To the organization as a whole
Hitachi ID Privileged Access Manager improves the security of privileged accounts by:
- Eliminating static, shared, well-known passwords.
- Ensuring that former IT staff cannot access sensitive infrastructure.
- Requiring strong, personal authentication of users prior to accessing privileged accounts.
- Enforcing robust policy over who can access privileged accounts.
- Recording a detailed audit trail of privileged login sessions.
Privileged Access Manager reduces the cost of managing passwords on privileged accounts by automating the password change, storage and disclosure process.
To individual system and application administrators
There are many benefits to administrators who use Privileged Access Manager to replace manual management of privileged passwords:
- Single sign-on to privileged accounts -- i.e., sign into the Privileged Access Manager portal once and launch as many privileged login sessions are required from there, without having to re-authenticate.
- Not having to find the current value of passwords to privileged accounts (e.g., through a request process, spreadsheet, paper list, etc.).
- Not having to know the current value of privileged passwords (there may be too many).
- Not having to manually change privileged passwords, which can be complex to coordinate among multiple users or programs that need to know it.
- Concurrency control -- knowing who else is working on a system at the same time and (where needed) preventing concurrent changes to the same system.
- Accountability -- if a change was made at a given time, it's clear who made it. If there was a problem, it's easy to see who to talk to about that change to fix the problem. The wrong administrator is no longer bothered by accusations of causing problems if he did not sign into a system.
- Knowledge sharing -- the ability to record administrator sessions makes it possible for admins to retroactively share instructions for how to perform a task. i.e., an administrator can respond to a question about how to do something made by another administrator by finding an instance where he performed the same function in the past and sending a video recording of that work to the person asking the question.