Previous PDF

swipe to navigate

Applications often need to connect to other applications or services on the network to function. For example, a web application may have to connect to one or more databases to retrieve or update data, to web services to initiate transactions, to a directory to create or update user objects, etc.

When an application connects to a network service, it uses credentials -- normally an ID and password -- to do so. This raises some questions about password management:

  1. Where is the password used by an application to sign into a network service stored?
  2. Does the password ever change?
  3. How is the stored password protected against compromise?

A privileged access management system must be able to address these questions.

Basic network architecture

The basic arrangement where an application needs to authenticate a connection to a network service is illustrated in Figure [link]

Baseline problem: passwords embedded in scripts and configuration files

Baseline problem: passwords embedded in scripts and configuration files

The problems of managing and securing these connection credentials are illustrated in Figure [link]. In short, these passwords are often plaintext, visible to many (IT or other) users and static.

Security problems with passwords embedded in scripts and configuration files

Security problems with passwords embedded in scripts and configuration files

Previous PDF