foodand beverage company: centralized access case study
TRANSCRIPT
![Page 1: Foodand Beverage Company: Centralized Access Case Study](https://reader035.vdocuments.us/reader035/viewer/2022071804/55d2e642bb61eb63158b459a/html5/thumbnails/1.jpg)
Global Food and Beverage Provider Uses BoKS to Centralize Privileged Access Management
After failing a SOX audit, this leading food and beverage organization implemented
an automated approach to control the administration, authorization and audit of
privileged users.
Access Control Challenge
Operating thousands of restaurants worldwide requires a large server infrastructure. Keeping that global infrastructure secure is a huge challenge. After failing a SOX audit related to lack of control over how privileged users were accessing servers, this company determined it was time to find an automated method for administering, enforcing, and auditing privileged user access rights.
The initial target was to add automated privileged controls for 500 core Unix servers. However, they needed a solution that would scale to potentially support thousands of servers. In addition, the privileged access management solution needed to control privileged user access to both Unix and Windows servers, and preferably from a single architecture and console.
The controls needed to automatically enforce granular access policies and eliminate any sharing of privileged passwords as well as provide control over local accounts on Windows servers. In addition to having powerful authorization capabilities, they needed a solution that would enable them to centrally administer the privileged users’ identities, and leverage Active Directory (AD) as needed.
The FoxT Solution
They explored many options, but found that FoxT BoKS ServerControl offered them the most granular, proactive enforcement of authentication and authorization policies. As well, BoKS ServerControl was proven to be highly scalable and offered a single architecture across the Unix and Windows servers. The ability to centrally administer all of the privileged user identities, in conjunction with Active Directory, was also a key value.
BoKS automatically controls the elevation of privileges for administrative users based on granular, role-based policies including which commands the privileged user is allowed to execute. Over 100 different operating systems are controlled by BoKS, including the lock-down of local 0Windows accounts.
The deep granularity offered by BoKS is enabling the organization to proactively control access and privileged elevation based on: the role, the source system, the communication method, the target system, and the time. Centralized distribution of SSH keys, another feature of FoxT ServerControl, is also incorporated into the authorization
CASE STUDY
![Page 2: Foodand Beverage Company: Centralized Access Case Study](https://reader035.vdocuments.us/reader035/viewer/2022071804/55d2e642bb61eb63158b459a/html5/thumbnails/2.jpg)
Copyright © Fox Technologies. FoxT logo is a trademark of Fox Technologies, Inc. Other product and company names noted herein may be the registered trademarks and trademarks of their respective owners. All rights reserved.
About FoxT
Fox Technologies, Inc. helps companies
protect corporate information assets
with network security and access
management software as well as
striving to simplify compliance and
streamline administration with an
award-winning access management
and privileged account control
solution. Our access management
software centrally enforces granular
access entitlements in real time across
diverse server environments. To
contact Fox Technologies you can
email us at: [email protected], or visit
our website: www.foxt.com.
www.foxt.com • [email protected] • 616 .438 .0840
and can be controlled down to the sub-service level as part of the access rules, further boosting productivity while enabling more granular control over administrator actions. BoKS also enables the food and beverage company to keystroke log sensitive sessions and grant privileged command execution to non-privileged users.
All authorized users and accounts have security policies that are centrally administered and enforced through BoKS. The user administration works in conjunction with Active Directory. Users imported from Active Directory can leverage a common identity across Windows and UNIX servers. Additionally, the Kerberos ticket that is presented to a Windows user as they log into a domain can be extended to include UNIX servers. This provides the users with a single sign on experience.
While controlling privileged accounts and privileged user actions in a proactive fashion is crucial for system security, it also enables the food and beverage company to address their SOX audit failure and other regulatory mandates including PCI. Rich audit reporting capabilities are making it very easy for the IT Security Team to produce the required data needed to prove that their access controls are in place.
Conclusion
Utilizing BoKS ServerControl, a leading food and beverage organization has been able to significantly streamline administration of privileged users reducing the cost of administration, while satisfying requirements from auditors to eliminate the sharing of powerful functional account passwords.
As well, they are able to address SOX and other key regulatory compliance mandates and ensure that their systems and data are safe from insider fraud.