Managing security configurations for large organizations with locations scattered around the world can be challenging. Likewise, some businesses have multiple operating divisions that are separate entities but all use the same IT infrastructure. As an IT leader, you likely want to have consistency in baseline security and acceptable use policies, yet have regional or line of business security teams have the flexibility to make changes that reflect specific needs in a timely manner.
Enterprise Threat Protector makes it quick and simple to deploy a consistent security policy globally or across your business. And, with the Delegated Administration features that are now available in Enterprise Threat Protector, you can easily provide regional or line of business security teams with the ability to only manage and view configuration settings that apply to parts of your business they are responsible for.
So, how does this new feature work? (available for all ETP users at no extra charge)
ETP has two levels of Administrators: Super Administrators and Delegated Administrators. A Super Administrator is able to add Delegated Administrators and grant them access to only specific locations and policies.
By default, a Delegated Administrator can add locations and policies. Once granted access to specific locations and policies, the Delegated Administrator can then manage those locations and policies. This allows a Delegated Administrator to manage part of the enterprise network or line of business and oversee advanced policy settings such as defining the acceptable use policy (AUP), policy actions, enabling the ETP proxy, and more.
In addition to creating and managing locations and policies, a delegated administrator can:
- View the settings associated with most configuration features in ETP. While a delegated administrator cannot modify quick lists or create custom lists, they can view the settings that are associated with these components.
- Schedule a report. Report results are based on the locations that the delegated administrator is allowed to access.
- View and analyze data on the Event Analysis and Activity pages based on assigned location. A delegated administrator can filter data and view the events, activity, and traffic related to the locations they are allowed to access and manage.
- Grant or revoke Akamai Support Access.
A delegated administrator cannot:
- Modify the settings associated with custom lists and quick lists.
- Add email addresses for alert notifications or any communications emails.
- Manage a client connector or security connector.
- View Security Connector activity. The Security Connector tab on the Activity page is not available. If a threat event correlates to a security connector event, the delegated administrator can view details about the security connector event from the Events page.
- Add or manage a custom response.
- Grant other delegated administrators access to locations and policies.
- Manage the man-in-the-middle CA TLS certificates for ETP Proxy.
If you want to try this new feature, reach out to your Akamai Representative to get it activated.
Not yet experiencing the benefits of Enterprise Threat Protector? Sign up for a free 30 day trial.
*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Jim Black. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/fUa-DcuwtDg/new-delegated-administration-feature-in-enterprise-threat-protector.html