BeyondTrust Case Studies Financial Firm Secures Its Private Cloud

Edit This Case Study Record

	Financial Firm Secures Its Private Cloud BeyondTrust

Financial Firm Secures Its Private Cloud

BeyondTrust

Technology Category	Cybersecurity & Privacy - Identity & Authentication Management Infrastructure as a Service (IaaS) - Cloud Computing Infrastructure as a Service (IaaS) - Private Cloud
Applicable Industries	Finance & Insurance
Applicable Functions	Business Operation
Use Cases	Cybersecurity
Services	System Integration Testing & Certification
Challenge	The financial institution was facing challenges in validating virtualization security, controlling access, and securely authenticating users. An internal security audit revealed that its VMware ESX systems, Red Hat Linux VM guests, and Solaris systems were configured with file-based methods of user authentication and access control. The staff responsible for user accounts lacked the expertise to manage and synchronize accounts for every type of operating system. The firm was using Active Directory 2003 R2 for its Windows servers. The administrators attempted to implement Active Directory authentication on their ESX hosts by using VMware’s configuration scripts. Although Active Directory’s Kerberos authentication provided single sign on, it provided only part of the desired solution. Read More
About Customer	The customer is one of the world’s most recognizable financial institutions, serving businesses and other financial organizations throughout the United States and internationally. It provides a range of financial services that requires highly available and recoverable production information systems made possible through VMware virtualization. The firm has a comprehensive virtualization plan, selecting VMware Infrastructure 3 and VMware ESX bare-metal hypervisors to provide support for a majority of internal and external customer-facing deployment scenarios. By the end of 2009, more than 80 percent of the application servers would be VMs hosted in VMware and the infrastructure would span more than 30 ESX servers. Read More
Solution	The company began testing commercial AD-bridge software products that would support all the operating systems in its data center, including its VMware ESX servers. In addition to providing Kerberos authentication that is compatible with Active Directory, AD-bridge software also provides security policy management and audit and reporting functions. The firm chose PowerBroker Identity Services (PBIS) for its ability to integrate VMware ESX and other operating systems into Active Directory for access control and authentication, control security and sudo with group policies and Active Directory’s hierarchy of organizational units, audit access and activity on VMware ESX systems, and BeyondTrust’s exceptional support and professional service offerings. Moving completely to Active Directory for user management saved the institution significant time in provisioning new users. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Identity & Authentication Management

Infrastructure as a Service (IaaS) - Cloud Computing

Infrastructure as a Service (IaaS) - Private Cloud

Applicable Industries

Finance & Insurance

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Services

System Integration

Testing & Certification

Challenge

The financial institution was facing challenges in validating virtualization security, controlling access, and securely authenticating users. An internal security audit revealed that its VMware ESX systems, Red Hat Linux VM guests, and Solaris systems were configured with file-based methods of user authentication and access control. The staff responsible for user accounts lacked the expertise to manage and synchronize accounts for every type of operating system. The firm was using Active Directory 2003 R2 for its Windows servers. The administrators attempted to implement Active Directory authentication on their ESX hosts by using VMware’s configuration scripts. Although Active Directory’s Kerberos authentication provided single sign on, it provided only part of the desired solution.

About Customer

The customer is one of the world’s most recognizable financial institutions, serving businesses and other financial organizations throughout the United States and internationally. It provides a range of financial services that requires highly available and recoverable production information systems made possible through VMware virtualization. The firm has a comprehensive virtualization plan, selecting VMware Infrastructure 3 and VMware ESX bare-metal hypervisors to provide support for a majority of internal and external customer-facing deployment scenarios. By the end of 2009, more than 80 percent of the application servers would be VMs hosted in VMware and the infrastructure would span more than 30 ESX servers.

Solution

The company began testing commercial AD-bridge software products that would support all the operating systems in its data center, including its VMware ESX servers. In addition to providing Kerberos authentication that is compatible with Active Directory, AD-bridge software also provides security policy management and audit and reporting functions. The firm chose PowerBroker Identity Services (PBIS) for its ability to integrate VMware ESX and other operating systems into Active Directory for access control and authentication, control security and sudo with group policies and Active Directory’s hierarchy of organizational units, audit access and activity on VMware ESX systems, and BeyondTrust’s exceptional support and professional service offerings. Moving completely to Active Directory for user management saved the institution significant time in provisioning new users.

Impact #1	The firm was able to implement a hierarchical security policy across all its systems with both standard domain security policies and sudo policy configured for domain identities, allowing the firm to lock down its systems.
Impact #2	With PBIS’s features for auditing and compliance, the firm was able to validate its virtualization security with regular reporting and respond to security exceptions through consolidated event log analysis.
Impact #3	The firm was able to join 30-plus VMware 3.5 ESX Servers, 50-plus Red Hat guests, and additional Solaris and AIX systems to Active Directory.

Impact #1

The firm was able to implement a hierarchical security policy across all its systems with both standard domain security policies and sudo policy configured for domain identities, allowing the firm to lock down its systems.

Impact #2

With PBIS’s features for auditing and compliance, the firm was able to validate its virtualization security with regular reporting and respond to security exceptions through consolidated event log analysis.

Impact #3

The firm was able to join 30-plus VMware 3.5 ESX Servers, 50-plus Red Hat guests, and additional Solaris and AIX systems to Active Directory.

Benefit #1	Reduced workload for server and identity administrators.
Benefit #2	Streamlined logon processes for users.
Benefit #3	Eliminated costs associated with password resets and user account turnover that would otherwise have required reconfiguring more than 30 VMware ESX systems on a 30-day schedule.

Benefit #1

Reduced workload for server and identity administrators.

Benefit #2

Streamlined logon processes for users.

Benefit #3

Eliminated costs associated with password resets and user account turnover that would otherwise have required reconfiguring more than 30 VMware ESX systems on a 30-day schedule.

Download PDF Version

Overview

Financial Firm Secures Its Private Cloud

Operational Impact

Quantitative Benefit