Eliminate Shared Accounts and Passwords - Hitachi ID Privileged Access Manager
Many organizations have insecure processes for managing privileged
accounts -- IDs and passwords on servers, workstations,
applications and network devices with elevated privileges.
Inappropriate disclosure of these passwords would lead to serious
- Hundreds or thousands of workstations and servers often share
the same ID and password. If the password on one device is
compromised, all of the devices that share the credential are
- Where a password is used on many systems or needed by many
people, it is difficult to coordinate password changes. As a result,
passwords on privileged accounts are often left unchanged for months
or years, creating an extended window of opportunity for an attacker.
- If privileged passwords are rarely changed, when IT staff leave an
organization, they retain access to sensitive systems.
- When many people know the password to a given account, it is
impossible to reliably connect changes (or security compromises)
to individual users.
Hitachi ID Privileged Access Manager is designed to address the challenges posed by
management of thousands of privileged accounts:
- Each privileged password is changed regularly -- usually once per day.
- Privileged passwords are set to random strings. No two are
ever alike and no single privileged account gets the same password
- IT staff are authenticated, personally, before gaining access to
administrator accounts such as Unix/root or Windows/Administrator.
- Programs that require access to sensitive passwords are authenticated,
using a one-time-password and their IP subnet, before being granted
access to a password.
- Access control rules and a workflow authorization engine determine
whether a given IT user or program may access a given password.
- Audit logs track access disclosure, creating accountability.