I was talking to a Centrify customer the other day. They are happily deployed with our Server Suite solution.
“So what new products do you have at Centrify?” He asked.
“We have our new Centrify Privilege Service. It allows you to securely share privileged account passwords in your enterprise. It functions as a vault for your passwords.
I asked him: “What are you using now for that?”
I could hear the phone rustle, it sounded like he was putting his head under his desk with the handset to his ear.
“A spreadsheet,” he whispered.
“HA! I knew it,” I told him.
There are many organizations that still use the “Secret Spreadsheet of Passwords.” It didn’t start out that way, most people just needed a place to put passwords so they wouldn’t forget them. Eventually it grows into a list of hundreds of passwords critical to the company.
It’s also an embarrassing open secret.
The IT guys knows about it because they use it.
Maybe the IT manager knows, but it’s certainly not discussed at the executive level.
It usually lives on a fileserver in a restricted directory accessed by IT staff.
It might even be encrypted. That’s it for security.
Anytime somebody opens it, they can see ALL the user accounts and passwords.
It includes the password to the cell phone service master account. 4 edge router passwords, 8 switch passwords. The root password for all 160 unix servers. The corporate Twitter account, also owned by Marketing, who changed it and didn’t tell you. The corporate Facebook account. The password to the CEO’s home WIFI. The rescue password to the CEO’s Mac. The corporate passwords for QuickBooks, GoDaddy and the Microsoft Volume License service. The Administrator password to Active Directory. 8 Oracle passwords, also shared with the DBA group. 6 Active Directory passwords for 6 service accounts. Plus more passwords for various other services. There’s even some passwords for computers that don’t exist anymore. Everyone is afraid to delete them.
Anytime you need to give someone a password, you read it to them over the phone from the spreadsheet and they write it on paper. After they’re done they are instructed to eat the paper.
They keep it in the desk drawer, but they’re extra careful not to write the userID on the same note.
Until now, any solution to this problem was expensive and/or required hardware solutions installed in your data center.
Take a look at Centrify Privilege Service.
- Store static and managed passwords.
- Restrict access to the passwords to people who need them, instead of everyone with the spreadsheet.
- Require users to “check out” the password before they use it.
- Reset the password after use if it’s a managed password.
- Make a fancy report of who used the password and when.
- Connect to Unix/SSH and Windows servers offsite (remotely) through the Centrify cloud. We’ll open a browser session with an embedded SSH or RDP window connected to your server.
- You read that right, connect to your server from a browser while out of the office. SSH or RDP. No VPN required. We route the traffic through your Centrify Cloud portal directly to your network.