Privileged Access Management
The client had hundreds of privileged access users throughout the organization with little oversight or audit capability which represented an unacceptable level of risk of both of an outside agent obtaining unfettered access or of internal misuse of power.
How this Project works
Hale Consulting Solutions LLC was engaged on this effort to assist to:
Identify Privileged Access Accounts
Using a combination of Active Directory reporting and scripts to scan for accounts with local privilege access on Windows and Linux Operating systems, we were able to identify and associate the majority of accounts with some form of elevated access.
These accounts were then categorized and prioritized based upon the types of access (system, application or database) and criticality of access (tier 0 through 3 systems & applications).
Implement a Privileged Access Management (PAM) Solution
In parallel with the identification of privileged access accounts, we worked with the client to implement an enterprise PAM solution that was able to support the following requirements:
- Credential management for privileged accounts
- Credential vaulting and access control for privileged accounts
- Session establishment, management, monitoring and auditing for interactive privileged access
Integrate PAM into IT Operations
The final stage of the implementation of privileged access management was the development, training and enforcement of the policies and procedures to integrate PAM into IT Operations.
Policies and procedures had to be developed that met the requirements for least access and secure privileged access while be as lease impactful to daily operations as possible.
Additionally, all resources who utilized privileged accounts had to be trained on the procedures for using the PAM solution and the impact to their workload evaluated for revision to service level agreements and other impacted operational metrics.
Project Result & Benefits of Project
- Over 43,000 privileged access accounts evaluated and eliminated or migrated to the PAM solution.
- Reduction in risk associated with unsecure and unmonitored accounts with elevated privileges.
“Over 80% of data breaches are connected to the compromise of privileged credentials” - The Forrester Wave
“Privilege misuse is among the top three causes of cybersecurity incidents in healthcare, manufacturing, finance, insurance and retail” - Verizon