One Identity Debuts Safeguard 2.0 for Privileged Account Security

New features in One Identity's hardware platform include privileged session management and support for Amazon Web Services.

One Identity Safeguard

One Identity today announced the release of its One Identity Safeguard 2.0 privileged access management offering, providing organizations with new features to help secure critical passwords.

The new One Identity release is the first from the company since it was spun out on June 1 to become a stand-alone Quest Software business. Quest Software itself was spun out of Dell in November 2016 after being acquired by private equity firm Francisco Partners. One Identity is now mostly operating independent of Quest, except for some back-office operations, according to Jackson Shaw, director of product management at One Identity.

"Things are now going faster at One Identity, and we're able to innovate faster," Shaw told eWEEK.

One area where One Identity has invested time and resources is with the Safeguard platform, which is now being updated. Safeguard helps organizations protect highly privileged accounts, which includes both access control and logging capabilities to monitor ongoing usage, he said.

"Safeguard provides a compliance and audit trail for privileged account usage within an organization," Shaw said.

The Safeguard technology originally came to Quest via the acquisition of e-DMZ Security and its core product TPAM (Total Privileged Account Management) in 2011. The Quest One Identity Safeguard 1.0 platform debuted in May 2016. 

"Safeguard 1.0 was our soft opening and was the foundation and let us go to the market and get feedback for 2.0," Tyler Reese, product manager at One Identity, told eWEEK

One Identity Safeguard is only available as a hardware appliance, and there is no virtual appliance currently available. Reese explained that since Safeguard's job is to handle the most privileged credentials within an organization, One Identity has gone to great lengths to secure the platform.

"Safeguard goes through the same type of hardening that an HSM [Hardware Security Module] goes through," he said. "It's just that we have layered on top all the additional workflow capabilities."

An HSM is a commonly used hardware device for securely storing cryptographic information. The Safeguard appliance is not technically an HSM, though it serves many of the same functions, according to Reese.

"There is no need for an actual HSM because the cryptographic key, the certificates and everything that does the securing of privileged accounts are inside the appliance and hardened," he said.

Among the new features in Safeguard 2.0 are privileged session management for the recording of live credential usage sessions. Reese said there is also integration with One Identity's Starling two-factor authentication platform.

"The integration with our Starling two-factor authentication service provides not only two-factor authentication, but also approvals of requests for both passwords and sessions," he said. 

The One Identity Safeguard 2.0 platform also provides integration with Amazon Web Services (AWS) cloud deployments. Reese said Safeguard 2.0 can manage privileged accounts in the AWS identity store.

"We are looking at supporting Microsoft Azure and Google Cloud Platform moving forward," he said.

One Identity also plans on adding additional integrations for the Safeguard 2.1 release that is set for the end of the year, including one into One Identity's identity and risk analytics engine, Reese added.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.