|
| How do you control concurrent privileged access to critical IT resources? |
|
|
| |
In
enterprises, quite often, many administrators might be accessing a
system in production environment concurrently.
They might be attempting to carry out conflicting
operations, unconnected tasks or even trying the same activity.
In the absence of proper planning and coordination, such concurrent
access on IT resources could affect the integrity of data/information,
lead to
conflicts, duplication of effort and a troublesome
assortment of other issues.
For instance, two administrators might be attempting
registry edits on the same system concurrently.
Conflicts during this operation might lead to costly
damages.
In other cases, for certain sensitive IT resources in
production, there might be requirements to grant exclusive, time-limited
access to a particular administrator.
During that period, no one else should be allowed access
to that resource.
But, without a proper tool, the above tasks are far easier said than done.
Controlling access to privileged passwords
One of
the best ways to tackle the above scenario is to control
the access to privileged passwords and thereby check access to the IT
resource.
You can deploy a Shared Account Password Manager and
store all the administrative passwords in a centralized repository.
Administrators can be granted access to the passwords
strictly based on job responsibilities and requirements.
ManageEngine Password
Manager Pro from ManageEngine provides a perfect solution to
control concurrent access to resources and also to grant exclusive,
time-limited access to select administrators.
The ‘Access
Control Workflow‘ feature of Password Manager pro helps achieve
Concurrency Controls with ease.
A specific password could be made available for the
exclusive use of a particular user for a specified time during which, no
one else - even the owner of the resource would be allowed to view the
password.
For Example, if you specify the time
period as
two hours, the password would be made available
exclusively for that user for two hours.
Others cannot view the password during that period.
After the specified time period, the password would
become void and will not be available to the user.
In addition, the password will be automatically
randomized.
Later, other users will now be able to view the
passwords thereafter.
In case, an emergency need arises to revoke the
exclusive permission to the user, administrator can forcefully check in
the password at any point of time. |
|
|
