Contact Us

The form could not be loaded. This is most likely due to strict tracking protection in your browser.

Thank You!

Thanks for taking the time to learn more about Centrify solutions. When you are ready for a hands-on evaluation, just request a free trial.

Is a Vault Enough?

There Are Two Sides of the PAM Coin

Password vaulting is one. Privilege Elevation is the other. A vault is a first step in protecting your company from Identity-related data breaches. Here are some key insights on why you must go beyond simply implementing a vault to strengthen access to your critical data.

6 Reasons to Go Beyond a Vault. A Vault Alone...

  • ...does not reduce your attack surface.

    Reduce Privileged Accounts

    Vaulting privileged accounts increases operational overhead and neither reduces your attack surface nor promotes zero standing privileges.
    Eliminate as many privileged accounts as possible via Identity Consolidation and vault the rest to reduce risk and comply with regulations.
  • ...perpetuates the use of anonymous shared privilege accounts.

    Least Privilege with Privilege Elevation

    Who is “root”? Who is “administrator”? Using such anonymous accounts impacts compliance reporting and incident response.
    Only use shared privileged accounts for emergencies. Least privilege with privilege elevation at the host level ensures 100% accountability.
  • ...protects the accounts, not the machine.

    Protect with PAM Security Controls at the System Level

    Sensitive data lives on machines. Vaulting protects access to local machine accounts, not to the machine itself, increasing risk.
    Deploy PAM security controls at the system level to allow the machine to defend itself and validate use of “legitimate” credentials.
  • ...does not control activity on the host.

    Control Activity with Privilege Elevation

    Once a vault hands over a privileged account password, the user has the keys to the kingdom and can do anything. This is full trust, not Zero Trust.
    Privilege elevation with least privilege constrains user access based on job function and conforms to a Zero Trust model.
  • ...does not support MFA at the server for compliance.

    MFA Everywhere

    MFA at the vault does not satisfy regulations that require system-level MFA at login to the server.
    MFA at system login and privilege elevation reduces risk and aligns with (e.g.,) PCI-DSS.
  • ...has limited visibility to on-server activity.

    Audit and Monitoring at the Host

    Vault-level intel is weak. Also, if an attacker circumvents the vault, IT and Security teams have zero visibility.
    Audit and monitoring at the host provides 100% visibility plus forensic-level detail at the shell and process levels.

Learn More About Centrify Vault Suite