Monday February 06 , 2012
Text Size
   
  • Information Security
  • Endpoint Security
  • Governance Regulatory Compliance
  • Network/Infrastructure Security
  • Web Security
datawarehouse

Ensure Confidentiality, Integrity and Privacy of Critical Information

datawarehouse

Protection of Computer Systems and Devices

datawarehouse

Risk Management and Ensure Compliance to Regulations

datawarehouse

Protection for your Local Area Network (LAN) and infrastructure

datawarehouse

Secure Web Content and Infrastructure

Application ID Management


The Challenge

Passwords can be found in application codes, scripts and configuration files which poses security threats and auditing issues as they are commonly hard-coded and in clear text visible.

embedded_password_risks

Figure 1: The Risk of Embedded Passwords

This potentially creates “back-door” for anyone to access critical information through these application identities.

Common risks involved in organizations for application identity are as follows:

  • Stored in clear text(not encrypted)

    All applications/scripts will be visible to the developers and support staff that has access to the system where it is resided. Hence, these exposed application identities could be used to bypass application control and monitoring.

  • Hard coded

    Application passwords are typically hard-coded in the application/script. If the password is changed (due to compliance, policies or regulatory reasons), the affected applications/scripts need to be changed and recompiled. It is also difficult to separate the production and development environments; Passwords will be different for each environment and hence a recompilation will be required for the various environments.

  • Static and unchanged

    These passwords are difficult to change, due to the impact on the applications/scripts. Thus application passwords generally remain static and usually set as non-expiring which is typically not compliant to corporate password policies and regulatory compliance.

    Another challenge may occur where developers leave the company with the known sensitive application/script/database passwords.

  • Shared

    Application passwords are often shared by several applications which compound the problem. These passwords could become well known over time and audit or usage of these passwords is difficult to track.

The Solution

The solution addresses and solves the security, audit and manageability challenges involved in application passwords embedded in application code, scripts or configuration files. This is accomplished with a secure repository for all application passwords where passwords can be managed and usages of these passwords are logged centrally.

solutionarchitecture

Figure 2: Solution Architecture

With this sophisticated security solution, your applications/scripts will eliminate all hard-coded and embedded passwords with a single function call, via command line interface (CLI) or native API (COM, Java, C/C++, and .NET).


The BenefitWe provide a complete solution for central management of your privileged application identities which ensures that the life-cycle of the identities is handled based on your corporate password policies, to meet any regulatory compliance.

As such, the benefits which the solution brings to you include:
  • Removal of passwords from all scripts and application
  • All passwords at rest and in transit to the requesting application/script are encrypted
  • Granular access control to the managed application passwords
  • Full accountability and auditing capability for the usage of the password
  • The ability to change passwords on demand and according to the corporate policy without any interruption to production or need for development/testing and IT support
  • High Availability, Redundancy and Business Continuity - no downtime for applications