Gulf Air selects Wallix to manage and secure access to IT infrastructure
Airline wanted to manage and control access to defined privileged accounts and record work undertaken on systems
Gulf Air has chosen Wallix's AdminBastion product over several other solutions to manage and control access to privileged accounts.
The firm had previously taken a more manual approach to manage access to its systems in its data centre. But Muhammed Asif Riaz, manager of information security and risk management at the company, told Computing that the complexity within its IT estate meant that there wasn't sufficient visibility into changes made to the systems.
"We were unable to know if the administrator was able to complete a task in one go and what errors they faced. We couldn't document it," Riaz said.
Without the required tools, the airline found it difficult to troubleshoot issues that occurred during maintenance.
Dr Jassim Haji, director of IT at Gulf Air, said that it was becoming increasingly apparent that the company needed a solution that could manage and control access to defined privileged accounts, maintain an approval hierarchy for access and make a log of requests.
"The challenge faced in managing these types of internal and external users is how to ensure that the right access required to undertake their authorised responsibilities is provided - nothing more, nothing less - based upon established and controlled policies," he said.
Riaz said that the firm did an initial PoC and selected Wallix ahead of other "market leaders".
He said the Wallix solution was easier to manage and had better monitoring and auditing capabilities than its competitors. He added that other positives of the solution were that it was agentless, was compatible with Gulf Air's environment, and could sync with its current security solutions.
Dr Haji explained that solutions from many of Gulf Air's existing partners were looked at but were deemed not good enough for the firm, adding that the company did not want to take any chances when it came to selecting this product.
With AdminBastion, the company now has a central authentication and connection point for users to access servers and devices. This means that users no longer need to log-on to separate resources on the network individually, but instead can log-in to AdminBastion, which then enables access to resources depending on the user's pre-determined privileges.
All activity within the product is captured both graphically and with text logs, improving Gulf Air's auditing capabilities as well as enabling further insight for use by the airline's existing log management and SIEM tools.
"The successful implementation of the solution meeting our requirements in a timely manner and within the allocated budget constraints has enabled Gulf Air to minimise data leakage, system disturbance and have oversight control over IT services," said Dr Haji.
Riaz explained that implementing the solution was straightforward, as was the training - which was provided by the vendor during the implementation period. Installing and setting up the solution took one month and was completed in April last year.
Gulf Air plans to upgrade the solution to Wallix AdminBastion 4.2, which is the latest version of the product, and Riaz said the firm was looking forward to using the new Approval Workflow feature.
"It's a way of allowing the user access to a device that they haven't used before but by automating that access so you don't need to manually do it, it makes a request through Wallix which can be approved by somebody and then they get timed access in a one-off way, so it's secure access but it also simplifies giving access to their devices," Chris Pace, head of product marketing at Wallix explained.
Dr Haji concluded that the solution "helped in providing real-time resource management, reporting and monitoring capabilities for IT administrators, improving the overall efficiency of Gulf Air's IT function".
He added that "privileged access management" was instrumental for Gulf Air in complying with the required international and industry standards.
"We're currently certified against the ISO 27001 standard and maintain compliance with PCI-DSS," he said.