Enterprise Password Safe is a commercial software designed to solve the problem of password management, access auditing and protection in multi-user, multi-system environments.
The EPS doesn't require you to alter your infrastructure to accommodate it. It can use Microsoft SQL Server, Oracle, IBMs' DB2, MySQL, PostgreSQL, or HSQLDB to store data and allows you to create backups using any solution approved by the database vendor. You can recover from the loss of the EPS and associated database server by restoring the database, installing a new copy of the EPS, and pointing the new EPS at the recovered database. It's as simple as that.
The EPS secures data using a multi-layered combination of encryption algorithms and provides access controls at the group, user, and network levels. The EPS logs privileged operations and provides real time email alerts of notable events.
The EPS does not require any software to be deployed on client machines. It can be accessed using any modern desktop web browser such as Internet Explorer or Firefox, and doesn't require any browser plug-ins. This significantly reduces the amount of work involved in testing and deploying the initial installation or any upgrades.
The EPS uses an encryption chain (as illustrated on the right of this page) which ensures that the information needed to decrypt passwords is not entirely stored in the database. The EPS also performs all encryption and decryption in memory in the application server, thus ensuring that the data does not get transferred over the network or permanently stored in an unencrypted form.
The EPS maintains an audit log of all accesses to passwords and can be configured to send Email alerts whenever a password is accessed or modified. The EPS can also retain historical versions of passwords to ensure that you can still access accounts which may have been restored from old backups.
The EPS does not require any special operating system configuration and uses the database to store all information which allows you to use your existing replication and backup procedures to operate disaster recovery sites or make backups of the passwords held by the EPS.
If you have concerns about the security measures the EPS uses we recommend you perform an independent audit of the system to satisfy yourself of it's security. We do not try to hide how the system works or what software it uses because we believe the EPS is secure, and if you decide to audit it yourself we believe you will come to the same conclusion.
What's New in This Release: [ read full changelog ]
· Added: Configuration option to allow user or group permissions to take precedence.
· Fixed: Password generator sometimes created passwords shorter than the policy allowed.