Application Accounts

Improve security for application accounts

Application accounts can take many forms and are scattered all over the network. They include database logins, certificates for software signing, embedded build script passwords, configuration files, and application services. These accounts are used to access critical data and business capabilities, making them prime targets for outside attacks or insiders looking to steal data or cause damage.

Gain Control

Application accounts need to be inventoried and undergo strict policy enforcement for password strength, account access, and password rotation. Centralized control and reporting on these accounts is critical.

Reduce Risk

Embedded application account passwords are very high risk, as they can be viewed by any individual with server access. Sometimes these passwords are encrypted in configuration files (e.g. DPAPI encryption of web.config files), which is a better alternative to storing them in clear text. However, individuals with server access are likely to have the permissions necessary to access configuration files and can reverse the encryption.

To protect passwords used by application accounts, organizations must remove all embedded passwords from scripts, configuration files and source code and replace them with logical tokens and an API that accesses passwords stored in a secure, enterprise password management system.

Logical tokens reduce risk because the password is not exposed and can be committed to source code control and deployed through test, stage and production environments. The appropriate password for the token can be resolved in the correct environment using the API often without any recompilation or code changes to the business application.

  • Key Benefits

    • Control application accounts through a central password repository to enforce consistent policy.
    • Improve enterprise application security by eliminating passwords (both clear text and encrypted) from production environments.
    • Enforce data security policies for password use across test, staging and production environments.
    • Meet audit compliance requirements through complete control of application accounts.

Application Server API

Secret Server provides an extensive Application Server API, which can be used for privileged account management for Windows, Mac, UNIX and Linux systems. Support is included for both Java and .NET, including advanced capabilities for both in-house and third-party ASP.NET applications. Simple access to the vault can also be achieved using Integrated Windows Authentication and username/password/RADIUS if needed through an extensive suite of web services.