sudo is not Designed for the Enterprise

sudo is a free open-source access control tool that requires costly and labor-intensive custom configuration to meet privilege identity management and compliance requirements.

Can sudo work in an enterprise? Yes. But, was sudo really designed for the enterprise? Looking at the history of sudo, it is safe to say “No.” Since sudo was not intended for large scale deployments, there simply is not enterprise development discipline needed in security solutions. sudo is a good stepping stone for smaller scale environments, but lacks architectural vision or general security of code that could be used to protect critical assets.

When sudo is deployed with the enterprise under consideration where the sudoers file is centralized using an LDAP server, consistency can be had and enforced. When policies are enforced based on user names, well defined security policies can be put in place most of the time. However, when policies mix the security considerations (i.e., using usernames and group names), an organization can end up with conflicting policies and corrected by a potentially ever-growing list of constraints. This can lead to maintenance issues and a weakened security environment.

PowerBroker transparently brokers server permissions, providing a globally proven solution to privilege authorization that enables users to access the IT resources they need when they need it and for organizations to remain secure and compliant.

A system administrator's productivity increases by 25% by using PowerBroker to centrally maintain Unix/Linux security policies and to produce audit-friendly logs necessary for compliance.

sudo Migration Tool

The new sudo migration tool is available as part of the PowerBroker Management Console (see release). It allows organizations with deeply rooted sudo practices to quickly get up and running on an alternative solution without massive IT infrastructure redevelopment. Sudo permissions are converted into Powerbroker policies that can be reviewed, refined and auto-deployed throughout the entire IT infrastructure in minutes from the master host.

Key questions that should be asked when evaluating Privileged Identity Management solutions whether open source or commercial should include:

1. What is the cost of the solution?
2. What is the cost to implement the solution effectively in our IT environment?
3. What is the cost to manage and audit such tools, such as:
1. Man-hours to enforce policy changes across network
2. Man-hours to add new environments
3. Man-hours to code reports
4. Audit costs related to security and compliance
4. Has the solution been properly tested and vetted to meet security and compliance?