Software: Password Manager Eliminates Application-to-Application and Privileged Password Risks
Cloakware Inc., a security solutions provider that makes security inseparable from software, has announced the immediate availability of Cloakware Server Password Manager 3, the first and only commercial solution to automatically and securely manage passwords that connect administrators to critical network infrastructure and hard-coded passwords that connect applications to other applications. CSPM 3 meets the needs of even the largest, most regulated companies.
Organizations worldwide face pressure from commercial and federal legislation that either indirectly or explicitly requires all passwords within an enterprise be managed and changed on a regular basis. In addition, organizations struggle to secure shared privileged passwords that grant IT administrators and other insiders or contractors access to critical assets.
CSPM is the first commercially supported product to provide comprehensive management of both application-to-application (A2A) and privileged administrator passwords. CSPM 3 now supports a broader set of server, agent and target platforms and supports most target applications. With CSPM 3, organizations improve compliance, protect confidential data, decrease system downtime and lower operating costs across the enterprise.
"In too many organizations, too many users have permanent and full superuser, root or administrator privileges, a gaping vulnerability that exposes mission-critical systems to accidental harm and malicious activity," said Research Vice President, Ant Allen in Gartner's January 2007 report, "Toolkit: Password Management Tools for Shared Accounts and Service Accounts."
Moreover, "a similarly significant vulnerability arises where application-to-application (A2A) or application-to-database (A2DB) communication involves a service account on the target. The report went on to state, "Because shared passwords for shared accounts and hard-coded passwords for service accounts risk significant exposure, especially in the context of regulatory compliance, auditors will continue to target them aggressively during the next two to three years."
Enterprises of all sizes have thousands of unattended A2A and administrator passwords that are rarely, if ever changed. In some cases, IT administrators are not even aware that A2A passwords exist since they have been hard-coded into applications. Securely managing, updating and changing these passwords can be an expensive and time-consuming process and is nearly impossible to manage if done manually. CSPM 3 is a commercial off-the-shelf (COTS) solution that seamlessly integrates with existing configuration/change management systems and performs across current and legacy systems.
CSPM 3 streamlines the password management process with an enhanced user interface as well as the ability to manage a much broader number of target applications.
CSPM now manages passwords for Windows Administrator and Windows User accounts, in both Domain and non-Domain environments. This allows administrators to manage administrative passwords for virtually all types of operating systems.
In addition to managing the Windows passwords under which Services operate, CSPM updates Windows Services to use the updated passwords providing secure, managed and seamless continued Windows Services operation.
CSPM now supports Active Directory (on Windows Server 2000 and Windows Server 2003) as a managed Target Application. This extends the functionality previously available through Lightweight Directory Access Protocol (LDAP) management into the Windows Active Directory space, supporting commonly used password management frameworks.
CSPM 3 provides the Extensible Password Management Framework, a "socket" into which plugins can be added to CSPM, extending the number and type of target applications that can be managed by CSPM.
"In recent years, organizations have focused attention on desktop passwords, overlooking the more powerful elevated privileged passwords that protect their networks and proprietary information," said Jeff Waxman, chief executive officer at Cloakware. "CSPM is a powerful solution that improves overall efficiency, security and compliance for corporations and can potentially save millions in costs by eliminating manual updates of A2A and privileged passwords."
Cloakware is a security solutions provider that makes security inseparable from the software it protects. From applications and databases deep inside corporations, to consumer devices like music players, to military weapon systems-more and more software applications need to protect themselves from unauthorized user access, reverse engineering and tampering.
Add This Article To:
Comments