Every once in a while, you get into a situation where someone will come up to you and share something that is for your ears only. Which is great, it helps build trust and makes relationships stronger. But it comes with a great responsibility of keeping that information to yourself. Getting that secret out of hand could be devastating for all parties included. Keeping the secret can be really challenging sometimes.
Now, imagine your usual day. You do your morning routine and head off to work, or if you are lucky enough, you engage in some other activity that will make your life more meaningful. You are asking yourself, what does all this have to do with the secrets above? Well, let’s just dig deeper into the most common stuff that we do. Personally, I have a habit of checking my emails, reading news and browsing social media as soon as my breakfast is done. Two out of the three activities that I’ve mentioned (sometimes even all three) require some form of secret information to get the needed content from the service I am consuming. Yes, I am talking about usernames and passwords. In order to keep the trust that I have in the service providers that make my life a bit easier, those usernames and passwords should be known only to me and the service provider. When I think about it, it would be even better if I did not know them, or somehow my service provider did not know them as well.
If it makes you feel any better, now you know you are not the only one who has the burden of keeping secrets.
And what if you are the service provider? You would definitely have some kind of software that handles your content and provides it to the right people depending on those shared secrets. Which is great, if this was a perfect world where everything works and fixes by itself, there would be no other people who would want to see your private stuff and everything would just be blissful, right?
Where software is made by humans, and humans do have a habit of changing locations and occupations. For example, think of a sysadmin changing their job and moving to a different company, but he leaves no information behind about mission critical details like passwords or vital system information around. Not to mention the possibility of people trying to make a living off of your data (aka hackers), the privacy waters can often be extremely treacherous.
What you can do to make your service run smoothly is to try to minimize the risks. Let’s say we are talking about user credentials, PIN numbers, private digital keys, encryption phrases and similar. Passwords have been the main tool when it comes to protection for a while now, mostly because they’ve been convenient, practical and did great a job until recent years, when technology just advanced way too quickly so these passwords turned into a a great risk factor. One thing that comes to my mind is the buzzword “passwordless”. Great thing, could solve some of your problems, but the truth is that adoption is still not at an acceptable level, and don’t get me started on usability and implementation challenges.
So, what would you like from the system that oversees your sensitive information? Some things come to my mind:
- Control over shared access to privileged user accounts
- Request, approve and revalidate privileged accounts
- Tracking and recording the use of confidential data
- Hide the password from the person using the account
- Automatic password reset to prevent theft
- Capture and enable easy search of all the activities the user is doing on the system
- Delegate, control, and filter privileged operations that the administrator can execute
- Improved authentication by integration with multifactor solutions providing adequate levels of trust
- Fast setup and deployment, along with a user friendly and intuitive interface
All of this and some more can be found in IBM’s privileged access management solution „Verify Privilege Vault“. If the name does not ring a bell, maybe you will recognize it under IBM Secret Server, Thycotic Secret Server, or from the latest merger of Thycotic and Centrify, Delinea Secret Server.
If you need any help with this topic and would like to see where the solution would fit in your environment we are ready to share our experiences.