Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Reduce IT Admin Risks & Costs with Privileged Access Management (PAM)

Control the access of your most critical users without breaking your budget.

Unlock a Free Sample

View Storyboard

Solution Set Storyboard Thumbnail

Contributors

  • Rob Marano, founder of The Hackerati
  • Dave Millier, CEO of Sentry Metrics

Your Challenge

  • PAM is an investment in terms of implementation. Excuses such as “it seems like too much work and a waste of money to put in place” tend to outweigh the many benefits of having that technology.
  • Privileged users may not appreciate the increased visibility into their actions, and take it as a slight that increased monitoring will be put in place.
  • Technology is not enough. If these accounts are being managed by individuals and not a formal system, they’re not more secure than those of regular internal users. PAM is only one part of the strategy; people and process are necessary too.

Our Advice

Critical Insight

  • The time for ad hoc anything is over. Formal processes and solutions need to be in place. Not doing anything can be low cost, but you’re masking a great complication, which is high risk.

Impact and Result

  • Short term: Being under more scrutiny may change the culture of admins, but helping them understand the value not only to the overall security of the organization, but to their workflow (e.g. increased efficiency, fewer accounts to manage), it will be easier for them to come around and accept the new processes.
  • Long term: Efficiency will be more apparent with fewer help desk tickets, which subsequently means less end-user time wasted waiting for password resets, etc. This also results in cost savings. You’ll also experience increased security overall in the long term, thanks to increased visibility and better account management.

Research & Tools

1. Understand the PAM blueprint and define metrics

Understand project rationale and identify baseline metrics.

2. Assess PAM requirements

Understand business requirements.

3. Identify and evaluate PAM options

Analyze which solution is best to carry forward and will help save costs.

4. Communicate with admins and stakeholders

Manage stakeholder expectations and inform admins of how PAM will affect them.

5. Select a PAM solution

Use RFP and vendor demo script templates to ensure you get the best solution for your requirements.

6. Implement a PAM solution

Understand and execute project steps to successfully implement PAM.

Guided Implementations

This guided implementation is a six call advisory process.

Call #1 - Understand project rationale

Understand high-level project rationale and goals, and establish baseline metrics.

Call #2 - Assess PAM requirements

Establish what is in scope of a PAM project, and who is responsible. (Expect at least five calls.)

Call #3 - Identify and evaluate PAM options

Understand the market place and the high-level product criteria you need to be focusing on when evaluating solutions. (Expect at least three calls.)

Call #4 - Communicate with admins and stakeholders

Play to the benefits of this project to help keep them focused on the gains over the costs. (Expect a minimum of one call.)

Call #5 - Select PAM solution

Using an RFP template and a Vendor Demo script, prepare to shortlist desired vendors and get the solution you need. (Expect a minimum of two calls.)

Call #6 - Implement PAM

Use a comprehensive Project Charter to work through your project steps to ensure an efficient and non-intrusive PAM roll-out. (Expect a minimum of about four calls.)