Data Access Controls¶
The access control methods in Securden ensure even after successfully passing through multiple levels of authentication, users will only have access to the data allotted to them. With a combination of granular access permissions and role-based access controls, Securden ensures that users don't get access to passwords that are not required for their job profile. Granular access sharing ensures users get only the level of control over a credential that they require.
Clear ownership of accounts¶
The person who adds an account to the vault is designated as the default owner. If an owner leaves the organization, all passwords owned by the user can be transferred to a different user. This way none of the accounts stored in Securden is orphaned. Risks associated with orphaned accounts such as stale passwords and privilege creeps can be averted.
Streamlined access provisioning¶
Securden allows users and administrators to group similar accounts into folders. These entities can be shared with other users and user groups with granular access privileges. For example, if there is a group of Windows administrators in your organization, you can create a user group in Securden for them and share the folder containing all the corresponding accounts in it. When a new Windows administrator is onboarded into the organization, they will automatically gain access to the accounts. This way a folder works as a micro vault for a group of users requiring access to the same resources.
Just-in-Time access with release controls¶
Users can raise access requests to their administrators and gain access to sensitive assets for a limited period. Once this temporary access ends, the password of the account concerned can be randomized. This way, just-in-time access is enforced, and risks associated with standing access to sensitive assets are averted.
Design Highlights
- Just-in-time access
- Folders functioning as micro vaults
- Zero orphaned accounts