Privileged IT staffers literally holds the keys to the castle. Access to those keys that open the doors to critical operating system and application resources must be carefully managed and legally audited. Enter the class of products referred to as privilege account management wares.
Privileged access isn't 'single sign-on", which is more of an end-user convenience issue as well as a security spoofing prevention method. PAM products provide controlled privileged access for IT administrators and power users.
Operating systems running on critical servers and even high-end business applications running on Oracle and SQL Server databases don't always have appropriate ticketing systems for granting privileged access. And there's increasing pressure from both internal auditing and government compliance agencies for companies to know who had privileged access, when they had it, and if at all possible, what was done with the access.
Generally, with controlled privileged access, a request is made by IT staff through the PAM product for a privileged account password.
Most products tested require that all requests be approved. Granting such a request may take more than one administrative nod, as some organizations may choose to use several specific individuals or draw from a pool of individuals that must give a recorded stamp of approval before the privileged password is granted.
The privileged password is only granted for a period of time. The password may expire in short order or be automatically updated by the PAM software to something no one (but the system itself) actually knows at all -- only the PAM system.
There may need to be verification that the password wasn't changed by the then-privileged user -- a check typically accomplished by a shadow privileged account maintained by the PAM system itself -- and perhaps a subsequent action that changes the password and verifies that this has been done so that the new privileged password is known only to the PAM system.
So the key value proposition for any PAM product is access control coupled with referential integrity of privileged passwords.
Using PAM systems may also require a leap of faith as they can take full and total responsibility for the administrative passwords. If you lose their availability -- either by technical glitch or some sort of theft -- all privileged passwords are lost. The PAM database of passwords must also be highly available, meaning that IT should have alternative accessibility measures in place, such as a mirror image or a rapid restoration capability.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 2008-12-04 15:04:00+11
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 2008-12-04 13:34:00+11
Charles Sturt University Commences Unified Communications Deployment With Interactive Intelligence 2008-12-04 08:30:00+11
AOC Launches 18.5” Widescreen Green 16:9 LCD Monitor in Australia and New Zealand 2008-12-03 15:30:00+11
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Web 2.0 applications are all the rage, offering us tremendous value when it comes to collaboration and communication. They also open us up to new kinds of attacks however, and can cause problems in keeping systems and data secure. Read on to learn about the new attack methods and how you can defend yourself and your business.
Buying Guides
