U.S. Agency Selects Xceedium to Secure Privileged Access to Hybrid Cloud
Recovery and Accountability Board Leverages Xceedium’s Xsuite to Control and Record Privileged Users and to Meet FISMA Requirements for Protecting Data and Systems
Amazon Web Services re: Invent Conference, Las Vegas, Nevada — Xceedium today announced that the Recovery Accountability and Transparency Board chose Xsuite, the leading privileged access management solution for hybrid-cloud enterprises, as a key security component for its enterprise of the future.
The Recovery Accountability and Transparency Board is a non-partisan, non-political agency created by the American Recovery and Reinvestment Act of 2009. It has two goals:
- To provide transparency of Recovery-related funds
- To detect and prevent fraud, waste, and mismanagement.
The organization operates the award-winning Recovery.gov website, the U.S. government’s official website that provides easy access to data related to Recovery Act spending and allows for the reporting of potential fraud, waste and abuse.
The Recovery Accountability and Transparency Board also is a leader in hybrid-cloud computing. It has built a multi-cloud enterprise and moved a wide variety of its IT services to the cloud, implementing the federal government’s first civilian, compliance-focused, hybrid-cloud environment.
“Recovery.gov is transforming its IT to the enterprise of the future, placing the right service on the right workload to enable a secure, nimble, and cost-efficient organization,” noted Ken Ammon, Chief Strategy Officer at Xceedium. “Xceedium Xsuite was a perfect fit for Recovery.gov’s Cloud Hub architecture. They are using Xsuite to secure privileged access across a hybrid-cloud environment and will be addressing important privileged account and personal identity verification (PIV) smartcard authentication mandates.”
Recovery.gov integrated Xsuite into its Cloud Hub security stack. Cloud Hub enables the organization to leverage multiple cloud providers in conjunction with its own internal private-cloud infrastructure. The agency will utilize Xsuite’s ability to granularly control access, enforce separation of duties, and monitor and record sessions for administrators accessing its internal server stack and its managed service offering to other federal agencies. This includes protecting servers running on the agency’s internal private cloud, based on VMware technologies, and infrastructure running on Amazon EC2 and S3. Protecting privileged accounts was the top issue noted by the Inspectors General in the 2011 FISMA report.
Xsuite also will enable Recovery.gov to implement PIV smartcards to provide multi-factor authentication for privileged users before they are granted access to critical systems and cloud management consoles. HSPD-12 and OMB 11-11 are driving the use of PIV cards for logical access to systems. Using Xsuite, Recovery.gov will be able to leverage PIV cards for administrative access to servers, wherever they reside, without having to change how the agency manages passwords and other credentials on its systems.