Protecting Shared Social Media Accounts

Recently I was asked by a large bank to help them solve a problem with meeting the burden of the FEEIC regulations as it pertains to social media. Essentially the regulation covers communications about the bank’s financial products by the bank. The bank wanted to make sure that an employee could not make any social media posts after they have transitioned from the bank and that all accesses of the application were audited.

The CTO told us that the bank is going to embark on a new social media strategy using Twitter, LinkedIn, Facebook, Snapchat, Pintrest and Instagram. And these will be dedicated corporate user accounts rather than personal accounts. The CTO had read that this is the year of the security breach with passwords being the issue; so protecting access to these accounts is critical. The bank tried to do this on their own but quickly realized that social media applications are designed for individual users and don’t have built in functionality to use these accounts with corporate user directories.

The bank came to the conclusion that these accounts will have to be shared between many users. The problem just got way more complex. If many users have a shared password and they leave the company how can secure access to those accounts be guaranteed without disruption to business?

This was a different problem than the problem of shared accounts on the server side. We had already provided a solution to the bank for that problem. In the end we recommended Centrify for SaaS to provide access to applications based on role membership. Application specific policies were defined to obfuscate the credentials from the end users. The credentials are securely stored on the Centrify Cloud service and are encrypted in transit and at rest. When a user needs to access the application the password is securely replayed and the user logs in to the application.

With Centrify, the end user as a bonus gets a single sign-on user experience without ever knowing the username and password. We met the burden of FEEIC audit requirements by utilizing the built in Centrify for SaaS reporting engine. The bank can now transition users from the company by simply removing the user from that role without any disruption to application usage, and enforce password complexity and aging on the back end to meet the internal password policy requirements.

Below is a sample screenshot of the account mapping section available when defining apps with Centrify for SaaS and a screenshot of some of the reports that were created. For more detailed information application configuration options be sure to click Configuring Applications.

User Account Obfuscation