With technological advancement, organizations around the world are adapting to the current situation by increasing their IT infrastructure. Accordingly, the number of resources entitled to a person increases and the need to secure the password for access increases to prevent illegitimate access.
Passwords are limited by a manual password management problem that results in challenges like memory capacity and password security. Memory capacity limits a user’s ability to remember long and complicated passwords and write them down on a sticky note. This also hinders the security of a password by being tempted to use repeat passwords or easy to remember passwords across multiple accounts, exposing the passwords to theft and illegitimate user access.
Passwords should be protected and guarded throughout their entire lifecycle, from creation to end, through a set of defined practices for which there are strict password management rules. It ensures that passwords are stored and encrypted in a secure location known as a password vault and are passed onto the user only if he/she presents proper identification, granting the user access to devices and applications to which he/she is entitled to. The passwords in the vault also undergo rotation on a pre-defined frequency, and when a user requests access, he/she receives credentials from the vault in a controlled fashion.
Sectona Privileged Access Management solution provides a password vault that helps store access credentials of critical privileged accounts ensuring target IT assets are governed and protected at all times.
Sectona’s password vault is powered by commercial grade Oracle MySQL database that remains unexposed and tamper proof. The communication of the vault is with the Sectona PAM application through a secure protocol. It also caters to built-in High Availability (HA) architecture and thereby ensures higher security. Configuring Sectona PAM Vault to store credentials in AES 256 or RSA 2048 encrypted format, random and unique salt of defined encryption is used for every new privileged account credential entry. A unique and customizable encryption key can be defined that can be used to access the vault. The vault comes for two distinct categories – Primary Vault & Satellite Vault:
Satellite Vault administrators define which users or IT function owners can have access to satellite vault at the time of disaster scenario. The satellite vault authentication is also linked with a unique profile key generated from PAM at the time of user creation.