1.1 How Privileged Account Manager Solves the Business Challenges

Certain situations open potential back doors into systems and increase the likelihood of a security breach in an enterprise network. For example, when running some commands that require elevated privileges, users sometimes get exposed to the super user or root account credentials. Similarly, passwords are often not changed when a user is no more performing the administrative role.

Privileged Account Manager provides the capability to monitor, audit, and secure the actions of the users by using a centralized and automated management of privileged account. Privileged Account manager helps in overcoming the following challenges:

  • The superuser credentials are exposed.

  • The confidential data is exposed.

  • There is unrestricted access rights provided to the user.

  • The identity of the user who accessed a particular system remains unidentified.

Figure 1-1 Challenges of Using a Privileged Account in an Enterprise

The following sections provide details on how PAM provides solution to these challenges:

1.1.1 Protecting Privileged Account Credentials

Privileged Account Manager provides the capability to elevate specific user group as root, or super user without exposing the actual credential of the privileged account. This secures the credentials of the privileged account.

Privileged Account Manager saves the administrator’s credentials for any Windows, Linux, application, database, or hypervisors in a privileged credential vault. So, when users wants to perform some activity on a particular server, they log in with their user credentials, PAM verifies the policy defined for accessing that particular session, then based on the policy enters the credentials of the super user or root allowing the user to log in with administrator or root credentials.

This capability is helpful when the privileged account credentials are shared with more than one user. For example, outsourcing an IT operation, where the contractors, or external vendors are given extended and uninterrupted access to sensitive information and corporate assets. This may lead to data loss, or exposing sensitive data to security threat. Privileged Account Manager facilitates the following to protect the account credentials:

  • It limits corporate susceptibility to unauthorized transactions and information access by helping organizations rapidly deploy Superuser Privilege Management (SUPM) and tracking across all Windows, UNIX (AIX, Solaris, HPUX), and Linux environments. For more information, see Managing Privileges in Various Endpoints.

  • It can manage passwords and control access to the shared accounts, that is, Shared Account Password Management (SAPM). For more information, see Section 17.0, Privileged Access to Applications and Cloud Services.

  • It provides facility to monitor in real time and record the session, that is, Privileged Session Management (PSM). For more information, see Section 7.0, Managing Audit Reports.

  • It can securely generate and return random password for any application by using REST API calls, eliminating the use of hard coded password. Hence, facilitating Application-to-Application Password Management (AAPM). For more information about the REST API calls for password management, see the REST API documentation in the user console.

  • It provides facility to integrate with Security Information and Event Management (SIEM) system to analyze detailed usage data. For more information, see Section 17.0, Privileged Access to Applications and Cloud Services.

  • It reduces management overhead and infrastructure costs, controls and records which privileged users have access to what, and reduces costs and errors through demonstrable compliance audits.

  • It works by delegating privileged access, which is authorized via a centralized database. The end result is that a user is authorized to run the privileged command and all activity is logged.

  • It can be deployed quickly, provides faster response time, better logging and auditing and improved administration. The centralized database provides easier administration.

  • It provides a more secure system and a fast return on investment.

Figure 1-2 Privileged Account Manager Provides Solution to the Challenges