Allowing temporary access to sensitive IT resources
|Assume the scenario below:
You administer a sensitive IT resource - a database in production network containing important data. An emergency troubleshooting situation arises. A developer has to be provided time-limited, temporary access to the DBMS, say for a day.
How do you handle such a scenario?
In many organizations, the required administrative passwords are conveyed through telephone or transmitted via email. And, the administrative passwords are rarely reset. As a result, the developer will continue to have access to the production database even after completing the troubleshooting task.
These kind of practices bring with them operational and security issues and threats. The organization will become a paradise for malicious insiders and external hackers. They can easily wreak havoc on the confidentiality, integrity and availability of the organization’s information systems, resulting in huge financial losses.
A better way
Automating the privileged password management life-cycle is the best way to handle this scenario. Using Password Manager Pro , you can store the privileged passwords in a secure, centralized vault and enforce role-based access restrictions.
In addition, you can enforce the users to go through a request-release mechanism. Users requiring temporary access to a password will have to make a request, which will be approved by one or more administrators. Upon approval, the user will get time-limited access to the password. Once the user checks out a password, it will be available exclusively for his/her use till the stipulated time. After that, the user will forfeit access and also the password will be reset.
The request-release mechanism is part of access control workflow, that ensures security of highly sensitive passwords.
For more, visit password management