Active Directory Bridge – A Path To PCI Compliance
What is an Active Directory Bridge and how does it help me with PCI compliance?
What is an Active Directory Bridge?
First, as Gartner discussed at the Gartner Identity and Access Management Summit, Active Directory doesn’t do everything. It is not optimized for UNIX, Linux or Mac OS X and it’s difficult to leverage the Active Directory Kerberos functionality for single sign-on (SSO) on these non-Windows platforms. Active Directory also includes the ability to implement Group Policy for Windows machines which customizes the user settings and place restrictions on the types of activities users can perform. An Active Directory Bridge integrates Linux, UNIX, and Mac OS X desktops and servers into Active Directory extending the full value of Active Directory to these platforms.
PowerBroker Identity Services provides these Active Directory bridge services by allowing a unique ID for authentication, authorization, monitoring and tracking. PowerBroker Identity Services also extends group policies to non-Windows computers so that their security setting and configurations can be centrally managed alongside your Windows systems. PBIS also supports SSO for any enterprise application that is “Kerberos-aware” or LDAP, including Samba, Apache, SSH, Websphere, JBoss, Tomcat, Oracle, and MySQL.
How does an Active Directory Bridge help me with PCI compliance?
The PCI standard includes specific requirements for strictly controlling access to customer data, authenticating business users, monitoring access, maintaining a secure network, and auditing system resources.
Your current compliance implementation may use platform specific systems for authentication; Windows users authenticate with Active Directory, UNIX and Linux users might use NIS, and Mac OS X users may authenticate through Open Directory or an ad hoc Kerberos implementation. When a person joins or leaves the company their identity must be set up or retired on multiple systems in multiple places and it’s easy to miss deprovisioning a user from one of the systems.
Implementing an Active Directory Bridge solution solves this problem. All users and computers are managed in Active Directory. Their access can be managed through Active Directory Group Policy, using the “Allow Logon Rights” policy. And, if someone should leave the company, there is a single place to disable access. An Active Directory Bridge will ease your management burden and ensure that you remain PCI compliant.
PowerBroker Identity Services as a bridge to Active Directory can help you comply with key PCI requirements:
• One user, one ID: Assign a single ID and password to each user and then use that ID to monitor and track the user.
• Authenticate the encrypted passwords of users and groups with the highly secure Kerberos authentication protocol.
• Authorize and control access to resources, including those that contain customer account information.
• Apply group policies to configure Linux, Unix, and Mac OS X computers to comply with PCI DSS requirements.
Together, PowerBroker Identity Services and Active Directory provide a proven Identity Management System to ease management of your mixed network, improve security, and, most important, help you comply with PCI requirements.