Effective password policy is needed to prevent the passwords from being guessed or cracked. The password policy covers the passwords of all types via passwords of users, systems, databases, applications, etc.., while the password policy can be enforced where they are used frequently and by users, it is difficult to enforce for the passwords used in application to application communication. This article talks about the challenges and possible solution to eliminate embedded passwords in application.
Credentials used for application to application (A2A) authentication are typically hard-coded or embedded in the configuration files of the applications. These credentials, including SSH keys are easily sought after and can be potentially exploited by cyber attackers when left
…show more content…
• Local cache of credentials: To provide high availability, the credentials are cached on the server that make it independent of network availability.
• Multi-platform support: The products usually support applications on multi-platform.
Benefits
• Mitigate Threats: The critical business applications are secured by eliminating embedded passwords in applications, scripts and configuration files. By eliminating embedded passwords, both internal and external threats can be mitigated.
• Ensure Business Continuity: Caching of passwords locally on servers provides High Availability and reliability to reduce the risk of downtime to applications.
• Reduce Manual Process: Automate the management and rotation of application credentials to reduce the IT operational resources required to secure application passwords and SSH keys.
• Meet Audit and Compliance Requirements: Comply with internal and regulatory requirements for regularly changing application