Privileged Account and Session Management (PASM) tools, better known as password vaulting, are a type of PAM solution that restricts user access to IT systems and protects an organization’s data. Some organizations implement password vaulting technology to get started with managing privilege.
However, as an infrastructure becomes more multifaceted, additional solutions that utilize other access management strategies should be integrated to maintain speed and security. This is where another type of Privileged Access Management software comes in—Privilege Elevation and Delegation Management (PEDM).
Researching PEDM software is one thing—reading all the details about features and functionality can be immensely helpful when considering a purchase. However, there is something particularly valuable in reading about a real-world example of a successful implementation. Read on to learn how one company benefitted from incorporating Core Privileged Access Manager (BoKS), a PEDM solution, into their security portfolio.
This large organization has a diverse technology infrastructure. Employees use Windows applications, but most of the server environment is UNIX-based. The organization was using a password vaulting tool to manage privileged accounts and better protect their system.
The organization had initial success with their password vaulting solution. Quickly, however, they began to see gaps in security that their PASM tool could not fill. There were three main pain points:
1. The technology was not suited for securing their servers.
While the PASM tool functioned well in the Windows environment, its capabilities were limited in the UNIX/Linux space.
2. As the organization grew, the PASM was not scaling well.
With more users and a larger environment, there was a proportional increase in requests for access to privileged accounts, often overwhelming the password vault and administrators.
3. As a result of the strain on the software, there was only an 80% success rate in changing the root passwords.
Root passwords configured to rotate automatically, but this change was no longer reliably occurring. This lead to cases in which the password to a particular system or server was unknown, so a user was unable to get access.
The answer to this organization’s issues was not to remove the PASM software, but rather to strengthen and supplement it with a PEDM solution. PASM and PEDM solutions need not be in competition, but can instead be quite complementary.
Stolen credentials are one the most common ways that systems are compromised. Core Privileged Access Manager (BoKS) has password vaulting capability, but uses it only as a break glass solution that provides full access to critical application or service accounts. Ultimately, a password is the only thing protecting the privileged account. Core Privileged Access Manager (BoKS) instead focuses on authenticating individual users, distributing permanent, albeit limited access based on the needs and requirements of their job role. The focus of Core Privileged Access Manager (BoKS) is not on password authentication, but rather on strong user authentication, using granular access controls, which define who can have access to each part of a system, as well as what they can do with that access and when they can do it.
Additionally, Core Privileged Access Manager (BoKS) was developed with large Linux and UNIX server environments in mind. In other words, Core Privileged Access Manager (BoKS) was built to scale, allowing single administrators to centrally manage the administration of thousands of servers with no additional work.
The organization found that a layered approach, including best of breed solutions for critical parts of their environment, was key to ensuring security and operational efficiency.
The organization was pleased that the implementation of Core Privileged Access Manager (BoKS) remedied their access management problems. Management of credentials has been smoother and more efficient. Scaling issues are no longer a concern. The password change success rate has returned to 100%.
Additionally, there is now an additional, crucial layer of protection added to their environment. It is no longer enough to rely on passwords to prevent accidental or intentional breaches. The granular access controls provided by Core Privileged Access Manager (BoKS) ensures that no one individual has access to their entire infrastructure, reinforcing their security.
Core Privileged Access Manager (BoKS) streamlined the organization's security, improving overall functionality and allowing the IT team to efficiently protect its data. Learn how Core Privileged Access Manager (BoKS) can centralize your multi-vendor infrastructure and help your organization gain control over accounts and privileged access by speaking to one of our experts today.