Vienna, Virginia – (The Hosting News) – September 6, 2006 – Digital asset protection firm, Cloakware Inc., has released a new whitepaper, ”Securing the Data Center: Eliminating the Threat Hiding in Plain Sight,” to address the growing challenge of updating and managing application-to-application passwords.
unmanaged and exposed passwords exist in the data centers of most large organizations, Cloakware reasons, the increasing frequency and growing impact of insider attacks, as well as more demanding regulatory compliance requirements, requires that IT organizations confront the risk, and address the ”threat hiding in plain sight.” In data centers worldwide, it is common practice to hard-code passwords and userids in applications. Auditors and IT groups knowingly allow application-to-application (A2A) passwords and userids to remain shared among administrators, developers and contractors.
An application, unlike a human, does not have the capability of entering a password through a keyboard nor is it able to authenticate using a second factor token. Therefore, these applications must authenticate using a stored password. Typically, these passwords are hard-coded into the application or script, or are stored in a configuration file. This paper reviews the security risks associated with hard-coded passwords. Readers of this whitepaper will:
* Gain insight into the security vulnerability that lies on every server
* Learn why IT organizations struggle with application-to-application access controls
* Master the security challenges beyond access controls
* Learn how to secure the data center through application password management
* Discover solutions for secure centralized password management for application servers
Jeff Waxman, Chief Executive Officer at Cloakware explained, ”The pressing need to address User Identity Management has deflected attention from another use of userids and passwords; the practice of hard- coding passwords into applications so that an application-to-application or application-to-database connection can be established. Research has shown that approximately 90 percent of data center application authentication remains password-based. Considering that these hard-coded passwords are ”in the clear,” are known by many, and are rarely changed, organizations must be concerned about the risks associated with continuing this practice.”
Cloakware is a provider of products and services to protect digital assets. The company’s software protection and anti-tamper solutions were developed to protect software, media, passwords and data from piracy and unauthorized access and use. According to Cloakware, its solutions are on hundreds of millions of devices, protecting the assets of some of the world’s largest, most recognizable and technologically advanced companies. Partnering with Microsoft and in collaboration with Intel, Cloakware provides services to consumer electronics and Fortune 1000 companies and Federal agencies all benefit from reduced development costs, improved time to market and mitigated risks. The company is headquartered in Vienna, VA, and has offices in Ottawa, Canada and the UK, and regional sales offices throughout the US.
To learn more, please visit: www.cloakware.com/whitepapers/082706/.