SafeKeeping Overview

As a result of both legislation and an enhanced awareness of security requirements, enterprises have gone to great lengths to secure their critical infrastructures. Everything from root access delegation and auditing to two-factor authentication systems, SSL VPNs, and more.

Yet each and every server within the enterprise still has the requirement for an administrative level account plus an associated password. The more effort you take to protect these systems, the more critical it becomes to secure these administrative account credentials. That however does not eliminate the need to selectively assign these credentials to administrators when they are needed for system administration.

When queried, companies have a variety of methodologies in place to manage these credentials. Everything from envelopes in a locked desk drawer, to spreadsheets.

Yet the same legislative requirements that have driven the need to restrict access also delegate the same level of control over these critical administrative credentials. Enterprises must consider each of the following:

• Knowing who had access to administrative credentials, when and for how long.
• The ability to assure that once administrative tasks are completed, the administrators no longer have access.
• Knowing that when administrators leave the company or are reassigned, their server access knowledge does not follow them.
• Knowing that administrative passwords are changed, according to password policy, on a regular, thus, assuring that passwords that may have become compromised are no longer valid.
• Automatically logging everything associated with any of the above so that for audit purposes, a complete history is securely maintained.

By implementing PassGo's SafeKeeping, all of the above is accomplished.

Features

• Can support up to 20,000 target resources from a single instance
• Conformance with compliance legislation
• Dual control release mechanism
• Fully secured
• Fully encrypted
• Comprehensive auditing
• Clientless operation
• Can be delivered as a hardened appliance or software installation as required
• Secure web-based interface
• Secure, automated backup for rapid appliance swap in the event of disaster recovery

Procedure & Policy

• Delivered passwords are available for a limited, user definable period before scheduled reset
• Dual control with or without two-factor authentication can be required for release
• Release policies configurable to control release criteria, date, time etc
• Passwords generated in accordance with user defined strong password policies
• User definable, retained password history

Security

• Credentials stored under AES 256-bit encryption
• Credentials delivered for successful requests over HTTPS
• Support for strong two-factor authentication with Defender
• Security hardened appliance with integral firewall

Compliance

• Fulfils the needs for transparency, accountability under compliance guidelines such as SOX, BASEL II, HIPAA
• Full audit of all actions, requests, authorisations, scheduled and requested credential changes
• Data interchange with Office products via XML
• Comprehensive web based reporting
• Full appliance logging