Skip to main content

IT Accountability - Hitachi ID Privileged Access Manager

Business Challenge

IT staff often use generic login IDs, such as root on Unix, Administrator on Windows and sa on SQL Server to manage systems. These IDs have the highest privileges but are not directly connected with people. As a result, access to sensitive systems and data by IT staff is not traceable to them individually, creating a gap in accountability.

For example, there may be an audit trail showing that someone used the Administrator account to read an HR file, but there may be no indication as to which of several authorized IT users actually accessed the file.

Hitachi ID Privileged Access Manager Solution
  • Privileged Access Manager randomizes administrator passwords frequently -- in a typical deployment, this is done daily.
  • IT staff do not know the current password, so must sign into Privileged Access Manager to get it.
  • Privileged Access Manager discloses sensitive passwords for a short period of time and re-randomizes passwords when the time elapses.
  • This process reduces the number of people who could have performed sensitive actions on a given system at any given point in time to just those to whom the password was known at that time.
  • Privileged Access Manager can be configured to limit the number of people who simultaneously know a password -- for example, to just one.

Privileged Access Manager records and discloses information about every administrative login, to every system.

page top page top