It can be difficult to securely manage access to thousands of privileged accounts. Consequently, in many organizations, the passwords to privileged accounts are:
- known to many people, possibly including former staff,
- often the same on many systems,
- rarely if ever changed and
- stored in plaintext, by people and by applications.
There are serious consequences to these password management practices, including:
- There is no accountability for use of shared, privileged accounts. This is a security risk and regulatory compliance problem and can increase the difficulty of diagnosing operation problems and auditing user access.
- Former staff may retain sensitive access.
- Malicious actors have an easier time compromising an enterprise's systems.
- If one system is compromised (e.g., an IT user's PC or an application server), the threat actor can leverage passwords stored or typed on that system to compromise additional systems.
The Hitachi ID Privileged Access Manager Solution
Hitachi ID Privileged Access Manager improves the security of privileged accounts by:
- Eliminating static, shared, well-known passwords.
- Ensuring that former IT staff cannot access sensitive infrastructure.
- Requiring strong, personal authentication of users prior to accessing privileged accounts.
- Enforcing robust policy over who can access privileged accounts.
- Recording a detailed audit trail of privileged login sessions.
Privileged Access Manager reduces the cost of managing passwords on privileged accounts by automating the password change, storage and disclosure process.