Presented by: Quest
Managing elevated and shared access credentials is one of the biggest challenges facing complex heterogeneous organizations today. Administrators must be able to access the systems they manage with sufficient rights to do their jobs, but organizations must control that access to ensure security and regulatory compliance. The days of administrators sharing accounts and passwords and operating without auditing are gone (or they should be).
The federal government faces some unique challenges. They too must control the use of elevated privileges, but they need to find ways to PIV/CAC enable these accounts to meet mandates while still enabling administrators to administer.
You’ll learn about an approach that allows all privileged accounts to be vaulted and audited. This approach also meets requirements for password changes on accounts that can’t be CAC or PIV enabled but wraps those accounts with a secure, PIV/CAC-enabled check-in/check-out/auditing solution to know who is using the accounts and how they are being used.
The value of PIV-Enablement and the challenges
The various directives are pushing federal agencies to PIV-enable all access have created unique challenges. Agencies are forced to balance the functionality of critical applications or force a PIV-only environment. In this forum we will discuss the intent of PIV-enablement, the challenges it presents, and ways to provide or enhance functionality while meeting PIV compliance guidelines.
Modern Active Directory (AD) Security for Today’s Enterprise
Good news! AD is changing! Well, maybe that’s not really news. AD has been in a state of constant change in large enterprises since its inception. Within the Federal Government, a need for efficiency has caused many enterprises to reduce directories and merge to fewer and larger directories. The idea being, fewer directories are easier to manage and secure.
While this concept is sound, many of these enterprises miss the opportunity to properly secure them and are full of “one off” exceptions to rules. As usual, the exceptions become the rules. The larger the enterprise the stronger the policies need to be. Delegation without over-permissioning is always difficult in large enterprises. How can we grant the right permission to do the exact job?
Changes in AD also include Office 365 and Azure AD. If you’re considering using Azure AD and/or O365 then you need to consider how you are going to provide the same controls over your cloud AD as you do for your on-prem AD.
In this brief we will discuss how and when to define the proper policies, how to have strong yet flexible delegation, and how to enforce the strong policies that you have put in writing. We will also discuss how the policies and management you use for on-prem AD translate to the cloud.