Scalable Privileged Access Management Deployment experience of a global-scale privileged access...

Scalable Privileged Access Management

Deployment experience of a global-scale privileged access management system at Bank of America.

Identity and Access Management. Guaranteed.© 2012 Hitachi ID Systems, Inc. All rights reserved.


Introductions


Introductions

Company


Introductions

Global profile

40 Countries25,912 Global Offices and Facilities

(Bank of America 2011 Corporate Social Responsibility Report)


Introductions

Presenter

Mike Futty VP, Platform Security Engineering. Responsible for:

• Windows systems security engineering.• Platform security baselines.• Design, engineering and troubleshooting for access control infrastructure.• Security product selection, design and deployment.

11 years at Bank of America, Corp (BAC). Also available to answer questions:

• Idan Shoham, CTO, Hitachi ID.


Why worry about privileged accounts?


Why worry about privileged accounts?

Background

BAC has made many acquisitions, which brought in many legacy systems. Today, including subsidiaries:

• BAC has over 275,000 employees, globally.• Thousands have some form of elevated access (OS, app, etc.).

BAC has a decentralized IT organization -- typical for large firms. There is a clear need for stronger internal controls over access to privileged IDs.


Where are these accounts?


Where are these accounts?

Privileged IDs are everywhere


Objectives and requirements



Basic concept

Eliminate static passwords to shared IDs with elevated privileges.

Set passwords to random values - scheduled and at check-in time. Apply uniform policy to who can sign into what. Implement "class of service" access policy:

• Risk.• Organization (business unit.).• Environment (prod, dev, etc.).• Location.

Eliminate persistent access by developers to production systems. Create transparent audit logs of privileged access across the enterprise. Record activity during privileged logins.



Business requirements

Satisfy numerous process requirements: Not slow down or impact current access. Minimal ongoing support. Meet regulatory requirements:

• Different jurisdictions with different mandates.• Requirements for on-boarding, access control, approvals, audit logs and more.

Pre-authorized access for admins, request/approval workflow for everybody else. Manageable process for on-boarding many systems, accounts at once. Training: up front and ongoing. Forensic audits: who broke this server?



Security

The whole point of this system is higher security: Overarching principle: minimize the number of people with persistent administrative access. Eliminate full-time developer access from production systems. Provide a temporary access mechanism. Session logging. Audit trail: who had and who used access to this system?



Technical Requirements

Fault tolerant (fire, flood, earthquake, hurricane, etc.). Scalable:

• Hundreds of thousands of systems.• Thousands of people.• Tens of thousands of logins daily.• Record 10,000 concurrent sessions globally.

Integrate with: • Existing security infrastructure.• Many platforms (Windows, Unix, Linux, iLO, DRAC, ESXi, etc.).• Multiple AD domains.• Systems on dozens of DMZs.

Administrator-friendly: • Support for multiple SSH clients.• Support for other admin tools (SQL Studio, vSphere, etc.).

Easily expandable. Automatic discovery and classification of systems.


Real-world deployment



An enterprise IT project



Timeline


Challenges


Funding: up-front and ongoing. Setting realistic expectations (some stake-holders wanted it before it was even up). Stop people from trying to solve every problem at once.

•Getting stake-holders to recognize the need for priority and incremental deployment.

Challenges

Project


Challenges

Organization

Resistance to change by people who already have elevated access. Convince line of business IT operations teams to:

• Use a uniform access control model.• Grant credentials for HiPAM to use.

Ensuring that stake-holders don't use the system to automate existing insecure processes (insist on a policy of least privilege) Training a revolving door of new users


Modeling a production environment with 100+ platforms and 100,000+ systems in QA and development.

Reliable data about who owns what in the context of a dynamic organization. Testing: easy to test with one system, hard with a thousand OS patches and policies that cause severe performance degradation. (KB 2689311) Deploying the same OCX controls to Windows XP, Windows 7, etc. Deactivating legacy password management processes. Gradual activation without disrupting existing IDs.

Challenges

Technical


Current state


Current state

Network architecture

Available and running: 5 replicated PAM nodes on 3 continents. • Multi-master architecture.• Each node has an app server, a SQL server and a session monitoring server.• Nodes can fail without a service disruption.

On-boarding accounts on Windows and Unix systems (administrator, root, fire-call). Load balanced globally.


Current state

Global scale and multi-master


Future


Future

Expand scope

Secure passwords to Windows service accounts. Replacing embedded passwords in applications. Add platforms (e.g., z/OS). Secure Administrator ID on desktops.


Questions?

Scalable Privileged Access Management Deployment experience of a global-scale privileged access...

Documents

Transcript of Scalable Privileged Access Management Deployment experience of a global-scale privileged access...