Selected cases | Establish a privileged identity access security management system to help the rapid development of the business of rural credit cooperatives in a province
Release time:
2022.05.23 | Source:
Palladium
PREFACE
With the in-depth development of the reform of the rural financial system, it is becoming more and more important to ensure the steady development of rural credit cooperatives and strictly adhere to the bottom line of systemic risks. In recent years, various regulatory measures have been introduced, and in 2021, the regulatory level will continue to maintain a strong supervision and strict punishment, and the penetrating supervision will continue to deepen. All this has put forward a new test for the development of rural credit cooperatives.
Project Description:
A provincial rural credit cooperatives union (hereinafter referred to as the provincial rural credit cooperative) is the first provincial-level cooperative established since the State Council deepened the reform of rural credit cooperatives. In recent years, with the rapid development of various types of financial business of the provincial rural credit cooperatives and the increasing number of information equipment, the information security requirements have also been continuously improved, the number of equipment managed has exceeded 20,000 units, the original account password, authority authentication, audit management measures can not meet the current and future development requirements.
Project Pain Points:
The current use of the device was launched in 2014, because the underlying layer can not be upgraded, in terms of account management, API synchronization, large concurrent performance requirements, unified deployment, etc., it has been unable to meet the use needs of the provincial rural credit cooperatives and the regulatory requirements of relevant departments. The main pain points are as follows:
1. Insufficient number of authorizations: A large number of new devices are not included in the unified O&M platform, and the number of authorizations cannot meet the requirements;
2. Account security risks: The existing account is seriously different from the actual account, there are security risks, and it is impossible to synchronize regularly;
3. Limited service upgrade: the early stage of the equipment software and hardware integration deployment, limited performance, storage, inconsistent version, can not upgrade and centralized configuration;
4. Platform collaboration obstacles: At present, it is impossible to connect with CMDB, ITSM and other automation platforms, and users, assets, and permissions cannot be automatically synchronized;
5. The original fortress machine cannot fully cover the demand: the original fortress machine is an operation and maintenance audit platform based on the integrated machine architecture system, and with the increase of data volume, it cannot fully meet the core needs of the current provincial rural credit cooperatives.
PLD Privilege Access Management Solution:
In 2014, Palladium reached a strategic cooperation with the Provincial Rural Credit Cooperatives for the first time, assisting the Provincial Rural Credit Cooperatives in carrying out comprehensive information construction from the operation and maintenance management side, and played a key role in its digital transformation process. With the improvement and development of the infrastructure within the provincial rural credit cooperatives, in 2021, Palladium combined with the requirements of the "Cybersecurity Law of the People's Republic of China", "Measures for the Management of Graded Protection of Information Security" and other relevant security systems, and tailored a clustered privileged identity access security management system solution based on Zero Trust for the provincial rural credit cooperatives in view of the current series of management operation and maintenance pain points.
Scenario deployment:
In this solution, a total of eight sets of privileged identity access security management systems are deployed, of which the cluster center is configured with dual machines and the rest of the systems are configured as nodes. The deployment topology diagram is as follows:
Key Technologies:
1. Build a cluster management platform to support large concurrent and hierarchical deployment;
2. Fully take over the user account account and realize full automation;
3. Full-channel file transfer control to prevent data transmission leakage;
4. Hierarchical and decentralized management method.
Project Benefits:
1. Improve unified operation and maintenance capabilities: Establish a unified login portal, provide multi-node configuration, support simultaneous operation and maintenance in the large concurrent environment of the operation and maintenance personnel of rural credit cooperatives in the province, and improve the emergency response capabilities of security incidents of rural credit cooperatives in the province;
2. Privileged account management upgrade: Build an account management automation model, realize the whole life cycle management of the account of the hosting equipment, help the provincial rural credit cooperatives improve the account risk sharing mechanism, form a risk prevention synergy, and ensure that the provincial rural credit cooperatives can timely discover and restrict suspicious account business;
3. Improve the security of account login: Establish a high-fine-grained user authentication system to ensure the security and anti-repudiation of the provincial rural credit cooperatives user login to the greatest extent in view of the characteristics of different scenarios such as the large number of customers, flexible use of funds, and differentiated needs of the provincial rural credit cooperatives;
4. Reduce the risk of business handling: Establish a high-precision security control system for sensitive data to ensure that the online business handling of the provincial rural credit cooperatives is monitored and analyzed in real time, and greatly reduce the risk of fraud;
5. Improve the efficiency of platform collaboration: establish intelligent API interfaces, complete seamless docking with cloud management platforms, CMDB, ITIL/ITSM and other platforms, and improve the efficiency of multi-platform collaborative management of privileged accounts of provincial rural credit cooperatives;
6. Quickly respond to the service needs of customer groups: create a hierarchical and decentralized management system, delegate management authority to the outlets of the provincial rural credit cooperatives, implement the concept of minimizing authority, ensure that the work configuration process between the personnel at all levels of the provincial rural credit cooperatives is efficient, and achieve the purpose of rapidly responding to the needs of various financial services;
7. Improve database stock: Create a seamless expansion module for PAM clusters to reduce database load pressure and meet the incremental data needs of rural credit cooperatives in the later stage.