Organizations face business risks every day and must constantly balance the need to minimize risk with the cost of risk mitigation.

Hitachi ID Privileged Access Manager helps organizations address specific IT security risks:

Type of Risk

Mechanism of Failure

Business Impact

Risk Mitigation
Password guessing attack

Privileged accounts have static passwords. An intruder takes advantage of the long time period available for attack to correctly guess a sensitive password.

An intruder takes control of a sensitive system and may disclose confidential information, disrupt operations, inject errors, etc.

Set passwords to unique, random, constantly changing values.
Unreliable access termination

A user with legitimate access to sensitive systems leaves the organization. Access deactivation processes are unreliable and the departed user retains some access rights.

The former employee or contractor realizes that access rights persist and uses them to sign into corporate systems and may disclose confidential information, disrupt operations, inject errors, etc.

Eliminate password retention by constantly changing passwords.
Rights to manage many systems at one time

A user has legitimate access to many sensitive systems at the same time.

A malicious user may abuse the access rights to damage many systems. An innocent user may make a mistake that causes accidental damage to many systems.

Force administrators to access system through a central choke point.
Users sharing passwords

One user shares his password to a sensitive system with another user.

The second user can now authenticate as two different users, bypassing segregation of duties controls and committing fraud.

Constantly changing passwords cannot be shared.
Admins fail to coordinate

Multiple IT staff have legitimate, privileged access to the same system and may use it at the same time.

Multiple system administrators, acting simultaneously but without knowledge of one another, make changes to a system that are individually appropriate but damaging when combined.

Notify one administrator when another uses the same password.
Inadequate access during emergency

Only a few administrative users have access to a system.

During a system emergency, none of the administrative users may be reachable. As a result, much time elapses before someone is able to restore the system to normal operations.

Use workflow to enable one-off access disclosure when a system's regular administrators are unavailable.