Passlogix®, Inc., today announced the general availability of v–GO® Shared Accounts Manager (v–GO SAM), a simple, secure and audit–ready approach to providing system and application access for administrators, temporary workers, and others who must share account IDs. v–GO SAM drastically reduces the risk that enterprise systems will be compromised by the unauthorized use of privileged accounts. It also provides a cost–efficient way for enterprises to comply with HIPAA and PCI DSS regulations that prohibit the sharing of accounts between users.
For the first time, v–GO SAM equips network administrators with a solution for managing shared credentials that:
- Centralizes shared account storage and control, so that a user must request the use of a shared id that is approved or denied based on pre–established policies. An organization knows every time that a privileged credential is accessed or used.
- Conceals passwords for all shared accounts, so that a user never actually knows the password of an account that is checked out. This prevents the inadvertent or malicious sharing of passwords as well as sabotage by rogue administrators.
- Ties shared account usage to the actual user, so that the actual user of a shared id is known at all times. This facilitates regulatory compliance.
- Consolidates conventional and shared credential management in a single infrastructure. For those organizations that must provide their users with single sign–on and manage administrators´ access to privileged accounts, v–GO SAM provides a common approach to both sets of requirements.
In addition, v–GO SAM is the only shared credential management solution that has the ability to control the actual usage of privileged / shared ids by policy, such as limiting their use to a time window, a maximum number of logons, or specific times and days. It is also the only solution of its kind to require two–factor authentication at the point of logon to ensure that the person using the account is actually the person who was authorized to check it out.
These features close the security gaps associated with shared password management, including those that led to highly publicized incidents in the City of San Francisco IT department and major French bank Société Générale over the past year. In San Francisco, a disgruntled network administrator reset all administrative passwords to the routers for the city´s wide area network, preventing administrators from managing the system. At Société Générale, a rogue trader used multiple shared passwords and accounts to execute fraudulent trades that cost the bank $7.2 billion (4.9 billion euros).
"Failing to adequately manage shared passwords for super user accounts or temporary workers can expose organizations to serious vulnerabilities. This is particularly true for privileged accounts, where an angry administrator can hold the entire network hostage if he so desires," said Sally Hudson, research director, security products and services, IDC. "Passlogix´s ability to keep passwords hidden and control shared credentials within the existing IT framework gives enterprises another option for protecting themselves."
"v–GO SAM offers multiple security, compliance and administrative benefits, including the ability to know who is using what shared account when with absolute certainty," said Passlogix vice president of strategy and product management Stephane Fymat. "For the first time, organizations can identify the culprit if data is stolen, changed or deleted by someone with shared account access. This alone makes it a compelling choice for solving the challenges associated with shared passwords."
With v–GO SAM, a user requiring access to a privileged or temporary account makes an online request to check out a username and password. The request is approved or denied based on the user´s role and group membership in the corporate directory such as Active Directory and/or an approval workflow in the enterprise´s identity management system. The system then issues the privileged account´s credentials to the requestor´s single sign–on client. When the user accesses the desired system, the single sign–on client automatically logs the user on with the shared account without revealing the credentials to the user.
Once expired, the username and password are automatically deleted from the user´s single sign–on client and checked back in to v–GO SAM without the end user ever knowing the privileged account password. Since the accounts are automatically checked in by v–GO SAM without ever revealing the password to the end user, and by policy only one user can check out an account at a time, v–GO SAM establishes a single point of accountability for all activity on the target application.
v–GO SAM is the latest addition to the v–GO Access Accelerator Suite, an integrated set of software solutions that eliminate everyday challenges in sign–on, authentication and provisioning that decrease business productivity. By removing these barriers, the various components of the v–GO suite enable businesses to improve operational efficiency, strengthen enterprise security and regulatory compliance readiness, and streamline identity management deployments.
v–GO SAM is available immediately. For more information, visit http://www.passlogix.com/products/v–GO_sharedaccountsmanager/overview/
About Passlogix
Passlogix, Inc., is the developer of the v–GO Access Accelerator Suite, the leading solution set for speeding user access to applications throughout the extended enterprise by eliminating critical pain points in sign–on, provisioning and authentication processes. With more than 10 million licenses sold, the v–GO suite improves business efficiency, strengthens security and compliance, and dramatically reduces IDM system deployment times. The company´s patented technology - launched in 1996 with the market´s first usable enterprise single sign–on solution - shortens implementation and payback cycles by adapting to any existing infrastructure without the need for custom coding or replacing legacy hardware or software. Passlogix is headquartered in New York City with offices throughout the United States, United Kingdom and Asia. For more information, visit www.passlogix.com
Copyright ©2008 Passlogix. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. For more information please visit, www.passlogix.com.
