One of the major obstacles IAM and vaulting solutions face is the quality of the data they rely on to be effective. It’s a basic tenet of IT security: Bad data in equals bad data out. Understanding effective permissions and user access is critical and far from simple. Additionally, accurate reporting is essential to confirm that the proper accounts and permissions are being on-boarded or secured as intended. SPHEREboard provides the functionality to tackle these challenges head-on.
The Challenges
Large IT organizations have numerous data repositories across various platforms, making it extremely difficult to get an accurate picture of immediate risks and how to properly eliminate them. This information includes feeds from HR, Active Directory, CMDBs, and other books of record, along with the source platform itself (e.g., Windows).
Based on 10 years of professional services experience, SPHEREboard is a purpose-built collection of host connectors that pull relevant user permissions data from across the environment. It adds referential and contextual data for advanced analytics, producing an organized and actionable data set.
Comprehensive Reporting
SPHEREboard reports provide extensive visibility into all privileged accounts as well as those accounts in the local administrators group that aren’t yet vaulted and are actively being used. This approach is ideal for transitioning privileged accounts from having zero visibility to being fully managed within CyberArk.
In terms of Privileged Access, SPHEREboard offers visibility into the three types of CyberArk Privileged Account Instances being managed on a server:
- Managed: The account is managed in CyberArk. The password is either rotated or never revealed to the end-user.
- Vaulted: The account is stored in CyberArk; the password is not rotated and is revealed upon check-out.
- Unmanaged: The account is not in CyberArk.
Steps to Address Risks
Once the risks have been identified and formalized, educated recommendations can be made to IT management to prioritize which items or potential risks should be addressed first.
- Ownership Confirmation & Entitlement Review: Automate the process of having owners attest to accounts and application access across applications, servers, and vaults.
- Review & Update Policies: Review proposed privileged access policies with key stakeholders.
- Communicate Changes to Business: Engage in communications and formalized training to make privileged users aware of changes.
- Remove Human Accounts: Have human accounts re-certified, given access to a vault, and removed from the server.
- Perform Ongoing Reporting & Entitlement Review: Ensure regular reporting on gaps in operational compliance and application owners are certifying access.
Immediate Benefits
Some of the immediate benefits of SPHEREboard’s analysis and reporting include:
- Ensuring all accounts that should be on-boarded into CyberArk are, in fact, on-boarded.
- Significantly reducing the number of local administrators.
- Providing ongoing reporting and visibility into privileged access.
- Ensuring ongoing certifications of individuals who require privileged access.
SPHEREboard helps organizations improve IAM and vaulting reporting, ensuring data quality and accuracy in managing permissions and access.