Article

A Case for PEDM

Posted:
September 25, 2018

 

Privileged Account and Session Management (PASM) tools, better known as password vaulting, are a type of PAM solution that restricts user access to IT systems and protects an organization’s data. Some organizations implement password vaulting technology to get started with managing privilege. However, as an infrastructure becomes more multifaceted, additional solutions that utilize other access management strategies should be integrated to maintain speed and security. This is where another type of Privileged Access Management software comes in--Privilege Elevation and Delegation Management (PEDM).

Researching PEDM software is one thing—reading all the details about features and functionality can be immensely helpful when considering a purchase. However, there is something particularly valuable in reading about a real-world example of a successful implementation. Read on to learn how one company benefitted from incorporating Powertech Identity & Access Manager (BoKS), a PEDM solution, into their security portfolio.

Environment

This large organization has a diverse technology infrastructure. Employees use Windows applications, but most of the server environment is UNIX-based. The organization was using a password vaulting tool to manage privileged accounts and better protect their system.

Problems

The organization had initial success with their password vaulting solution. Quickly, however, they began to see gaps in security that their PASM tool could not fill. There were three main pain points:

1. The technology was not suited for securing their servers.

While the PASM tool functioned well in the Windows environment, its capabilities were limited in the UNIX/Linux space.

2. As the organization grew, the PASM was not scaling well.

With more users and a larger environment, there was a proportional increase in requests for access to privileged accounts, often overwhelming the password vault and administrators.

3. As a result of the strain on the software, there was only an 80% success rate in changing the root passwords.

Root passwords configured to rotate automatically, but this change was no longer reliably occurring. This lead to cases in which the password to a particular system or server was unknown, so a user was unable to get access.

Solution

The answer to this organization’s issues was not to remove the PASM software, but rather to strengthen and supplement it with a PEDM solution. PASM and PEDM solutions need not be in competition, but can instead be quite complementary.

Stolen credentials are one the most common ways that systems are compromised. Powertech Identity & Access Manager has password vaulting capability but uses it only as a break glass solution that provides full access to critical application or service accounts. Ultimately, a password is the only thing protecting the privileged account. Powertech Identity & Access Manager instead focuses on authenticating individual users, distributing permanent, albeit limited access based on the needs and requirements of their job role. The focus of Powertech Identity & Access Manager is not on password authentication, but rather on strong user authentication, using granular access controls, which define who can have access to each part of a system, as well as what they can do with that access and when they can do it.   

Additionally, Powertech Identity & Access Manager was developed with large Linux and UNIX server environments in mind. In other words, Powertech Identity & Access Manager was built to scale, allowing single administrators to centrally manage the administration of thousands of servers with no additional work.

Results

Organization X found that a layered approach, including best of breed solutions for critical parts of their environment, was key to ensuring security and operational efficiency.

The organization was pleased that the implementation of Powertech Identity & Access Manager remedied their access management problems. Management of credentials has been smoother and more efficient. Scaling issues are no longer a concern. The password change success rate has returned to 100%.

Additionally, there is now an additional, crucial layer of protection added to their environment. It is no longer enough to rely on passwords to prevent accidental or intentional breaches. The granular access controls provided by Powertech Identity & Access Manager ensures that no one individual has access to their entire infrastructure, reinforcing their security. 

Powertech Identity & Access Manager streamlined Organization X’s security, improving overall functionality and allowing the IT team to efficiently protect its data. Learn how Powertech Identity & Access Manager can centralize your multi-vendor infrastructure and help your organization gain control over accounts and privileged access by speaking to one of our experts today.

Ready to see a PEDM solution in action?

Let one our experts show you how Powertech Identity & Access Manager can bolster your security with a free demo.