Overview#Privileged User Management and Privileged user and password management (PUPM) applications are automated encompasses password vault products, fine-grained administrative policy management, and provisioning add-on solutions, all providing efficient and reliable controls for administrator access.
Why it is needed.#Privileged Accounts are the most powerful accounts defined within critical applications and the servers, Operating Systems and databases on which they run. These include, but are not limited to, generic accounts such as Administrator on Wintel platforms, Root on UNIX systems, Cisco Enable, DBA passwords, and the hard-coded passwords found in application scripts throughout an enterprise.
These accounts provide wide-ranging access to the data within the application/system, the ability to view/copy/modify this highly sensitive information, and even the ability to change the access rights to this information.
If the accounts are not properly managed and secured, with the default passwords changed to a strong password, and under a trackable "change control" process/system, it leaves these critical applications and the data they contain vulnerable to deliberate or inadvertent misuse, breaches and potential data theft. It could even allow the control of these applications to be transferred to an outside entity not under control, monitoring or jurisdiction of the target organization.
For this reason, these Privileged User Management are under increasing scrutiny by internal and external auditors to ensure that the organization has the proper controls over the financial IT systems and thus are in accordance with the requirements of Section 404 of the Sarbanes-Oxley regulations.