Project Overview

System administrators maintained a poorly protected database of privileged account passwords for multiple systems with only partial accountability. Furthermore, the passwords changed infrequently and new passwords could be created but not entered into the current database of passwords.

Business Exposure

Privileged access without accountability could allow a system administrator to perform malicious actions against her employer’s most critical systems without the ability to identify who performed such actions. Uncoordinated password management actions could lead to critical system downtime.

Project Objective

We implemented a means for restricting the creation of privileged system administrator accounts on our customers’ systems, ensuring accountability when privileged system administrator accounts were utilized, and automated immediate password aging once an account was used with an interactive session.

Business Benefits

By maintaining better control over the creation and use of privileged system administrator accounts, it sharply decreased the likelihood of accidental or purposeful disruption of critical IT services.