The particular problem with passwords and identity that data centers have is that many infrastructure devices are built with hardwired user names (e.g. ‘administrator’, ‘root’, db2admin, system) to allow management of the device, or troubleshooting in the event of problems. Although there are typically management processes to control how, when, and to whom passwords are divulged, operations staff that work on the devices could build up knowledge of devices’ passwords over time. This – however honest organizations think their employees are – constitutes a risk that should be understood, and in some industries must be reported as part of compliance obligations.

Enterprise Password Vault (EPV), acts as a highly secure central repository for devices’ passwords, and controls their release via automated and fully audited processes. Individuals’ requests for passwords can be authenticated, and the requirement for approval by a manager can be built in before passwords are released. Importantly, EPV can activate a password change to take effect subsequent to the release and use of a password, so that there is no compromise to security in the long term.

The range of data center device types for which EPV can address this problem has been broadened significantly in this latest release. As well as having added support for more devices from data center equipment suppliers such as F5, Fortinet, HP, Sun, and Alcatel, in-depth integration with WebSphere and WebLogic application servers is included – this automatically replaces hard-coded password exchanges within applications by calls to Cyber-Ark methods that fetch the passwords from their secure location within EPV, thereby incorporating consistently strong security.

EPV now also includes the capability to connect with user workstations running on Windows, and to root out problematic practices relating to application passwords. It has been proven operationally with estates of over 50,000 end user machines.

In adaptations relating to its increasing use in larger organizations and across a broader range of technologies, the management of security and workflow policies related to privileged accounts and passwords can be more automated in this latest release, and workflow operations can be incorporated in order to streamline operations. An improved dashboard is also included, which highlights policy violations, verification and reconciliation alerts, auto-detection status, and objects requiring attention. Additionally, new audit entitlement reports now list the effective access control and authorization levels of users to different systems across the enterprise.

The roots of EPV were an important contributor to be considered in mitigating the risks relating to privileged passwords, arising mostly among data center technologies. With great expansion of its technology coverage, and its market credentials now augmented by integrations with the identity management solutions from market-leading providers (Sun, IBM, Oracle and Courion), enterprises view EPV as a vital tool for managing the risk involved with poor password protection, and overcoming the inefficient alternative means of doing the job.

Cyber-Ark illustrates the scale of operational issues from which some of its customers have taken refuge, quoting a cost of five man days per month to change passwords manually on just 50 servers. This represented an approach that might attempt to address the problem, but could still be compromised. The company is gaining dozens of sizeable new customers every quarter, and many organizations could find their main identity management supplier, as a partner with Cyber-Ark, representing EPV as a crucial piece of the compliance puzzle. While it might add somewhat to the budget of an identity-focused compliance program, organizations should consider it strongly. The alternative of failing a compliance audit is most unattractive.

Source: OpinionWire by Butler Group (www.butlergroup.com)