Secure systems result from software security management and UNIX system management techniques applied in line with policies that support compliance with recent legislation
The concept of secure systems has existed for many years, and are defined by published standards in government and military circles. In the more commonplace world of commercial computing, a less stringent approach is possible and, provided that the rules of software security management and, where appropriate, UNIX system management are applied, the result is that systems may be secured to the level that recent legislation on corporate governance demand.
During the decade or more since mainframe applications started to be re-located on large UNIX server systems, UNIX and, much more recently, Linux have become popular operating systems for the support of enterprise-scale applications. However, the roots of UNIX are in research computing, so the idea of secure systems and software security management are not central to its design. Even the provision of an easy to use UNIX system management interface is not ubiquitous.
It is no longer possible for matters to remain like this. Recent legislation intended to improve corporate financial governance has repercussions in many areas and the management of IT systems is under direct scrutiny. Secure systems will be a necessity, software security management will be inescapable and every aspect of UNIX system management will have to respond to the changes implied by the legislation.
Implementing secure systems with software security management and improving UNIX system management by means of COSduty-SSA
Although it may not be immediately obvious to technical IT personnel, the realization of secure systems is of vital importance in demonstrating an organization's compliance with recent US and European legislation (Sarbanes-Oxley in the USA and similar European Directives) on corporate governance.
The essence of the legislation is to protect the integrity of the financial information provided to the public. This is difficult to prove when privileged IT users, typically system administrators and those responsible for software security management, have unlimited access rights to critical IT systems. Unlimited access has to be controlled in several ways, the first being to secure systems against unmonitored, unaudited system managers. This is most unlike standard UNIX system management.
A software product of particular value in this area is COSduty-SSA one of whose functions is widespread and thorough control of all aspects of passwords and the login process. Another of its main functions is to limit the unrestricted freedoms of systems administrators and audit their activity so as to prove IT services are making their full contribution to data integrity and compliance.
In addition, because of its low implementation costs and other technical advantages, COSduty-SSA can show a positive RoI, even when compliance issues are disregarded.
Some details of the functionality of COSduty-SSA
COSduty-SSA can ensure the use of privileged accounts is reduced to the absolute minimum by:
- encapsulating the majority of privileged routines in menu/forms driven procedures
- enforcing administrators to request privileged sessions on particular systems for particular periods of time
- allocating only that subset of commands required to carry out a requested function
- auditing all activity and reporting on those audit trails
In summary, COSduty-SSA is an unusual product, but one whose scope is quickly becoming more widely acknowledged as the intricacies of the measures which are required to protect corporate officers from the possible consequences of corporate governance legislation are better understood. If this area is new to you and visualizing the role of products such as COSduty-SSA remains difficult, please feel free to contact OSM for relevant information at all levels. Alternatively, re-enter the COSduty-SSA web site and help yourself.