It can be difficult to securely manage access to thousands of privileged accounts. Consequently, in many organizations, the passwords to privileged accounts are:
- known to many people, possibly including former staff,
- often the same on many systems,
- rarely if ever changed and
- stored in plaintext, by people and by applications.
There are serious consequences to these password management practices, including:
- There is no accountability for use of shared, privileged accounts. This is both a security / regulatory compliance problem and a problem with diagnosing operational problems.
- Former staff may retain sensitive access.
- Attackers have an easier time compromising these dangerous accounts.
- If one system is compromised (e.g., an IT user's PC or an application server), the attacker can leverage passwords stored or typed on that system to compromise additional systems.
The Hitachi ID Privileged Access Manager solution
Privileged Access Manager helps organizations to secure privileged accounts:
- Eliminate static and shared passwords.
- Enforce strong authorization controls over who can access which administrative account and when.
- Personally authenticate IT staff before granting access to privileged accounts.
- Create an audit log of who accessed each privileged account and when.