IT staff often use generic login IDs, such as root on Unix, Administrator on Windows and sa on SQL Server to manage systems. These IDs have the highest privileges but are not directly linked to people. As a result, there is no traceability from administrative changes to the people who made them.
For example, there may be an audit trail showing that someone used the Administrator account to read an HR file, but there may be no indication as to which of several authorized IT users actually signed on with this account.
Hitachi ID Privileged Access Manager Solution
- Privileged Access Manager randomizes administrator passwords frequently, so that each password is different, changes over time and in any case is not known to anyone.
- Privileged Access Manager mediates logins to these accounts, requiring that users be personally identified, strongly authenticated and specifically authorized for the access.
- The number of users who are allowed access to any given account at the same time can be limited. If the limit is set to 1 (the default), then by matching the time stamp of changes on the system to check-outs, it is possible to identify the user who made each change.
- Session recording makes it possible to know not only that a given user was connected, but also what the user did in the context of each login session.
User of shared accounts with elevated privileges is personally linked to IT staff, creating strong accountability for changes.