Privileged Access Management
Take back the keys to the kingdom
Fischer Privileged Access Management protects you from security breaches, fraud, and compliance violations that can result from uncontrolled access to Administrative, Super User, Root, Fire Call, and other privileged accounts that provide nearly-unlimited access to system resources. Using this module, you can track all account access to an individual user (even for shared accounts), and flexible policies enable organizations to control who can request specific accounts, whether users must reset account passwords at check-out, when an approval is required, and many more options.
Problem: Privileged accounts such as Administrative, Super User, Root, and Fire-Call provide the nearly-unlimited access to system resources that is essential for everyday and emergency IT operations. However, these accounts are typically shared, resulting in multiple persons knowing the credentials for a single account on a system or application. That means, it’s often impossible to determine which individual actually performed an activity such as creating a new account or changing permissions for an account. Auditors have reported this as a material deficiency that violates regulations such as Sarbanes-Oxley and HIPAA.
Solution: Privileged Access Management provides the additional control, auditing and compliance needed to manage highly-privileged and other shared accounts for any connected systems. Organizations can use small pools of privileged accounts that can be requested as needed, including for emergency or “fire-call” purposes. No one can view or otherwise be privy to the passwords of protected accounts. The solution can be rolled-out very quickly and can flexibly meet your specific needs. You can configure approval requirements, authorized users, access duration, and other parameters for individual accounts and systems. For example, requests for account access can be:
- Immediately granted
- Granted upon approval
- Granted after a specified period of inaction by approvers, e.g., if an approver does not deny access within 10 minutes, automatically grant access to requested fire-call accounts (this option is especially useful for emergency conditions that happen in the middle of the night, since pre-assigned persons can automatically receive the access they need for a limited period of time, even when an approver is not available)
Benefits & Capabilities
- Authorize users to request access to tightly-controlled accounts
- Track account access to individual users of shared accounts
- Granular control of access requirements: requesters, approvals, expiration, etc.
- Control, audit, and secure resources to comply with regulations like Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, FERPA, etc.
- Provide authorized persons with immediate access to fire-call accounts
- Enable system owners to periodically revalidate longer-term accounts
- Automatically revoke access upon expiration: optionally lock accounts or reset passwords to secret values
- Secure protected accounts by preventing system owners and administrators from viewing their passwords
- Combine with the Automated Role & Account Management to create a closed-loop solution including account creation, entitlements/privileges management, etc.
- Your choice of procurement model: Cloud or on-premise
For additional information on how your organization can benefit from Fischer Identity, please contact Fischer International Identity at +1 (239) 643-1500, or contact us through this website.