EA-STD-036 Enhanced Account Credential Management

Architectural Classification

Technology \ Security

Standard Specification

For many, if not all of the systems in use at Plymouth University there has been, and will remain for the foreseeable future, a need to provide some local account authentication access alongside directory based mechanisms.  Many systems embrace a connection to directory based services which can facilitate interaction for automated and manual tasks or processes typically performed on an ad-hoc basis.  It is unsecure to allow a member of staff to directly access a remote server using their day-to-day account, so additional accounts with enhanced privileges are required to undertake these tasks.  This can cause issues for staff required to memorise yet another set of credentials, it also raises security concerns around auditability and solution complexity.  There is a need therefore for storage mechanisms to hold and inject the required account details without disclosure to the various members of support staff.

 

Baseline (Today) Emerging (To track)
  • ACL Controlled Spread Sheet

 

 

  • Secure Password Vault with obfuscation capability
  • Other emerging technologies

 

Tactical (0-3 years) Strategic (3-6 years)
  • Secure Password Vault with obfuscation capability
  • Secure Password Vault with obfuscation capability
Retirement (to be removed) Containment (No new development)
  • ACL Controlled Spread Sheet
  • ACL Controlled Spread Sheet

 

Author: Paul Ferrier Date: 24/10/2014 Version: 1.0
Document Security Level: PUBLIC 
Document Approvals: Technical Architecture Group

Enterprise Architecture Practice

Enterprise Architecture Board

IT Director

27/08/2014

September 2014

22/09/2014

23/10/2014

Review Date: October 2015

Enhanced Account Credential Management Roadmap

EA-STD-036 Enhanced Credential Management