Secure Password Storage
Server and Network Device Passwords Where You Want Them
The first step toward protecting access to critical account passwords is bringing them under management of the Centrify Privilege Service (CPS). By default, your server and network device passwords are securely stored and managed in Privilege Service.
Privilege Service creates an exclusive AES 256-bit encryption key for each tenant used to individually encrypt account passwords before being stored. Passwords are never stored, replicated or transmitted in the clear, regardless of whether the customer installs and manages their own instance of Privilege Service or deploys the Centrify cloud service. Centrify couples these encryption controls with stringent multi-layered cloud security and certifications (such as SOC 2, TRUSTe, and Microsoft Azure certifications that include FEDRAMP, CSA, and G-Cloud) to deliver the best protection for these sensitive passwords from a cloud service.
Privilege Service can also store passwords in a Gemalto SafeNet KeySecureTM key management appliance. If you already have an investment in KeySecure — whether on-site or a virtual appliance in the cloud — or if you need more control over the encryption keys used to protect the passwords, this is an ideal complement to the Privilege Service secure store.
Setup is quick and simple — create a SafeNet KeySecure instance and configuration in Privilege Service, SSL keys, and migrate existing passwords to KeySecure.Privilege Service supports all current SafeNet KeySecure appliance models:
- K460 - with built-in hardware security module (HSM)
- SafeNet Virtual KeySecure — available from leading cloud IaaS providers
- Flexibility in where you store your privileged account passwords
- Simple configuration - password migration between Centrify Privilege Service and SafeNet
- Private keys used to encrypt account passwords are kept under your control
- SafeNet’s dedicated cryptographic processor accelerates operations, improving performance