|
|
|
| Q: What does SafeKeeping do for me? |
A: SafeKeeping delivers an appliance based solution to automate the management of any shared account, typically privileged or administrative accounts. It offers a secure mechanism for the controlled release of credentials, and will automatically change the password of the managed resource in accordance with defined password policies, ensuring the use of strong passwords without a single person knowing the password until it is requested for release. |
|
| Q: Is SafeKeeping an Identity Management Solution? |
A: Not really, SafeKeeping is part of an Operations Management Solution, controlling shared accounts which are often highly privileged, but working in conjunction with other PassGo products it provides a part of an overall Identity Management Infrastructure. |
|
| Q: How many resources can SafeKeeping manage? |
A: Specific implementations will vary, but typically SafeKeeping can manage up to 20,000 resources per appliance. |
|
| Q: Does each controlled resource, host or target platform require agent code to be installed? |
A: SafeKeeping supports and recommends an agent less approach using SSH on UNIX and Linux platforms, and native protocols elsewhere, however, for organisations who specifically wish not to use SSH, agents can be made available. |
|
| Q: How do I access the SafeKeeping Appliance? |
A: SafeKeeping is accessed via a secured web based browser interface. |
|
| Q: When managing applications such as Oracle, are they defined to SafeKeeping by server or process instance? |
A: Applications are managed on a per process basis. |
|
| Q: How does SafeKeeping secure client access? |
A: Clients must authenticate over an HTTPS session before access is granted. |
|
| Q: Can the client access be strengthened by multi-factor authentication? |
A: Yes, SafeKeeping supports the widest range of hardware and software tokens available on all platforms through PassGo’s Defender security infrastructure, including Aladdin, ActivCard, Vasco and RSA. |
|
| Q: There is clear benefit in controlling privileged shared accounts such as root and administrator etc, but could I manage any account with SafeKeeping? |
A: Yes. SafeKeeping shows clear benefits when managing privileged accounts, but can be used to manage any shared account. |
|
| Q: How does SafeKeeping control who can request, authorise and administer a specific credential on a system? |
A: SafeKeeping manages clients, authorisers, auditors and administrators through group definitions. Permissions and resources can be assigned on a group basis allowing adherence to policies in place within your company. The levels of authentication and authorisation required to release credentials, when assigned on a group basis, allow a fine degree of control over what actions a user is permitted to take, be it requesting the release credentials, authorisation of the release of credentials to another user, or managing the resources defined within SafeKeeping. |
|
| Q: We have developed an in-house solution, why should we switch to SafeKeeping? |
A: Many in-house solutions have evolved in response to a specific requirement, often being developed without enterprise considerations in mind, such as security, encryption and scalability. Reliance upon certain individuals who authored the system is a significant disadvantage as they may leave. SafeKeeping will usually prove to be a more cost effective solution in the long term. |
|
| Q: We have a range of stringent password policies in effect, but they differ between groups of hosts and departments, will we have to change this approach? |
A: No, SafeKeeping will allow you to define different password policies for individual hosts. groups of hosts or applications. |
|
| Q: What support is available? |
A: PassGo provide a range of worldwide support option for SafeKeeping, for details visit the passgo.com website |
|
| Q: What about future releases, upgrades and enhancements? |
A: All product upgrades, new releases and enhancements of SafeKeeping are available to all users with a current support agreement. |
|
| Q: Does SafeKeeping retain a password history for systems; should we have the need to restore to an old backup? |
A: Yes, a user specified number of passwords, along with their validity period, can be retained as a history for each target resource, which can be accessed by an administrator. |
|
| Q: What platform is SafeKeeping based upon? |
A: It is based upon a specially hardened distribution of Linux. |
|
| Q: We only SU to root. We wont need SafeKeeping will we? |
A: Yes you will. A password is still required when SU’ing to the root account, SafeKeeping will help by providing the management of this account. We would also advise use of Unix Privilege Manager (UPM) to restrict the need to divulge root, allowing delegation of privilege. For more information on UPM visit www.unix-pm.com |
|
| Q: Will SafeKeeping help me meet my obligations under regulatory compliance? |
A: SafeKeeping, especially when used in conjunction with Defender and UPM from PassGo will go a long way towards your full regulatory compliance, because all access to SafeKeeping managed accounts is completely restricted until required, with all releases approved and audited. All of this is backed up with strong authentication and encryption throughout. |
|
| |
+44 (0) 1460 258300 
+44 (0) 1460 258403