Amadeus Strengthens Compliance and Streamlines Security Administration Using Centrify

Amadeus has established their business and their reputation for rapid response travel planning on behalf of travel providers, travel agencies and large scale travel buyers using a proprietary, high performance, transaction processing system.

It’s absolutely critical to satisfy PCI regulations if we want to maintain the high levels of security demanded by our customers. Centrify helps us meet those standards.”

Ana-Paula Ribeiro
Director of Operating System Services

THE CHALLENGE:

The rapidly-expanding environment comprises thousands of Linux and UNIX systems for development and deployment of their services. Among the immediate and significant challenges that this data center architecture presented was security and access control. With multiple teams developing applications for discrete product lines and rapidly proliferating servers, the prospect of managing unique accounts on thousands of servers for thousands of developers and hundreds of administrators would cause several major challenges.

• Administrators would spend a tremendous amount of time managing accounts
• The proliferation of accounts per user would result in forgotten passwords, poor security practices (taping passwords to keyboards) and server vulnerability
• Without centralized control orphan accounts, even root accounts with no discernible owner, can proliferate. Tracking orphan accounts of users who may have changed roles or left the company would be a full time job
• It would be difficult to maintain security best practices and ensure the upkeep of security policies
• Their test environment revealed that for expediency sake during server deployment activities, administrators would sometime share root passwords for multiple systems, making their interactions with these systems essentially anonymous

Payment Card Industry (PCI) Compliance - In addition, because of the nature of their business, credit card numbers flow through the system in the hundreds of thousands per day. To protect customer credit cards, the requirements of the Payment Card Industry (PCI) are both explicit and strict: for all systems that contain or process credit card transaction information, you must be able to prove who has access to the servers, and you must be able to prove you know exactly what they did on those systems to the satisfaction of PCI auditors. Both Amadeus and the PCI wanted restricted access to those card numbers and the systems that processed them.

THE SOLUTION:

“The fact that Centrify could provide uniform support across all of our operating system platforms was a major advantage.”

Ana-Paula Ribeiro
Director of Operating System Services

Amadeus discovered that Centrify would allow them to use the same Active Directory credentials to authenticate to and control access to all of the non-Windows servers in their data center. Centrify Suite is part of a comprehensive “data center infrastructure” solution set that Amadeus is deploying. Other products that they are using provide patch management across systems, provisioning and encryption of data at rest.

Why Centrify: They chose Centrify after thorough research of the alternatives, positive reviews from other customers, and a proof of concept test that allowed them to simulate the planned environment. It was also important to them that they did not have to touch the Active Directory schema in order to implement the Centrify Suite. The Centrify agent software has become a default part of each new server image.M

Centrify addressed all of the issues that they identified:

“We automatically include Centrify on every server we deploy, and we are deploying hundreds per quarter.”

Ana-Paula Ribeiro
Director of Operating System Services

• By including Centrify Suite on all systems, Amadeus eliminated disparate UNIX and Linux identity stores
• By relying on Active Directory and Centrify, each Amadeus user now has a single user ID and password to use to login to all of the systems that IT security has centrally granted them access to
• Amadeus can also enforce security best practices uniformly across all of the UNIX and Linux systems by using the strict policies (such as password expirations, password length and complexity) that Active Directory and Centrify enable
• Centrify can generate reports showing a server view—who has access to a given server—and a user view—what systems does so-and-so have access to and what are his rights. This helps get rid of orphan accounts
• Rights to access a given server can be associated with individual users. They implemented a least-privilege security model for Linux and UNIX systems with flexible, role-based controls that protected privileged operations while still granting users the privileges they needed to perform their job
• Privileged users can be granted specific, appropriate rights only to those systems that they administer
• This approach incorporating Centrify enabled them to pass the PCI-DSS audit

“By use of Centrify and other tools we can automate user and server administration, which allows us a more efficient ratio between servers and system engineers.”

Ana-Paula Ribeiro
Director of Operating System Services

In addition, Centrify adds a layer of access control unavailable on the Windows side by allowing IT managers to group servers into logical Zones and then to control access by Zone. In this way an Amadeus administrator who supported developers working on a reservation system would not see servers that handled credit card transactions. Amadeus can constrain an administrator’s rights to a particular Zone.

By deploying Centrify Suite Amadeus was able to rapidly increase their server deployments, provide SSO to their developers and administrators, increase the granularity of their access control, tighten their security and meet PCI standards without having to add more staff or another layer of administrative software.

• Return to Customer Success Stories Page