Too many people with too much access to critical data is one of the most common and dangerous security lapses uncovered in IBM Power Systems audits. Programmers, developers, and administrators often have security officer or *ALLOBJ special authority built into their everyday profiles on production systems—just in case they need it for emergencies. Unfortunately, this creates the potential for catastrophic data corruption or loss.
Delegate Privileged Authority
With Powertech Authority Broker for IBM i, administrators can predefine users that are allowed to use elevated levels of authority. Users “swap” into the privileged profile only for the specific window of time that they need it. All activity during the swap is logged to a secure journal, and screens also can be captured and bundled into a PDF for review and auditing.
Developers often need emergency access to production systems outside normal work hours. The FireCall feature enables overburdened system administrators to delegate the approval of role swaps to the Help Desk or other staff.
You can notify managers of profile switches in real time. Send alerts to IBM i message queues and interface with existing email and messaging solutions.
Gaming (MICS) Reporting
Compliance Monitor provides a set of reports designed to help you meet Minimum Internal Control Standards (MICS) gaming compliance reporting guidelines.
Satisfy your auditor requirements with reports that provide a complete audit trail of privileged user activity. For example, you can create reports for any of the following:
- Summary of profile swaps
- List of all commands entered
- Details from the audit journal
- All invalid access attempts
- Screen captures, emailed as a bundled PDF
“Authority Broker provides the separation of duties that SOX auditors look for. I receive an alert when a user swaps into a powerful profile as well as a daily report that I can keep on file.” –Matt Radatti C & D Technologies Computer Operations Manager
Authority Broker’s unique report filtering technology lets you print only the critical information that your auditors require. Using filters, you can exclude irrelevant programs or list only commands that were entered from a command line.
Screen Capture and Live Viewing
The ability to capture screens gives you an unparalleled view of user activity that enhances security and satisfies auditors. Monitor swapped users in near real-time, play back screens on the system, or receive bundled screenshots as an emailed PDF
Ensure that users do not abuse the privileges granted by adding time limits to a profile swap. Administrators can configure which actions to take at the end of the swap.
Day, Date, and Time Restrictions
Limit the checkout of powerful authorities to specific time periods or restrict access on weekends and holidays.
Enforce Segregation of Duties
Some companies have an existing process in place for providing emergency access to development staff. Implementing Authority Broker saves time compared to tools developed in-house and enforces segregation of duties. Auditors don’t like to see developers writing applications to report their own activity
Application and System Integration
Custom exit points enable you to integrate Authority Broker with your existing code and solutions. Authority Broker exit points are provided for integration before and after profile swaps (sample code is provided). For example:
- Change accounting code and library list
- Wait for system operator to approve switch
- Connect to Help Desk ticketing software to gain approval