DetectIT - Powerful User Passport

The Challenge

Too many IT staff and System i administrators have special authorities (*ALLOBJ, *SECADM) incorporated into their everyday profiles to accommodate emergency support needs that often occur.  These powerful users pose a big security exposure  for organisations, since their access to data is often unknown and unmonitored.  Powerful users are able to bypass critical security controls and can cause massive data and financial loss. 

Regulations such as PCI, and Basel II and information security standards such as COBIT require that users have access to data on an as-needed basis and that organisations limit the number of powerful users on systems.  IT auditors scrutinize this practice in their system audits and require organizations to demonstrate that control measures are in place and also the number of powerful users is kept to a minimum.

The Solution

Safestone's Powerful User Passport enables system administrators to limit the number of powerful users and provide auditors and management with a comprehensive audit trail of their activities.  Administrators can predefine which users are permitted a temporary higher level of authority.  Users are then able to swap into a powerful profile when needed, for a specific period of time, ensuring no business interruption. Comprehensive reports on all activity related to powerful profile swaps are easily available to management and auditors. Using a GUI interface even a non-technical person is able to examine records of who was granted access, when they were granted it and what commands were run against which applications.  Robust filtering tools ensure that inappropriate actions are easily identified and flagged to relevant personnel.

Key Benefits