BeyondTrust
Those of you who follow my blogs know that sudo – and the issues it presents IT organizations – is one of my favorite discussion topics. I suppose that’s because there is no shortage of stories that surface on a regular basis on the problems that can arise with sudo, and I feel compelled to remind our blog readers that the ease of deploying sudo coupled with the speed in which it can quickly spin out of control makes for a risky combination. Just last week I talked to yet another customer who lamented the security and compliance challenges of sudo: he had just discovered that IT admins were adding privileges for their friends to sudoer files across the organization. Not that hard to do when there is a sudoer file on every server, each managed locally, independently, often by multiple administrators. Centralization truly is a cornerstone for control. Dorothy’s blog from April 2nd introduced BeyondTrust's latest new product, PowerBroker Servers Enterprise 7.0, and captured how PowerBroker's centralized approach and granular privileged access control protects against intentional or accidental misuse of privilege that would otherwise allow employees, or hackers through advanced persistent threat (APT) attacks, to execute privileged commands. In the case of sudo, local sudoer files create a plethora of opportunities for misuse of privilege. Besides the common problem of ad hoc administration of the individual files documenting user privileges, there is also the issue of local, unencrypted logs. Such logs can easily be tampered with by the local user, eliminating any evidence of damage done through privileged access – intentional or not. As Dorothy pointed out, managing privileged access on all your Linux and UNIX systems, whether physical, virtual, or deployed in the cloud, is critical to ensuring only valid users run privileged commands on your servers. PBSE provides the means for controlling privileged access on Linux and UNIX systems through: Centralized policy files for managing user privileges, implemented through a simple-to-use graphical interface Active Directory integration for centralized user management Out-of-the-box reports on all privileged activity as well as regulation-specific compliance reports There’s no doubt about it: a centralized approach to managing privileged access is proven to significantly reduce operational complexity and costs, protect critical assets from misuse of privileged access, and demonstrate compliance.

Scott Lang

Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In: