Streamlining Privileged Access Management for a Major E-Commerce Group

As a leading comprehensive online marketplace hosting tens of thousands of brands and over 40 million SKUs, the group's IT infrastructure is critical to its operations. Its operations team was responsible for managing nearly 1,000 network devices and 100 core databases within its data centers, a scale that rendered traditional, manual O&M management methods inefficient and high-risk.

Customer Profile

Activity & Announcement

Hot Products Intelligent Computing Cloud Platform
New Products Ask Large Model
New Products LLM Security Gateway
Typical cases CNCC security construction project

Challenges & Requirements

Unmanaged Shared Credentials: Account management was chaotic, with shared or personal credentials used across resources. There was no centralized directory for privileged accounts or a unified strong authentication mechanism.

Overly Broad Access Permissions: Authorization was coarse-grained and manually intensive, lacking role-based policies. This created excessive privileges and increased the risk of insider threats or accidental damage.

Lack of Operational Visibility and Audit Trail: There was no way to monitor or record what privileged users were doing. User operations went unaudited, making compliance reporting impossible and security investigations difficult.

Inability to Trace Actions to Individuals: The absence of comprehensive, user-attributed logs meant that during a security incident, it was impossible to determine "who did what," preventing accountability and timely remediation.

Solution

To address these challenges, Topsec implemented its TopSAG (Operation Security Audit System) as a centralized PAM platform.
(1) Non-Disruptive, Bypass Deployment: The TopSAG was deployed in transparent (bypass) mode, requiring no changes to the existing network architecture or firewalls, enabling zero-downtime implementation..

(2) Unified Access Gateway: TopSAG established a single, secure web portal for all internal and external O&M personnel, consolidating all privileged access through one controlled entry point.

(3) Centralized Account & Session Management: The system introduced centralized vaulting for privileged credentials, eliminating shared passwords. It enforced strong, multi-factor authentication (MFA) and provided single sign-on (SSO) to target assets, removing the need for users to know or handle actual system passwords.

(4) Granular, Policy-Based Authorization: Role-based access control (RBAC) policies were implemented, granting precise permissions based on job function. High-risk command control was enforced using whitelists and blacklists.

(5) Comprehensive Session Monitoring and Auditing: All O&M sessions (graphical and character-based) are now fully recorded, including video playback for graphical sessions and keystroke logs. Every action is tied to a unique individual, creating an immutable audit trail.

(6) Automated Compliance and Reporting: The solution was configured to automatically generate detailed logs and reports that meet regulatory compliance requirements (e.g., for data retention periods and auditability), significantly simplifying compliance efforts.

Relevant Recommendations

Product Recommendation

Special Recommendation

News Recommendation