| Product Review: PowerTech PowerLock AuthorityBroker |
 |
 |
 |
| Buyer's Guide - Product Reviews | |||||
| Written by Dan Riehl | |||||
| Wednesday, 17 November 2004 18:00 | |||||
|
PowerLock AuthorityBroker is a new, easy-to-use solution that works with OS/400 and i5/OS security to protect and audit access to sensitive corporate assets. Organizations in every industry and country are now impacted by one or more security or privacy regulations. Legislation like Sarbanes-Oxley, HIPAA, GLBA, and the California Privacy Act has emboldened auditors, making IT audits more rigorous and tougher to pass. Whether it is root access on UNIX or special authorities on OS/400, auditors consistently rate the overuse of powerful user profiles as one of the top exception items. Today's Problems Many AS/400, iSeries, and i5/OS systems have a problem with too many users having privileged or special levels of user access. Special authorities have been assigned indiscriminately to user profiles. Programmers and IT staff often have security officer (QSECOFR) levels of access built into their everyday profiles along with command line access. We all know this is risky security practice, but the standard excuse is "We need to have security officer access to do our jobs and to keep the business running." The Solution PowerTech's new product, AuthorityBroker, allows privileged access only when it is really necessary. With PowerLock AuthorityBroker, you specify when and how users exercise powerful authority. PowerLock AuthorityBroker enables system administrators to reduce the number of profiles with special authorities on their systems without disrupting production. Users "switch" profiles when they need the higher authorities, but all of their actions are fully audited.  The true strength of the AuthorityBroker product is the quality of audit reporting that it provides. The level of detail in the audit reports can be adjusted to suit the audience. When users switch authority, AuthorityBroker can send alerts to interested parties such as managers or anyone who is concerned about the integrity of specific data. For example, a Human Resources manager may want to be alerted when a programmer swaps to a profile that has authority to modify the payroll file. The creators of AuthorityBroker have really thought through all the possibilities. Another key feature is that the AuthorityBroker reports distinguish between the actions of multiple users, even when they have switched to the same profile at the same time. PowerLock AuthorityBroker is also an excellent supplement to Query/400, DFU, DDBU, and SQL security. The profile switch command can be called directly from the command line or from within programs. AuthorityBroker can be used to give end users less authority than they normally wield, thereby making it safer to supply them with query tools directly. PowerLock AuthorityBroker is a must-have tool for any shop that is concerned about the number of powerful user profiles on their systems. Check the number of profiles with *ALLOBJ authority on your system today. If it's greater than 10, I strongly recommend that you take a look at PowerLock AuthorityBroker. For more information on PowerTech or PowerLock products, visit www.powertech.com or call 253.872.7788. About the Author: Dan Riehl is the President of The 400 School (http://www.400school.com/), the industry leader in iSeries and AS/400 technical training. As a long time technical editor and author for several iSeries magazines he writes articles related to iSeries security, programming and systems management. You can reach Dan at driehl@400school.com. PowerTech 19426 68th Avenue South Kent, WA 98032 Tel: 253.872.7788 Web: www.powertech.com | |||||
|
|||||
| Last Updated on Monday, 21 January 2008 04:54 |
You must be logged in to view or make comments on this article.