Secret Server is a powerful, flexible tool which can help your organization meet a variety of compliance mandates, such as SOX, PCI, HIPAA and more. In this article we are going to review several ways you can utilize Secret Server to maintain compliance by securely managing your privileged account credentials.
Centralizing Your Sensitive Information
Before you can start managing your privileged accounts they must be located and stored securely in Secret Server. This means removing them from where they’re currently stored (such as an Excel spreadsheet or personal password management tools) and placing them into Secret Server; centralizing all privileged and shared accounts while providing full auditing of the activity on those accounts.
Compliance tip: This is useful for complying with SOX as it mandates that your sensitive information be stored in a centralized encrypted vault.
You can do this in a few ways:
- Importing. Using a CSV or XML file, you can directly import your data into Secret Server.
- Migration. The Migration Tool imports credentials from several personal password management systems such as KeePass or Password Safe.
- Discovery. With Discovery you can easily scan your network and import Local Windows Accounts and Service Accounts running Web Services.
Setup permissions, access and roles
Once credentials are secured in Secret Server you will want to organize access control for each user and what privileges a user has to administer their accounts. To do so, Secret Server simply utilizes a permission structure reminiscent to that of Windows to easily delegate access to information with a full audit trail.
Compliance tip: This relates to PCI compliance as it mandates an audit be kept of access to network resources.
Permissions allow you to store information from multiple groups and departments while managing exactly which users have access and have been accessing sensitive information.
Role based access in Secret Server can be broken down between different users so that no one user has full control of the system, giving granular control of user ability.
Password creation and regular rotation
A big part of most compliance standards is using strong passwords and updating passwords on a regular basis. Secret Server can automate password changing on a wide variety of devices and accounts.
Compliance Tip: This is an import piece to many compliance standards included in HIPAA regarding regularly changing passwords for credentials.
Passwords can be changed automatically on a fixed schedule or can be set to change immediately. Secret Server also has the ability to report all information that a user has access to and queue them for remote password changing with a few clicks. This is especially helpful for when someone leaves the company and all their credentials need to be changed.
Remote Password Changing can generate passwords for the accounts based on the type of account. With Password Requirements you can specify the length of password, types of characters used, and the frequency that they show up.
These are just a few ways Secret Server can help your organization maintain compliance. Next week we will discuss the benefits of using a SIEM tool with Secret Server.