Take a pick – Cloud or Premise for Root Password?

Cloud technology has come a long way. As businesses express their concerns over security considerations in a cloud environment, cloud operators come up with a befitting solution. Examples of this proactive approach include Single tenancy on (private) cloud, Bring Your Own Encryption (BYOE), Ensuring Data in Motion, …

These are in keeping with the trends in the computing technology and these benefits are rightly extended to the Identity and Access Governance sphere. So while all the noise is being created over cloud is safe, why not take the next step and talk about Privilege Account Management and relating it to Cloud.

Here is a question – where must your IT Admin’s root password be?
Take a pick – Cloud or On Premise. Before you proceed, take a moment and to assess the pros and cons.

Management of Privilege Accounts through Cloud technology

Benefits in terms of automation, just in time access and keeping the IT admin to police the system on 24x7 basis

Privilege users cover a range of users – traditional, outsourced or offshore IT, support and development, and users coming through merges &acquisitions… Therefore in contemporary business environment, privileged users go beyond the perimeter of your organization. Given distributed locations and devices the efficacy of root accounts (privilege accounts) can be hampered if servers, network equipment and applications deployed are limited through physical space (read on-premises).

Privilege Accounts need to ensure continuous access to data. They are important shared accounts and there is always an information risk and limited access challenge. Lot of questions around area of compliance –Industries – technology in order to ensure continuous access to data.

Based on a webinar Organised by our Technology Partner Centrify to explore current trends in Privileged Identity Management (PIM) here are important questions to manage your root password on cloud:

  1. Are we holding ourselves hostage to the sensitive area of information breach? Managing Privilege Accounts in a unified and automated way requires access beyond physical infrastructure. Sensitive passwords needs to be readily available and network forensics must be enforced.
  2. Is the old fashioned way – login through sensitive credentials is insecure? The Privilege Accounts are shared accounts and companies resort to physical envelops (yellow sticky, excel spreadsheet displayed inside the sever room allowing easy gateway for access to unauthorised users. This is often not auditable, not enforceable, no visibility of control, relies heavily on people in the system.
  3. Do you approach scale and reach of IT operations in a proactive or reactive manner? User accounts devices, mobile devices, laptop, desktops, et al are used to access an organizational systems in a global state. Data centres are to be integrated to assume 24×7 coverage across in a cross-access structure. Prospects, vendors, partners, clients – want access to shared accounts. Have to have one source for Privilege ID and shared id and recoded access (location, device, user, etc.).

Owing to the concerns emanating out of these questions, a huge shift has been seen in the space of root passwords. From a believably highly secure and of limited reach was on premise, now it is safe to shift to cloud.

Since the mandates a cloud based solution, easy to manage. Don’t have to hand out laptop or login devices. Enforcement detection is easier, Cloud service will see much diverse traffics, a baseline to see what commands are used.

Do you wish to learn more about suitability of Privilege Account Management on Cloud for your organization?


About the Author

Avancer Corporation is a systems integrator focusing on State of Art Identity and Access Management technology. With over a decade of experience of integrating IAM solutions for world’s leading corporations we bring you some insights through our articles on Avancer Corporation’s Official Blog


No comment yet.

Leave a Reply

Your email address will not be published. Required fields are marked *

Reload Image