Enterprise Random Password Manager™ (ERPM) provides full automation and programmatic orchestration of privileged identity management (PIM) and certificate management.
Every cloud infrastructure can be home to potentially hundreds of thousands of vulnerable privileged accounts:
- Stale, shared and misconfigured administrative logins
- VM and application instances with unchanged default logins
- Poorly secured and easily cracked credentials
The presence of automated hacking tools means that even a small number of improperly secured privileged logins are virtually certain to give hackers free reign on the network – and access to customers’ private data – within minutes of an incursion.
The Solution is Programmatic Control
To keep pace with the demands of cloud service providers and the very largest enterprise networks, ERPM has evolved to a service platform where discovery, auditing and access control can be managed by machines instead of direct human intervention. This new programmatic capability allows you to manage the entire privileged identity management lifecycle via any language or platform, thereby providing PIM as a Service or PIM as a Platform.
With its current release, ERPM provides two separate programmatic interfaces – Web services (SOAP) and PowerShell™ – that expose all aspects of privileged identity management including:
- Privileged account discovery and tracking that is both sufficiently broad in platform scope and deep in terms of account discovery (including discovery and tracking of process and service interdependencies to enable safe, automated changes of any interdependent accounts)
- Propagation of password changes to all referenced locations
- Delegation rules for human and machine access
- Reporting of privileged account activity
- Ongoing detection and decommissioning of inactive accounts as they are removed
The new programmatic interfaces interact with datacenter workflow frameworks such as Microsoft System Center Orchestrator and, in the case of the largest service provider networks, custom in-house frameworks.
Safeguard Passwords and File-Based Secrets
On cloud service provider networks the control and auditing of file-based secrets – including certificates, large binary files and other assets – can prove a daunting challenge. Access lists and even the assets themselves can change more rapidly than human intervention can manage. Fortunately ERPM can deploy, manage and de-provision file-based secrets, regardless of the physical or virtual machine where they reside, through the new programmatic interfaces. This includes passwords, x.509 certificates, large binary files, and other secrets – any identity on any platform.
Choice of Programmatic and Human Interfaces
In addition to its new service platform extensions, ERPM provides both a Windows administration console and a Web browser interface to expedite setup and minimize management workloads whenever human oversight is needed. Regardless of which interfaces you choose, ERPM has proven to deploy quickly and be easy to manage in enterprise and service provider networks consisting of many hundreds of thousands of managed systems.
ERPM orchestrates the full life cycle of privileged identity and certificate management to address the needs of the largest cloud service providers. It’s now possible for service providers to embed security into their existing provisioning process and thereby mitigate risks and achieve compliance objectives.
Contact us to learn more about how Lieberman Software can help you secure your cloud infrastructure.