Enterprise secure access solution company Bomgar has announced Bomgar Vault to store shared credentials for privileged users and IT vendors. The idea is that rather than share credentials in full with a range of people inside and outside the enterprise you simply grant access to Bomgar Vault which will inject the passwords when required.
The advantage of this approach is that you can change, manage and update the passwords without having to transmit the new password to everyone who needs it. By using the direct injection approach, Bomgar believes that it can reduce the risk of password leakage and better control access. One reason for this is that passwords are only injected via Bomgar’s Privileged Access Management solution.
According to Sam Elliott, director of security product management, Bomgar: “Bomgar Vault makes it easy to uncover all of the privileged credentials within your environment and place them behind a secure wall where credentials are controlled and rotated. System administrators can access those credentials quickly and securely to log into privileged systems while reducing the business’s exposure to malicious attacks or nefarious parties.”
Privileged access still a major challenge
The issue of privileged access has become a difficult one for many organisations. Over time people gain access but as their roles change they rarely lose it. While the use of a password vault doesn’t deal with the need to minimise access, it does reduce the risk of credential loss. It also means that the ability to audit individuals and revoke/grant rights as necessary is a simpler process, especially if they are not internal staff but partners, contractors and external IT support.
Perhaps the most useful part of this for many organisations will be that the automatic injection of passwords during logon takes place through the Bomgar Privileged Access Management (PAM) solution. There will be those who see this as an inevitable upsell of technology and it would have been interesting to see how many customers quickly added this if Bomgar had provided it as a free upgrade to existing PAM users.
One thing that will appeal to a lot of companies is the ability to integrate Bomgar Vault with multifactor authentication (MFA). This further reduces the risk of stolen credentials by requiring multiple sets of information in order to log in. The fact that this is an upgrade option rather than an integral feature is disappointing as Bomgar appears to have missed an opportunity to raise the access bar higher.
This is an announcement that will get a good response from many of Bomgar’s existing customer base and it will be interesting to see how quick the take-up is. By making it separate to PAM they may well have reduced the initial take-up as companies are often loathe to buy additional functionality especially for security products.