SECURE APPLICATION ACCOUNTS
Protect application accounts from malware and insider threats with Thycotic Privileged Access Management solutions
WHAT’s the challenge
All kinds of business applications these days need to automatically connect to various systems, databases, and other applications, and must be authenticated using privileged credentials to access them.
WHY it’s important
In many cases, privileged credentials are embedded in clear text, hard-coded in the software, or stored in plain-text on local machines. This poses a significant risk whereby application credentials are exposed to hackers or malware.
HOW we solve it
By delivering comprehensive Privileged Access Management and Security solutions, Thycotic helps protect, audit, and manage application access to secure your build environment and protect privileged passwords.
VIDEO: Why Adobe automates and protects their build environment with Secret Server
PRIVILEGED PASSWORD MANAGEMENT
Application accounts can take many forms and are scattered all over the network. They include database logins, certificates for software signing, embedded build script passwords, configuration files, and application services. These accounts are used to access critical data and business capabilities, making them prime targets for outside attacks or insiders looking to steal data or cause damage.
Secure application access to privileged account credentials
Application accounts need to be inventoried and undergo strict policy enforcement for password strength, account access, and password rotation. Centralized control and reporting on these accounts is critical.
Embedded application account passwords are very high risk, as they can be viewed by any individual with server access. Sometimes these passwords are encrypted in configuration files (e.g. DPAPI encryption of web.config files), which is a better alternative to storing them in clear text. However, individuals with server access are likely to have the permissions necessary to access configuration files and can reverse the encryption.
To protect passwords used by application accounts, organizations must remove all embedded passwords from scripts, configuration files, and source code and replace them with logical tokens and an API that accesses privileged passwords stored in a secure, enterprise password management system.
Logical tokens reduce risk because the password is not exposed and can be committed to source code control and deployed through test, stage and production environments. The appropriate password for the token can be resolved in the correct environment using the API often without any recompilation or code changes to the business application.
Leverage Secret Server’s Application Server API for major platforms
Thycotic Secret Server software provides an extensive Application Server API, which can be used for privileged account management for Windows, Mac, UNIX and Linux systems. Support is included for both Java and .NET, including advanced capabilities for both in-house and third-party ASP.NET applications. Simple access to the vault can also be achieved using Integrated Windows Authentication and username/password/RADIUS if needed through an extensive suite of web services.
- Eliminate embedded application passwords and SSH keys to protect application credentials and help demonstrate compliance.
- Secure application credentials and automatically rotate passwords.
- Help ensure access only to trusted applications.