The present invention relates generally to the field of computer security, and more particularly with credential management in a distributed computing environment.
Electronic “credentials” are data objects utilized within networked computer systems utilized for various security purposes, such as identification and/or authorization. Credentials are utilized by a networked computer system to authenticate human users and other computing systems, such as servers. Credentials are used to control access to data and other computing resources, such as licensed software. Access to sensitive activities, such as modifying configuration files at a system resource, is oftentimes restricted to a particular group of physical users, such as IT administrators, having root access. Such users may login as a privileged user, such as the root user, using a password dedicated to the root user account. Credentials of other users and/or computer systems can be tailored to have restricted access levels, such as read-only or read/write but not update or delete.
Organizations face increased pressure of maintaining regulatory and/or corporate policy compliance. To prove and maintain compliance, management of credential can include which users have access to an account, the purpose for which the account is used, and the auditing of the administrative activities while the account was being used. Compliance auditors will ask for proof that these activities are being retained for a certain period of time, actively monitored and acted upon if out of compliance. Thus, an organization may be required to keep track of which users access certain system resources and what activities the users are performing with respect to these system resources. Tracking the user of credential and monitoring system and security logs is one method to audit the activities of user and/or computing systems.