Posts Tagged ‘Deployment’

Start Your PAM Deployment Off on the Right Foot: Spotlight These 7 Benefits

  February 2nd, 2021

Setting yourself up for success with an upcoming privilege access management (PAM) system requires finesse. Within any organization, many system administrators might be uncomfortable with the idea of a PAM system; they may be accustomed to unrestrained administrator-level credentials. At the same time, other IT decision-makers may have concerns about the system and network-wide changes digital transformation can bring to a familiar and well understood legacy system.

The latest data supports the shift: According to a recent study from industry leading analyst firm EMA, businesses that lacked automation capabilities for auditing privileged access were seven times more likely to experience a privileged access policy violation than organizations with that capability. And one out of five businesses suffering a policy breach experienced severe impacts on overall business performance, including a direct loss of revenue, a loss of customers, or damage to its reputation.

Statistics, however, can feel intangible. Before you launch a PAM solution such as Hitachi ID Bravura Privilege, you can set yourself up for success by evangelizing a list of benefits that is comprehensive and actionable. Focus on the following with the IT decision-makers at your organization to build the foundation for a successful PAM deployment:

1. Single Sign-on

The first aspect to highlight with your IT leadership is the simplified management of administrative passwords. Whereas legacy solutions require manual control, a PAM implementation supports single sign-on, enabling authorized users to log in to the requested portal once and then launch multiple login sessions to various systems and administrative accounts throughout the day.

2. Shareable Accounts

Network decision-makers appreciate PAM solutions because administrators can define and share account sets (collections of accounts frequently checked out together). Furthermore, this capability replaces awkward administrative logins and the need for personal administrative accounts.

3. Temporary Privilege Elevation

Instead of creating an abundance of high-level accounts, a PAM system elevates a user’s privileges. It adds them to a security group only for the duration of check-out and time required to complete a task. This capability is also a great way to limit privileged access to those who need it.

4. Plausible Deniability

In the case of a system outage or discovery of a problem, individual administrators who could have caused the issue can rely on the PAM system for accountability. They can demonstrate they were not at fault since they weren’t signed in at the time that the issue occurred.

5. Simplified Troubleshooting

With this PAM-empowered accountability in place, authorized users can match the introduction of a problem to a system with administrative access to the network(s). This ability narrows the list of suspects who might have made the configuration changes that caused the problem. You can start here when you begin to ask questions and seek to remedy the situation.

6. Knowledge Sharing

Whenever an IT user performs an incredibly complex task, they can record the session. This recording can later be shared as an inexpensive-to-produce “how-to” video, proving that session monitoring lends itself to more than just forensic audits, demonstrating additional value.

7. Streamlined Collaboration

Finally, when administrative access is gated through a PAM solution, authorized users can view who has access to the system(s), is currently connected, and who was connected recently. This awareness dramatically simplifies coordination changes to the structure of the solution. Additionally, it helps avoid situations where two people are working on the same system, making overlapping changes that interfere with one another, and circumvents duplicative work.

Leveraging these seven benefits across your organization is only the beginning of your PAM deployment strategy. Learn more by downloading our ebook: Deploying a Privileged Access System: 9 Actionable Strategies to Ensure Success.

The Starting Point: 3 Steps to Begin a PAM Implementation

  January 26th, 2021

Modern-day privilege access and cybersecurity needs can seem daunting. Security breaches of privileged accounts and related vulnerabilities have accelerated in recent years due to increased IT infrastructure complexities and the fragmented distribution of business critical services.

Add to this data points like 80% of organizations discovered that a privileged access policy violation had occurred within the preceding 12 months, and 87% of these businesses experienced a policy violation that resulted in significant impacts to business operations, according to leading industry analyst firm EMA. The need for privileged access management (PAM) to solve contemporary business requirements is definitive.

Many IT leaders recognize these intimidating numbers, challenges, and the necessity for privilege access management, but are unsure where to start a PAM deployment within their organization. It’s not as difficult as many imagine. Creating a PAM solution that’s self-sufficient and financially advantageous begins with these three best practices, crafting a PAM program destined for success.

1. Groom champions throughout your organization.

PAM systems will impact many individuals across an organization, so it makes sense to begin by identifying individuals who are not only stakeholders but also naturally inclined to support PAM deployment on grounds such as security and benefits. These PAM ambassadors can include everyone from developers and network operations staff to database administrators.

Start by training and giving them educational materials to build a knowledge base and share with colleagues. Provide them with a forum to contribute, raise concerns, request feature enhancements and additional documentation should they need it. Supporting these champions and adjusting project priorities (as required) will transform them into program advocates.

2. Deploy incrementally.

The number of shared, privileged accounts in an organization can be as much as three times larger than the number of people. These privileged accounts are present on every IT asset with many running on different platforms. Combine this exponential reality with the sheer amount of operations for credential access and configuring them all simultaneously is infeasible.

This exponential reality can make many network administrators apprehensive about a PAM transformation. Therefore, create a realistic and workable deployment that adds capabilities one or two at a time, migrates the resulting system to production use, re-prioritizes, and delivers again. By utilizing a steady, phased, and practical implementation, organizations will set achievable goals that IT leadership and stakeholders can get behind and applaud.

3. Maintain tight restrictions initially, then relaxed conditions if required.

When defining access and control policies, start with firm systems. For example, start with short limits on maximum check-out duration, require long and complex passwords, and do not allow plaintext password disclosure.

It’s much easier to begin with sturdy controls and relax them later on if needed than starting with lax rules and tightening them later. Users are more likely to object if that’s the case.

Building the foundation for your successful PAM deployment with these three measures is only the beginning of your PAM deployment strategy. Learn more by downloading our ebook: Deploying a Privileged Access System: 9 Actionable Strategies to Ensure Success.