Who in the IT group was doing what and when? This was the question that Canada’s Workplace Safety and Insurance Board (WSIB) need to resolve to maintain strict control over access to approximately 250 Windows servers across two sites in the IT infrastructure.
Based in Toronto, the WSIB is legislated by the Ontario government and is responsible for administering the Workplace Safety Insurance Act (WSIA). WSIB provides benefits, monitors the quality of healthcare and assists in employees’ safe return to the job.
“Most of our administrator accounts were tied to generic passwords and there was no way to identify who was using them,” said Peter Gruner, team lead, systems engineering. “Basically we were sharing the same passwords between about 10 people in our group and relying on the honor system to ensure that no one was abusing administrative privilege.”
Further complicating matters, when Gruner’s IT staff did find the time to update privileged passwords, they would do so manually – a cumbersome change process that was not guaranteed to encompass every account on the network. Whenever passwords were changed, new ones were sent in a sealed envelope to the manager of IT security. As a result, Gruner began searching for a product that could automatically change the WSIB’s privileged account passwords at regular intervals, and delegate and audit access to the passwords.
For this new project, Gruner turned to Lieberman’s RED Identity Management solution. Now a Bomgar company, RED IM operates by automatically discovering the privileged accounts located throughout the network – on server and desktop operating systems, line-of-business applications, databases, Web services, network appliances and other IT assets. It then changes each account’s password to a unique value (as frequently as desired) and deploys the password changes wherever they are used in the data center. By doing so, RED IM provides the accountability of show precisely who on the IT staff has administrative access to powerful privileged accounts, at precisely what time and for what purpose.
We no longer have the problem of anonymous access to administrator IDs, If someone is making changes GPOs, for example, and needs the administrator password, RED IM notifies us by sending out an email when the password is checked out.
Gruner and his staff also no long have to attempt time-consuming manual password changes – RED IM automates this entire process. Read this full case study for more details on WSIB’s use of Bomgar’s identity manager and how their security posture improved overall.
For more details, read the full case study!
