Eliminate Shared Accounts and Passwords - Hitachi ID Privileged Access Manager
Many organizations have insecure processes for managing privileged accounts -- IDs and passwords on servers, workstations, applications and network devices with elevated privileges. Inappropriate disclosure of these passwords would lead to serious security compromise:
- Hundreds or thousands of workstations and servers often share the same ID and password. If the password on one device is compromised, all of the devices that share the credential are compromised.
- Where a password is used on many systems or needed by many people, it is difficult to coordinate password changes. As a result, passwords on privileged accounts are often left unchanged for months or years, creating an extended window of opportunity for an attacker.
- If privileged passwords are rarely changed, when IT staff leave an organization, they retain access to sensitive systems.
- When many people know the password to a given account, it is impossible to reliably connect changes (or security compromises) to individual users.
Hitachi ID Privileged Access Manager is designed to address the challenges posed by management of thousands of privileged accounts:
- Each privileged password is changed regularly -- usually once per day.
- Privileged passwords are set to random strings. No two are ever alike and no single privileged account gets the same password twice.
- IT staff are authenticated, personally, before gaining access to administrator accounts such as Unix/root or Windows/Administrator.
- Programs that require access to sensitive passwords are authenticated, using a one-time-password and their IP subnet, before being granted access to a password.
- Access control rules and a workflow authorization engine determine whether a given IT user or program may access a given password.
- Audit logs track access disclosure, creating accountability.