Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access Manager is a system for securing access to privileged accounts.
It works by regularly randomizing privileged passwords on workstations,
servers, network devices and applications. Random passwords are
encrypted and stored on at least two replicated credential vaults.
Access to privileged accounts may be disclosed:
- To IT staff, after they have authenticated and their
requests have been authorized.
- To applications, replacing embedded passwords.
- To Windows workstations and servers, which need them to start services.
Password changes and access disclosure are closely controlled and audited,
to satisfy policy and regulatory requirements.
In an organization with thousands of IT assets, it
can be difficult to securely manage access to privileged accounts:
- There can be thousands of privileged passwords.
- Administrator passwords exist on each device and application.
- It is difficult to coordinate changes to shared passwords.
- When there are many shared, static passwords, former IT staff can
retain sensitive access after leaving an organization.
- It can be difficult to trace changes back to individuals who made
Privileged Access Manager secures privileged accounts on an enterprise scale:
- It periodically randomizes every privileged password.
- Users must sign into Privileged Access Manager when they need to use a
privileged account. Multi-factor authentication can be required.
- Privileged Access Manager launches login sessions on behalf of users,
without displaying passwords -- single sign-on.
- Logins to privileged user accounts can be recorded, including screen
capture and keyboard logging. This creates strong accountability
and forensic audit trails.