The finance and accounting departments know all about separation of duties (SoD) — the person who writes the checks isn’t the same as the person who approves the checks. For the IT department, SoD is a little newer, but no less important.
When regulations such as Sarbanes-Oxley (SOX) and the Gramm-Leach-Billey Act (GLBA) were enacted, IT inherited many of the internal control requirements. Network security has grown to require separation of duties as much a part of daily life as it is in Accounting.
In May 2018, the EU’s General Data Protection Regulation (GDPR) will for SoD into the c-suite to evaluate corporate structure to meet GDPR compliance and pass the required audits.
From a device management perspective, Uplogix has robust and granular authorization controls that make employing a separation of duties program easier to deploy. Uplogix extends role-based administrative access policies to devices with detailed auditing and reporting for compliance when the network is up, or down. Some specific SoD functions include:
- Keeping watch over who has access and where they can go
Uplogix helps maintain and enforce AAA (Authentication, Authorization and Accounting) regardless of the state of the network. Under normal circumstances, Uplogix Local Managers (LMs) integrate with remote multi-factor authentication mechanisms, such as TACACS and Radius, but if connectivity is lost, the LM can failover to other AAA servers before falling back on cached authentication data to maintain authorized access. - Trust (if they have credentials), but verify
Audit and compliance reporting is strengthened by Uplogix constantly logging all changes made to managed devices and the results of these changes. - Using a broader brush
Uplogix can improve overall security by restricting access to specific IP addresses and encrypting passwords stored in the database, and by automating management functions related to security enforcement, like updating the access passwords on hundreds of managed devices at once.