Sudo’s “free” open-source access utility can work for managing access to a small number of servers. However, it quickly becomes overwhelming as your business grows and requires more sophisticated fine-grain controls, logging, and compliance-reporting capabilities.
Sudo’s labor-intensive custom configuration and distribution process results in high administrative costs and serious gaps in access control and compliance. Deployment costs in re-deploying sudoers files to each host, virtual machine, or system image becomes prohibitive, even when utilizing configuration management tools. This is because they don’t trap and send updates to offline or backup hosts.
Core Privileged Access Manager (BoKS) solves these issues by centrally controlling privileged account delegation and enforcing which commands can be executed by role as live policy in real time. It eliminates privileged password sharing to significantly reduce the risk of insider fraud, and completely removes the (semi)automatic process of sudoers file distribution. It also files version control on each system.
The solution? Uninstall Sudo and migrate to Fortra's functionally equivalent and centrally managed Core Privileged Access Manager (BoKS).
How We Help You Gain Control
Avoid Sudo’s static-trust model to satisfy auditors
Centralize Policy Administration
Centrally administer and enforce access policies
Stop Sudo File Modification
Eliminate the risk users will modify Sudo configuration files
Consolidate User Activity
Automatically consolidate user activity and keystroke logs and automate regulatory compliance reporting
Authenticate privileged users based on context
Define Commands and Options
Centrally define which commands and options are available to specific users or administrators on specific servers
The Benefits of Centralized Sudo With Core Privileged Access Manager (BoKS)
Reduce Admin Overhead
Eliminate distribution of sudoers’ files with centralized SUDO configuration.
Breaching Sudo policy becomes nearly impossible on a single BoKS-protected host/virtual machine.