SOX News

SailPoint and Cloakware Partner to Strengthen Identity Controls for Privileged User Accounts

(June 12, 2008)-- SailPoint Technologies, provider of identity risk management software, and Cloakware, the
security solutions provider that makes security inseparable from software, announced a technology and business partnership that will allow enterprises to better protect their critical business applications and data
through strong management and monitoring of privileged and application-to-application accounts.Many organizations fail to adequately manage privileged or application-to- application (A2A) passwords which guard access to an organization's most sensitive information such as customer and financial data.

Privileged passwords are typically managed using manual processes and are hard to audit due to the anonymous nature of the accounts (in that they are not associated with a specific user). A2A passwords tend to proliferate and are often unmanaged. These passwords are known to developers and contractors and
are visible in plain text inside scripts, applications, and server configuration files. Many IT groups knowingly allow A2A passwords and user IDs to remain unchanged for months or even years, creating a security risk.

"The increased emphasis on compliance has raised concerns about privileged accounts to the highest levels of the organization," noted Mark Diodati, Senior Analyst at Burton Group. "These accounts can bypass most
security controls to breach data, and remain a focal point of the insider attack. While privileged password management products are valuable -- and arguably essential -- for most large organizations, additional controls are needed. These controls include holistic policy management and 360 degree auditing."

The solution combines SailPoint Compliance IQ and Cloakware Server Password Manager (CSPM) to more effectively meet the requirements of regulations such as SOX, PCI, and HIPAA and to reduce the risk of data
breaches, fraud, or loss of intellectual property. Using strong analytics and data mining capabilities, Compliance IQ provides organizations with an enterprise-wide view of user access privileges and the ability to apply automated controls and policy to user access. Cloakware CSPM eliminates the need for shared accounts by securely storing privileged user ids and passwords in a central repository and maintaining complete control over the use of privileged accounts by IT personnel. The partnership between SailPoint and Cloakware gives organizations an out-of-the-box solution that eliminates the need to build custom integration
and speeds time-to-deployment, providing four key features:

-- Access Certification and Remediation - incorporates privileged user accounts into Compliance IQ's automated workflow for access certification. A decision to revoke or modify privileged account access triggers a request from Compliance IQ to Cloakware Server Password Manager to restrict the allocation and ongoing use of that account by that user.
-- Policy Checks - enables Cloakware Server Password Manager to query Compliance IQ to determine if granting privileged access to a user will violate any identity governance policies such as Separation-of-
Duty. This capability allows organizations to implement "preventive compliance" by checking policies before credential changes are introduced into the IT environment.
-- Privileged User Monitoring - correlates Cloakware Server Password Manager's comprehensive log of how workers are using privileged accounts with the identity data in Compliance IQ, providing a holistic view of how privileged access is being used across enterprise resources.
-- Risk Modeling - factors the privileged account data from Cloakware Server Password Manager into Compliance IQ's identity risk model to calculate a unique identity risk score for each privileged user. The
solution can also assign risk scores to application and system resources based on the number of privileged user and application-to-application accounts that reside on that resource.

Share or bookmarklet this web page at: