Actionable Guidance to Succeed in Enterprise-Class Privileged Access Management

IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Steve Brasen
Research Director
Enterprise Management Associates
Actionable Guidance for Succeeding in
Enterprise-Class Privileged Access Management
Paul Lanzi
COO and CoFounder
Remediant

Watch the On-Demand Webinar
Slide 2
• Actionable Guidance for Succeeding in Enterprise-Class Privileged
Access Management On-Demand webinar:
https://info.enterprisemanagement.com/succeeding-in-enterprise-class-
privileged-access-management-webinar-ws
• Check out upcoming webinars from EMA
https://www.enterprisemanagement.com/freeResearch

Featured Speakers
Steve Brasen, Research Director, EMA
Steve's career at EMA follows 20+ years of “in-the-trenches” experience in IT
systems support, engineering, and management for high-technology,
telecommunications, and financial institutions. Steve's primary focus area at
EMA is on endpoint and identity management topics, including identity and
access management, privileged access management, and unified endpoint
management.
Paul Lanzi, COO and Co-Founder, Remediant
Paul and his co-founder at Remediant, Tim Keeler, worked together in the IT
departments of several biotechs including Genentech, Roche and Gilead
Sciences before starting Remediant. At each of those organizations, they saw
first-hand the drawback of the legacy approaches to PAM and were inspired to
create something new. Paul's previous corporate IT experience includes project
and program management, corporate mobile app development team
management and recruiting and managing full-stack web development teams.

Agenda
Slide 5 © 2020 Enterprise Management Associates, Inc.
• Understanding Privileged Access Management
(PAM)
• Evaluating PAM Solutions
• Platform Adoption Process
• Essential Considerations
• Meeting Business Requirements
• Conclusions

Understanding Privileged Access Management
Modern-day enterprise IT and security
management are broadly dependent on the
availability of privileged accounts.
Governance of processes for authorizing
elevated permissions to access the most
sensitive IT resources comprise the practice
of privileged access management (PAM).
According to EMA primary research, 79% of
organizations consider PAM to be very
important or critical to their business
operations.

76% of organizations experience privileged
access policy violations each year.
60% of these occurrences lead directly to
business-impacting security breaches.
65% of organizations are NOT confident that
their current PAM solution is capable of preventing
policy violations from occurring.

The greatest inhibitor to adopting an
effective PAM solution is IT complexity.
Adopted solutions must not incur excessive
costs, overburden management teams, or
disturb business operations.
Adoption is also inhibited by concerns that
the platform may not be worth the
investment if it is not actively used or
bypassed by users.

PAM Platform Adoption Process
Organizations should adopt
PAM solutions that align with
their unique business
requirements.
The first step to identifying an
effective PAM solution is to list
and prioritize key business
requirements.

PAM Platform Adoption Process
Steps for implementing an effective PAM platform:
Identify solution providers that best meet
identified business priorities
Review a “shortlist” of products
 Review public reports
 Meet with vendors
 Live demonstrations
 Interview existing customers
Initially, roll out the solution on a
limited basis
When confidence is achieved,
initiate full-scale deployment

Essential PAM Considerations
Adopted PAM platforms should govern all
privileged access use cases active in the
organization, including:
• Global IT administrator access
• OS-level, built-in administrator accounts
• User access to business systems
• Public and private cloud environments
• Web and SaaS applications
• User access to specific applications
• Administrator access to end-user devices
All privileged access policies and monitoring should be managed
from a single, centralized console
Environmental Considerations

• Asset discovery and inventory
• Identification of existing privileged
access rights
• Reporting, alarming, and dashboarding
• Auditing of access rights
Access Monitoring Considerations
83% of surveyed organizations indicated they are not fully confident that all
privileged access accounts and users have even been identified

Deployment Considerations
Platform evaluations should consider how
long deployments will take and how many
support personnel will be required to
implement them, including to…
• Install and configure infrastructure and
software components
• Train and/or hire administrators
• Navigate corporate change management
processes
The most frequently noted reason for not adopting a PAM platform is that the
solutions are viewed as “too complex to implement”

Administration Considerations
Adopted PAM solutions should be easy to
manage.
• Wherever possible, employ automation
• Enable user self-service capabilities
• Align processes with business workflows
• Leverage monitoring and automation to
achieve continuous compliance
• Simplify onboarding of users and devices
On average, it takes administrators nine hours to resolve issues related to
privileged access policy violations

User Account Considerations
• PAM solutions should ensure each
privileged user has a unique account
• Ideally, solutions will elevate privileges
of existing accounts
• The use of standing privileges should
never be permitted
57% of organizations allow multiple users to share the same privileged
accounts, significantly reducing security effectiveness

Access Expiration Considerations
• Just-in-Time privileged access grants
elevated permissions to perform specific
tasks for a specific period of time
• One-time access credentials are
disabled when not in use
• Offboarding capabilities will automatically
disable all privileged access for users
and devices no longer associated with
the business
41% of surveyed organizations admit to allowing users to retain
privileged access indefinitely

Extensibility Considerations
PAM solutions should be able to grow with
the business, supporting increasing
numbers of:
• Users
• Devices
• IT services
• Workloads
PAM solutions should easily integrate with
third-party security management platforms
Companies should select PAM solutions that will support both
current and future business requirements

Business Requirements for PAM
The prioritization of PAM capabilities
will be different from business to
business.
Details about the type of business will
help indicate which PAM solution will
provide the best fit.
High-level considerations can be
determined based on general
business characteristics.

Industry Requirements
Different industry types require different PAM
approaches and priorities.
Some industry-specific requirements include:
• The need to meet regulatory compliance
• Sensitivity of hosted data, apps, and
services
• Distribution of IT resources
• The need to extend access to partners,
outsources, and service providers
PAM solutions should be adopted that optimally address
any unique industry requirements

Small Business Requirements
Key Challenges:
• Limited support resources and budgets
• Support staff wear many hats
• Must meet the same security requirements
as larger competitors
PAM Features to Prioritize:
• Easy to implement and onboard users
• Simple to manage
• Extensible so it can expand with the
business
Small businesses should not have to make additional investments
in service management and support personnel

Medium Business Requirements
Key Challenges:
• Large support stack with low admin/user ratio
• Broad number of privileged access use
cases and requirements
• Must meet regulatory commitments
• Centralized PAM management
• User self-service
• Automated onboarding and offboarding
• Just-in-Time privileged access
Just-in-Time privileged access is essential to ensuring approved
tasks are only performed in the approved timeframes

Large Business Requirements
Key Challenges:
• Distributed business units
• Distributed IT support teams
• Too many unintegrated security products
(i.e., “security sprawl”)
• Standardized privileged policies
• Must operate at scale
• Privileged access governance
• Strong integration with infosec solutions
PAM platforms must be able to operate at scale in order to ensure
consistency is maintained across all locations and business units

Infrastructure Requirements
The degree of decentralization of IT affects
how PAM is implemented enterprise-wide.
Organizations must prevent workers from
utilizing privileged accounts on unknown and
unmanaged resources.
Organizations with complex IT infrastructures
must enable:
• Holistic visibility
• Unified management
The size and complexity of IT ecosystems affects
the scope of PAM requirements

User Requirements
PAM policies and controls should be
established to appropriately meet
requirements of different types of privileged
users, including…
• IT administrators
• End users requiring elevated privileges on
their personal device
• End users requiring elevated privileges on
business systems
Different types of users require different PAM functionality

Key Conclusions
• Few security investments rise to the level of
importance as establishing control over
privileged access
• Unfortunately, IT managers often settle for
ineffective and vulnerable privileged access
approaches
• Organizations must implement PAM
solution that meet their unique business
requirements
• Platforms with Just-in-Time and Just-
Enough controls most effectively achieve
PAM requirements across the breadth of
use cases

INDUSTRY ANALYSIS & CONSULTINGSlide 26 © 2020 Enterprise Management Associates, Inc.
Tim Keeler,
Co-founder & CEO
Paul Lanzi,
Co-founder & COO
• Reframing Privileged Access Management:
• Agentless, Vaultless, Just-in-Time
• Founded by former biotech
information security and IT practitioners
• Funded by Dell Technologies Capital
and ForgePoint Capital
• Referenceable, fully deployed
Fortune 500 customers
• 2019 Black Unicorn Winner and Gartner Cool
Vendor
About Remediant
© Copyright Remediant 2020

INDUSTRY ANALYSIS & CONSULTINGSlide 27 © 2020 Enterprise Management Associates, Inc.
I’LL LEAVE YOU WITH THIS:
PRIVILEGED ACCESS IS STILL THE “WEAK UNDERBELLY” FOR NATION STATE
ADVERSARIES AND MALICIOUS INSIDERS
480
Average number of admins
with 24x7 access to each
workstation1
30%
of an average organization
is covered by Privileged
Access Management (PAM)
74%
of breached organizations
admit involvement of a
privileged account
Receive a complimentary rapid credential assessment:
https://www.remediant.com/auditing-privileged-access-management
• 1. For organizations with 15,000+ endpoints
© Copyright Remediant 2020

Actionable Guidance to Succeed in Enterprise-Class Privileged Access Management

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Actionable Guidance to Succeed in Enterprise-Class Privileged Access Management

Ähnlich wie Actionable Guidance to Succeed in Enterprise-Class Privileged Access Management (20)

Mehr von Enterprise Management Associates

Mehr von Enterprise Management Associates (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Actionable Guidance to Succeed in Enterprise-Class Privileged Access Management