Tag Archive for: IBM

5 Keys to Addressing Privileged Access

Most security breaches require some form of privileged access to result in any serious damage being inflicted. You know you need a Privileged Access or Privileged Identity Management solution but don’t know where to start? Here are 5 keys to jump start your project and get you on your way to 1) reducing the cost of providing privileged access, 2) decreasing the risk of security incidents and 3) lowering the time it takes to grant privileged access:

1. Temporary vs. Permanent Privileged Access
Some employees use privileged access every day, all day in order to perform their daily job responsibilities. Others only need temporary privileged access to perform a project, incident or change management activity. Should you treat both of these groups the same? Some factors to consider are:

Historical risk – past audit issues with either group
Size of each user population – are there many more temporary access users
User type – are there more internal vs. external users in either user population

2. Resource Classification
Have you classified your privileged access endpoints into tiers that could be used to determine the rigor required to provide privileged access? A typical organization will have hundreds or thousands of endpoints that need to be defined in the Privileged Access solution. Defining tiers of resources will help to prioritize deployment and map the appropriate workflow around the privileged access request process. Some recommended tiers are:

Tier 1 – resources that drive financial reporting to auditors or regulatory agencies
Tier 2 – resources that are mission critical to company operations
Tier 3 – resources that contain very sensitive personally identifiable information

All other endpoints should be ignored until these prioritized resources are addressed.

3. Authoritative Source for Check-Out / Check-In
Do you have an authoritative source that can be used to drive check-in and check-out of privileged credentials? This is the most important component to making the privileged access workflow a smooth and natural process for the end users. The most common authoritative source is an IT Service Desk System used for request, incident & change control tracking. The presence of an open ticket assigned to the protected resource both automates the check-in/check-out process and restricts who can request privileged access at the same time.

4. Automated Provisioning
Delivering privileged access efficiently requires an automated mechanism to update the account password or entitlements. Integrating the privileged access solution with an existing identity management system is a key consideration. The identity management system has connectors deployed for the protected resources which will allow:

Self Service – to request privileged access
Workflow – to automate the check-in/check-out process
Account Updates – to grant/remove privileged access
Recertification – to drive audit & verification of users with privileged access

5. Privileged Roles
Knowing which groups of privileged users are entitled to request privileged access to various groups of protected resources is an important aspect in providing a privileged access solution. Having these roles defined ahead of time and mapped to the appropriate resources can dramatically reduce the time it takes to deliver a solution. Some common privileged access roles are:

Server Administrators – to grant server admin access
Database Administrators – to grant database admin access
Application Administrators – to grant application admin access
Security Administrators – to grant security admin access
Desktop Administrators – to grant desktop/laptop admin access

Getting a handle on these topics will allow you to jump start your Privileged Access implementation and get you well on your way to a more secure environment that provides a seamless end user experience for your administrators.

 

TDI Null Entries

Tivoli Directory Integrator is a powerful tool that we often use as part of an ITIM migration or rollout. What makes it great is its unique ability to translate data from one source of almost any type into another. It really doesn’t matter if you’re using something as a primitive XLS maintained manually by HR or a complex set of relational databases. TDI can get the data, do any number of out of the box or even custom translations that are necessary to get your data into the form you want it.

Through this data “smoothing” process there will inevitably be some odd-ball data that you find. Whether it is a random string value when you expected a Boolean true/false or a legacy attribute that’s only assigned to 25% of the objects you’re migrating.

And then there’s the “null” entry, which will come up often as well. Null values are pesky because we don’t always know why they’re there, sometimes it’s important that the attribute is moved over whether there is a value assigned or not. Other times we want to clean up our data while we’re moving it, and pull out all any attributes assigned with no value. Luckily for us, TDI has a feature built in to assist with this. Read more

Dallas PCI Event – April 9th

Best Practices for Protecting Payment Card Data (PCI) to help ensure compliance and reduce risk.
IBM
PMG

Event Overview

News headlines about the increasing frequency of stolen information and identity theft have focused awareness on data security and privacy breaches—and their consequences.

Payment card use is widespread today.  Along with growing global use, the industry has experienced a troubling increase in incidents of financial fraud. In response, the leading  payment card companies
worked together to develop a set of technical and operational requirements designed to protect cardholder data, commonly referred to as PCI DSS (Payment Card Industry Data Security Standard).

Recent high profile data thefts, along with industry statistics, indicate significant work remains to be done in most organizations to implement PCI DSS.

Topics to be covered:

•Current trends, issues and concerns around sensitive data security
• PCI and the changing Threatscape
• Looking beyond the compliance checkbox
• The future of the PCI-DSS
• What can be done to harden defenses against the exploitation of privileged users, unauthorized access and information-related vulnerabilities
•How to create a centralized data security platform 

Date: April 9th, 2013
IBM Technology Exploration Center (TEC)
1503 LBJ Freeway (Luna and 635), 5th Floor
Dallas, TX 75234-6059
8:30am – 11:00am

Agenda:
8:30 am         Breakfast and Registration

8:45 am          Welcome and Introduction

9:00 am          Keynote – Christian Nielsen, Pathmaker

10:00 am        Keynote – Michael Murphy, IBM

11:00 am        Closing Remarks

Christian Nielsen, Ph.D., PCI-QSACN

PathMaker Group

Christian has over 30 years of experience in security and networking technology. He has earned advanced degrees in Information Systems while staying active in the corporate world. In addition to his corporate career, Christian is training the next generation of master’s degree students in cyber security. Over the last several years, he has worked to assist business clients prevent and remediate the many security and compliance challenges they face.

MMMichael Murphy

Worldwide Solution Architect
Data Governance Center of Excellence
IBM

Mike Murphy is a Worldwide Solution Architect for the Data Governance Center of Excellence specializing in  real-time database protection solutions for reducing risk, simplifying compliance and lowering audit costs.
Over the last six years, Mike has worked with hundreds of customers conducting risk assessments and proposing technology solutions to protect against data breaches, and to ensure adherence to regulatory data protection standards such as HIPAA HITECH, PCI-DSS & SOX 404.

RSVP to rachel.armstrong@pathmaker-group.com or 817-704-3644

IBM Pulse 2012

Business Without Limits!

Pathaker Group is an IBM Premier Partner with the sales and technical certifications required to sell and implement an ever expanding array of best in class security solutions from IBM. Be sure to put Pulse 2012 on your calendar and stop by the Solution Expo and visit our booth. Business partners and customers will learn how IBM is shaping the IT Security Landscape with newly acquired technologies and integrated solutions to meet the growing challenges that we face.

Check out some info from IBM about Pulse!

Pulse 2012 returns to the MGM Grand in Las Vegas March 4-7, 2012 and we invite you to take part in the action! Experience first-hand how organizations in every industry are using Visibility Control Automation to improve the economics of their business infrastructures and speed the delivery of innovative products and services.

With over 7,000 attendees including industry-renowned speakers, Pulse 2012 is your ticket to hundreds of technology leadership sessions, industry-focused breakouts, and technical skill-building workshops. At this year’s conference you’ll have an opportunity to network with colleagues, participate in hands-on labs, and attend our largest-ever Solution Expo. Don’t miss this significant event!

The Pulse conference is now accepting session submissions! Visit the IBM Speakers page for the timeline, benefits and guidelines, or to answer the Call for Speakers today!” (IBM) Read more