Penerapan Privileged Access Management Menggunakan One Identity Pada Sebuah Perusahaan

Abstract

One Identity Priveged Access Management (PAM) is a solution for a series of efforts to reduce security risks and help companies secure, control, monitor, analyze, and regulate privileged access rights to data and applications from very important organizations. The PAM solution allows companies to provide full credentials such as Administrators on Windows, Root on UNIX, Cisco Enable on Cisco devices, and embedded passwords found in applications and scripts or restricting access to ordinary users. All privileged account activities are recorded by analyzing real time activities and data. Password sharing activities can be eliminated, so security can be improved and compliance with privileges of privileged access rights is more efficient and manageable. Problems that can be explained when the user privileges password access rights do not have regular rules to change the password periodically in accordance with the security policy (password policy) even to obtain information that has accessed the network device using a special account or other permitted account . The purpose of this study is (i) to obtain information about changes in passwords periodically based on the configuration that has been set in the PAM system and adjusted to the password policy rules, (ii) get information about who is accessing the network device and the account accessed. The research method that is carried out is (i) collecting data from the system that will be implemented, (ii) directly accessing the system that has data and viewing information thoroughly into the system, (iii) matching the type of system with the system supported by the PAM application system then integrate it. Testing is done by accessing the target system using privileged access rights through the PAM application system. The results obtained (i) can facilitate password users not to remember passwords too often, (ii) can avoid sharing password information, (iii) change passwords regularly, (iv) find out all user password activities against a set of targets network systems that are permitted to be accessed, (v) record all access activities in the form of videos.