How to Keep Privileged Accounts Safe and Share Them Securely?

It’s a matter of fact: Every IT team needs to use large numbers of user identities and passwords for managing servers, network devices, databases, etc. It is very simple if the organization is small and you are the only systems administrator. But it becomes difficult as soon as two or more people start to work with these accounts. Privileged accounts, such as that of the domain administrator or service account, allow very powerful, usually unlimited access to system and data, and if they are not properly secured and maintained, they represent a very high risk to an organization’s security.

How many servers and devices are accessible under your “favorite” password, such as “Qwerty123” or just left in a factory-default state forever? Is it secure? Obviously not… Of course, you can utilize many passwords, writing them down on a whiteboard in your server room or storing them in shared spreadsheets. But how would you force all members of your team to use these tools? Bet on it; someone will change accounts without updating a spreadsheet anyway, and this will happen daily.

Another point to consider is Regulatory Compliance standards, such as SOX and GLBA. These impose strict password management rules: password strength and the need to change them periodically, usually every three months or so. Moreover, access to protected data must be controlled and accessible to auditors to determine who accessed it and when. Routine control, updates, and reporting may require significant efforts and productivity tradeoffs. With hundreds of systems and devices, 100%-secure and compliant management of shared privileged accounts can become a real challenge. You will simply spend most of your time maintaining your passwords or even hire a dedicated person who will do this!

To address this problem, we designed a new product, Shared Identity Manager (SIM), to help organizations maintain and protect their privileged shared accounts of all types, from Active Directory and servers to routers and database systems. The backbone of the product is a secure facility for controlling access to account passwords. Users of this system will be able to perform provisioning, access passwords, and de-provision shared administrative accounts, all under centralized control and auditing.

Shared Identity Manager enforces a “check-out” concept: When someone wants to access a password, he or she needs to check-it out from the system and then check it back in when they are done using.

The centralized “check-out” system has several major advantages:

* All operations are logged for reporting and analysis. You can determine who accessed which passwords and when it happened.
* When a password is checked in, the system changes it to prevent further usage until it is checked out again.
* You can define password access rules to control who can use specific passwords based on their roles. 

Moreover, Shared Identity Manager will perform automatic maintenance of accounts: change passwords based on your schedule, and update account information in all affected places, such as service accounts, scheduled tasks, etc. The product discovers all of these places automatically to determine where accounts are used; there is no need to thoroughly remember them anymore.

Register for your free evaluation: http://www.netwrix.com/requeste.html?product=sim
Download the product datasheet: http://www.netwrix.com/download/Datasheets/sim_datasheet.pdf

0Shares

Leave a Reply

Your email address will not be published. Required fields are marked *