v-GO Shared Accounts Manager Benefits
v-GO Shared Accounts Manager plugs a significant security and compliance hole commonly found with shared accounts—accountability. Because v-GO Shared Accounts Manager automatically ties actual users to shared IDs, enterprises, for the first time, know who is using what shared account and when.
v-GO Shared Accounts Manager plugs a significant security and compliance hole commonly found with privileged and shared accounts - accountability.
Improve Auditing and Security
The challenge in auditing the usage of shared accounts is that the accounts cannot be uniquely associated to a specific user. If the password is ever revealed to a user it has the ability to be shared, either maliciously or inadvertently, thus limiting the effectiveness of auditing. v-GO Shared Accounts Manager’s unique ability to log users onto applications without revealing the password to the end user eliminates this vulnerability.
v-GO Shared Accounts Manager has a full set of policies that govern access to the accounts it manages. Authorization to access the account can be based on the user’s role or group membership in the corporate directory, the authentication grade they used to authenticate to v-GO Shared Accounts Manager, or an external workflow that requires a second person to authorize access to the account. Once the account is issued to the user, usage of the account can be restricted to a specific time duration or actual number of uses. Accounts can be further restricted to allow only one user access at a time, or only allow access during specific hours of the day.
Demonstrate Compliance More Effectively
Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act of 2002 (FISMA) and Payment Card Industry (PCI) requirements governing data security.
Using shared IDs presents a significant compliance challenge— Most regulations either prohibit or strongly discourage the use of shared ids, yet many systems and databases force you to use them (e.g., "root" accounts in Unix.) v-GO Shared Accounts Manager meets this challenge head-on, enabling you to assign shared IDs to each user and track their use. With credit card processing, for example, merchants and service providers can now easily demonstrate that each user accessing system components or cardholder data is identified by a unique user name (the user using the shared id) —a key requirement of PCI DSS.
Local Administrator Account Management
All computers in an organization have a local administrator account that used for help desk access to the machine. Since all helpdesk and IT Administrators need access to this account, in most organizations it is the same on every computer. These accounts are not updated, which creates a compliance issue, and they also expose the organization to attacks from former disgruntled employees. With v-GO Shared Accounts Manager, organization can automatically create a unique password for each workstation, and automate the password change on a timely basis to mitigate exposure from these accounts. Since each account has a unique password and is managed through v-GO Shared Accounts Manager, to gain access to a specific computer a help desk employee must request the account from v-GO Shared Accounts Manager. This provides an audit trail for access to all local administrative accounts.
Service Account Management
Many applications have a single administrative account that is used to access information from a database or perform transactions on behalf of an end user. Since these accounts must exist on every client machine, passwords are usually created at installation time and never changed. A compromised password would result in users having full, unauditable access to the data. v-GO Shared Accounts Manager circumvents this potential security breach by generating a random password on a scheduled basis. Service account passwords are not stored on the client machines and are updated systematically to maintain regulatory compliance.
Improve Operational Efficiency
With Passlogix, organizations can manage both conventional and shared credentials with one strategy and infrastructure.
Rather than buying a separate hardware or software vault system to administer shared accounts, v-GO Shared Accounts Manager allows organizations to use their existing enterprise single sign-on (ESSO) infrastructure to address the challenge of privileged account password management and compliance. This provides an enterprise scalable solution without the need to administratively manage another enterprise critical infrastructure.
Benefits Summary
- Improve auditing and security
- Lock shared IDs to one user at a time
- User never sees shared ID password
- Local administrator account management
- Create unique passwords for each local admin account
- Audit usage and access for all local admin accounts
- Demonstrate compliance more effectively
- Establish accountability and tracking for shated IDs
- Provide audit trail if user accountability
- Improve operation efficiency
- Manage conventional and shared credentials with one strategy and infrastructure
- Eliminate the need to administrate another enterprise critical infrastructure
