Skip to main content

Hitachi ID Privileged Access Manager Overview

Hitachi ID Privileged Access Manager is network security software designed specifically to address the problem of insecure, static and well-known administrator passwords.

Hitachi ID Privileged Access Manager: Privileged Access Management In a typical enterprise-scale organization there are thousands of servers, workstations and network devices. Normally, there is a single, shared administrator password for every type of device. For example, one password may be used for each workstation of a given type or for every server with a given configuration. This is convenient for data center and desktop support staff: if they need to perform maintenance or an upgrade on a workstation or server, they know how to log in.

Such static and well-known privileged passwords create both operational challenges and security problems:

  • When administrator login IDs are shared by multiple IT users, there is no audit log mapping administrative changes to individual IT staff. If an administrator makes a change to a system that causes a malfunction, it can be difficult to determine who caused the problem.

  • When the same privileged account and password exists on many systems, it is hard to coordinate password changes. As a result, privileged passwords are rarely changed and are often known to ex-employees.

The obvious solution to the security vulnerability of static and shared privileged passwords is to change these passwords so that each one is unique and changes regularly. Doing this can be technically challenging, however:

  • There are thousands of privileged passwords:

    Clearly automation is required to manage them.

  • There are passwords on many kinds of systems:

    The automation must include many integrations, with different kinds of systems (Windows, Unix, SAP, mainframe, Oracle, etc.).

  • The majority of privileged passwords are on PCs and laptops.

    Workstation passwords present special challenges:

    • Workstations may be powered down.
    • Workstations may be disconnected from the network.
    • Workstations may not be reachable from a central data center because they are behind firewalls.

  • Connectivity to servers.

    • Servers may not be up 100% of the time.
    • Servers may not be reachable from a single data center network segment. Specifically, they may be on different network segments, blocked off from the password management system by one or more firewalls.

  • Secure, reliable storage.

    Once automation is implemented to regularly change passwords, technical challenges regarding their storage must be addressed. The password storage system must:

    • Be secure. An insecure storage system, if compromised, would allow an intruder to gain administrative access to every device in the IT infrastructure.

    • Be reliable. A disk crash or facility interruption affecting the password storage system would make every administrator ID unavailable.

    • Include fine-grained access controls. Only the right administrators should get access to the right passwords, after proving their identity.

    • Log access disclosure. Access to privileged accounts must be logged, to create accountability.

These challenges are not trivial -- a custom software development project may get some of them wrong, with possibly disastrous consequences.

To ensure robust management of administrator passwords, it makes sense to acquire and deploy an expertly built application for managing administrator passwords. That application is Privileged Access Manager.

Read More:

  • Features:
    Privileged Access Manager is a system for securing access to privileged accounts. It works by regularly randomizing privileged passwords on workstations, servers, network devices and applications. Random passwords are encrypted and stored on at least two replicated servers.
  • Business Case:
    Privileged Access Manager helps organizations secure access to privileged accounts by randomizing their passwords and forcing users to sign into Privileged Access Manager when they need privileged access. It automatically deactivates access for departed IT users and creates a forensic audit of login session to sensitive accounts.
  • Screen Shots:
    Snapshots of the Privileged Access Manager web interface.
  • Screen Recordings:
    Recordings of user interaction with Privileged Access Manager.
  • Concept Animations:
    Animated demonstrations illustrating user interaction with Privileged Access Manager and data flow between components on the network.
  • Slide Decks:
    Slide presentations that discuss privileged access management in general and Privileged Access Manager in particular.
page top page top