Jump to content

User and group management

Rob Gething

By Rob Gething
in IT Operations Management

 Share

Recommended Posts

Rob Gething Contributor

Rob Gething

Posted
Posted

Hi,

I am looking to take ITOM to our Technical Design Authority, seeking approval for use on our estate, however a couple of concerns have been raised, which I am hoping that you can address:

  • User and group management is quite a privilege, what’s stopping a bad actor within Hornbill, or one that’s compromised Hornbill systems from creating themselves accounts etc?
  • How do we know the wrong accounts won’t accidentally be deleted or amended?

Thanks.

Link to comment
Share on other sites
Keith Stevenson Grand Master

Keith Stevenson

Posted
Posted

Rob,

For the first part, Only the Cloud team (currently 4 members ) can even access systems that may contain customer data (Unless you grant our Support Team access via Key which you control what they can perform and how long) . No other staff have access (All Customer data is in DCs that all access is prevented except for the Cloud Team).  Any access to machines that may contain data is further controlled and any login will automatically post to a Hornbill Workspace for all the Company to see. This Login and associated Incidents are then audited and has to be associated with a valid reason (Incident\Change Request etc or disciplinary action can occur. ). Our training\Processes and controls ensure that we only access machines hosting data when absolutely necessary. All this is covered under our ISO controls which are audited annually by the BSI . (See wiki.hornbill.com for a overview of our ISO policies, if your Enterprise customer you can also get a yearly 1 to 1 review of our controls and audits) 

So if a member of the Cloud Team (or if their accounts were compromised) had access to a machine hosting data  it would be flagged instantly. Even then they would not be able to decode the KeySafe Credentials held in Hornbill which would be needed to invoke the ITOM integration 

As for the 2nd part of your query. The ITOM job will do whatever you configure it to do, so providing you pass the correct ID etc it will do the expected action on the given account.  

Hope this clarifies your query 

Kind Regards 

Keith Stevenson 
Hornbill Cloud Team

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...