Our patented Digital Vault provides premier security.
Securing Application Credentials
Managing credentials for application-to-application authentication poses security, auditing and administration challenges. When an application server, single software application, script or any type of batch process is required to connect to a database, remote server or to another application service - a privileged user name and password are required and are therefore made available to the application. These credentials are most often stored embedded in the application code, or in a configuration file, many times in clear text visible to a large audience. As a common example, most business applications need stored credentials to interact with a database in order to process information or provide an interface to end users.
This challenge identifies a security gap and significant risk, often captured by auditors, where these sensitive database and application ID passwords are widely known and accessible to developers, help desk engineers and others. Additionally, these are generic IDs limiting the ability for audit and personal accountability of the person accessing the database.
Hard coded passwords also limit the ability to change passwords on these resources making them static and never expiring. Changing the password of a database account requires synchronization with all applications using this account for authentication. This poses serious security risks and clear violations of compliance regulations as these powerful, embedded passwords are gradually becoming known to dozens of unauthorized personal across the organization, including ex-employees and external sub-contractors.
Cyber-Ark Software provides the only Application Password Management solution in the industry that fully addresses the problem of application-to-application password management. Cyber-Ark’s Vaulting® Technology eliminates the need to store application passwords embedded in applications, scripts or configuration files, and allows these highly-sensitive passwords to be centrally stored, logged and managed within the Cyber-Ark Vault. With this unique approach, organizations are able to comply with internal and regulatory compliance requirements of periodic password replacement and monitored privileged access across all systems, databases and applications.
Integrating the database application access with the secure Enterprise Password Vault® provides a complete solution for centrally managing privileged passwords. This provides auto-replacement of privileged database passwords and automatically synchronizes the relevant business application with the new password values.
The Application Identity Manager™, provides a complete infrastructure to centralize the management of credentials to resources and managing these service accounts, including
- The removal of passwords from all scripts and application code making them invisible to developers and support staff.
- Encryption - all passwords are encrypted both while at rest in the Vault and while in transit to the requesting application.
- Access Control - using the Vault's access control security layer, access to the passwords can be controlled down to the application level.
- Accountability - Each transaction in the Vault is logged providing auditing and accountability for each request for a password.
- The ability to change passwords on demand and according to the enterprise policy without any interruption to production or need for development/testing and IT support.
- High Availability, Redundancy and Business Continuity - no downtime for applications.