New offering helps IT managers more effectively and flexibly manage powerful user authorities.
Cilasoft, a provider of security and compliance solutions for IBM System i (AS/400), has announced the introduction of Elevated Authority Manager (EAM), a software solution that allows IT managers to temporarily give specific authorities to selected users. To further manage the process, the included reporting and alerting features of Elevated Authority Manager lets IT managers know the precise actions performed by users during the period they have been granted any special authority.
EAM reduces the number of permanent powerful user profiles to efficiently control user activity within IBM i environments, which helps companies better meet compliance regulations such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standards (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and others. With the monitoring and reporting features included in EAM, user activity is fully logged and audited from different sources such as job logs, system and database journals, and even exit points.
Several examples of the types of user authority situations that EAM helps IT managers more easily control:
- Users needing to change system values without being permanently granted *SECADM special authority
- Users needing to inherit *AUDIT special authority only when auditing values on sensitive objects need to be changed
- Users needing data authority to change production files by using DFU or SQL
EAM offers two authority management methods for maximum flexibility: 1) SWAP—the user inherits authority by switching to the target user profile; 2) ADOPT—the user adopts a target user profile authority. In addition, IT managers have the option with either method to control special authorities for specific commands and/or during selected periods of time.
Says Rocky Marquiss, senior programmer analyst for Campbell County government in Gillette, Wyoming: "We replaced another authority management product because Cilasoft’s EAM provides more functionality, control, and auditing capabilities. Our users were in the habit of sharing logins and passwords when they needed a different authority, but now with EAM integrated into our applications, they can swap profiles while IT tracks which user transferred authority and what that user did while the profile was in use. Because of this, users now know their activity will be traced which stops them from doing things they shouldn’t."
Benefits of EAM
- Helps IT administrators to more quickly respond to requests for enhanced authorities
- Reduces the number of users with powerful profiles
- Satisfies auditors with reporting and alerting capabilities
- Provides for better segregation of duties
- Significantly reduces security exposures caused by human error
- Gives limited access to sensitive data
Says Guy Marmorat, president of Cilasoft: “We are pleased to add the unique and flexible authority management capabilities of our new Cilasoft EAM software product to the Cilasoft Security Suite. EAM significantly expands the ways we are helping our customers to more effectively manage their IBM i security and compliance requirements."
- Rule definition with the selection of method, duration, specific authorized command, and context
- Emergency mode with delegation of rule management and audit trail
- Simple authority request process
- Server mode in an external SQL interface, such as ODBC and JDBC, allowing changes to data that otherwise cannot be accessed
- Control and/or audit of commands that allow canceling EAM sessions unexpectedly or hiding the job log
- Optional event alerts for starting, ending, or exceeding an authorized period of time unexpected ending and more
- Rules on source and target user profiles including group profiles and supplemental groups
- IT managers can lower authorities as well as raise them
- Centralized management of EAM jobs
- Logging and reporting of all requests
- Customized reports
- Pre-defined and customizable configuration