Automating System Access

By Robert Grapes  |  Posted 2010-01-18 Print this article Print

2. Automating system access

The multiplier effect of operating a virtual environment and maintaining the access controls of administrators and applications ultimately drives this demand for automation. Attempting to maintain these accounts manually is cost-prohibitive, complex to document and audit, subject to human error, and a continuing security risk through knowledge of passwords.

For the purposes of changing passwords and access management, automated security solutions view the physical machines, VMs, applications and their accounts as target systems. An automated, privileged account management system can change access on a scheduled basis or on-demand. Because a VM can be identified across the network in the same manner as a physical machine, it does not make any difference to a password management solution whether the account under management is on a physical or virtual machine.

3. Allocating dynamic resources for access controls

The account provisioning, re-provisioning and de-provisioning of dynamically created VM instances affords the opportunity to automate and control access to proprietary information. Enterprise management consoles exist to simplify and track the VM distribution and deployment. Yet, these management consoles do not integrate with external tools that will modify the base state of the VM snapshot prior to deployment and instantiation in a production environment. Without the capability to manage the accounts within a "cloned" VM, the likelihood of failing audit concerns for the elimination of shared accounts is very real.

Robert Grapes is Chief Technologist at Cloakware. Robert has more than 17 years of professional experience in the technology sector. Prior to joining Cloakware in 2004, Robert worked at Entrust Technologies as a software toolkit product manager, at Cognos in vertical analyst relations, and at Allen-Bradley as a control systems automation developer. Robert's expertise on enterprise security and Governance, Risk Management and Compliance (GRC) has enabled many government and financial service organizations to meet their audit requirements for PCI-DSS, FISMA, FERC and other regulations. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel