Performing keystroke logging to create an audit trail of keystroke logs and delegating, without changing root account name, administrative privileges are functions of products such as PowerBroker ® and COSduty-SSA which are used by security and system administrators

Commercial data processing platforms which use UNIX and Linux suffer from the consequences of these operating systems having originally been developed to support research computing. Fortunately, the addition of modules to perform keystroke logging (and the management of the resultant keystroke logs) and to enable administrative privileges to be delegated, without changing root account name, are available. PowerBroker contains functionality of this type, which is also found as standard within the larger repertoire of COSduty-SSA.

Improved operating system security has become a necessity in order for enterprises to be able to demonstrate compliance with rules on corporate governance. Until the recent past, corporate officers have been allowed wide freedom in the way they implement security with the result that there has been significant variation in the provision in this area, from the use of simple keystroke logging and the management of keystroke logs to more comprehensive solutions such as PowerBroker which allows delegation without changing root account name. However, following recent legislation, corporate officers now face harsher penalties whose consequences are such that the techniques for implementing operational security on data processing systems must be more rigorously assessed and reliably applied.

Keystroke logs and logging, and delegation to avoid changing root account name are functions of PowerBroker and COSduty-SSA which assist IT organisations with legislative compliance

Recent US and European legislation (Sarbanes-Oxley in the USA and similar European Directives) has made compliance a big issue for publicly listed companies – and some private companies who conduct business with the listed sector.

The essence of the legislation is to protect the integrity of the financial information provided to the public. This is difficult to demonstrate when privileged IT users, typically system administrators, have unlimited access rights to critical IT systems. This is made worse by the "all or nothing" powers of UNIX and Linux administrators, such that their powers can neither be compartmentalized nor delegated in small amounts. Without additional tools, there is no means to support a "need to know" policy and every person with administrator rights must be able to be trusted with the most sensitive of financial and confidential information.

In order to make satisfactory and demonstrable compliance a possibility, it is necessary to apply additional software. A product of particular value in this area is COSduty-SSA whose use can limit the unrestricted freedoms of systems administrators and audit their activity so as to prove IT services are making their full contribution to data integrity and compliance.

In addition, because of its low implementation costs and other technical advantages, COSduty-SSA can show a positive RoI, even when compliance issues are disregarded.

Some details of the functionality of COSduty-SSA

COSduty-SSA can ensure the use of privileged accounts is reduced to the absolute minimum by:

• encapsulating the majority of privileged routines in menu/forms driven procedures
• enforcing administrators to request privileged sessions on particular systems for particular periods of time
• allocating only that subset of commands required to carry out a requested function
• auditing all activity and reporting on those audit trails

In summary, COSduty-SSA is an unusual product, but one whose scope is quickly becoming more widely acknowledged as the intricacies of the measures which are required to protect corporate officers from the possible consequences of corporate governance legislation are better understood. If this area is new to you and visualising the role of products such as COSduty-SSA remains difficult, please feel free to contact OSM for relevant information at all levels. Alternatively, re-enter the COSduty-SSA web site and help yourself.

OSM is the leading independent specialist supplier of E-DSM solutions for organizations who rely on a UNIX, Linux and Windows infrastructure. Our reputation is one of delivering solutions to problems of all complexities by means of our expert Professional Services team.