Enforcing Security for Confidential and Secret Information is Essential

Companies Can Gain Competitive Advantage by Sharing Sensitive Information Outside of the Corporate Boundary

(16.04.08) - There seems to be hardly a week that goes by without the news that yet another organization has become the victim of Privileged Identity Theft. Recently there has been the case of Harold Boomer, from the US who has just started a 10 month sentence in prison without parole, and who has to pay a fine of $24,000 to Midwest Technology Connections. On his last day at work he created an administrator account that gave him complete administrative access to the network so that he could monitor the e-mail accounts of key employees. He also admitted that he placed hacking software on the systems, and that he had access to all of his former employer's customer data! And this is not an isolated incident. In a survey conducted in the UK last year over 30 percent of those taking part admitted that they could still access privileged systems at former employers because passwords were not being changed.

Then there’s the case of Heinrich Kieber, who used his privileged position within IT at LGT Group to gain access to the privileged customer data which he has since sold to the German and UK Tax Authorities. These and many more similar incidents demonstrate that an organization should never underestimate the potential damage in case of exposure or loss of confidential data, and the significant risk posed by IT staff.

Enforcing Security for Confidential and Secret information is essential. For example, data that can result in a negative impact on a company's operational effectiveness; can cause financial loss; provide a significant gain to a competitor or cause a major drop in customer confidence must be protected. And although Cyber-Ark's Enterprise Password Vault for privileged password management and application password management is an important aspect of providing protection, it is only a part of the solution. Not only do you need to control who has privileged access, but you also need to control what they have access to. This is where Cyber-Ark's vaulting technology provides a unique combination of password and data access control.

Cyber-Ark’s Inter-Business Vault provides a Cross Enterprise Data Exchange Platform for Highly-Sensitive Information for easily, efficiently and securely connecting customers, business partners and suppliers to the enterprise.

According to Jay Heiser from Gartner, "Companies can gain competitive advantage by sharing sensitive information outside of the corporate boundary… Increasingly, we are seeing previously closed corporate networks being opened up to external parties such as suppliers, customers and even competitors…" However he goes on to say that "Traditional security mechanisms provided by the operating system or network are just not suitable for meeting this kind of need…" F. Kenney at Gartner says that ""Managed File Transfer happens everywhere in the organization and that Cyber-Ark can provide it as a central point, and no one that he know does what Cyber-Ark can do."

In a business environment where the transfer of information is increasingly time-critical, and the traditional approaches such as FTP and PGP (or any other form of secure e-mail) are awkward to manage, often lacking the security mechanisms that sensitive data demands, or requiring excessive management, Cyber-Ark is providing a secure and flexible solution that fits any enterprise.

The Cyber-Ark Inter-Business Vault provides a solution that can be deployed in a matter of days and that guarantees:

· No internal network exposure of sensitive data

· Secure location for intermediate storage

· Protection of Data at Rest, including IT staff

· Automatic and Transparent Key Management

· Protection from data deletion, data loss

· Protection from data tampering

· Variety of Interfaces for both manual and automatic file transfer procedures

· Auditing and monitoring

· End-to-End network protection

· Protection from Malicious Content and Viruses

· Built-in Digital Signing and Verification

· E-mail Notifications

· Integration with existing business processes

· Application Identity Management Demands Increasing

All IT environments have many applications that access multi-platform resources (i.e., databases) to feed, store and retrieve sensitive information. In order to access these resources, applications and scripts use service accounts created on the resource (locally or globally) to gain "read" or "read/write" permissions to the data.

Application credentials are often stored in embedded form in the application code, or in a configuration file, usually in clear text that is visible to a large audience. Passwords are typically given to developers and support engineers by DBAs verbally and in an unsecured manner. Since these passwords are widely known, this gives users direct access to sensitive production databases with higher privileges than their regular personal user. This bypasses the normal access control mechanism enforced by applications and can result in a major vulnerability to the enterprise. Additionally, these generic IDs limit the ability to audit and provide personal accountability for users who access the database.

Hard coded passwords also limit the ability to change passwords on these resources making them static and permanent. To change the password of a database account involves synchronizing the password manually on all the applications that use this account for authentication. This includes changes to application code, compilation, and in some cases a long process of transferring the code from development to QA and then to production, which may require downtime of a critical application. Moreover, many applications often share the same database account, further compounding the problem.

The Enterprise Password Vault provides applications with easy-to-use tools to access the on a variety of platforms. For most commercial application servers such as JBOSS, Oracle, Websphere, etc., no code changes are required and the solution is supported on Windows and *NIX platforms. (Cyber-Ark: ra)