In one of my previous roles as a test analyst, I was primarily responsible for constructing test cases for password management. At the time, I had devised a whole array of possible test cases for password management which included specifications on the length of the password, complexity of the password, frequency for changing password and so on. However a thought struck me. This tedious manual procedure of password management by the administrator or super-user was done to ensure security but where is the security after all? How many permutations and combinations can a human come up with to ensure these passwords are managed and maintained to comply with regulatory standards? But today working in this cyber security space, I can confidently say that you just have to go knocking on the right door to eliminate this monotonous process and get automated password management solutions that is regulatory compliant and at the same time safe, effective and productive.
As a brief introduction, compliance with government regulations has been a major issue most organizations across the world have been grappled with. The ever increasing regulations are dramatically impacting the IT infrastructure as well as business processes. In the past two decades, several laws have been passed compelling organizations across industries to put corporate compliance policies in place. And these regulations have posed major challenges to the IT departments across organizations to ensure strong internal controls protecting privacy and security of critical data.
Interestingly, amongst all of the compliance policies, it was stated by PistolStar in one of their white paper publications that password management emerged as a strategic component for successful compliance. From a CIO or CISO perspective, many have unanimously opined that passwords are not the problem but the behavior for how passwords are managed is. It would suffice to say that adhering to regulations and standards both from the end user perspective and privileged user perspective is fundamental to worthy compliance.
Here is a list of the most common compliance regulations that organizations across industries are required to follow.
- Sarbanes-Oxley Act (SOX- for all public companies)
- Payment Card Industry Data Standards (PCI DSS- especially for credit card companies)
- Gramm-Leach-Bliley Act (GLB- for financial institutions)
- Health Insurance Portability and Accountability Act (HIPAA- for the healthcare industry)
- Basel II Compliance (for financial institutions)
The password management requirements prescribed by these regulatory policies are unanimous and fairly similar with regards to privileged account passwords.
We at ARCON understand the need of the organizations and the nitty-gritties of the regulatory measures. This has equipped us to provide a sound password management solution adhering to the required compliance standards. Our password management solution is an automated tool with customizable features. It generates strong dynamic passwords with an engine that can automatically change passwords for several devices and systems at one go. The passwords are subsequently stored in a highly secured electronic vault with several layers of protection creating a virtual fortress. This ensures a high level of security, compliance with regulations and essentially does away with the mind-numbing procedure of manually changing a gazillion passwords protecting human energy thereby enhancing efficiency in other areas of the business.
Let’s stop blaming the passwords and take measures to change our behavior in managing them better by empowering the appropriate solutions.