|
Press Release OSM releases a new version of Privileged User Management solution to further improve security of UNIX, Linux and Microsoft Windows® systems
OSM's COSduty-SSA V3.1 software gives UNIX, Linux and Microsoft Windows users the ability to improve compliance with legislation by reducing the need to grant unrestricted administrative access rights, thereby reducing the risks of internal security breaches.
ASCOT, UK and SEATTLE, WA, USA. October 14th, 2004: UK and USA based software house, Open Systems Management Ltd. ("OSM") today announced the general availability of V3.1 of its Operations Workflow Scheduling and Secure Shell Auditing ("COSduty-SSA") module for users of UNIX, Linux and Microsoft Windows systems. The release provides these user organizations with the means to further restrict, and report on, access by administration staff who would otherwise have unrestricted access rights to perform their day to day functions. Organizations using UNIX, Linux or Windows systems for critical business processes face an increasing number of security and legislative issues. They are being pressured to improve access security by legislation, internal and external auditing requirements, and general security concerns, yet it is a feature of these operating systems that administrators typically require access at a level that could allow them to view and change critical data without being monitored. UNIX and Linux systems allow only two levels of user – a named user who can only access and change their own files, and 'root' which has unlimited rights. Administrators require the latter. Windows administrators require access to the 'admin' account. Even applications or middleware such as ORACLE require a privileged account to be used for administration e.g. the 'oracle' account for ORACLE. Recent legislation such as Sarbanes Oxley in the USA and the European Data Directives require board members of public companies to be accountable for the integrity of the personal and financial information they keep. It is reasonable to assume that such integrity cannot be ensured if someone has almost unlimited access to critical information in an unmonitored, unaudited environment. COSduty-SSA provides the control and auditing required to prove due diligence while providing real operational efficiency gains and a short Return on Investment ("RoI"). COSduty-SSA enables an end user organization to encapsulate processes normally requiring privileged access in a Graphical User Interface (GUI) and to delegate them to operations level staff in a controlled and audited manner. In this way the process may demand privileged access to execute but the user carrying out the process is not granted that privileged capability. The same approach can be used to restrict other privileged management accounts such as 'admin' privileges on MS Windows or DBA privileges on databases. Moreover the task can be moved from a highly skilled and expensive administrator to a more junior position. In V3.1 of the software, such duties can be automatically generated from within third party software via a command line interface. Even when using COSduty-SSA it is still likely that 'root' privilege will have to be granted on an exceptional basis and COSduty-SSA provides a method to control its use. Administrators have to request a 'root' session on a particular system at a particular time and are then granted access, or not, with the appropriate and limited sub-set of commands needed to perform the required task. All keystrokes are audited and analyzed for potential abuse. A recent survey conducted by Pricewaterhouse Coopers on behalf of the UK's Department of Trade and Industry found that over 90% of larger companies had a malicious security incident over the last year. Most attacks were caused either by viruses or "inappropriate" use of IT systems by staff. The average cost of an incident for a larger company was £120,000 (US$220,000). Those caused by staff were the most persistent. OSM's CEO, Neil Chaney, said "It is rare to find a security tool that pays for itself in operational terms within a few months. COSduty-SSA is such a product. It allows end user organizations to improve their security, auditing and legislative compliance at a time when IT budgets are under pressure." COSduty-SSA V3.1 is available immediately from OSM as a stand-alone product. Similar, but limited, process delegation functionality is incorporated into OSM's Identity Management software – COSuser (www.cosuser.com). A white paper on COSduty-SSA can be downloaded from www.cosduty.com/Resources About OSM Open Systems Management (OSM) — a privately held company, founded in 1988 and based out of Ascot, UK; Seattle, WA, USA; and Perth, Australia — develops and markets several products for system, security and identity management for enterprises having UNIX and/or Linux servers and Microsoft Windows systems in their data center environment. OSM is backed by 3i, Europe's largest venture capital investment company. Notable customers include Lloyds TSB Bank, Mitchell International, St Jude Medical, and Northumbrian Water. Web addresses: http://www.cosduty.com and http://www.osmcorp.com For further information, contact Neil Chaney:
All trademarks and
registered trademarks of products mentioned
|