You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Privileged Access Management
EmpowerID Privileged Access Management (PAM) secures access to privileged accounts. It does this by enforcing corporate security policies, preventing unauthorized access to enterprise resources, and controlling who has access to privileged accounts.
The three key areas of EmpowerID's Privileged Access Management include:
Password Vaulting
More than half of organizations share privileged passwords internally. Unfortunately, this process typically consists of writing them down on Post-it notes, sending them through email, or sharing spreadsheets containing master lists of multiple passwords. These methods are extremely insecure and have been linked to breaches. EmpowerID provides a password vault that enables the secure sharing of passwords and other sensitive information such as API keys or digital certificates.
End users can request temporary access to vaulted credentials with granular policies to determine who may request which credentials, for how long, and if the credential’s password should be reset on check-in. Requests can be pre-approved or routed for approval with their status tracked in a business-user friendly interface. Audit logs provide a detailed record of every user’s access to a privileged credential proving who approved the request and for how long the access was granted.
Privileged Session Management
Privileged accounts are both a necessity and a liability. These accounts, with their nearly unlimited access to system resources are essential for everyday IT operations yet abuse of privileged accounts is attributed as the cause of 62% of security breaches. In a Zero Trust model, only the minimal access required should be granted for the minimal time period and if possible, the access should be proxied and monitored.
EmpowerID’s Privilege Session Manager (PSM) acts as a web-based gateway to provide authorized users with RDP or SSH access to Windows or Linux servers but without exposing the servers to actual network access. This dramatically simplifies network security concerns as both users and servers can be anywhere. The only constraint is access between the user and the web interface of the PSM and between the PSM Gateway and the servers they wish to reach. This eliminates the need for costly VPNs which also slow down the user experience and decrease productivity. This Zero Trust approach prevents most common malware and hack exploits which rely on network connectivity to the servers they are targeting. In addition, strong adaptive identity verification is enforced and sessions can be optionally recorded as videos for later compliance investigation or verification. In all cases, the password of the privileged credential is never revealed to the end user eliminating the potential for sharing or misuse.
Local Computer Identity Management
Attackers frequently target local computer administrator accounts as a first step in order to gain privileged access to an organization’s IT network. Local admin accounts effectively “own the machine” having full access to all local resources including any databases. This access represents a potential audit risk for regulations such as SOX, HIPPA, PCI-DSS, FINMA, MAS, FISMA, and NERC. Local admin accounts can also serve as a steppingstone to a company’s most valuable network data. EmpowerID inventories your servers to discover, monitor, and control local users and groups including local administrators. Role and attribute-based access control policies control membership to the local administrators group and allow for access requests through the IT Shop.
All privileged identities can be assigned to policies that automate the rotation of their passwords. The EmpowerID system through its connectors resets the passwords in the managed system and update the vaulted information.
Getting Started
/wiki/spaces/EAG/pages/454250793
Overview
Password Vaulting
Privileged Session Management
Privileged Application Launcher
Installing Privileged Application Launcher