorization policies. As well, BoKS ServerControl was proven to be highly scalable and offered a single architecture across the Unix and Windows servers. The ability to centrally administer all of the privileged user identities, in conjunction with Active Directory, was also a key value.

BoKS automatically controls the elevation of privileges for administrative users based on granular, role-based policies including which commands the privileged user is allowed to execute. Over 100 different operating systems are controlled by BoKS, including the lock-down of local 0Windows accounts.

The deep granularity offered by BoKS is enabling the organization to proactively control access and privileged elevation based on: the role, the source system, the communication method, the target system, and the time. Centralized distribution of SSH keys, another feature of FoxT ServerControl, is also incorporated into the authorization

CASE STUDY

Copyright © Fox Technologies. FoxT logo is a trademark of Fox Technologies, Inc. Other product and company names noted herein may be the registered trademarks and trademarks of their respective owners. All rights reserved.

About FoxT

Fox Technologies, Inc. helps companies

protect corporate information assets

with network security and access

management software as well as

striving to simplify compliance and

streamline administration with an

award-winning access management

and privileged account control

solution. Our access management

software centrally enforces granular

access entitlements in real time across

diverse server environments. To

contact Fox Technologies you can

email us at: sales@foxt.com, or visit

our website: www.foxt.com.

www.foxt.com • sales@foxt.com • 616 .438 .0840

and can be controlled down to the sub-service level as part of the access rules, further boosting productivity while enabling more granular control over administrator actions. BoKS also enables the food and beverage company to keystroke log sensitive sessions and grant privileged command execution to non-privileged users.

All authorized users and accounts have security policies that are centrally administered and enforced through BoKS. The user administration works in conjunction with Active Directory. Users imported from Active Directory can leverage a common identity across Windows and UNIX servers. Additionally, the Kerberos ticket that is presented to a Windows user as they log into a domain can be extended to include UNIX servers. This provides the users with a single sign on experience.

While controlling privileged accounts and privileged user actions in a proactive fashion is crucial for system security, it also enables the food and beverage company to address their SOX audit failure and other regulatory mandates including PCI. Rich audit reporting capabilities are making it very easy for the IT Security Team to produce the required data needed to prove that their access controls are in place.

Conclusion

Utilizing BoKS ServerControl, a leading food and beverage organization has been able to significantly streamline administration of privileged users reducing the cost of administration, while satisfying requirements from auditors to eliminate the sharing of powerful functional account passwords.

As well, they are able to address SOX and other key regulatory compliance mandates and ensure that their systems and data are safe from insider fraud.