For companies subject to government or industry regulations like Sarbanes-Oxley, PCI DSS or HIPAA, sending database passwords "in the clear" -- unencrypted, and readable by any network eavesdropper -- spells compliance disaster. Even for companies not subject to regulatory compliance, it's still a security vulnerability.
And as more database admin gets done over the company network, or even by an IT services provider remotely over the Internet, rather than from a console attached directly to the server, passwords are at risk. And, according to Kris Zupan, CTO, e-DMZ Security, a privileged user and privileged access management vendor, most databases do password management in the clear.
To aid businesses in managing this risk, e-DMZ Security has announced a free remote access security tool for password management, for use with the Privileged Password Management module of its Total Privileged Access Management (TPAM) suite.
e-DMZ's TPAM lets companies meet security and compliance requirements associated with privileged identity management and privileged access control -- managing privileged users, access, accounts and rights, as well as monitoring and recording all activities,
The new security feature enables database administrators, including IT staff, contractors, service providers and others doing database administration, to perform password administration over unsecured LAN and WAN connections.
"We had several customers managing passwords for databases" -- and some of these were not directly at the server, but were connecting either from elsewhere within the office, or via the Internet, according to Zupan. "This presented a major compliance issue."
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?