IBM Security Identity Governance and Intelligence (IGI) integrates with IBM Secret Server for automated lifecycle management. Implementing PAM can’t be treated as a standalone project. It requires automated identity governance capabilities to prevent issues that would otherwise emerge over time: entitlement aggregation; users with an ever-expanding collection of access to privileged accounts as they change roles, jobs and departments; limited visibility into shared passwords; and so on. Integrating IBM Secret Server and IBM IGI helps prevent toxic combinations of access through a holistic view across both privileged credentials and normal business user accounts. IBM Secret Server securely stores and monitors privileged credentials in an encrypted vault, while IBM IGI ensures that users’ access levels are compliant with regulations and free of SoD violations.
Avoid access combinations that lead to risk
While PAM solutions give you a simple way to know who can access and use privileged accounts, you still need visibility and insight into the unique combination of privileged access each user has. A user with a “toxic” combination of access presents a risk to your organization.
Imagine that one of your users has access to an application that uses a database to store its data. What if that user—unknown to you—also had access to the privileged account necessary to manage the database? They would have the ability to edit the database, thereby circumventing the business and authorization controls of the application. And if the user had privileged credentials to manage the OS, then the auditable trail could be cleared.
Automate recertification campaigns
IBM IGI lets you run certifications to automatically trigger access reviews and gives managers business-friendly information to help with the attestation processes, free from cryptic IT jargon that could otherwise result in bulk approvals.
Integrating IBM IGI with IBM Secret Server extends certification controls to include privileged users as well as non-privileged business users. You can replace error-prone manual processes with an automated recertification process that makes it easy for approvers to better understand what it is they’re actually approving.
Recertification campaigns will help you prove compliance while maintaining clean, healthy and appropriate access to privileged and non-privileged applications.
The benefits of integration
When you integrate IBM Secret Server with IBM IGI, you:
- Avoid entitlement aggregation and ensure continuous access management
- Easily prove compliance through recertification campaigns
- Avoid risks and toxic access combinations through SoD controls across privileged and non-privileged users