Privileged password storage must be:
- Span at least two sites.
- Include all passwords.
- Happen in real time.
- Be inexpensive and easy to manage.
- Be encrypted.
- Tolerate low bandwidth.
- Tolerate high packet latency.
- Recover from network interruptions.
Background: Securing Privileged Accounts
Consider an organization which operates 1000 servers and where there are 5 administrator-level accounts on each server. To secure these, a privileged access management system may choose a new, random password for each of the 5000 accounts daily. This process improves security by:
- Ensuring that users only know the sensitive passwords they need to do their jobs.
- Compromise of a single password / login ID / system does not lead to compromise of any other systems.
- Limiting the time period during which a user has administrative access.
In other words, randomizing privileged passwords daily supports basic security principles:
Users who need access to a privileged account must first authenticate themselves, before connecting to the application or server in question.
The privileged access management system has an opportunity to apply access control rules and/or approval processes before connecting the session.
All sessions are logged, making IT users accountable for changes made on systems to which they had privileged access.