Inside and Outside Digital Threats
Digital threats became part of the routine reality of many modern companies. It often happens because automation and a distributed workforce makes it harder to protect information from malicious or accidental leakage. One way to approach the problem is to educate users and implement good policies around authentication and authorization but there is also network resources shared among many people and/or accessed only by machines. Passwords and keys to these resources do not belong to any individual user. As a result, it is hard to manage them, replace them in time and enforce company security requirements. The right approach to manage these special or privileged accounts is to use a database for secrets.
Introducing Database for Secrets
A database for secrets is a central storage of any sort of privileged information. Examples of such secret data could be a credit card number or a code signing certificate, a password or a key to a computer account. Central storage means that many users can access the data in the storage at the same time. It also means that users can share records with special data among each other. The database for secrets has to support an elaborate permission structure that can designate some parts of the data as secret. Record owners should have the ability to grant permissions to see or edit secret parts of the record to certain users.
In a way, a database for secrets resembles an advanced Enterprise Content Management System with records, folders, field level permissions, and custom record types rather than a privileged account management system. However, certain options position a database for secrets in the area of network security.
Database for Secrets as a Network Security Tool
In addition to storage and sharing, a database for secrets can automatically reset passwords for the credentials it manages. Since the system knows the current password for the account, it can login to the remote computer, change this password on a schedule. The system can then remember the new password. By doing so, the system might generate long, complex and unique passwords that are harder to guess. To access these passwords, a database for secrets provides permission controlled access for users via a GUI as well as an API for scripts. It means that automated processes that use passwords or certificates to access network resources can retrieve these keys from the Database when needed instead relying on hardcoded credentials.
Second, a database for secrets can scan the network for attached devices and detect factory default, corporate setup or preset passwords. After that the administrators can convert detected accounts into the system managed records to apply password reset policies and access permissions. It ensures overall password quality in the network as well as the simplicity to access these passwords when needed.
Also, in combination with RDP/SSH Gateway, a database for secrets can provide access to certain computers and devices without even disclosing passwords or keys to the end user. It opens wide range of possibilities to engage employees and contractors while keeping the network access safe. Sessions to the remote computers could be monitored, recorded, and logged to the database for the future analysis.
Finally, a database for secrets monitors and logs all user activities and keeps records history for audit purposes. It encrypts sensitive data using modern cyphers and ensures that communication channels are also secure.
About Xton Access Manager Tool
Xton Access Manager is an innovative Privileged Identity Management System implementation. It includes both a Database for Secrets and Session Manager as an RDP, SSH, VNC to HTML5 Gateway. Its server could be hosted at either Windows or Linux OS; and it can use any commercial database (e.g. MS SQL, Oracle, MySQL, PostgreSQL, etc.) as the backend. All Windows and Unix/Linux computers screens can be access via any modern desktop, mobile or tablet browser. Download preview of Xton Access Manager and schedule a demo here: https://www.xtontech.com
Xton Access Manager is an unlimited, agentless, cross-platform privileged access management solution built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.
Xton Access Manager is now available for download. Please fill out this form to receive a download link to get started today, even on your current desktop or laptop. Documentation is available to help or you can email or call us to request a trial extension, discuss questions and share your feedback. We would love to talk to you.