With PIM (Privileged Identity Management) products, privileged identities can be managed efficiently and controlled comprehensively.
There are many challenges related to the use of privileged identities: they must be available when needed and their use must be traceable. Privileged identities may not fall into wrong hands either.
General problems related to privileged identities can be solved efficiently using PIM (Privileged Identity Management) products. With the system, all desired privileged identities and target systems are controlled efficiently through a single system. This ensures that the privileged identities can be accessed quickly and in a controlled manner through workflows determined for the end users.
PIM products are used to manage existing identities and control the access of several users to them. End users can apply for identities and passwords via the browser user interface. The ID password can also be changed automatically after use, for example, so users do not have unwarranted access to the systems. This ensures that the identities are used by the correct persons and only at the time when they need to be used.
Identities to be managed may include:
- Operating system level admin and root IDs
- Database, application and service IDs
- Equipment IDs, such as telecommunication equipment privileged identities
- Social media IDs, such as the management of corporate IDs for a shared Twitter account or blog, or publication system maintenance IDs
PIM solves general problems related to privileged identities:
- Based on a server-specific policy, target system IDs are available to end users directly from the Privileged Identity Management system based on a server-specific policy. Strong identification can also be linked to the system’s user interface as a requirement.
- Privileged Identity Management allows the complete traceability of the privileged identities. Traceability is a requirement in many standards, such as PCI DSS. In cases with higher data security requirements, it is possible to record all server sessions so that the actions performed on the server can be checked afterwards.
- Passwords for the target system IDs can be determined to change after each session, for instance. Password policies can be determined according to server type or even according to ID.
- When integrated with a separate SIEM system, a comprehensive picture can be obtained about privileged identities in the SIEM system. Integration is also possible the other way around: the server’s password can be determined to change in the case of a specific SIEM alarm.
We help our customers in:
- Preliminary investigation projects and product selection
- Deployment and integrations
- Continuous development and maintenance