Last weekend we had a friend over for a good ’ole Texas BBQ. He has been working as a database administrator in his company for over 15 years and had recently been promoted to the most senior position in that role. But while we were enjoying our German Hefeweizen beer he reported that he had a bad week and was really upset about some work related issues.
The “security guys” in the company have forced everybody on his staff to specifically sign out an administrative user ID before they can access any of the production databases. “How could they undermine my trust and skills in such a way?” he reported.
When you look around you today, almost every organization that deploys an IT infrastructure needs privileged users. Privileged users include administrators, operators, and managers. Privileged users are typically granted administrative or special rights to manage business-critical resources. These resources include operating systems; databases; network devices; ERP systems; and many other applications, systems, and platforms.
The trends towards data center consolidation, cloud computing, and virtualization generate even more privileged IDs in today’s IT infrastructures. Increased outsourcing trends create an even greater need to centrally manage and secure privileged IDs. High-profile corporate accounting scandals and wide-spread financial turmoil created an environment of ever tightening government regulations around the world. These regulations articulate technical accountability issues with which organizations must comply or face financial and criminal penalties. Industry standards became more specific about data security and the privileged accounts that can access that data. Maintaining compliance with these standards and asserting compliance with government regulations demand appropriate control and handling of privileged accounts.
With the help of my colleague Chee Meng Low I have just published this new IBM Redpaper, “Managing Risk and Compliance for Privileged Users by Deploying a Centralized Provisioning and Single Sign-On Solution”, that goes into greater detail about privileged identity management and its deployment considerations.
How are you managing and monitoring access to your critical IT systems and production data? How many privileged user IDs do you have in use, and who actually uses them?