Reducing the Risk associated with Authentication and Authorization through the deployment of SUDO and Powerbroker: A Case Study in Information Securit

Take a walk in my shoes. You are the security manager for a UNIX environment that is composed of several different flavors of UNIX which totals several thousand nodes. You have 5000+ customers, both local and remote, who are all entitled to varying degrees of access to information that ranges up to and including company secrets regarding future technologies. You see a need to put a bit more control over the customer authentication / authorization process. You attend a SANS course which only confirms the course of action you are planning to address the weaknesses in your authentication and authorization scheme. Your choices need to not only make sense from an information security and usability perspective, but also must be a sound financial decision. You have 2 options currently available to you: one is the popular freeware tool sudo and the alternative is Powerbroker. This case study will explore each of these options, their strengths and weaknesses as they apply to a large scale work environments and their implications in considering your authentication - authorization process, and will offer up one possible solution which uses both applications in a manner to minimize some of the risks known to exist with shared accounts, both traditional and super-user.