Five Operational Benefits of Securing Privileged Linux Accounts

October 6, 2016 Lauren Horaist

When talking with Unix and Linux teams about securing privileged and root access, the first question sysadmins typically ask is, “Is this going to make my job more difficult?”

In keeping business critical applications running, Unix and Linux teams are essentially tasked with keeping the business running. Anything that interferes with this effort or complicates workflows can simply be considered unacceptable. Given the common perception that increased security means painful operational tradeoffs, it’s no surprise that sysadmins are skeptical of new tools. However, not all security tools are created equally.

Despite popular belief, security does not always have to come with painful tradeoffs. Many privileged account security solution end users, particularly in Unix and Linux environments, have been able to use the automation provided by the solutions to simplify IT operations processes. With the operational gains they’ve experienced, some have been able to free up time – ranging from hours to weeks – enabling them to focus their efforts on more important or interesting projects.

If your organization is considering privileged account security but you’re concerned about how this type of solution may impact your day-to-day job, read the five benefits below that have been shared with us by Unix and Linux admins who are also CyberArk users.

Five day-to-day operational benefits that CyberArk customers have experienced:

  1. Less effort to track credentials. When users manually keep track of their credentials, they can easily be lost or forgotten. One end user actually reported that he kept all his passwords in his wallet, because it was the only way he felt they would be safe. With the Privileged Account Security Solution, users no longer need to keep track of their own credentials. Instead, users need only keep track of one credential – their CyberArk credential – and everything else is managed for them.
  2. Less time spent managing credentials. Automated password management capabilities can help to eliminate manual, time consuming processes. One CyberArk user reported that the CyberArk Privileged Account Security Solution enabled him to take on more work because it reduced the time he spent managing passwords by 20-25 percent.
  3. Less time creating and deleting accounts. When admins join or leave the Unix/Linux team, there is no simple way to create or remove local user accounts on each individual system. A customer reported that in his environment of 4,000 Unix servers, it took a full month to provision access each time a new employee joined the team. Once the CyberArk Privileged Account Security Solution was in place, the account provisioning and de-provisioning process was automated, reducing this one month of effort to just a few minutes.
  4. Less time spent managing least privilege controls. Admins tasked with managing sudo policies often find this tool frustrating. Instead of applying policies across all systems, they have to be applied one-by-one to each individual Linux and Unix system. The CyberArk Privileged Account Security Solution helps Unix/Linux admins to centrally manage and update least privilege policies for users across all managed systems. This eliminates the highly repetitive effort of updating policies on each system, saving time and effort and enabling admins to focus on more interesting work.
  5. Less risk of broken processes related to password changes. One customer had a web application that needed to access a database during certain ecommerce transactions. The database password was embedded into the application code for reliability, but to meet PCI DSS requirements, the password needed to be changed every 90 days. One error could result in immediate lost revenue for the company. With the CyberArk Privileged Account Security Solution, the customer was able to centrally manage the database password and ensure that the password change was seamlessly propagated to all dependent applications and services without taking on the risk of broken processes – and without risking revenue with every password change.

Learn more about the how CyberArk solutions help customers to balance security and operational priorities in Unix and Linux environments, while simplifying the day-to-day tasks for end users.

Previous Article
The Other Insider Threat
The Other Insider Threat

The trusted insider has always been a security risk – whether an executive with access to sensitive informa...

Next Article
CyberArk Labs: From Safe Mode to Domain Compromise
CyberArk Labs: From Safe Mode to Domain Compromise

Overview CyberArk Labs recently identified what it believes to be a significant risk related to Windows Saf...