When the number of cyber attacks skyrocketed in the wake of the Corona pandemic, many companies and government agencies took this as an opportunity to put their security to the test and look out for particularly dangerous attack vectors. The analysis of documented breaches brought clarity: According to current studies, privileged access data is involved in over 80 percent of all security breaches. Only holistic privileged access management (PAM) promises protection. But how can companies approach such a project? We have compiled some best practices for greenfield projects.
Let’s start with a brief digression: In early February 2021, hackers targeted a water treatment plant in Oldsmar, Florida, briefly raising the sodium hydroxide content of the water there from 100 ppm to a dangerous level of 11,100 ppm – two days before the Super Bowl in nearby Tampa. Fortunately, an employee noticed the intruder, who had infiltrated the network using stolen credentials via TeamViewer, and was able to thwart the attack. According to city officials, there was no danger to the public. However, the incident highlights the importance of strong identity and access management (IAM), particularly in CRITIS-regulated environments – especially in light of the enormous potential damage caused by misuse of privileged accounts.
Step 1: Assess Readiness
If you are not yet using a solution for privileged access management (PAM), or have only implemented rudimentary approaches, you will first need to conduct a readiness assessment to determine whether your company has set the organizational course for such a project. This assessment reveals whether you will be able to manage the project successfully, or whether you need to make some adjustments ahead of time. The focus is on the following questions:
- What are the specific project goals?
- What are the expectations and concerns of the employees involved?
- Does company management support the project?
- What is the governance framework of the project?
- Is the company adaptable enough?
- Where might project errors lurk, and how can they be minimized?
- What individual requirements need to be met?
- Are the resources sufficient?
Step 2: Evaluate the existing infrastructure
Next, the project team needs a comprehensive overview of how the current network is designed. In addition to the fundamental infrastructure – legacy, hybrid, or cloud-based – the security ecosystem must be considered. In addition, the team must have a clear idea of how and in which sub-areas the infrastructure is to be protected by the new PAM solution – for example, whether an enterprise-wide solution concept is ideal, or whether smaller, project-based, isolated solutions should be integrated instead.
Step 3: Review the technology landscape
Analyzing the existing technology landscape helps you assess how the new PAM can best be integrated. The simplest case here is a true greenfield project with no legacy technology, in a native cloud environment. In this scenario, the new solution will likely be easy and quick to implement out-of-the-box. In more complex environments – when legacy systems are present or hybrid accounts need to be protected – you need to answer the following questions:
- Is the new PAM solution compatible with existing technology?
- How can PAM be efficiently integrated in IT?
- Is an off-the-shelf solution sufficient, or are customizations by the integrator necessary?
- Do you need additional interfaces to connect critical systems – and if so, where and to what extent?
Step 4: Plan the migration
The next step is to draw up a preliminary roadmap with all the transition plans and objectives – including binding implementation steps and a concrete timetable. This structured approach will help you simplify and accelerate your PAM journey. Now is also the right time to get an overview of the expected costs of the project. It is best to calculate the TCO for a period of 3 to 5 years. This allows you to keep a close eye on known cost drivers and classic hidden expenses.
Conclusion and solution packages from iC Consult
The key to implementing a professional, sustainable PAM environment is a strategic approach that grasps the project in all its complexity and sets the course for successful implementation. In particular, you’ll need to involve all stakeholders at an early stage and communicate transparently with them. This way, you can ensure comprehensive support at all levels of the company – from management to users.
iC Consult offers two solution packages for PAM greenfield scenarios:
- If you choose the iC Core package, we will take care of all the steps described above –readiness assessment, infrastructure evaluation, technology landscape review, and migration planning. This includes high-level recommendations such as a PAM maturity analysis to help us help you get started and lay the foundation for a secure enterprise network.
- The slightly broader iC Core+ package additionally includes simple out-of-the-box integrations, use-case documentation, four accompanying workshops instead of two, and a more detailed implementation plan: for up to seven systems.
If you would like an overview of the process before the project kicks off, we recommend a free, no-obligation pre-workshop. Reach out to our PAM team or learn more here.
In our next article, we’ll explore the PAM journey for brownfield scenarios.