Almost all of business critical data is stored in various information systems of a company. Business scaling leads to a need to delegate administrative responsibilities to subordinates completely or partially, or extend the privileges of top management employees.
Therefore the heads of departments that use privileged accounts get access to additional confidential data. It is often the case that the access is granted without using a reliable system of controlling the privileged users. To increase informational security, the privileged users should use passwords unavailable to intruders. We all know that not every employee does so.
Informational security managers know that most of the employees ignore the rule of thumb for logical access to informational systems. This rule might be stated as “responsible and rational use of passwords”. However, as a rule, people do not use complex passwords complying to security policy. Moreover, they store their password in an unprotected, sometimes even in a publicly available place. Irresponsible attitude to password authentication method leads to unauthorized access to and illegal use of commercial information. No wonder that
“81% of breaches use either stolen or non-secure passwords”.
(As per Verizon Data Breach Investigations Report dated 2017, July 26th).
Therefore, the task of protecting the company information resources is of the highest priority. There are several methods to prevent unauthorized access to corporate data. One of those is to use software password manager or free password storage system. However, insufficient functionality of such software does not allow for required result:
- Still, a single-factor authentication is performed;
- Passwords are still stored in a place with little to no protection;
- Passwords are changed irregularly;
- A password usually does not conform to security policies;
- No strict personalization of all administrative accounts is present.
Also, such software might lack the automation of controlling the access to information system, as well as short term storage of data on what exactly has been done during privileged session and by whom. The said limitations make the work of information security service more complicated.
Only systematic approach to password management allows to solve these and other tasks related to privileged user management. Solutions of Indeed Privileged Access Manager are able to provide for such complex approach. The Indeed PAM supports the following features:
- granular granting of permissions;
- regular change of administrative passwords and keeping those in secret from user;
- several types of account data and access protocols;
- video and text recording of privileged sessions, as well as storage of records;
- two-factor authentication before granting of privileged access;
- keeping the register of privileged users;
- an opportunity to terminate a privileged session by system administrator in case of revealed violations.
For more information about Indeed Privileged Access Manager and its features please visit our website.