Controlling Privileged Access to Enterprise Resources
WHAT IS THIS TECHNOLOGY?
PowerKeeper manages and secures passwords used to access data in privileged accounts and helps reduce the likelihood of fraud or theft from insider abuse or hacker attacks. PowerKeeper demonstrates separation of duties and compliance with regulations such as SOX, HIPAA, Gramm Leach Bliley, and industry standards such as PCI DSS.
Privileged (or administrative) passwords are pervasive in any organization. More numerous than personal passwords, they are used to access virtually every device, every operating system and every application. These “keys to the kingdom” grant access to programs and files containing sensitive data. If they are not properly protected and managed, they represent a significant security and compliance risk to the organization via sabotage or theft of proprietary information.
The sheer number of passwords makes manual maintenance extremely time consuming and expensive hence they are often not managed at all. Furthermore, privileged passwords are difficult to manage and protect because they are often shared among individuals, forgotten, left as manufacturer default passwords, not regularly maintained, and not protected from misuse. This results in higher administration costs and lower productivity. But more importantly, ignoring this reality creates unacceptable security risks and violates government compliance regulations and industry standards such as SOX, PCI DSS, HIPAA, Basel II and GLBA to create a secure access control infrastructure and adhere to security best practices.
Symark solves this problem with PowerKeeper, a secure appliance with a sealed operating system that dynamically creates and stores passwords to these privileged accounts that are used to maintain and protect various devices such as routers, firewalls, servers and databases. PowerKeeper uses recognized best-practices in security technology to address and resolve the potential security problems which come from the abuse of privileged access.
FIPS 140-2 validated encryption software is used to protect privileged passwords in transit over the network and at rest within the appliance.
The keys are protected from theft by the FIPS encrypted hard drive and by the sealed PowerKeeper operating system. Once PowerKeeper is installed, not even the PowerKeeper Administrator can access the operating system. A sealed operating system is essential to secure privileged accounts, since anyone with administrator access to an unsealed OS a PPM solution is running on can view the keys for encrypted passwords. PowerKeeper brings both the security of a sealed operating system and the reliability of commercially supported, FIPS-validated encryption software to large-scale enterprise environments.
Best practices dictates that passwords be changed frequently. PowerKeeper can change passwords by event (for example, after a password to a particular account is "checked in"); at a pre-defined time (every Sunday at midnight); or after a predefined interval of time (every 2 days) or by any user defined criteria. In addition to automated password change, passwords can be changed manually at any time—for example, in "firecall" situations.
Strong password composition is another best security practice supported by a variety of configurable features in PowerKeeper: character in first position; number of upper- and lower-case passwords; number of characters; number of special characters (asterisks, exclamation points, other punctuation). Most of these features are configured with the click of a mouse on a list of choices. Dual or multiple approvals can be required before a password is released to the person requesting it. PowerKeeper's highly configurable password management features let the administrator customize the product to his company's IT environment and compliance requirements for consistent policy enforcement. As those policies evolve, PowerKeeper's security features can quickly be reconfigured to support the new policies.
To maximize uptime, PowerKeeper monitors and repairs processes, and checks network connections. This ensures optimal performance in large-scale enterprise environments. PowerKeeper saves administrator time by automating privileged password management while requiring only minimal time for deployment and administration. This immediately produces savings in operating costs, resulting in quick payback and significant ROI.
In PowerKeeper, all administrative, user level activities and password changes are logged and time stamped. The logs and reports enable you to demonstrate accountability and enforcement of access controls required by compliance requirements. PowerKeeper provides a customizable web-based report generator. Various reports track user entitlements (rights) and activities; password approvals, release, and usage; failed logins; and reconcile password releases with password resets. Administrator Activity Reports depict administrator activities, such as adding new users or systems and defining user permissions. There are User Reports for Requestors and Approvers, and Password Reports for stored passwords and password update status. Users can subscribe to reports and receive them on a regular basis. Subscription reports are also available, and stored reports can be browsed. Finally, User Entitlement Reports easily allow auditors and administrators to see which users are authorized to do what, where and when. This essential ingredient produces “Evidence of Review” to facilitate audit and management review of access controls as mandated by compliance regulations and corporate security policies. Reports are exportable in CSV and HTML formats.
Conclusion: PowerKeeper manages and secures passwords used to access data in privileged accounts and helps reduce the likelihood of fraud or theft from insider abuse or hacker attacks. PowerKeeper demonstrates separation of duties and compliance with regulations such as SOX, HIPAA, Gramm Leach Bliley, and industry standards such as PCI DSS.
Symark International, Inc.
30401 Agoura Road, Suite 200
Agoura Hills, CA 91301