SECRET SERVER FEATURE: Service account governance
Automatically Change Passwords on a Schedule
Overview of Service Account Governance:
Service accounts are used to run various services (Windows Services, tasks, app pools and more) on the network. Managing service account credentials according to PAM best practices is challenging for many organizations. Typically, no one knows where all service accounts are being used. Often, one account is used in multiple places, and admins often create new service accounts whenever needed.
Secret Server can help you get a handle on your service accounts and automatically change service account passwords on a regular schedule.
For a deeper understanding of service accounts, and why they are so critical to control, read our blog series Back to the Basics: Service Account Management 101 and Service Account 201: Service Accounts in the Cloud.
Service account Discovery
Discovery reduces manual errors in managing service accounts, sets up an audit trail, and simplifies the management process.
With Discovery you can:
- Find all the service accounts on your network
- Determine where each service account is being used (including new usages since last scan)
- Import all service accounts into the Secret Server repository for management and auditing
Use Secret Server’s Discovery to identify your service accounts, and implement continuous discovery to curb service account sprawl. This helps ensure full, on-going visibility of your service account landscape crucial to combating cyber security threats.
Many services are dependent on or related to other applications. It is critical to map those dependencies because making changes to one service account can impact another. Proper management of service accounts is often a neglected activity since updating or changing credentials is risky. Changes can affect running services within a chain of dependencies causing unforeseen disruptions. It’s difficult, if not impossible for many, to map and keep track of business services that rely on these accounts, causing potential outages.
As part of Secret Server’s Discovery and service account management capabilities, you’ll be able to see which services, tasks, and app pools are tied to service accounts. That way, you won’t inadvertently break any critical connections or business processes when you rotate service account passwords.
Account Lifecycle Manager for automated end-to-end service account governance
Account Lifecycle Manager is available to add on to Secret Server and empowers you to automate the management of service accounts with workflows, automated provisioning, governance, compliance, and decommissioning capabilities. Account requests follow approval workflows tailored to your organization. IT and security teams can control service accounts and mitigate the risk of breaches, service interruptions, and human error.