Previous PDF

swipe to navigate

Applications often need to connect to other applications or services on the network to function. For example, a web application may have to connect to one or more databases to retrieve or update data, to web services to initiate transactions, to a directory to create or update user objects, etc.

When an application connects to a network service, it uses credentials -- normally an ID and password -- to do so. This raises some questions about password management:

  1. Where is the password used by an application to sign into a network service stored?
  2. Does the password ever change?
  3. How is the stored password protected against compromise?

A privileged access management system must be able to address these questions.

Basic network architecture

The basic arrangement where an application needs to authenticate a connection to a network service is illustrated in Figure [link]


    Baseline problem: passwords embedded in scripts and configuration files

The problems of managing and securing these connection credentials are illustrated in Figure [link]. In short, these passwords are often plaintext, visible to many (IT or other) users and static.


    Security problems with passwords embedded in scripts and configuration files

Previous PDF