Privileged Identity Management Enterprise Password Vault

1
Privileged Identity ManagementEnterprise
Password Vault
2
Privileged Password Management Agenda

• Privileged Users 101
• What are privileged Users
• The Challenge
• Common Practices and the Risks Involved
• Drivers Regulations and Internal Breaches
• Business and Technical Requirements
• Cyber-Ark Enterprise Password Vault
• Technology
• Architecture
• Benefits
• Demonstration
• QA

3
Identity Management Individual Users Component
- Directories
4
LDAP/Identity ManagementPartners
The Password Vault and can be integrated with any
LDAP or Identity management solution, Cyber-Ark
has strategic partnerships with the companies
below. Together an organization will be able to
manage both users and shared privileged accounts
5
PIM - White Space for Major IAM Players
6
What Are Privileged Accounts?
Administrative Accounts

• Shared
• Help Desk
• Fire-call
• Operations
• Emergency
• Legacy applications
• Developer accounts

Application Accounts
Personal Computer Accounts
7
Privileged Accounts Today

• Common practices
• Storage Excel spreadsheets, physical safes,
  sticky notes, locked drawers, memorizing, hard
  coded in applications and services
• Resets Handled by a designated IT members, call
  centers, mostly manual
• Known to IT staff, network operations, help
  desk, desktop support, developers
• Common problems
• Widely known, no accountability
• Unchanged passwords
• Lost passwords
• Same password across multiple systems
• Simplistic passwords easy to remember
• Passwords not available when needed

8
Key Business Drivers

• Regulatory Compliance (Sarbanes Oxley, PCI,
  BS7799 etc.)
• Auditing and Reporting
• Control
• Segregation of Duties
• Proactive Improvement of Information Security
  Practices
• Lost and Risk prevention
• Return on Investment
• Administrative Password Management
• Internal Breach
• Return On Investment
• Efficiency and Productivity

9
Mission Statement

• Cyber-Ark Software is an Information Security
  company that develops and markets digital vaults
  for securing and managing highly-sensitive
  information within and across global enterprise
  networks.

Vault Safes (Local Drive or SAN)
Manual Geographical Security
Access Control
Auditing (Visual Security)
Authentication
Firewall
Session Encryption
File Encryption
Cyber-Ark Vault Server
10
Password Vault Architecture
Central Password Manager
Unix Servers
Password Vault
Windows Servers
Networking Devices
Directory Server
Desktops
Disaster Recovery Site
Main Frame
11
Application Passwords

• Scripts
• Shell, Perl, Bat, Sqlplus
• Applications
• Custom developed C/C, COM, Java, .NET code
• Application Servers (WebSphere, WebLogic)
• Products
• IT Management
• ETL tools (Informatica, etc)

12
Hard-Coded Password Embedded in Code
. . UserName app Password asdf Host
10.10.3.56 ConnectDatabase(Host, UserName,
Password) . Work with database .
source1.vbs
. . UserName app Password
PVToolKit(Vault.ini,User.ini,Safe,Root\Pass
word) Host 10.10.3.56 ConnectDatabase(Host,
UserName, Password) . Work with database .
source1-new.vbs
13
Requirements for Privileged Accounts Management
Solution

• Exceptionally secure solution for the keys of the
  kingdom
• Supreme performance, availability and disaster
  recovery due to its mission-critical nature
• Flexible distributed architecture to fit the
  enterprise complex network topology
• Single standard solution for a multi-facet
  problem
• Intuitive and robust interfaces

14

• Thank You
• David Adamczyk
• Channel Sales Manager
• Cyber-Ark Software
• david.adamczyk_at_cyber-ark.com