Initially, SOX was the main market driver, but now PCI is generating a lot of interest, along with HIPAA, the North American Electric Reliability Council's Critical Infrastructure Protection Standards, and European regulations. (See CSOonline's directory of security laws, regulations and guidelines for more details on those requirements.)
"Compliance is the big issue for us," says an information security analyst for a large federal credit union that uses Lieberman Software. "We had open audit issues associated with service accounts, passwords that hadn't been changed since dirt was clean."
The effort required to identify and change all the service accounts was prohibitive, she says. "There are all those dependencies. It was problematic--a huge security lapse. We got nicked six different times over several years in audits."
PIM tools can help address audit issues in several ways, including:
* Discovery of privileged accounts throughout the enterprise
* Replacement of shard accounts with granular role-based access and authorization
* Automated password generation and rotation
* Integration with identity management and authentication tools
* Secure storage of password data
* Detailed audit trails to prove controls are in place and effective