A recent survey said in 2015, the time spent on security issues has risen over 25% for the average IT professional. In today’s environment of hacks and hackers getting hacked, and everything that they steal becoming available on the Dark Web, it is easy to understand why security is a growing concern. However, it is now starting to cause problems for the network and collaboration monitoring world because password and credential management policies have now spread beyond people to include devices.
One way that big companies are combating the loss of sensitive data, and specifically login credentials, is by creating policies that require password changes every 90 days or less. The policy is most prevalent for employee credentials. You may know it as the annoying time every few months where you pick a randomly generated series of letters, numbers, and characters then write them on a sticky note for a few days until you remember it. You may laugh at the sticky note idea, but I am pretty sure everyone has done this at least once. Of course, there are better, more secure ways to solve this problem, but they have their own challenges (read: cost).
Unfortunately, this practice has now made it’s way to the network infrastructure. The reason is that hackers are starting to find that most of these devices still have default usernames and passwords, AND these devices can be used for DDoS, SIP Toll Fraud, or other nefarious activities.
For video collaboration, we are starting to see a lot of customers dealing with password update issues for their infrastructure and even their endpoints. The reason this is painful is that one person has to manage this change and keep track of the credentials for dozens of devices. In addition, these devices are not usually in the Active Directory or ID management system (which could leverage SAML/LDAP integration). Finally, if you change the device credentials but then don’t also change the corresponding password in your monitoring product (like Vyopta) that relies on pulling data from these devices, then these tools stop working. Now, this won’t make your system crash or anything like that, but it will make life tougher for you to manage your network or compile accurate reporting and analytics.
Here are a few tips for making this policy less painful for Vyopta customers:
Use our TMS Endpoint Sync feature to ensure that all devices registered to TMS are being monitored for status and availability. This feature comes automatically enabled for our Real Time Monitoring & Alerts customers, so most of you won’t have to worry about changing passwords on endpoints. As long as you have everything set up in TMS, it will work in Vyopta.
Set yourself calendar alerts to include the password change instructions for each device and for the monitoring system
If you can, make it so that all the devices change at the same time, so you can minimize loss to context shifting.
Hopefully this little bit helps. We are definitely interested in hearing if this is problem for you and any ideas about how we could make it easier.