Presentation on theme: "1 Authority on Demand Flexible Access Control Solution."— Presentation transcript:
1 Authority on Demand Flexible Access Control Solution
2 The Challenge Emergency access to critical application data and processes is a very common security breach which is uncovered in System i audits. Currently, manual approaches to this problem are not only error-prone, but do not comply with regulations and auditor’s often stringent security requirements. System i sites define user’s security levels and allocate security rights corresponding to the different job responsibilities in the organization.
3 AOD Features Easy to Use - simplifies granting special authorities when necessary, and incorporates easy-to-use reporting and monitoring mechanisms. Add/Swap Security Levels (unique to iSecurity AOD) - grants a new security authority level or adds additional security rights on request. Authority Transfer Rules & Providers - enables pre-defining special authority "providers" and special authority transfer rules. Safe Recovery from Emergency - enables recovering from different types of emergency situations with minimum risk of human error. Full Monitoring Capabilities - logs and monitors all relevant activities, and sends audit reports and real-time e-mail alerts when employees request higher authority. Part of End-to-End Solution - solidifies iSecurity's position as the most comprehensive security solution for System i environments. Intuitive GUI Interface –suitable for non-technical staff. Controlled Access – allows only relevant personnel to access critical data
5 Without Authority on Demand: Inefficient Work Mode Sam Evans Programmer Has authorities for Test & Development Needs authorities for Production once a week Richard Garner Busy IT Manager Hi Sam… temporary authorities for the Production folder? Hmmm, I don’t have time now… maybe next week. Authority Request Rejected
6 With Authority on Demand: Automatic Granting of Special Authorities Let’s define authority rules: When Sam Evens requests authority for Production Folder between 8AM-16:30PM, the system will automatically grant it… Uh, Richard, I need authorities for the Production folder again…
7 Requesting Special Authority… Now that we have AOD, I’ll request authority… Wow, this is so much easier than calling up Richard…
8 Instantly & Automatically Receiving Authorities Got the authorities!
9 Finally, I don’t have to waste my time on granting special authorities… the whole process is automatic and I can see a full log of Sam’s authority requests and even screen captures! Effective Monitoring of Special Authorities
12 Authority on Demand Log DANA start add authority of user QSECOFR in job 456789/DANA/QPADEV0003. Reason: Need to check problem in production system. Confirmation ID: 5634 Time: 11/03/08 22:40 DANA end add authority of user QSECOFR in job 456789/DANA/QPADEV0003. Time: 11/03/08 23:19 ID: 653 Attachment 1 – Command entered Attachment 2 – Captured Screens Attachment 3 – DB Records changes Command entered ID: 653, Attachment 1 DB Records changes ID: 653, Attachment 3 Captured Screens ID: 653, Attachment 2 * Other attachment options available (all QAUDJRN information, summary of changes made by Ad-Hoc utilities…)