Adding a third-party credential vault provider allows you to secure and manage credentials outside of the Commvault platform. Credentials are retrieved dynamically as needed to perform data protection operations. This eliminates the need for users to have direct access to privileged account credentials, thus reducing the risk of credential theft, misuse, and cyber attacks. The credential vault provider may offer additional auditing controls, and lifecycle automation policies so you audit privileged access, and rotate credentials on a regular basis to enhance security without impact to data protection operations. This feature provides a secure and efficient way for organizations to manage privileged account access and remain compliant.
When access to credentials are needed, they are securely retrieved from the third party credential vault based on how the credentials are mapped within Commvault. Once the backup has completed, the credentials are no longer used by Commvault and will be only retrieved as needed for future backups.
Commvault supports the following third party credential vault platform:
- CyberArk Application Access ManagerTM (AAM), part of CyberArk’s Privileged Access Security solution.