Privileged Identity Management: Cyber-Ark Expands Into Superuser Access Control Market

Single Solution that Delivers Centralized Audit and Policy Management for All Privileged Accounts

(13.11.09) - When it comes to managing privileged identities, most enterprises have been forced to invest in separate solutions to manage the lifecycle and access-control policies across all shared and superuser accounts, resulting in cumbersome controls, inconsistent policies and audit gaps. With the newest version of its Privileged Identity Management Suite, Cyber-Ark Software expands into the superuser access control market and becomes the first vendor to provide a unified, policy-driven approach for shared-account/software-account password management (SAPM) and superuser privilege management (SUPM).

New features of the expanded Suite include Cyber-Ark’s next generation automatic privileged account detection capabilities, which leverage the company’s unique distributed architecture, to facilitate adherence with important audit and compliance processes associated with SAS 70, PCI, HIPAA, Sarbanes-Oxley and more. The new Privileged Identity Management Suite will be available in early 2010.

Current Standalone Solutions Can’t Evolve with New Audit and Security Requirements

Gaps in current standalone SUPM solutions are due in large part to many organisations’ ongoing struggle with siloed Unix security solutions that only address granular access privileges of superuser accounts at the point of usage. These siloed solutions simply address a portion of the security and compliance challenges that organisations face around superuser accounts and usage. These challenges include management of the superuser account itself and the underlying credentials, plus the need for centralized management, control and auditing on these accounts. Security gaps widen even further when it’s realized that these powerful accounts exist on all systems, devices and applications across the infrastructure – not just on Unix systems alone.

According to Gartner, "because shared and software accounts typically have full superuser capabilities or other "elevated” entitlements, organisations that do not use SAPM tools are more exposed to operational risks, security breaches and regulatory action, which may, in turn, result in business losses and financial and reputational damage.” (1)

To deliver full visibility, control and management for all superuser accounts, privileges and access, and to address gaps in siloed standalone offerings, enterprises require a solution to address both the Unix security capabilities found in SUPM solutions, as well as the shared-account management and auditability capabilities found in traditional SAPM solutions.

Redefining the Privileged Identity Management Landscape

Cyber-Ark’s Privileged Identity Management Suite eliminates the need for separate SUPM and SAPM implementations. The Cyber-Ark Suite is a full lifecycle solution that provides a centralized point-of-control and single user interface for consistent enforcement of common policies across all shared and superuser accounts and their associated activities. Additionally, its flexible privileged account access workflows easily adapt to organizations’ current processes and help support integrated audit and reporting requirements. Cyber-Ark’s single integrated solution provides natural support for combined SAPM/SUPM benefits, including:

· Granular Superuser Access Control: Having a privileged identity doesn’t mean users ought to have unregulated user rights; it’s simply not good policy because it leaves the door open to legitimate access privileges being used for unauthorized purposes. To address this concern, Cyber-Ark allows organisations to easily and consistently adhere to the "least privilege” concept. Specifically, Cyber-Ark provides granular access control to restrict superuser usage to lowest needed privileges, while allowing native operating-system users to elevate to superuser mode on-demand. By provisioning superusers’ rights on an as-needed basis, organizations can granularly delegate access to superuser accounts and better track session activity for auditing purposes.

· Intelligent Privileged Account Detection: Cyber-Ark is introducing its next generation solution for automating the detection process of privileged accounts, including service accounts and scheduled tasks, wherever they are used across all data centers and remote networks. This capability not only dramatically lowers implementation efforts compared to other Privileged Account Management solutions, but also significantly reduces ongoing administration overhead by proactively adding in new devices and systems as they are commissioned. This enhanced auto-detection capability further ensures that any privileged password change is propagated to wherever the account is used, and increases stability and eliminates risks of process and application failures due to password synchronization mismatches.

"We previewed these integrated SAPM/SUPM capabilities at our recent customer event and received enthusiastic feedback from users who have come to rely on Cyber-Ark for innovative solutions that evolve to meet their Privileged Account Management needs,” said Udi Mokady, CEO, Cyber-Ark Software. "As audit and reporting requirements become more complicated, we are committed to developing solutions that strip away the complexity of achieving compliance. By making a significant leap forward in bringing SAPM and SUPM together into a single, integrated and easy–to-use solution, we are delivering 360-degree visibility, control and management of all privileged accounts and identities. Cyber-Ark once again redefines the standard for true Privileged Identity Management solutions.”

(1) Gartner, "Marketscope for Shared-Account/Software-Account Password Management,” June 16, 2009 by Ant Allen, Perry Carpenter

(Cyber-Ark: ma)