Cloakware Inc., the world's leading provider of products and services to protect digital assets, today announced it has released a new whitepaper, "Securing the Data Center: Eliminating the Threat Hiding in Plain Sight, to highlight the growing challenge of updating and managing application-to-application passwords.
Unmanaged and exposed passwords exist in the data centers of most large organizations. The increasing frequency and growing impact of insider attacks, as well as more demanding regulatory compliance requirements, means IT organizations can no longer ignore this known risk - they must address the "threat hiding in plain sight.
In data centers worldwide, it is common practice to hard-code passwords and userids in applications. Auditors and IT groups knowingly allow application-to-application (A2A) passwords and userids to remain shared among administrators, developers and contractors. An application, unlike a human, does not have the capability of entering a password through a keyboard nor is it able to authenticate using a second factor token. Therefore, these applications must authenticate using a stored password. Typically, these passwords are hard-coded into the application or script, or are stored in a configuration file.
This paper reviews the security risks associated with hard-coded passwords. Readers of this whitepaper will:
-- Gain insight into the security vulnerability that lies on every server
-- Learn why IT organizations struggle with application-to-application access controls
-- Master the security challenges beyond access controls

-- Learn how to secure the data center through application password management

-- Discover solutions for secure centralized password management for application servers
"The pressing need to address User Identity Management has deflected attention from another use of userids and passwords; the practice of hard-coding passwords into applications so that an application-to-application or application-to-database connection can be established, said Jeff Waxman, Chief Executive Officer at Cloakware. "Research has shown that approximately 90 percent of data center application authentication remains password-based. Considering that these hard-coded passwords are "in the clear, are known by many, and are rarely changed, organizations must be concerned about the risks associated with continuing this practice.
To download "Securing the Data Center: Eliminating the Threat Hiding in Plain Sight, visit: http://www.cloakware.com/whitepapers/082706/