October 05, 2009, 1:16 PM — Research shows that nearly half of all data breaches come from inside an organization, sometimes by those trusted to protect sensitive corporate or customer data, which is why industry watchers say enterprise IT departments need to invest in technology that ensures no one person has all the power.
"The problem with large organizations is that IT people often have access to production and other sensitive passwords. Often they can simply log in as administrator and it can be difficult to monitor who actually made what change and when," says Andras Cser, senior analyst with Forrester Research. "There are a lot of http://www.networkworld.com/news/2008/071608-insider-threat.html ">insider threats today and many organizations have access policies that violate best practices."
Companies like e-DMZ, Cyber-Ark, Cloakware, Lieberman Software and BeyondTrust attempt to address that need. Symark acquired BeyondTrust and took on its name in September. The combined company focuses on technology to manage administrator access to Unix and Windows systems. This week BeyondTrust released an updated version of its IT administrator password management software. PowerKeeper 4.0 falls in the category of privileged account management software, Cser says, adding that preventing disgruntled IT managers from wreaking havoc is one reason to purchase such a product, another is to keep compliant with regulatory standards.
"This is a good product for managing password vaults and performing fine-grained privileged access management for Unix systems, and now Windows systems," Cser says.
PowerKeeper 4.0 is an appliance, available in physical or virtual form factors, that installs in a customer environment inside the firewall with access to the systems it will manage within the data center. The appliance uses automated password resets and management workflows to ensure that privileged accounts cannot be accessed in inappropriate ways. This version works with intelligent adapters to any operating system, database or device using SSH and Telnet, communicating with the devices and providing coverage for all systems in heterogeneous environments, the company says.