From a compliance (& perhaps just for pure due-diligence) standpoint, what do IT departments typically deploy to keep an eye on their privileged administrator's remote access sessions? Also what's the standard when it comes to security procedures for third party devs that manage backend dev/prod environments via SSH?
1 Answers
Check out Gartner's Guide for privilege access management. There are large number of vendors in this field that provide capability to monitor "Privileged session". Due to significant maturity of this space, I have not seen any large company rolling out a custom solution.
It is pretty rare for third party devs to have access to prod environment. In most of the places that I have been involved with, the access to developer (including third party) is limited to dev boxes. The UAT and production boxes are only accessible to system administrators. In UAT and in very rare scenario in production, developers may have read only privilege to specific directories to allow them to review logs and configuration files. In most of the prod servers, a privilege session management solution records all the keystrokes and depending on the sensitivity of servers, these keystrokes may need to be approved by a manager on daily basis.
- 641
- 4
- 7