Posts Tagged ‘Best Practices’

Start Your PAM Deployment Off on the Right Foot: Spotlight These 7 Benefits

  February 2nd, 2021

Setting yourself up for success with an upcoming privilege access management (PAM) system requires finesse. Within any organization, many system administrators might be uncomfortable with the idea of a PAM system; they may be accustomed to unrestrained administrator-level credentials. At the same time, other IT decision-makers may have concerns about the system and network-wide changes digital transformation can bring to a familiar and well understood legacy system.

The latest data supports the shift: According to a recent study from industry leading analyst firm EMA, businesses that lacked automation capabilities for auditing privileged access were seven times more likely to experience a privileged access policy violation than organizations with that capability. And one out of five businesses suffering a policy breach experienced severe impacts on overall business performance, including a direct loss of revenue, a loss of customers, or damage to its reputation.

Statistics, however, can feel intangible. Before you launch a PAM solution such as Hitachi ID Bravura Privilege, you can set yourself up for success by evangelizing a list of benefits that is comprehensive and actionable. Focus on the following with the IT decision-makers at your organization to build the foundation for a successful PAM deployment:

1. Single Sign-on

The first aspect to highlight with your IT leadership is the simplified management of administrative passwords. Whereas legacy solutions require manual control, a PAM implementation supports single sign-on, enabling authorized users to log in to the requested portal once and then launch multiple login sessions to various systems and administrative accounts throughout the day.

2. Shareable Accounts

Network decision-makers appreciate PAM solutions because administrators can define and share account sets (collections of accounts frequently checked out together). Furthermore, this capability replaces awkward administrative logins and the need for personal administrative accounts.

3. Temporary Privilege Elevation

Instead of creating an abundance of high-level accounts, a PAM system elevates a user’s privileges. It adds them to a security group only for the duration of check-out and time required to complete a task. This capability is also a great way to limit privileged access to those who need it.

4. Plausible Deniability

In the case of a system outage or discovery of a problem, individual administrators who could have caused the issue can rely on the PAM system for accountability. They can demonstrate they were not at fault since they weren’t signed in at the time that the issue occurred.

5. Simplified Troubleshooting

With this PAM-empowered accountability in place, authorized users can match the introduction of a problem to a system with administrative access to the network(s). This ability narrows the list of suspects who might have made the configuration changes that caused the problem. You can start here when you begin to ask questions and seek to remedy the situation.

6. Knowledge Sharing

Whenever an IT user performs an incredibly complex task, they can record the session. This recording can later be shared as an inexpensive-to-produce “how-to” video, proving that session monitoring lends itself to more than just forensic audits, demonstrating additional value.

7. Streamlined Collaboration

Finally, when administrative access is gated through a PAM solution, authorized users can view who has access to the system(s), is currently connected, and who was connected recently. This awareness dramatically simplifies coordination changes to the structure of the solution. Additionally, it helps avoid situations where two people are working on the same system, making overlapping changes that interfere with one another, and circumvents duplicative work.

Leveraging these seven benefits across your organization is only the beginning of your PAM deployment strategy. Learn more by downloading our ebook: Deploying a Privileged Access System: 9 Actionable Strategies to Ensure Success.


The Starting Point: 3 Steps to Begin a PAM Implementation

  January 26th, 2021

Modern-day privilege access and cybersecurity needs can seem daunting. Security breaches of privileged accounts and related vulnerabilities have accelerated in recent years due to increased IT infrastructure complexities and the fragmented distribution of business critical services.

Add to this data points like 80% of organizations discovered that a privileged access policy violation had occurred within the preceding 12 months, and 87% of these businesses experienced a policy violation that resulted in significant impacts to business operations, according to leading industry analyst firm EMA. The need for privileged access management (PAM) to solve contemporary business requirements is definitive.

Many IT leaders recognize these intimidating numbers, challenges, and the necessity for privilege access management, but are unsure where to start a PAM deployment within their organization. It’s not as difficult as many imagine. Creating a PAM solution that’s self-sufficient and financially advantageous begins with these three best practices, crafting a PAM program destined for success.

1. Groom champions throughout your organization.

PAM systems will impact many individuals across an organization, so it makes sense to begin by identifying individuals who are not only stakeholders but also naturally inclined to support PAM deployment on grounds such as security and benefits. These PAM ambassadors can include everyone from developers and network operations staff to database administrators.

Start by training and giving them educational materials to build a knowledge base and share with colleagues. Provide them with a forum to contribute, raise concerns, request feature enhancements and additional documentation should they need it. Supporting these champions and adjusting project priorities (as required) will transform them into program advocates.

2. Deploy incrementally.

The number of shared, privileged accounts in an organization can be as much as three times larger than the number of people. These privileged accounts are present on every IT asset with many running on different platforms. Combine this exponential reality with the sheer amount of operations for credential access and configuring them all simultaneously is infeasible.

This exponential reality can make many network administrators apprehensive about a PAM transformation. Therefore, create a realistic and workable deployment that adds capabilities one or two at a time, migrates the resulting system to production use, re-prioritizes, and delivers again. By utilizing a steady, phased, and practical implementation, organizations will set achievable goals that IT leadership and stakeholders can get behind and applaud.

3. Maintain tight restrictions initially, then relaxed conditions if required.

When defining access and control policies, start with firm systems. For example, start with short limits on maximum check-out duration, require long and complex passwords, and do not allow plaintext password disclosure.

It’s much easier to begin with sturdy controls and relax them later on if needed than starting with lax rules and tightening them later. Users are more likely to object if that’s the case.

Building the foundation for your successful PAM deployment with these three measures is only the beginning of your PAM deployment strategy. Learn more by downloading our ebook: Deploying a Privileged Access System: 9 Actionable Strategies to Ensure Success.


Building a Sturdy Foundation for Identity Access Management Implementation

  January 21st, 2021

The biggest question many organizations need to answer: Identity and access management is constantly evolving — is yours?

In 2021, it’s estimated that businesses without formal IAM programs will spend 40% more on IAM capabilities while achieving less than those with them. Organizations with IAM programs need to continually develop and advance theirs over time, and they will need a permanent team and partnerships to continue the evolution and management of it. And, by building a successful and engaging IAM program, they will not only spend less, but achieve more in the long-term.

Each iteration of IAM implementation follows the same simple guidelines and four steps:

  • Identifying key stakeholders
  • Defining the vision
  • Building the roadmap
  • Defining the architecture

Every stage of the plan during the first round is straightforward, and each successive cycle will be more effortless than the last. By following them, you can foster repeated identity access management advancement.

Build a Foundation.

The first step of an optimization journey begins with identifying key stakeholders. Although identification is at the heart of this action, it is also about determining what drives these important process partners. A successful first step will build the foundation for every iterative cycle that follows, so it’s paramount to look at it in greater detail.

IAM leaders should recognize that enterprise IAM role management, groups, privilege access, and governance is a unique arena that requires a specialized framework and methodology. With this in mind, IT decision makers should launch the initiative in advance to provide ample time.

Due to its specialized framework and methodology, the IAM implementation requires a diverse and committed group of stakeholders and their representatives within the organization: those who influence and benefit from the IAM program. Examples of a stakeholder and stakeholder representative includes end users and a service desk manager or network security and director of security. The goal is not to create experts or IAM experts out of these representatives, but rather to empower them to evangelize and demonstrate the program deliverables — scope and priorities are important to the larger audience.

It’s also important to understand what stakeholders and their representatives’ version of success looks like. This includes establishing common goals across departments and building trust within the organization, but also working through issues such as lack of recognition, lack of interest, and conflicting needs. To keep stakeholders invested, continue to align with their goals, build consensus, and continually reassess. Success will be measured against an IT leader’s ability to adjust to change and stakeholder input.

Lastly, IT decision makers should always have a champion. This individual can work with vendors and external stakeholders to advocate for the IAM solution.

Once key stakeholders and their primary drivers have been identified, an organization is ready for the next steps in this iterative process, which involve redefining the business across its vision, roadmap, and architecture. But much like the first step, it requires a thoughtful approach to succeed.

Find Success With Your IAM Implementation

Accelerate your IAM implementation with the Hitachi ID Bravura Security Fabric. This best in class solution empowers organizations to better navigate the difficult terrain of increasingly complex threats with a resilient, flexible, single identity and access management (IAM) platform and framework. Hitachi ID Bravura Security Fabric — which brings together the layers of Identity, Pass, Privilege, Group, and Discover — is dynamic, iterative, and optimized to protect, manage, and govern digital identity and access infrastructure in today’s ever evolving landscape.

Watch the webinar from our Power of One Summit to explore the additional three stages of a successful identity access management program implementation.