How to Keep Privileged Accounts Safe and Share Them Securely?

It's a matter of fact: Every IT team needs to use large numbers of user identities and passwords for managing servers, network devices, databases, etc. It is very simple if the organization is small and you are the only systems administrator. But it becomes difficult as soon as two or more people start to work with these accounts. Privileged accounts, such as that of the domain administrator or service account, allow very powerful, usually unlimited access to system and data, and if they are not properly secured and maintained, they represent a very high risk to an organization's security.

How many servers and devices are accessible under your "favorite" password, such as "Qwerty123" or just left in a factory-default state forever? Is it secure? Obviously not... Of course, you can utilize many passwords, writing them down on a whiteboard in your server room or storing them in shared spreadsheets. But how would you force all members of your team to use these tools? Bet on it; someone will change accounts without updating a spreadsheet anyway, and this will happen daily.

Another point to consider is Regulatory Compliance standards, such as SOX and GLBA. These impose strict password management rules: password strength and the need to change them periodically, usually every three months or so. Moreover, access to protected data must be controlled and accessible to auditors to determine who accessed it and when. Routine control, updates, and reporting may require significant efforts and productivity tradeoffs. With hundreds of systems and devices, 100%-secure and compliant management of shared privileged accounts can become a real challenge. You will simply spend most of your time maintaining your passwords or even hire a dedicated person who will do this!

To address this problem, we designed a new product, Shared Identity Manager (SIM), to help organizations maintain and protect their privileged shared accounts of all types, from Active Directory and servers to routers and database systems. The backbone of the product is a secure facility for controlling access to account passwords. Users of this system will be able to perform provisioning, access passwords, and de-provision shared administrative accounts, all under centralized control and auditing.

Shared Identity Manager enforces a "check-out" concept: When someone wants to access a password, he or she needs to check-it out from the system and then check it back in when they are done using.

The centralized "check-out" system has several major advantages:

• All operations are logged for reporting and analysis. You can determine who accessed which passwords and when it happened.
  
• When a password is checked in, the system changes it to prevent further usage until it is checked out again.
  
• You can define password access rules to control who can use specific passwords based on their roles.
  

Article Source: http://www.article-heaven.com

Established in 2006, NetWrix Corporation provides innovative and cost-effective solutions that simplify and automate the management of Windows networks.

Please Rate this Article

5 out of 54 out of 53 out of 52 out of 51 out of 5 

Not yet Rated