With The Speed of Change and Acceleration of Digital Transformation, Efficient Password Control is Mission Critical
By: Serdar Torun
Password management has become increasingly critical to all scales of business as they undergo digital transformation, causing them to become exposed to a variety of advanced cyberattacks that attempt to breach and ransom integral company information or devices. Verizon’s 2021 Data Breach Investigations Report highlights the importance of password protection by identifying that 85% of breaches involved a human element and 61% of total breaches were a direct result of credential theft.
At Ironsphere, we strive to alleviate the danger for enterprises by offering efficient password control through our Dynamic Password Controller, a vault that is incorporated into our Privileged Access Management (PAM) solution. The vault securely accumulates and alternates passwords and SSH keys for privileged accounts in a centralized application. Through our Dynamic Password Controller, we can sustainably satisfy all security and compliance requirements by generating audit trails and browsable log records.
The password vault safely stores all privileged account credentials, which can be accessed by a streamlined process. As company data continues to become more available through a variety of unsecured access points, such as home computers and smartphones, it has become integral that sensitive company information is protected through secure password vaults to prevent the theft of privileged credentials instigated by cybercriminals.
Some applications use privileged credentials to access other servers, systems, or databases to perform their tasks. Those privileged credentials are embedded in the script itself, or stored in configuration files or application databases, exposed and of the application, and most of the time visible or can be easily stolen by people who gain access to those scripts and applications.
Ironsphere’s digital vault provides capabilities for scripts and applications, making those credentials invisible to users.
Typically, there are two broad categories of applications of interest:
- Custom applications, ranging from utility scripts to full-fledged in-house built solutions, where the customer has control over the contents of the applications
- Commercial off-the-shelf applications, which may offer limited interfaces for password management and/or integrations
When an application needs privileged credentials to perform its operations, it retrieves them from Ironsphere’s digital vault on-demand and uses them without storing.
Before an application retrieves the credentials from Ironsphere’s vault, there are four available options to meet the required level of trust before an application retrieves the credentials from the Ironsphere vault.
Those options are:
- Basic Authentication (IP)
- Basic + PIN Authentication
- Basic + PIN + Path
- Basic + PIN + Path + Hash
Ironsphere also injects passwords to the services to ensure there is no human involvement in the password rotation process.
The Dynamic Password Controller included in Ironsphere’s offerings unifies management of privileged accounts in a centralized system that benefits the security of individual users, as well as large-scale businesses.
You can learn more about this in our new solution brief, which you can download here.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.