Privileged Account Access Service
Take back the keys to the kingdom
The Privileged Account Access Service protects you from security breaches, fraud, and compliance violations that can result from uncontrolled access to Administrative, Super User, Root, Fire Call, and other privileged accounts that provide nearly-unlimited access to system resources. Using this service, you can track all account access to an individual user (even for shared accounts), and flexible policies enable organizations to control who can request specific accounts, whether users must reset account passwords at check-out, when an approval is required, and much more.
Problem: Privileged accounts such as Administrative, Super User, Root, and Fire-Call provide the nearly-unlimited access to system resources that is essential for everyday and emergency IT operations. However, these accounts are typically shared, resulting in multiple persons sharing (or knowing) the credentials for a single account on a system or application. Thus, it’s often impossible to determine which individual actually performed an activity such as creating a new account or changing permissions for an account. Auditors have reported material deficiencies as this violates regulations such as Sarbanes-Oxley and HIPAA.
Solution: The Privileged Account Access Service provides the additional control, auditing and compliance needed to manage high-privilege and other shared accounts for any connected systems. Organizations can use small pools of privileged accounts that can be requested as needed, including for emergency or “fire-call” purposes. No one can view or otherwise be privy to the passwords of protected accounts. This service can be rolled-out very quickly and in flexible ways to meet your specific needs. You can configure approval requirements, authorized users, access duration, and other parameters for individual accounts and systems. For example, requests for account access can be:
- immediately granted
- granted upon approval
- granted after a specified period of inaction by approvers, e.g., if an approver does not deny access within 10 minutes, automatically grant access to requested fire-call accounts (this option is especially useful for emergency conditions that happen in the middle of the night, since pre-assigned persons can automatically receive the access they need for a limited period of time, even when an approver is not available)
- and more
Benefits & Capabilities
- Authorize users to request access to tightly-controlled accounts
- Track account access to individual users of shared accounts
- Granular control of access requirements: requesters, approvals, expiration, etc.
- Control, audit, and secure resources to comply with regulations like Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, Family Educational Rights and Privacy Act (FERPA), etc.
- Provide authorized persons with immediate access to fire-call accounts
- Enable system owners to periodically revalidate longer-term accounts
- Automatically revoke access upon expiration: optionally lock accounts or reset passwords to secret values
- Secure protected accounts by preventing system owners and administrators from viewing their passwords
- Combine with the Automated Role & Account Management Service to create a closed-loop solution including account creation, entitlements/privileges management, etc.
Learn More
For additional information on how your organization can benefit from Fischer IaaS™ services, please contact Fischer International Identity at (239) 643-1500, or contact us through this website. |
