Page 21 - index
P. 21
backdoors and other “unknowns.” A growing backlog of changes leaves sensitive information
unsecured for prolonged periods of time and creates a significant security hazard. To avoid
these issues, seek out a solution that features auto-discovery tools for new systems and
accounts to promote efficiency, while maintaining security.
If you have a solution for managing and distributing privileged access, it only makes sense to
then facilitate, control and monitor the user’s activities on the asset via session management.
Many enterprise password management vendors have a different approach to this, so there are
a few things to be cognizant of: First, figure out whether or not the vendor offers native session
management capabilities or relies on a partner solution (this can mean more complexity and
cost). If native capabilities are offered, are they included standard or do they carry an extra
cost? Finally, do they require end users to have Java agents on their machines? If so, consider
that a red flag, because you might end up with a serious Java headache. Java requires regular
security patches, and you are occasionally required to downgrade security on the applet for it to
run. Java agents can also hamper user experience with clunky interfaces and performance
problems that discourage end-user adoption. Businesses should be aware that there are
alternative enterprise password management solutions in the marketplace that can enable
secure RDP and SSH session management via native tools – without ever passing credentials
to the client.
While security is the fundamental driver behind enterprise password management, a solution
that always requires human intervention from an administrator to act as a gatekeeper can
hamper scalability and productivity – especially in emergencies. It’s important for organizations
today to choose a solution that can not only involve humans when necessary, but also offer
policy-based dynamic permissioning and break-glass capabilities to streamline productivity and
ensure business continuity. The assets your corporate passwords are protecting are likely the
lifeblood of your organization, it’s important to treat them that way.
About The Author
Rod Simmons brings more than 15 years of system security
experience to BeyondTrust, designing solutions for the company’s
portfolio of Privileged Account Management solutions for enterprise
environments.
Prior to his role at BeyondTrust, Rod spent more than four years with
Dell/Quest software, where he served as the director of technical
strategy. Earlier in his career, Rod was the director of product
management at Netpro Computing, where he managed the technical
and business direction of all products for the Microsoft Platform. Rod can be reached online at
[email protected] and at the company website, www.beyondtrust.com
21 Cyber Warnings E-Magazine – October 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
