Automating System Access
2. Automating system access
The multiplier effect of operating a virtual environment and maintaining the access controls of administrators and applications ultimately drives this demand for automation. Attempting to maintain these accounts manually is cost-prohibitive, complex to document and audit, subject to human error, and a continuing security risk through knowledge of passwords.
For the purposes of changing passwords and access management, automated security solutions view the physical machines, VMs, applications and their accounts as target systems. An automated, privileged account management system can change access on a scheduled basis or on-demand. Because a VM can be identified across the network in the same manner as a physical machine, it does not make any difference to a password management solution whether the account under management is on a physical or virtual machine.
3. Allocating dynamic resources for access controls
The account provisioning, re-provisioning and de-provisioning of dynamically created VM instances affords the opportunity to automate and control access to proprietary information. Enterprise management consoles exist to simplify and track the VM distribution and deployment. Yet, these management consoles do not integrate with external tools that will modify the base state of the VM snapshot prior to deployment and instantiation in a production environment. Without the capability to manage the accounts within a "cloned" VM, the likelihood of failing audit concerns for the elimination of shared accounts is very real.