November 18, 2010, 10:01 PM — Privileged identity management (PIM) products automate control over administrative accounts, which typically put too much power in too many people's hands with too little accountability. They address the security, operational and compliance issues posed by the widely shared administrative accounts and passwords, excessive administrative rights, poor separation of duties, embedded passwords in legacy applications and scripts, and poor or nonexistent privileged-password rotation. They also provide individual accountability and an audit trail to prove that policies and controls are actually being enforced.
Ironically, enterprises often do a better job managing standard user accounts and passwords than privileged accounts. The reasons are complex--a maze of practical, historical and cultural impediments. Typically, it's almost impossible to find all the interdependencies among the applications, systems and services an account may touch. As a result, IT mangers and the business people they serve are reluctant to change passwords and alter accounts lest they break critical production processes. And trusted admins are accustomed to being trusted--trusted with sweeping administrative rights, trusted to keep passwords within their tight group.
Also see the companion article Privileged Identity Management: 7 tips to make it work for you [full article requires Insider registration].
But, in fact, access to privileged accounts is extended in emergencies or when procedures are bypassed to get something done quickly. So users get sweeping privileges beyond their business needs and, once granted, those privileges are seldom taken away.
"With a small staff and a range of support issues that came up, people became aware of what accounts there were, what passwords there were," says the security lead for a midsize manufacturing company that now uses Cyber-Ark PIM products. "There was no tracking around who did what and what kind of account they were using."
A combination of a growing awareness of the security issues posed by poorly controlled privileges and increased audit scrutiny has prompted enterprises to attempt to address the issue. Home-grown and manual control processes have proven unwieldy: They are time-consuming and labor-intensive, provide spotty coverage and are difficult to validate for an audit.
What PIM Does