Mobilization is the goal for the year for ManageEngine and it is a time for ManageEngine customers on the mission to mobilization to rejoice as they are likely to see mobile versions or apps related to of many of the ManageEngine products being released throughout the year. ManageEngine has already announced the availability of Voice Enabled iPhone App for IT helpdesks and a Free Ping Monitoring Tool. The latest to add up to the list is Password Manager Pro iPhone App which helps mobilize Privileged Password Management.
You must be thinking, What is Password Manager Pro? Why is it important? And what additional benefits does the Password Manager Pro phone app provide on top of the desktop app?
Rajesh Ganesan, Director of Product Management, ManageEngine in conversation with ToolsJournal gave the answers to all the above questions. Rajesh highlighted some of the problems associated with Privileged Account Password Management that IT Administrators and Security Officers face and how Password Manager Pro helps resolve those issues and the mobility advantage that Password Manager Pro gets with the iPhone App.
PROBLEMS ASSOCIATED WITH PRIVILEGED ACCESS PASSWORD MANAGEMENT
- Problem 1: No Human Identity Attached To Passwords
There is no human identity attached to the passwords to gain access to critical enterprise services. If somebody manages to obtain the system password illegally, then damage to any extent can be done to crucial enterprise data without coming into picture as the activities will be logged in as Root in Unix or Admin in Windows. And hacking the passwords is not a difficult job especially for an insider as the password protection policies are pretty soft. People share their passwords through mails, exchange passwords among themselves during every shift change, IT admins hardcode the passwords into the system config scripts and a lot more better not to give ideas to people with alternate intentions.
- Problem 2: No Clear Visibility of Password Inventory
As an enterprise starts growing in complexity and number, the number of password protected systems also increases, and with it the overheads to maintain these ever changing system passwords. Hence it becomes difficult for the CSO or CIO of an enterprise to keep a track of the entire stock of passwords.
- Problem 3: Hard Coded Passwords Impossible to Track
IT Admin staff have to hard-code passwords sometimes into the config files, an example use-case can be, for Application-to-Application or Application-to-Database communication that happen without human intervention, normally organizations define the access permissions in one application (say Application 'A') and hard-code the passwords to access the Application 'A' in scripts or embed them in the calling application (say Application 'B') itself. These hard coded passwords are very difficult to track and CSO/CIO’s have no visibility at all on these.
PASSWORD MANAGER PRO
Password Manager Pro (PMP) does not let any of these problems bother IT Admin staff of an enterprise. Password Manager Pro is a complete Shared Super User Password management (SUPM) and Software and Service Account Password Management (SAPM) solution which gives total control to the IT Admins over the life-cycle of privileged passwords.
HOW PMP RESOLVES THE PASSWORD MANAGEMENT ISSUES
- Digital Vault a robust answer to Problem1
PMP is based on client server architecture. All the enterprise system password information is secured in a Central Server called
“Digital Vault”. The retrieval process of the password from the vault involves strong authentication mechanism. Each privileged account session activity is recorded to ensure traceability. This resolves the identification issues involved with privilege password management and also adds a security wrapper to critical system passwords.
- Organized Password Management Features Answer to Problem 2
PMP can be easily integrated with Windows Active Directory and LDAP the most commonly used identity stores by an enterprise. Users/user groups from AD/LDAP can be easily imported into PMP. For better management of the passwords PMP facilitates Role based access control, a well-defined password ownership and sharing mechanism and a well-defined workflow for password access control.
Features that make each individual accountable for the privileged password access control instead of the Enterprise IT admin staff doing all the password management and monitoring makes the whole process very organized and easy to track. The flexibility to accommodate more users with growing enterprise size eases the burden out of the IT admins.
- Password Management API’s answer to Problem 3
PMP provides Password Management APIs using which any enterprise application or command line script can programmatically query PMP and retrieve passwords to connect with other applications or databases which otherwise are hard coded in the config files. This way, the application-to-application (A-to-A) passwords can also follow good password management practices like periodic rotation, without the trouble of manually making the updates at many places.
In addition resolving the major issues involved with Privileged Password Management ManageEngine gives IT Admins the features to change passwords at end points, addressing use cases like changing all passwords a privilege user had access to with one click, when he/she leaves the company.
PMP is an equally viable option for the end users; PMP provides users with the option for automatically logging in to the target systems and applications directly from the PMP web interface eliminating the need for copying and pasting of passwords. PMP also features remote log-in to deliver on both ease-of-use and security.
PMP MOBILE APP
Today, ManageEngine has announced key enhancements to Password Manager Pro at RSA Conference 2013. Password Manager Pro now lets IT security pros manage privileged passwords while on the go via Password Manager Pro’s new iPhone app. Enhancements such as API for Integration with Help Desk, SIEM Solutions and Third-Party apps streamline password management activities and makes the offering even more beneficial.
Rajesh Ganesan, on the release of the iPhone App stated,
“IT and network administrators who physically move into datacentres require secure access to privileged passwords to log-in to resources, The tight access restrictions of the datacentre mean administrators need a secure way to retrieve passwords from mobile devices, at times without Internet connectivity. And they need a way to review and approve password access requests while on the go. The Password Manager Pro iPhone app meets both challenges head on.”
[Image Credits: ManageEngine]