Open4:Access

Managed External 3rd Party Access to IT Resources

Most large organisations rely on complex IT infrastructures to run their businesses and deliver services to their customers. These systems are business critical, support and maintenance is a 24*7 operation. Rapid fault resolution requires immediate access to wide range of specialist skills and support systems. These are costly to maintain within individual organisations and are increasingly viewed as not core to the business. As a result, many organisations are moving to outsource this function to a number of specialist organisations. To fulfil their obligations, these support and maintenance organisations require wide ranging access to internal IT systems, many of which will be classed as sensitive due to the data they hold, or business critical as a consequence of the operational function they perform.

Requiring support and maintenance staff to be on-site to deliver service has operational cost implications. Providing facilities that allow support and maintenance to be performed remotely i.e. without requiring a site visit, can be seen as offering significant benefits. However, external third party access to internal, operational IT resources, introduces a level of business risk that has to be mitigated through appropriate security and management controls. This issue is exacerbated by the increasing range of compliance regimes such as SOX, that demand detailed operational control, accountability and traceability.

Enabling and monitoring third party access to internal, operational, IT systems is a difficult problem to solve requiring the integration of a number of complex technologies.

InMezzo’s Open4 Access remote access management solution delivers centralised management of third party access, visibility of access, and full accountability of action. Open4:Access combines leading edge security coupled with a highly scalable administration infrastructure to deliver a complete 3rd party access solution.

Open4:Access Solution Overview

Figure1. Controlling External Access to Internal IT Platforms

  As shown in Figure 1 Open4:Access is comprised of two components:

 Open4 Access Gateways

  A number of access gateways are available to control access to internal IT resources via different network protocols. The Open4 Access gateways enforce:

   Authentication

  This is configurable to use Open4 authentication servers or existing authentication solutions.

    Authorisation

 

  This controls access to internal IT platforms according to user, organisation, nominated list of user’s, protocol, action, time of day, or sponsored approval.

    Time Based Session Controls

  Access to IT resources may be sponsored and fixed to specified times or durations, after which access is terminated.

  Key Stroke Logging

  Console access to IT platforms using Telnet of SSH protocols can be keystroke logged and consolidated for analysis

    Audit

An audit is maintained of all gateway events

 Open4 Access Manager

  Open4 Access Manager is a centralised management server that allows configuration and monitoring of external 3rd party access. It supports:

 Registration of third party organisations and individualsSpecification of third party access rights to internal resourcesSponsorship of time limited access to internal resourcesReporting of organisation and individual access rights, accounts and identities on all internal IT platformsReal time control over active sessions

  As shown in Figure 1 above Open4:Access is designed to control external access to the different IT platforms. Administrators can centrally configure and change individual and organisation access policies. Detailed access policies can be applied requiring a number of conditions to apply before access is enabled. Access to defined resource may require explicit sponsorship from named individuals within the organisation and be specified for a limited time period.

  Open4 Access Manager allows the administrator to review and control:

 Who has access to what systemsWho has accessed what systemsWho is requesting access to what systemsWhat compliance regulations are imposed on each access

Open4:Access Benefits

  Open4:Access allows organisations to:

•Reduced operational costs through the provision of 3rd party access to internal IT platforms

•Cost effectively comply with requirements and regimes such as SOX

•Manage change and churn within 3rd party organisations

Conclusion

  Open4:Access allows organisations to:

 Reduce operational costs by controlling and enabling outsourced support and maintenance functions to remotely access internal IT resources.  Centralised control and management allows risk to be managed and compliance requirements of regimes such as SOX to be cost effectively implemented.

Policy & Identity Management Solutions