Adopt Least Privileges - First, control the scope of privileged accounts by adopting the least privilege principle. For Windows systems, the single biggest improvement in security is to run users with standard user privileges, whenever possible. We help you to overcome the “all or nothing paradox”: standard user or local admin? Our solution runs all users as standard users and then grants privileges granularly to find the perfect balance between security and operations. If your environment is more heterogeneous, we offer best of breed Active Directory bridging and privilege management in an integrated solution for Windows, Unix, Linux, Mac and Mobile. In addition, we are able to provide you with a consistent view of permissions across Windows, NAS, UNIX/Linux, Exchange, and SharePoint and the ability to sandbox and commit changes in a single pane of glass.
Secure and Simplify Access
could be mitigated with privilege management
Strengthen Authorization - Some systems are too critical for one admin alone. We offer solutions to implement the so-called four-eyes authorization principle. Appoint an authoriser, who needs to approve of the session, can terminate it at any time and can monitor the real-time events of the authorised connections. This helps to prevent mistakes and misuse of access privileges. Think about four-eyes authorization when it comes to accessing monitored user sessions. Also think about shielding your sensitive information from privileged users. Are you sure that your admins do not have access to payroll, legal or financial information? You might want to check our sensitive information management page as well.
Separate Duties - First step, much like the trias politica, separate the three powers of IT: policy-making, execution and analysis. This applies to both IT security and operations. Let management craft operations and security policies. Let your internal IT or outsourcing partner in charge of configuration and maintenance - but monitor them closely. Let an independent third party analyse the results and formulate recommendations. Our software solutions are exactly that independent third party, offering a transparent 365° view of your IT environment, including dashboards, metrics and out-of-the-box reports. Make sure IT cannot tamper with logs or audit trails. Check whether operations, security and compliance requirements are met and do it proactively. Note that we also offer managed operations as one of our services and that we have established relationships with external auditors. Never trust a single person with all the power.
Monitor Centrally - Often, IT does not like the idea of being monitored. This argument turns around quickly by remembering that IT is doing most critical work on most critical systems containing most critical assets. IT benefits too you know, they can cover their backs when something goes wrong and everyone thinks twice when they know they are being watched. Trust is good; control is better. There are three technologies to consider: jump hosts, agent-based or proxy gateways. At Metastore, we do not like jump hosts because of the disrupted user experience. However, we provide both agent-based and proxy gateway solutions. Our proxy gateway is a unique appliance that is fully independent and transparent. Please consult us to discuss which solution is best for you.
Control, Prevent and Alert - Go even further than nailing least privilege management and complement it with proactive grey and black listing. We provide technology to classify actions as suspicious or even block them in real-time. Configure alerts to be sent to the right people.