Advanced PAM: Privileged Access Management in Brownfield Environments

Advanced PAM:
Privileged Access Management in Brownfield Environments
Models for protecting privileged accounts have changed dramatically in recent years: Selective, manually-managed projects are being replaced by automated, next-generation solutions. These PAM programs are holistic and programmatic, bundling a wide variety of components: from password management, session management and flexible authentication options, to comprehensive analyses and privileged access governance. Integrating such a program is a complex task – but it’s also the best protection against increasingly frequent attacks.

“Dear Sir, go through the attached document on safety measures regarding the spreading of corona virus,” is the beginning of an e-mail supposedly sent by the WHO in 2020. Although the design, including the logo, looked professional, this was one of many phishing messages that made the rounds millions of times during the height of the pandemic. The majority of these messages prompted users to click on infected links – which opened a backdoor into their network. From then on, the attack continued laterally until the hackers gained control of a privileged account – and thus access to the company’’s most valuable assets. An attack like this can only be prevented with consistent Privileged Access Management (PAM). But successfully integrating PAM into existing structures requires an intelligent and strategic approach.

In the initial planning steps, the basic framework conditions for the project must be defined. First and foremost, this includes assessing organizational readiness: For example, it would be pointless to start planning the migration if company management does not stand behind it. In addition, existing infrastructure should be evaluated so that the new PAM solution can be designed to fit exactly. Once the architecture has been determined, a detailed recording of the technology landscape provides information about the optimal integration.

These three factors are, roughly outlined, the universal foundation of every PAM project. In our last article, we discussed how you can use them to set the course for successful greenfield projects. Today, we will examine crucial elements of the PAM journey in brownfield scenarios.

Analysis and migration planning
A good start to the project is to analyze why and in which areas your existing solution no longer meets your expectations. Are you fundamentally dissatisfied and would prefer to replace everything? Or would it be enough to extend the feature set? Based on this, you can already plan in more detail how best to remove or add to the existing tools in order to achieve the Key Priorities. In addition to a detailed market assessment, a thorough gap analysis in this phase lets you plan the migration of individual components in a targeted and strategic manner. Furthermore, considering specific use cases helps identify other deficits of the existing solution.

Implementation and migration
Both the implementation of the new solution and the migration of the existing systems require the seamless integration of all components – this is the only way to set the course for efficient and automated processes in Privileged Access Management. This means implementing customized interfaces and connectors between the PAM solution, the individual components, and the existing IT systems, and integrating all applications into these processes. The integration effort varies depending on the solution approach – whether the PAM architecture comes from a single source, or whether individual PAM modules are purchased from different vendors.

Configuration for global enterprises
For large, international companies, off-the-shelf solutions are generally not a viable option, as their distributed networks with a wide variety of subnets place far greater demands on Privileged Access Management. For example, globally active companies often also have to comply with a variety of regulatory requirements, which entails significantly higher planning and implementation costs.

In addition, these companies have generally grown inorganically as well as organically – and heterogeneous structures cannot be lumped together in practice. These challenges can only be overcome with customized adaptations.

Service packages from iC Consult
PAM initiatives for brownfield environments are significantly more complex than greenfield scenarios – and thus require significantly higher planning effort. However, in view of the increasing number of attacks, and the potentially far-reaching consequences when privileged accounts are compromised, an end-to-end PAM solution is a must – especially in the CRITIS-regulated sector.

iC Consult offers companies with existing PAM solutions (or individual PAM components) two tiered service packages:

The iC Bulletproof package provides vital protection for small and mid-sized enterprises who need minimal customization. The package includes everything from readiness analysis to migration, helping you successfully complete your PAM project. In a total of 7 accompanying workshops, iC Consult experts develop high-level recommendations, work with you on a suitable project concept, create a detailed roadmap, and calculate your TCO for the next three to five years.

iC Global is a fully customized offering for international enterprises with high demands and modern DevOps environments. It includes a much broader set of services and can be configured to meet the needs of different regions. We are happy to provide a tailored offer on request.

With our brownfield solution packages, we stand ready to support your PAM journey. To give you a first overview of the scope of your PAM project, we offer a free, no-obligation pre-workshop. Simply use our contact form or visit for more information.