In a corporate setting, it is important to take steps to prevent an individual's mistake from impacting the whole. The loss of a shared administrator password, for example, being able to remove everyone's access to a server, or even the execution of an incorrect command that drops a service and creates unavailability for the entire company. This type of case should be avoided.
Through its password vault functionality, senhasegura eliminates the risks related to sharing privileged credential passwords, weak, obsolete critical passwords, etc. However, there is still the risk that an authorized employee, with due access to an administrative credential, when using this access to perform some task on a critical device of the system, by accident or even bad intention, end up carrying out a command in addition to what he should have and being harmful to the system.
To better understand this scenario, let's imagine the following situation: company X has a datacenter with servers running 24/7, with essential services for the business running on these servers. The company has an IT team operating also 24/7 to take care of this infrastructure. A maintenance was planned to take place during the night, when the operational contingent is smaller and, therefore, is the most suitable for this type of maintenance. The employee who will perform the maintenance is a junior analyst who has been granted access to an administrative credential on the server to perform the maintenance. Maintenance consists of executing 3 predefined commands on the terminal and then restarting the services.
On the day of execution, the employee, due to inexperience, ends up missing one of the necessary commands and, when restarting the services, he discovers that these have stopped working. At that time, there is no senior analyst on duty and the unavailability ends up lasting for hours, causing great damage to the organization.
To deal with this type of problem, senhasegura developed Task Manager. Through this module it is possible to program commands and even macros and allow access so that they, and only these, can be executed, without anything else being done through the administrative credential used to execute them. In addition, these Tasks are executed when clicking on buttons, thus eliminating the risk that commands are entered in the wrong way in the system due to lack of knowledge or even typos. In addition, the accessibility, approvals and auditing features of senhasegura apply to the Task Manager, thus offering all the granular management and monitoring already known to senhasegura .
In this chapter, we will first discuss the Task Manager settings, such as access groups, reasons for execution and Templates and, later, we will demonstrate the visualization and execution of the Tasks themselves.
Within senhasegura , support entries are entities that aim to assist in the organization and segregation of policies and permission. Thus, in addition to the rules for access groups, it is also possible to register environments and systems, according to the needs of the Organization.
In addition to these, it is possible to register reasons for execution, in order to facilitate the organization and control of the execution of tasks.
Environments and Systems
The environments act as an entity that segregates rules and tasks. As an example, some customers use virtual environments such as Production, Approval and Legacy to segregate the location of their systems. They can be registered from the menu Settings ➔ System parameters ➔ Segmentation ➔ Environments.
Systems represent the systems where tasks reflect their actions, also acting as a segregating entity. Its filling is free choice of the customer. As an example, systems like Payment, Manufacture, Monitoring. They can be registered from the menu Settings ➔ System parameters ➔ Segmentation ➔ Systems.
Do not confuse Environments and Systems with the Site entity in the Devices registry, which acts as a segregating attribute for Credentials.
Reasons for execution
These reasons represent the factors that lead a task to be performed. They are used in the description of justifications and applications for authorization. As an example you can register Scheduled Maintenance, Unplanned Maintenance, Monitoring, etc. Use the Task Manager ➔ Settings ➔ Reasons menu to list the reasons you entered and have access to their inclusion and maintenance.