With all the political talk lately focusing on the privileged, I thought perhaps those of us involved with information technology should take a closer look at privileged status as well. In the IT world, these are traditionally systems admins, users with root privileges, business executives, etc. You know the definition, yet do you know how many privileged users are currently and accurately provisioned within your IT domain? If you don't, (and you're not alone), now is the time to get a handle on the situation.
With all the packaged solutions available today, there is no excuse not to act. I was reminded of this by a recent announcement from Lieberman Software, which said that the University Medical Center Hamburg-Eppendorf, one of the largest hospitals in northern Germany, has purchased Lieberman's Random Password Manager (RPM) product and deployed it on more than 1,600 Active Directory managed systems.
RPM helps the University Hospital protect access to confidential information. The facility has approximately 1460 hospital beds and treats around 80,000 in-patients yearly, according to the release. This is in addition to the 260,000 out-patients and 113,000 emergency patients that come through the doors on an annual basis. RPM is a privileged identity management product that automatically randomizes administrator and root account passwords on the network, and allows delegated and audited retrieval of current passwords. It ensures that each system maintains unique credentials, preventing one decrypted privileged password
This is just one example of many proven, enterprise-ready privileged identity management solutions on the market today. Identity and access management leaders CA Technologies, Oracle Corp, IBM, NetIQ, Quest Software (now part of Dell), and Hitachi ID all have products in this space. In addition to Lieberman, companies such as Cyber-Ark Software, BeyondTrust and Xceedium have helped to pioneer the Privileged ID Management concept.
Again, there is no excuse for system vulnerabilities, data misuse, data theft, or privacy violations due to over-privilege or misuse of privilege these days. Many regulations, i.e. SOX, PCI, HIPAA, and others across industries mandate these higher levels of access control. The PIM process today is not exceedingly painful or prohibitively expensive --- but the alternative (doing nothing) does guarantee pain and expense at some point.
What is your status?
Posted by Sally Hudson, Research Director Identity and Access Management, IDC