Reduce IT Admin Risks & Costs with Privileged Access Management (PAM)

Control the access of your most critical users without breaking your budget.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • PAM is an investment in terms of implementation. Excuses such as “it seems like too much work and a waste of money to put in place” tend to outweigh the many benefits of having that technology.
  • Privileged users may not appreciate the increased visibility into their actions, and take it as a slight that increased monitoring will be put in place.
  • Technology is not enough. If these accounts are being managed by individuals and not a formal system, they’re not more secure than those of regular internal users. PAM is only one part of the strategy; people and process are necessary too.

Our Advice

Critical Insight

  • The time for ad hoc anything is over. Formal processes and solutions need to be in place. Not doing anything can be low cost, but you’re masking a great complication, which is high risk.

Impact and Result

  • Short term: Being under more scrutiny may change the culture of admins, but helping them understand the value not only to the overall security of the organization, but to their workflow (e.g. increased efficiency, fewer accounts to manage), it will be easier for them to come around and accept the new processes.
  • Long term: Efficiency will be more apparent with fewer help desk tickets, which subsequently means less end-user time wasted waiting for password resets, etc. This also results in cost savings. You’ll also experience increased security overall in the long term, thanks to increased visibility and better account management.

Contributors

  • Rob Marano, founder of The Hackerati
  • Dave Millier, CEO of Sentry Metrics

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

  1. Understand the PAM blueprint and define metrics

    Understand project rationale and identify baseline metrics.

  2. Assess PAM requirements

    Understand business requirements.

  3. Identify and evaluate PAM options

    Analyze which solution is best to carry forward and will help save costs.

  4. Communicate with admins and stakeholders

    Manage stakeholder expectations and inform admins of how PAM will affect them.

  5. Select a PAM solution

    Use RFP and vendor demo script templates to ensure you get the best solution for your requirements.

  6. Implement a PAM solution

    Understand and execute project steps to successfully implement PAM.

Guided Implementation icon Guided Implementation

This guided implementation is a six call advisory process.

  • Call #1: Understand project rationale

    Understand high-level project rationale and goals, and establish baseline metrics.

  • Call #2: Assess PAM requirements

    Establish what is in scope of a PAM project, and who is responsible. (Expect at least five calls.)

  • Call #3: Identify and evaluate PAM options

    Understand the market place and the high-level product criteria you need to be focusing on when evaluating solutions. (Expect at least three calls.)

  • Call #4: Communicate with admins and stakeholders

    Play to the benefits of this project to help keep them focused on the gains over the costs. (Expect a minimum of one call.)

  • Call #5: Select PAM solution

    Using an RFP template and a Vendor Demo script, prepare to shortlist desired vendors and get the solution you need. (Expect a minimum of two calls.)

  • Call #6: Implement PAM

    Use a comprehensive Project Charter to work through your project steps to ensure an efficient and non-intrusive PAM roll-out. (Expect a minimum of about four calls.)

Onsite Workshop

Module 1: Project Rationale

The Purpose

  • Understand the problem
  • Review blueprint goals
  • Understand value and impact of the project
  • Determine baseline metrics

Key Benefits Achieved

  • Defined scope of project
  • Established value proposition
  • Identify key success metrics

Activities: Outputs:
1.1 Define baseline metrics
  • Project Charter (with recorded metrics)
1.2 Record baseline metrics

Module 2: Assess PAM Requirements

The Purpose

  • Understand PAM’s impact on your security posture
  • Establish your overall business case
  • Document requirements
  • Establish which apps/systems are in scope
  • Conduct inventory

Key Benefits Achieved

  • Make the case for why PAM is needed
  • Identify holes in one of your critical systems to support the need for PAM

Activities: Outputs:
2.1 Requirements gathering
  • Project Charter
2.2 Database/operating system inventory
  • Inventory information for the Stakeholder and Admin Communication Plan

Module 3: Identify and Evaluate PAM Options

The Purpose

  • Understand key PAM solution criteria
  • Conduct current state analysis of PAM processes
  • Conduct desired state analysis of PAM processes
  • Understand key PAM solution criteria
  • Review options
  • Determine cost savings

Key Benefits Achieved

  • Understand organizational needs based on what you currently do towards managing privileged accounts and where you want to be
  • Identify how PAM will save your organization money

Activities: Outputs:
3.1 Current state analysis
  • Project Charter
3.2 Future state analysis
  • PAM ROI Calculator
3.3 Cost savings analysis

Module 4: Communicate with Admins and Stakeholders

The Purpose

  • Obtain admin support
  • Secure stakeholder support

Key Benefits Achieved

  • Communication and support for PAM from both stakeholders and the admins that PAM affects is crucial to the success of the implementation project

Activities: Outputs:
4.1 Communication plan strategy for admins and stakeholders
  • Stakeholder and Admins Communication Decks

Module 5: Select a PAM Solution

The Purpose

  • Understand vendor relations
  • Use Info-Tech’s RFP Template to establish your requirements
  • Use Info-Tech’s Vendor Demo Script to ensure clear communication

Key Benefits Achieved

  • Understand what kind of information to give to vendors to ensure they find the best solution for your needs

Activities: Outputs:
5.1 Understand RFP template and vendor demo script requirements
  • PAM RFP Template
  • PAM Vendor Demo Script

Module 6: Implement PAM Solution

The Purpose

  • Understand RFP template and vendor demo script requirements

Key Benefits Achieved

  • Understand Work Breakdown Structure (WBS).
  • Have a basis for how to roll out PAM

Activities: Outputs:
6.1 RACI chart
  • Project Charter
6.2 Project step break down

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now
GET HELP Contact Us
×
VL Methodology