Mitigating Risk... Maximising Productivity...
It's common for organizations to implement secure user networks through the requirement of 'strong & long' frequently changed user passwords.
But what about those with access to the very foundations of your network, namely its applications and data? What is the recency and frequency of password changes amongst your privileged users, IT managers, administrators and contractors?
Whilst you may be able to vouch for the honesty of your own team, what about those of your third parties? Do they request password changes to their remote/development log-in everytime one of their employees leaves?
ToroTech offers an unrivalled software solution that;
- Eliminates the need to hard-code passwords within applications.
- Eliminates the need to share passwords with developers and other third parties.
- Eliminates the need to maintain and re-deploy applications due to simple password changes.
- Can provide significant cost savings and increases in productivity.
- Can help your business to mitigate risk of data breaches.
- Can enable compliance with important regulations, statutes and directives (incl PCI DSS, DPA, and DPD 95/46/EC).
Cloakware Server Password Manager (CSPM) is the first commercial Shared Account Password Management (SAPM) tool within the UK. CSPM delivers automated, cost-effective and fully auditable management of priveleged and application to application passwords, enabling organizations to secure their key assets whilst improving system availability and reducing costs.
How much could I save?
As an example of the savings attributed to automated password management, an organization with 600 application passwords could conservatively save up to £1.2m over a 5yr period, using CSPM instead of manual methods, where passwords are changed every 90 days (these savings increase where more frequent changes are made).
What are the key features of CSPM?
The following table
depicts the key features of CSPM.
| Key Features | |
| Centralized, Secure Credential Storage | With
CSPM, application IDs and passwords are stored in a clustered database
in support of high availability environments, and are protected using
the AES algorithm. Centralised storage permits centralised
administration and enforcement across all servers. Centralised password
updating and synchronisation eliminate the potential for server outages. |
| Automated, Secure Credential Retrieval | Only authenticated and authorised
servers and applications are able to make requests for application IDs
and passwords. CSPM goes far beyond OS level authentication by
including checks for the executing application's ID and location,
tamper detection and unique keying material per server. Unattended
servers no longer need hard-coded credentials to gain access to other
servers. |
| Strong Administrative Authentication | The Java Authentication and
Authorisation Services interface, a pluggable authentication module
architecture, enables multiple methods for authenticating
administrators against the CSPM console, including ID and password,
LDAP and RSA SecurID, with the extensibility to add more. |
| GUI & Java API Administration | Ad-hoc and batch loading of CSPM-managed
entities is made possible through a GUI and Java interface. The Java
interface is remotely and securely accessible, permitting the creation
of batch loading utilities, custom administrative interfaces or
integration with other administrative and provisioning tools. |
| Administrator Roles | Enabling the concept of “lowest level of privilege”, CSPM's administrator roles feature allows an organization to delegate the responsibility of managing the CSPM solution without granting unnecessary access to features. Granular roles assignment allows for customisation of the CSPM administrative environment and permits the creation of or integration with administrative process workflows. |
| "Push" Password Synchronisation | CSPM's password synchronisation feature
helps close the loop for password changes and eliminate potential race
conditions and server outages. The “push” feature allows the CSPM
server to take control of password change processing while ensuring
that applications always maintain access to the most current password. |
| Event Management | Event Management brings intelligence to the CSPM system by allowing the CSPM server to communicate tasks with the CSPM clients. Some tasks include: key updates, cache management, update management and more. Events allow the CSPM system to stay current with changes in the system by enabling the components to communicate. |
| Key Management | Not only does CSPM allow your organization to manage the passwords used by your applications but all of the keying materials used to securely communicate these passwords can also be changed regularly. Whether an ad-hoc or scheduled request, it is possible to change the keys on the CSPM server or on any of the CSPM client machines. |
| Broad Platform Support | The CSPM client software is supported on versions of Solaris, AIX, Linux and Windows. There are no platform restrictions on the server that the CSPM client is attempting to connect to. |
| Fault Tolerant Architecture | Database clustering, load balancing and extensible application servers are all included to support system fault tolerance. CSPM includes all the necessary software to create a fault tolerant implementation. CSPM will also operate on a single server for development and test purposes. CSPM Express, our appliance-based solution, includes fault tolerant hardware components like dual LAN, video, power and RAID drives. |
| Update Management | CSPM supports a range of update solutions such as automated, manual, scheduled and OS-specific updating. Real-time updating of the CSPM client software minimises or eliminates any server downtime. |
Reporting | Standard reports are available from the administrator console for:
|
| Back-Up & Restore | Administrator utilities to backup and recover the CSPM database are included to allow integration and scheduling with existing backup facilities. |
What are the benefits?
The benefits of deploying CSPM are numerous, with many specific benefits to various clients depending on sector and size. The following table depicts the initial business and technical benefits to an organization.
| Business Benefits | Technical Benefits |
| Increased Efficiency & Significant Cost Savings | |
| Potential to save millions £ over manual efforts and application outages | Eliminates manual effort / cost to redeploy applications |
| Improved resource utilisation through automation | Enables scheduling of credential changes |
| Automates account credential release | |
| Integrates with deployment workflow | |
| Integrates with multiple languages and platforms | |
| Improved Quality of Service & Performance | |
| Assists with maintaining Service Level Agreements and avoiding financial penalties | Reduces unscheduled server / application outages |
| Eliminates scheduled maintenance for password changes | |
| Delivers performance equivalent to hard-coded passwords | |
| Improves failure notification | |
| Technical environment fit | |
| Increased Security and Adherence to Audit & Compliance Regulations | |
| Assists with legislative recertification | Eliminates password sharing |
| Enables technical compliance to security directives | Enables frequent password changes |
| Eliminates hard-coding of clear text passwords | |
| Supports password policy constraints | |
| Supports re-certification through reporting |
ToroTech are an accredited reseller of CSPM within the UK
