Do You Handle Password Spreadsheets?
President & CEO
We all know that the number one password management solution
is the trusty sticky note. You write down your complex password on the
and then hide the note in a place you can find it (hopefully not on
The second most popular way to store commonly used
credentials (such as root, administrator, sa, etc.) is to put them all
spreadsheet and then share that spreadsheet with those that need access
credentials on the spreadsheet. For better security, some companies
different spreadsheets for different parts of the organization.
Why Do Auditors Hate Password Spreadsheets?
Spreadsheets drive your auditors crazy because there is no
way to know who has seen the
passwords on the spreadsheets, when
they saw the info, nor is there generally any way to control
access to part of a spreadsheet, much less track when/if
passwords get changed.
Why Support Password Spreadsheets If We Have
Full Password Automation?
Simple: not every
company is ready or can afford to switch over from spreadsheets to a
automated privileged identity management.
Many companies need to migrate off of publicly shared
password spreadsheets, to something that is more secure, and then have
to automation when they are finally ready. IT budgets, resources, and
may be limited, so the best solution is to migrate the spreadsheets to
solution to meet minimum regulatory requirements, then move up to an
Password Spreadsheet Manager
At the Gartner
Identity and Access Management Summit on 14 September 2011, we
new product offering known as Password Spreadsheet Manager
PSM allows you to seamlessly import your spreadsheets in
minutes to a safe, secure and encrypted database (Microsoft SQL Server
Oracle 11g) that provides easy web based audited and delegated access
rows in your formerly shared spreadsheets.
How is Password Spreadsheet Manager
Different From Competitor’s Products?
Our objective was not to create another “secure” file
vault - these suffer from the same flaws as a shared spreadsheet: lack
detailed spreadsheet row level tracking. Without detailed row-level
the solutions from competitors provide little improvement over
kept on Microsoft SharePoint.
take the insecure and prevalent methodology of shared password
convert it into a row-level secure and auditable shared database with
the scalability, security, and broad systems integrations you would
an enterprise quality application.
PSM provides all of the things you need for security such as
workflow approvals, multi-factor authentication, role-based
integrations to trouble ticket systems, loggers, and SIEM systems. This
product also integrates with the products of
our privileged user management (PUM) and session monitoring partners
including: FoxT, Balabit, ObserveIT, and Viewfinity.
A Path To The Future
Converting from insecure password spreadsheets to PSM allows
you to quickly provide secure access and management to shared
on your industry, it may be necessary to regularly change credentials,
as immediately after disclosure or employee turnover. With PSM, the
changes must be done manually as required using either labor or
When a customer wishes to automate the local password change
process after disclosure, PSM can be upgraded to our Random
Password Manager product. If you have the more complex
scenario of changing not only credentials, but also where they are also
the middleware/application stack, you can upgrade to our flagship
identity management product: Enterprise Random Password Manager.
What do you think? Email me at: email@example.com.
You can also follow me on Twitter: @liebsoft
or connect with me via LinkedIn.