If you’re a fan of old war movies – and especially if you’re a child of the Cold War – then you no doubt recall watching scenes where prior to launching a nuclear missile, two operators will turn their launch keys simultaneously in order to initiate the launch. The military refers to this security process as “The Two Person Concept” or “The Two Man Rule”. Sometimes the phrase “Double Safekeeping” is used.
The concept is that double safekeeping is an effective control mechanism for ensuring the highest levels of security during critical operations. That’s because the process requires two or more authorized personnel to be involved before sensitive resources or information can be accessed.
So it’s only logical to assume that if double safekeeping can prevent something as crucial as the accidental or malicious launch of nuclear weapons by a single person, then the practice can be extended into other realms of security.
Double Safekeeping and Privileged Account Management
And that’s exactly what my company did recently within the field of privileged account management. Our flagship privileged identity management product, Enterprise Random Password Manager™ (ERPM), now includes a version of double safekeeping that controls privileged passwords.
ERPM is a security product that automatically discovers, secures, tracks and audits privileged accounts across multiple operating systems. It continuously changes privileged passwords, and helps prevent unauthorized users and programs from being able to access an organization’s most sensitive data.
Now, with its new double safekeeping feature, ERPM can release different password segments to different authorized IT personnel. It breaks up privileged account passwords into different parts, and each part is assigned to an authorized user, in a fully audited manner.
For example, an IT manager may have one segment of the password, and a systems administrator may have the other segment. Together both people have the entire password, and the ability to access the corresponding privileged account. Separately, neither one can use the powerful account to anonymously change configuration settings, extract confidential data or install programs on their own.
And while this may be the first time you’re hearing about such a capability, I’m betting it won’t be the last. Some regulatory compliance mandates, like BASEL II, are now requiring organizations to store sensitive information – including passwords – in multiple parts so that one person can’t maintain key secrets individually.
This whole thing reminds me of an old saying that goes something like: “If one man can single handedly save the ship, then it stands to reason that the same man can also single handedly sink the ship.” Take precautions.
What are your thoughts on our new double safekeeping capability for privileged accounts? Leave a comment below. You can also follow us on Twitter.