Sectona Logo
  • Platform

    Sectona Security Platform

    Sectona Security Platform Thumbnail
    Explore Platform

    Products

    Privileged Access Management Icon

    Privileged Access Management
    Manage Passwords, Secrets & Monitor Sessions

    Endpoint Privilege Management Icon

    Endpoint Privilege Management
    Control and Secure Administrators Credentials

    Privileged Access Governance Icon

    Privileged Access Governance
    Govern Privileged Entitlement

    Platform Capabilities

    Continuous Discovery Icon

    Continuous Discovery

    Password Management Icon

    Password Management

    Secure Remote Access Icon

    Secure Remote Access

    Session Recording and Threat Analytics Icon

    Session Recording and Threat Analytics

    Multi-Factor Authentication Icon

    Multi-Factor Authentication

    Just-in-time Access Icon

    Just-in-Time Access

    Privileged Task Management Icon

    Privileged Task Management

    Account Lifecycle Management Icon

    Account Lifecycle Management

  • Solutions
    Accelerating Privilege Management Thumbnail

    Accelerating Privilege Management Transformation

    Read Whitepaper
    By Use Case Icon

    BY USE-CASES

    Secure Remote Privileged access

    Remove Administrator Rights

    Secure Cloud Environments

    Automate Entitlement Reviews

    Simplify Privileged Account Lifecyle

    By Initiative Icon

    BY INITIATIVE

    PCI-DSS Compliance

    ISO 27002

    SWIFT Security Framework

    Documentation Downloads Request Demo
  • Resources
    Accelerating Privilege Management Thumbnail

    Accelerating Privilege Management Transformation

    Read Whitepaper
    Resources Icon

    RESOURCES

    Datasheets

    Solution Briefs

    Whitepapers

    Case Studies

    Guides & Toolkits

    View All Resources

    Learn Icon

    LEARN

    PAM 101

    Technology Blog

    Product Updates

    Documentation

    Explore

    Documentation
    Learn How to Implement & Manage
    Downloads
    Find Software, Plugins & Updates
    Request Demo
  • Services

    From the Blog

    Gartner Magic Quadrant

    Gartner Magic Quadrant 2021: Sectona PAM Gets a Notable Mention

    Read Whitepaper
    TRAINING & SERVICE Professional Services Get the help you need to succeed with your privileged access management project.Explore
    Training & Certification Access learning and trainings options to improve the success of Sectona platform.Explore
    Get Support Icon

    GET SUPPORT

    Email Us

    Create a Case

    Customer Success

    Download Resources

    Explore

    Documentation
    Learn How to Implement & Manage
    Downloads
    Find Software, Plugins & Updates
    Request Demo
  • Company
    COMPANY
    Company Thumbnail

    About Us

    Customers

    Events

    Contact Us

    PARTNER
    Partner Thumbnail

    Find a Partner

    Become a Partner

    Register a Deal

    CAREERS
    Career Thumbnail

    Join the Team

    Explore Career Opportunities

    Explore Fellowship Program

    Become a Partner Become a Partner
Request Demo
Sectona Logo
  • Home
  • Platform
    • Continuous Discovery
    • Password Management
    • Secure Remote Access
    • Session Recording and Threat Analytics
    • Multi-Factor Authentication
    • Just In Time Access
    • Privileged Task Management
    • Account Lifecycle Management
    • Windows Privilege Management
    • Privileged Access Governance
  • Solutions
    • Secure remote privileged access
    • Remove Administrator Rights
    • Secure Cloud Environments
    • Automate Entitlement Reviews
    • Simplify Privileged Account lifecycle
    • PCI DSS Compliance Pertaining to Privileged Access
    • ISO 27002 Standard – Best Practices for PAM
    • SWIFT Security Framework For Privileged Access
  • Resources
    • Blog
    • PAM 101
    • Resources
  • Services
    • Professional Services – Personalised Industry Based Solution
    • Training & Certifications – Gain Insight into Sectona Platform
  • Company
    • About Us
    • Contact Us
    • Branding
    • Customers
  • Partner
    • Find a Partner
    • Become a Sectona Partner
    • Register a Deal
  • Explore
    • Documentation
    • Downloads
    • Free Edition – Get Your Free Trial Today
    • Explore the Sectona Security Platform
Menu
  • Home
  • Platform
    • Continuous Discovery
    • Password Management
    • Secure Remote Access
    • Session Recording and Threat Analytics
    • Multi-Factor Authentication
    • Just In Time Access
    • Privileged Task Management
    • Account Lifecycle Management
    • Windows Privilege Management
    • Privileged Access Governance
  • Solutions
    • Secure remote privileged access
    • Remove Administrator Rights
    • Secure Cloud Environments
    • Automate Entitlement Reviews
    • Simplify Privileged Account lifecycle
    • PCI DSS Compliance Pertaining to Privileged Access
    • ISO 27002 Standard – Best Practices for PAM
    • SWIFT Security Framework For Privileged Access
  • Resources
    • Blog
    • PAM 101
    • Resources
  • Services
    • Professional Services – Personalised Industry Based Solution
    • Training & Certifications – Gain Insight into Sectona Platform
  • Company
    • About Us
    • Contact Us
    • Branding
    • Customers
  • Partner
    • Find a Partner
    • Become a Sectona Partner
    • Register a Deal
  • Explore
    • Documentation
    • Downloads
    • Free Edition – Get Your Free Trial Today
    • Explore the Sectona Security Platform

Password Vaulting

Storing privileged account credentials in an encrypted and a secure service

Explore Platform

What is a Password Vault?

A Password Vault is a system that facilitates storing passwords in an encrypted form in a secure digital location. The stored and encrypted passwords are automatically fetched at the time of access and passed on to the user transparently or in clear text as desired, establishing communication to his/her entitlements.

Why do we Need a Password Vault?

With technological advancement, organizations around the world are adapting to the current situation by increasing their IT infrastructure. Accordingly, the number of resources entitled to a person increases and the need to secure the password for access increases to prevent illegitimate access.

Passwords are limited by a manual password management problem that results in challenges like memory capacity and password security. Memory capacity limits a user’s ability to remember long and complicated passwords and write them down on a sticky note. This also hinders the security of a password by being tempted to use repeat passwords or easy to remember passwords across multiple accounts, exposing the passwords to theft and illegitimate user access.

Passwords should be protected and guarded throughout their entire lifecycle, from creation to end, through a set of defined practices for which there are strict password management rules. It ensures that passwords are stored and encrypted in a secure location known as a password vault and are passed onto the user only if he/she presents proper identification, granting the user access to devices and applications to which he/she is entitled to. The passwords in the vault also undergo rotation on a pre-defined frequency, and when a user requests access, he/she receives credentials from the vault in a controlled fashion.

Sectona Password Vault?

Sectona Privileged Access Management solution provides a password vault that helps store access credentials of critical privileged accounts ensuring target IT assets are governed and protected at all times.

Sectona’s password vault is powered by commercial grade Oracle MySQL database that remains unexposed and tamper proof. The communication of the vault is with the Sectona PAM application through a secure protocol. It also caters to built-in High Availability (HA) architecture and thereby ensures higher security. Configuring Sectona PAM Vault to store credentials in AES 256 or RSA 2048 encrypted format, random and unique salt of defined encryption is used for every new privileged account credential entry. A unique and customizable encryption key can be defined that can be used to access the vault. The vault comes for two distinct categories – Primary Vault & Satellite Vault:
Password Vault
  • Primary PAM Vault is the principal vault communicating with the PAM application responsible for storing credentials and critical data. While this is a centralized vault, the vault could be replicated for multiple instances – namely Primary, HA, DR, and Remote Site. While primary is the principal vault, HA is a near-backup vault, DR is a far-backup vault and remote site is an additional instance of a far backup vault which may or may not be common.
  1. Primary Instance: This is the primary mode of storing facility, which caters to a user’s immediate and principal access point and keeps him/her connected with his resources.
  2. High Availability Instance: Also known as the Fallback Instance, the High Availability Instance acts as a backup when the primary Vault goes down and takes over the Primary Instance mantle and ensures the user can get the required access. The initial primary Instance becomes the HA instance after it is back up online. The HA instance is a replica of the primary instance, always synchronized, enabling the HA to take over the responsibility when the primary instance is not available.
  3. Disaster Recovery Instance: When both the Primary and High Availability Instances are not available due to a failure or shutdown, the DR Instance provides the users with the required credentials to their resources, ensuring business continuity. Configuration to alternate the access node directing it to DR instance in case of a failure in primary and HA can be set in the solution.
  4. Remote Instance: A Remote Site Instance is a partial configuration on a remote DC location as part of the Primary PAM vault, which helps provide access in the temporary unavailability of primary vault. It is a replica of the primary Instance present in a different location, configured for privileged users in an organization requiring simultaneous access to target assets from two different locations.
  5. Sectona Remote site instance works as a partial primary PAM instance, which works as a primary instance to provide sessions in the event of a temporary unavailability of actual primary instance. And once a connection is established, they revert to their original roles. The remote site instance passes along the access log entries to the actual primary instance to ensure vault’s synchronization.
  • Satellite Vault is a secondary offline vault, configured on a secure isolated machine in the same network as the primary vault, easily accessible to users at the time of a Break-Glass Scenario. Satellite Vault is an offline copy of the Primary Instance of primary vault, ensuring complete synchronization by replicating a copy of privileged account credentials, whenever changed as per password rotation policy or ad hoc to maintain the latest copy.

    Satellite Vault administrators define which users or IT function owners can have access to satellite vault at the time of disaster scenario. The satellite vault authentication is also linked with a unique profile key generated from PAM at the time of user creation.

Deployment Architecture
Break Glass Scenario
When Sectona PAM is down, as per break-glass scenario, satellite vault administrators will log in to the offline vault and grant authorization for limited access to a set of users. Users can authenticate to the satellite vault with the help of their profile key and subsequently can see a list of authorized assets for the user as per defined access policy. Users can then check out the privileged account credentials to a target server/device without PAM for further use until primary PAM is up and running. The password is thoroughly audit trailed to record checkouts, which are allowed to be viewed only by the administrator.

Advantages of Sectona Password Vault

Apart from securing the credentials in a secure location, password vaults offer the following benefits as well:

  • Unique, random, and difficult passwords in compliance with best practice password policies.
  • Grants users the access to IT resources by logging in only once.
  • Automates the process of password change and takes away the risk of manually managing passwords.

Related Concepts

Password-Rotation-Pam-101-Featured-Image
Password Management

Password Rotation: Need to Rotate Privileged Account Passwords

February 22, 2021
Read More
Password-Reconciliation-Pam-101-Featured-Image
Password Management

Password Reconciliation – Enabling Synchronized Password Management

February 19, 2021
Read More
Password-Reset-Vs-Password-Change-Pam-101-Featured-Image
Password Management

Password Reset v/s Password Change

February 15, 2021
Read More

Contents

  • 1 Password Vaulting
    • 1.1 What is a Password Vault?
    • 1.2 Why do we Need a Password Vault?
    • 1.3 Sectona Password Vault?
    • 1.4 Advantages of Sectona Password Vault
    • 1.5 Related Concepts
    • 1.6 Password Rotation: Need to Rotate Privileged Account Passwords
    • 1.7 Password Reconciliation – Enabling Synchronized Password Management
    • 1.8 Password Reset v/s Password Change
Was this article helpful?
YesNo

Explore


  • About
  • Careers We're Hiring
  • Contact Us
  • Security Platform
  • Partners
  • Documentation
  • Sectona Blog
  • PAM 101New
  • Branding
  • Events

Capabilities


  • Continuous Discovery
  • Password Management
  • Secure Remote Access
  • Session Recording and Threat Analytics
  • Mutli-Factor Authentication
  • Just-in-Time Access
  • Privileged Task Management
  • Account Lifecycle Management

Solutions


  • Secure Remote Privileged Access
  • Remove Administrator Rights
  • Secure Cloud Environments
  • Automate Entitlement Reviews
  • Simplify Privileged Account Lifecyle
Sectona Gartner Peer Insights Rating Sectona ISO Certification
Sectona Logo

© 2023 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.

PRIVACY POLICY | TERMS | EULA | RESPONSIBLE DISCLOSURE

Scroll to top
  • Home
  • Platform
    • Continuous Discovery
    • Password Management
    • Secure Remote Access
    • Session Recording and Threat Analytics
    • Multi-Factor Authentication
    • Just In Time Access
    • Privileged Task Management
    • Account Lifecycle Management
    • Windows Privilege Management
    • Privileged Access Governance
  • Solutions
    • Secure remote privileged access
    • Remove Administrator Rights
    • Secure Cloud Environments
    • Automate Entitlement Reviews
    • Simplify Privileged Account lifecycle
    • PCI DSS Compliance Pertaining to Privileged Access
    • ISO 27002 Standard – Best Practices for PAM
    • SWIFT Security Framework For Privileged Access
  • Resources
    • Blog
    • PAM 101
    • Resources
  • Services
    • Professional Services – Personalised Industry Based Solution
    • Training & Certifications – Gain Insight into Sectona Platform
  • Company
    • About Us
    • Contact Us
    • Branding
    • Customers
  • Partner
    • Find a Partner
    • Become a Sectona Partner
    • Register a Deal
  • Explore
    • Documentation
    • Downloads
    • Free Edition – Get Your Free Trial Today
    • Explore the Sectona Security Platform